From 145003155c05e915b900989a27cef1271398164b Mon Sep 17 00:00:00 2001
From: clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Wed, 26 Aug 2009 17:31:32 +0000
Subject: MOCCA TLS Server CA cert installation servlet removed help.jsp (and
 jsp dependencies in jetty) moved html pages to src/main/webapp (encoding
 problem?) switch to BASIC download protocol in BKUWebStart (no
 jnlpDownloadServlet required, see template.xml)

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@474 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../java/at/gv/egiz/bku/webstart/Configurator.java |   2 +-
 .../java/at/gv/egiz/bku/webstart/Container.java    | 210 +++++++++++++--------
 .../java/at/gv/egiz/bku/webstart/Launcher.java     |   7 +-
 .../java/at/gv/egiz/bku/webstart/TLSServerCA.java  |   3 +-
 BKUWebStart/src/main/jnlp/resources/version.xml    |  35 ----
 BKUWebStart/src/main/jnlp/template.xml             |  22 +--
 6 files changed, 147 insertions(+), 132 deletions(-)

(limited to 'BKUWebStart/src')

diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java
index bef2246b..923a70d9 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java
@@ -56,7 +56,7 @@ public class Configurator {
    * configurations with less than this (major) version will be backuped and updated
    * allowed: MAJOR[.MINOR[.X[-SNAPSHOT]]]
    */
-  public static final String MIN_CONFIG_VERSION = "1.0.9";
+  public static final String MIN_CONFIG_VERSION = "1.2.4-SNAPSHOT";
   public static final String CONFIG_DIR = ".mocca/conf/";
   public static final String CERTS_DIR = ".mocca/certs/";
   public static final String VERSION_FILE = ".version";
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
index 08a0808a..3bf74d3c 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
@@ -2,9 +2,11 @@ package at.gv.egiz.bku.webstart;
 
 import at.gv.egiz.bku.utils.StreamUtil;
 import java.awt.AWTPermission;
+import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
 import java.io.BufferedReader;
 import java.io.File;
+import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.FilePermission;
@@ -15,8 +17,12 @@ import java.io.OutputStream;
 import java.lang.reflect.ReflectPermission;
 import java.net.NetPermission;
 import java.net.SocketPermission;
+import java.security.AllPermission;
+import java.security.KeyStore;
 import java.security.Permissions;
 import java.security.SecurityPermission;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
 import java.util.PropertyPermission;
 import javax.smartcardio.CardPermission;
 import org.apache.commons.logging.Log;
@@ -32,8 +38,9 @@ public class Container {
 
   public static final String HTTP_PORT_PROPERTY = "mocca.http.port";
   public static final String HTTPS_PORT_PROPERTY = "mocca.http.port";
-
+  public static final String SERVER_CA_CERTIFICATE_ATTRIBUTE = "mocca.tls.server.ca.certificate";
   private static Log log = LogFactory.getLog(Container.class);
+
   static {
     if (log.isDebugEnabled()) {
       //Jetty log INFO and WARN, include ignored exceptions
@@ -43,7 +50,6 @@ public class Container {
       //System.setProperty("DEBUG", "true");
     }
   }
-
   private Server server;
 
