From b1c8641a63a67e3c64d948f9e8dce5c01e11e2dd Mon Sep 17 00:00:00 2001
From: mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Wed, 5 May 2010 15:29:01 +0000
Subject: Merged feature branch mocca-1.2.13-id@r724 back to trunk.

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@725 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../java/at/gv/egiz/bku/webstart/Configurator.java |  12 +-
 .../java/at/gv/egiz/bku/webstart/Container.java    |  60 +--
 .../java/at/gv/egiz/bku/webstart/Launcher.java     |  39 +-
 .../gv/egiz/bku/webstart/LogSecurityManager.java   | 443 ---------------------
 BKUWebStart/src/main/jnlp/keystore.ks              | Bin 5635 -> 5639 bytes
 BKUWebStart/src/main/jnlp/template-local.xml       |  18 +-
 BKUWebStart/src/main/jnlp/template-unstable.xml    |   2 +
 BKUWebStart/src/main/jnlp/template.xml             |   2 +
 .../at/gv/egiz/bku/webstart/messages.properties    |  12 +-
 .../at/gv/egiz/bku/webstart/messages_en.properties |  38 ++
 .../at/gv/egiz/bku/webstart/ConfiguratorTest.java  |  12 +
 .../src/test/resources/commons-logging.properties  |   1 -
 12 files changed, 116 insertions(+), 523 deletions(-)
 delete mode 100644 BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/LogSecurityManager.java
 create mode 100644 BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/messages_en.properties
 delete mode 100644 BKUWebStart/src/test/resources/commons-logging.properties

(limited to 'BKUWebStart/src')

diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java
index 37638510..30662ee0 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java
@@ -225,6 +225,12 @@ public class Configurator {
   /**
    * if unknown old, update in any case
    * if known old and unknown min, don't update
+   * 
+   * VERSION := MAJOR[-SNAPSHOT]-rREV
+   * MAJOR   := [0-9\.]*[-BRANCH[-BRANCHVERSION]]
+   *
+   * assume dots '.' appear in major version only (not after "-SNAPSHOT")
+   *
    * @param oldVersion
    * @param minVersion
    * @return
@@ -257,10 +263,10 @@ public class Configurator {
 
         // compare last digit of major
         boolean preRelease = true;
-        int majorEndOld = oldVersion.indexOf("-SNAPSHOT");
+        int majorEndOld = oldVersion.indexOf("-SNAPSHOT"); // 1.0.10-SNAPSHOT-r438, 1.2.12-pinguin-1-SNAPSHOT-r635
         if (majorEndOld < 0) {
           preRelease = false;
-          majorEndOld = oldVersion.indexOf('-'); // 1.0.10-r439
+          majorEndOld = oldVersion.lastIndexOf('-'); // 1.0.10-r439, 1.2.12-pinguin-1-r635
           if (majorEndOld < 0) {
             majorEndOld = oldVersion.length();
           }
@@ -270,7 +276,7 @@ public class Configurator {
         int majorEndMin = minVersion.indexOf("-SNAPSHOT");
         if (majorEndMin < 0) {
           releaseRequired = true;
-          majorEndMin = minVersion.indexOf('-');
+          majorEndMin = minVersion.lastIndexOf('-');
           if (majorEndMin < 0) {
             majorEndMin = minVersion.length();
           }
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
index 4d1fe658..3dcae497 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
@@ -2,7 +2,6 @@ package at.gv.egiz.bku.webstart;
 
 import iaik.utils.StreamCopier;
 
-import java.awt.AWTPermission;
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
 import java.io.BufferedReader;
@@ -10,21 +9,14 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
-import java.io.FilePermission;
 import java.io.FileReader;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
-import java.lang.reflect.ReflectPermission;
-import java.net.NetPermission;
-import java.net.SocketPermission;
 import java.security.AllPermission;
 import java.security.KeyStore;
 import java.security.Permissions;
-import java.security.SecurityPermission;
 import java.security.cert.Certificate;
-import java.util.PropertyPermission;
-import javax.smartcardio.CardPermission;
 import org.mortbay.jetty.Connector;
 import org.mortbay.jetty.Server;
 import org.mortbay.jetty.nio.SelectChannelConnector;
@@ -37,7 +29,7 @@ import org.slf4j.LoggerFactory;
 public class Container {
 
   public static final String HTTP_PORT_PROPERTY = "mocca.http.port";
-  public static final String HTTPS_PORT_PROPERTY = "mocca.http.port";
+  public static final String HTTPS_PORT_PROPERTY = "mocca.https.port";
   private static Logger log = LoggerFactory.getLogger(Container.class);
 
   static {
@@ -126,7 +118,7 @@ public class Container {
     webapp.setParentLoaderPriority(false);
 
     webapp.setWar(copyWebapp(webapp.getTempDirectory()));
-    webapp.setPermissions(getPermissions(webapp.getTempDirectory()));
+//    webapp.setPermissions(getPermissions(webapp.getTempDirectory()));
 
     server.setHandler(webapp);
     server.setGracefulShutdown(1000 * 3);
@@ -172,50 +164,22 @@ public class Container {
     return webapp.getPath();
   }
 