   public void init() throws IOException {
@@ -75,63 +81,98 @@ public class Container {
     }
     log.debug("loading MOCCA keystore from " + keystoreFile.getAbsolutePath());
     sslConnector.setKeystore(keystoreFile.getAbsolutePath());
-    File passwdFile = new File(configDir, Configurator.PASSWD_FILE);
-    BufferedReader reader = new BufferedReader(new FileReader(passwdFile));
-    String pwd;
-    while ((pwd = reader.readLine()) != null) {
-      sslConnector.setPassword(pwd);
-      sslConnector.setKeyPassword(pwd);
-    }
-    reader.close();
-    
+    String passwd = readPassword(new File(configDir, Configurator.PASSWD_FILE));
+    sslConnector.setPassword(passwd);
+    sslConnector.setKeyPassword(passwd);
+
     //avoid jetty's ClassCastException: iaik.security.ecc.ecdsa.ECPublicKey cannot be cast to java.security.interfaces.ECPublicKey
-    String[] RFC4492CipherSuites = new String[] {
+    String[] RFC4492CipherSuites = new String[]{
       "TLS_ECDH_ECDSA_WITH_NULL_SHA",
-     "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
-     "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
-     "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
-     "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
-
-     "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
-     "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
-     "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
-     "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
-     "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
-
-     "TLS_ECDH_RSA_WITH_NULL_SHA",
-     "TLS_ECDH_RSA_WITH_RC4_128_SHA",
-     "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
-     "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
-     "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
-
-     "TLS_ECDHE_RSA_WITH_NULL_SHA",
-     "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
-     "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
-     "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
-     "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
-
-     "TLS_ECDH_anon_WITH_NULL_SHA",
-     "TLS_ECDH_anon_WITH_RC4_128_SHA",
-     "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
-     "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
-     "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
+      "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+      "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+      "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+      "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+      "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+      "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+      "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+      "TLS_ECDH_RSA_WITH_NULL_SHA",
+      "TLS_ECDH_RSA_WITH_RC4_128_SHA",
+      "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+      "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+      "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+      "TLS_ECDHE_RSA_WITH_NULL_SHA",
+      "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+      "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+      "TLS_ECDH_anon_WITH_NULL_SHA",
+      "TLS_ECDH_anon_WITH_RC4_128_SHA",
+      "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+      "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+      "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
     };
 
     sslConnector.setExcludeCipherSuites(RFC4492CipherSuites);
 
-    server.setConnectors(new Connector[] { connector, sslConnector });
-    
+    server.setConnectors(new Connector[]{connector, sslConnector});
+
     WebAppContext webapp = new WebAppContext();
     webapp.setLogUrlOnStart(true);
     webapp.setContextPath("/");
-    webapp.setExtractWAR(true); 
+    webapp.setExtractWAR(true);
     webapp.setParentLoaderPriority(false);
 
+    try {
+      // no way to get certificate from within the servlet (SSLEngine/Jetty SSLSocketConnector/SSLContext?)
+      if (log.isTraceEnabled()) {
+        log.trace("local ca certificate from " + keystoreFile + " in webapp context at " + SERVER_CA_CERTIFICATE_ATTRIBUTE);
+      }
+      BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile));
+      KeyStore sslKeyStore = KeyStore.getInstance("JKS");
+      sslKeyStore.load(bis, passwd.toCharArray());
+      Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS);
+      webapp.setAttribute(SERVER_CA_CERTIFICATE_ATTRIBUTE, sslChain[sslChain.length - 1]);
+      bis.close();
+    } catch (Exception ex) {
+      log.error("Failed to load local ca certificate", ex);
+      log.warn("automated web certificate installation will not be available");
+    }
+
     webapp.setWar(copyWebapp(webapp.getTempDirectory()));
     webapp.setPermissions(getPermissions(webapp.getTempDirectory()));
-    
+
     server.setHandler(webapp);
-    server.setGracefulShutdown(1000*3);
+    server.setGracefulShutdown(1000 * 3);
+  }
+
+  /**
+   * @return The first valid (not empty, no comment) line of the passwd file
+   * @throws IOException
+   */
+  protected static String readPassword(File passwdFile) throws IOException {
+    if (passwdFile.exists() && passwdFile.canRead()) {
+      BufferedReader passwdReader = null;
+      try {
+        passwdReader = new BufferedReader(new FileReader(passwdFile));
+        String passwd;
+        while ((passwd = passwdReader.readLine().trim()) != null) {
+          if (passwd.length() > 0 && !passwd.startsWith("#")) {
+            return passwd;
+          }
+        }
+      } catch (IOException ex) {
+        log.error("failed to read password from " + passwdFile, ex);
+        throw ex;
+      } finally {
+        try {
+          passwdReader.close();
+        } catch (IOException ex) {
+        }
+      }
+    }
+    throw new IOException(passwdFile + " not readable");
   }
 
   private String copyWebapp(File webappDir) throws IOException {
@@ -146,43 +187,48 @@ public class Container {
 
   private Permissions getPermissions(File webappDir) {
     Permissions perms = new Permissions();
+    perms.add(new AllPermission());
+
+
+    if (false) {
+
+      // jetty-webstart (spring?)
+      perms.add(new RuntimePermission("getClassLoader"));
+
+      // standard permissions
+      perms.add(new PropertyPermission("*", "read,write"));
+      perms.add(new RuntimePermission("accessDeclaredMembers"));
+      perms.add(new RuntimePermission("accessClassInPackage.*"));
+      perms.add(new RuntimePermission("defineClassInPackage.*"));
+      perms.add(new RuntimePermission("setFactory"));
+      perms.add(new RuntimePermission("getProtectionDomain"));
+      perms.add(new RuntimePermission("modifyThread"));
+      perms.add(new RuntimePermission("modifyThreadGroup"));
+      perms.add(new RuntimePermission("setFactory"));
+      perms.add(new ReflectPermission("suppressAccessChecks"));
+
+      // MOCCA specific
+      perms.add(new SocketPermission("*", "connect,resolve"));
+      perms.add(new NetPermission("specifyStreamHandler"));
+      perms.add(new SecurityPermission("insertProvider.*"));
+      perms.add(new SecurityPermission("putProviderProperty.*"));
+      perms.add(new SecurityPermission("removeProvider.*"));
+      perms.add(new CardPermission("*", "*"));
+      perms.add(new AWTPermission("*"));
+
+      perms.add(new FilePermission(webappDir.getAbsolutePath() + "/-", "read"));
+      perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xalan.properties").getAbsolutePath(), "read"));
+      perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xerces.properties").getAbsolutePath(), "read"));
+      perms.add(new FilePermission(new File(System.getProperty("user.home")).getAbsolutePath(), "read, write"));
+      perms.add(new FilePermission(new File(System.getProperty("user.home") + "/-").getAbsolutePath(), "read, write"));
+      perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/logs/*").getAbsolutePath(), "read, write,delete"));
+      perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/certs/-").getAbsolutePath(), "read, write,delete"));
+
+      //TODO
+//    log.trace("granting file read/write permission to MOCCA local");
+//    perms.add(new FilePermission("<<ALL FILES>>", "read, write"));
 
-    // jetty-webstart (spring?)
-    perms.add(new RuntimePermission("getClassLoader"));
-
-    // standard permissions
-    perms.add(new PropertyPermission("*", "read,write"));
-    perms.add(new RuntimePermission("accessDeclaredMembers"));
-    perms.add(new RuntimePermission("accessClassInPackage.*"));
-    perms.add(new RuntimePermission("defineClassInPackage.*"));
-    perms.add(new RuntimePermission("setFactory"));
-    perms.add(new RuntimePermission("getProtectionDomain"));
-    perms.add(new RuntimePermission("modifyThread"));
-    perms.add(new RuntimePermission("modifyThreadGroup"));
-    perms.add(new RuntimePermission("setFactory"));
-    perms.add(new ReflectPermission("suppressAccessChecks"));
-
-    // MOCCA specific
-    perms.add(new SocketPermission("*", "connect,resolve"));
-    perms.add(new NetPermission("specifyStreamHandler"));
-    perms.add(new SecurityPermission("insertProvider.*"));
-    perms.add(new SecurityPermission("putProviderProperty.*"));
-    perms.add(new SecurityPermission("removeProvider.*"));
-    perms.add(new CardPermission("*", "*"));
-    perms.add(new AWTPermission("*"));
-
-    perms.add(new FilePermission(webappDir.getAbsolutePath() + "/-", "read"));
-    perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xalan.properties").getAbsolutePath(), "read"));
-    perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xerces.properties").getAbsolutePath(), "read"));
-    perms.add(new FilePermission(new File(System.getProperty("user.home")).getAbsolutePath(), "read, write"));
-    perms.add(new FilePermission(new File(System.getProperty("user.home") + "/-").getAbsolutePath(), "read, write"));
-    perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/logs/*").getAbsolutePath(), "read, write,delete"));
-    perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/certs/-").getAbsolutePath(), "read, write,delete"));
-
-    //TODO
-    log.trace("granting file read/write permission to MOCCA local");
-    perms.add(new FilePermission("<<ALL FILES>>", "read, write"));
-
+    }
     return perms;
   }
 
@@ -205,4 +251,4 @@ public class Container {
   public void join() throws InterruptedException {
     server.join();
   }
-}
\ No newline at end of file
+}
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java
index 0cfc14e5..0106de62 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java
@@ -27,6 +27,7 @@ import java.awt.event.WindowAdapter;
 import java.net.BindException;
 import java.net.HttpURLConnection;
 import java.net.MalformedURLException;
+import java.net.URI;
 import java.net.URL;
 import java.security.GeneralSecurityException;
 import java.util.jar.Attributes;
@@ -73,21 +74,25 @@ public class Launcher implements BKUControllerInterface, ActionListener {
   /** local bku uri */
   public static final URL HTTP_SECURITY_LAYER_URL;
   public static final URL HTTPS_SECURITY_LAYER_URL;
+  public static final URL INSTALL_CERT_URL;
   public static final URL PIN_MANAGEMENT_URL;
   static {
     URL http = null;
     URL https = null;
     URL pin = null;
+    URL cert = null;
     try {
       http = new URL("http://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3495).intValue());
       https = new URL("https://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3496).intValue());
       pin = new URL(http, "/PINManagement");
+      cert = new URL(http, "/installCertificate");
     } catch (MalformedURLException ex) {
       log.error(ex);
     } finally {
       HTTP_SECURITY_LAYER_URL = http;
       HTTPS_SECURITY_LAYER_URL = https;
       PIN_MANAGEMENT_URL = pin;
+      INSTALL_CERT_URL = cert;
     }
   }
   public static final String version;
@@ -273,7 +278,7 @@ public class Launcher implements BKUControllerInterface, ActionListener {
           Desktop desktop = Desktop.getDesktop();
           if (desktop.isSupported(Desktop.Action.BROWSE)) {
             try {
-              desktop.browse(HTTPS_SECURITY_LAYER_URL.toURI());
+              desktop.browse(HTTP_SECURITY_LAYER_URL.toURI());
             } catch (Exception ex) {
               log.error("failed to open system browser, install TLS certificate manually: " + HTTPS_SECURITY_LAYER_URL, ex);
             }
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java
index 97ca716b..fd94958e 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java
@@ -32,6 +32,7 @@ import org.apache.commons.logging.LogFactory;
 
 public class TLSServerCA {
   public static final int CA_VALIDITY_Y = 3;
+  public static final String MOCCA_TLS_SERVER_ALIAS = "server";
   public static final int SERVER_VALIDITY_Y = 3;
   private final static Log log = LogFactory.getLog(TLSServerCA.class);
 
@@ -127,7 +128,7 @@ public class TLSServerCA {
       generateServerCert();
       KeyStore ks = KeyStore.getInstance("JKS");
       ks.load(null, null);
-      ks.setKeyEntry("server", serverKeyPair.getPrivate(), password, new X509Certificate[]{serverCert, caCert});
+      ks.setKeyEntry(MOCCA_TLS_SERVER_ALIAS, serverKeyPair.getPrivate(), password, new X509Certificate[]{serverCert, caCert});
       return ks;
 //    } catch (Exception e) {
 //      log.error("Cannot generate certificate", e);
diff --git a/BKUWebStart/src/main/jnlp/resources/version.xml b/BKUWebStart/src/main/jnlp/resources/version.xml
index 451fe038..5e504b68 100644
--- a/BKUWebStart/src/main/jnlp/resources/version.xml
+++ b/BKUWebStart/src/main/jnlp/resources/version.xml
@@ -89,41 +89,6 @@
     </pattern>
     <file>servlet-api-2.5-20081211.jar</file>
   </resource>
-  <resource>
-    <pattern>
-      <name>jsp-2.1-jetty-6.1.19.jar</name>
-      <version-id>6.1.19</version-id>
-    </pattern>
-    <file>jsp-2.1-jetty-6.1.19.jar</file>
-  </resource>
-  <resource>
-    <pattern>
-      <name>jsp-2.1-glassfish-9.1.1.B60.25.p0.jar</name>
-      <version-id>9.1.1.B60.25.p0</version-id>
-    </pattern>
-    <file>jsp-2.1-glassfish-9.1.1.B60.25.p0.jar</file>
-  </resource>
-  <resource>
-    <pattern>
-      <name>jsp-api-2.1-glassfish-9.1.1.B60.25.p0.jar</name>
-      <version-id>9.1.1.B60.25.p0</version-id>
-    </pattern>
-    <file>jsp-api-2.1-glassfish-9.1.1.B60.25.p0.jar</file>
-  </resource>
-  <resource>
-    <pattern>
-      <name>ant-1.6.5.jar</name>
-      <version-id>1.6.5</version-id>
-    </pattern>
-    <file>ant-1.6.5.jar</file>
-  </resource>
-  <resource>
-    <pattern>
-      <name>core-3.1.1.jar</name>
-      <version-id>3.1.1</version-id>
-    </pattern>
-    <file>core-3.1.1.jar</file>
-  </resource>
   <resource>
     <pattern>
       <name>slf4j-api-1.5.8.jar</name>
diff --git a/BKUWebStart/src/main/jnlp/template.xml b/BKUWebStart/src/main/jnlp/template.xml
index a8ee0341..8181bc31 100644
--- a/BKUWebStart/src/main/jnlp/template.xml
+++ b/BKUWebStart/src/main/jnlp/template.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<jnlp spec="$jnlpspec" codebase="$$codebase" context="$$context" href="$$name">
+<jnlp spec="$jnlpspec" codebase="http://localhost:8080/webstart/" context="http://localhost:8080" href="mocca.jnlp">
 
   <information>
     <!--title>$project.Name</title-->
@@ -9,15 +9,15 @@
     <homepage href="$project.Url"/>
     <description>$project.Description (BKU) MOCCA Web Start</description>
     <description kind="short">$project.Description</description>
-    <icon kind="shortcut" href="img/chip16.png" width="16" height="16" version="2.0"/>
-    <icon kind="shortcut" href="img/chip24.png" width="24" height="24" version="2.0"/>
-    <icon kind="shortcut" href="img/chip32.png" width="32" height="32" version="2.0"/>
-    <icon kind="shortcut" href="img/chip48.png" width="48" height="48" version="2.0"/>
-    <icon kind="default" href="img/chip16.png" width="16" height="16" version="2.0"/>
-    <icon kind="default" href="img/chip24.png" width="24" height="24" version="2.0"/>
-    <icon kind="default" href="img/chip32.png" width="32" height="32" version="2.0"/>
-    <icon kind="default" href="img/chip48.png" width="48" height="48" version="2.0"/>
-    <icon kind="splash" href="img/splash.png" version="2.0"/>
+    <icon kind="shortcut" href="img/chip16.png" width="16" height="16"/>
+    <icon kind="shortcut" href="img/chip24.png" width="24" height="24"/>
+    <icon kind="shortcut" href="img/chip32.png" width="32" height="32"/>
+    <icon kind="shortcut" href="img/chip48.png" width="48" height="48"/>
+    <icon kind="default" href="img/chip16.png" width="16" height="16"/>
+    <icon kind="default" href="img/chip24.png" width="24" height="24"/>
+    <icon kind="default" href="img/chip32.png" width="32" height="32"/>
+    <icon kind="default" href="img/chip48.png" width="48" height="48"/>
+    <icon kind="splash" href="img/splash.png"/>
     <shortcut online="false">
       <desktop/>
       <menu submenu="e-Government"/>
@@ -39,13 +39,11 @@
 
   <resources os="Mac OS X">
     <java version="$j2seVersion" java-vm-args="-d32"/>
-    <property name="jnlp.versionEnabled" value="true"/>
      $dependencies
   </resources>
 
   <resources>
     <java version="$j2seVersion"/>
-    <property name="jnlp.versionEnabled" value="true"/>
      $dependencies
   </resources>
 
-- 
cgit v1.2.3