+  /**
+   * grant all permissions, since we need read/write access to save signature data files anywhere (JFileChooser) in the local filesystem
+   * and Jetty does not allow declare (webapp) permissions on a codeBase basis.
+   * @param webappDir
+   * @return
+   */
   private Permissions getPermissions(File webappDir) {
     Permissions perms = new Permissions();
     perms.add(new AllPermission());
+//      perms.add(new FilePermission(new File(System.getProperty("user.home")).getAbsolutePath(), "read, write"));
+//      perms.add(new FilePermission(new File(System.getProperty("user.home") + "/-").getAbsolutePath(), "read, write"));
+//      perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/logs/*").getAbsolutePath(), "read, write,delete"));
+//      perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/certs/-").getAbsolutePath(), "read, write,delete"));
 
-
-    if (false) {
-
-      // jetty-webstart (spring?)
-      perms.add(new RuntimePermission("getClassLoader"));
-
-      // standard permissions
-      perms.add(new PropertyPermission("*", "read,write"));
-      perms.add(new RuntimePermission("accessDeclaredMembers"));
-      perms.add(new RuntimePermission("accessClassInPackage.*"));
-      perms.add(new RuntimePermission("defineClassInPackage.*"));
-      perms.add(new RuntimePermission("setFactory"));
-      perms.add(new RuntimePermission("getProtectionDomain"));
-      perms.add(new RuntimePermission("modifyThread"));
-      perms.add(new RuntimePermission("modifyThreadGroup"));
-      perms.add(new RuntimePermission("setFactory"));
-      perms.add(new ReflectPermission("suppressAccessChecks"));
-
-      // MOCCA specific
-      perms.add(new SocketPermission("*", "connect,resolve"));
-      perms.add(new NetPermission("specifyStreamHandler"));
-      perms.add(new SecurityPermission("insertProvider.*"));
-      perms.add(new SecurityPermission("putProviderProperty.*"));
-      perms.add(new SecurityPermission("removeProvider.*"));
-      perms.add(new CardPermission("*", "*"));
-      perms.add(new AWTPermission("*"));
-
-      perms.add(new FilePermission(webappDir.getAbsolutePath() + "/-", "read"));
-      perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xalan.properties").getAbsolutePath(), "read"));
-      perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xerces.properties").getAbsolutePath(), "read"));
-      perms.add(new FilePermission(new File(System.getProperty("user.home")).getAbsolutePath(), "read, write"));
-      perms.add(new FilePermission(new File(System.getProperty("user.home") + "/-").getAbsolutePath(), "read, write"));
-      perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/logs/*").getAbsolutePath(), "read, write,delete"));
-      perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/certs/-").getAbsolutePath(), "read, write,delete"));
-
-      //TODO
-//    log.trace("granting file read/write permission to MOCCA local");
 //    perms.add(new FilePermission("<<ALL FILES>>", "read, write"));
 
-    }
     return perms;
   }
 
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java
index ef7edef1..e1cdb657 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java
@@ -11,7 +11,7 @@ import java.util.ResourceBundle;
 
 import javax.jnlp.UnavailableServiceException;
 
-import com.sun.javaws.security.JavaWebStartSecurity;
+//import com.sun.javaws.security.JavaWebStartSecurity;
 import java.awt.AWTException;
 import java.awt.Desktop;
 import java.awt.Image;
@@ -88,11 +88,11 @@ public class Launcher implements BKUControllerInterface, ActionListener {
     URL cert = null;
     URL help = null;
     try {
-      http = new URL("http://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3495).intValue());
-      https = new URL("https://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3496).intValue());
+      http = new URL("http://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3495).intValue() + '/');
+      https = new URL("https://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3496).intValue() + '/');
       pin = new URL(http, "/PINManagement");
-      cert = new URL(http, "/installCertificate");
-      help = new URL(http, "/help");
+      cert = new URL(http, "/ca.crt");
+      help = new URL(http, "/help/");
     } catch (MalformedURLException ex) {
       log.error("Failed to create URL.", ex);
     } finally {
@@ -134,13 +134,15 @@ public class Launcher implements BKUControllerInterface, ActionListener {
   
   public Launcher() {
     log.info("Initializing Launcher");
-    if (log.isTraceEnabled()) {
-      SecurityManager sm = System.getSecurityManager();
-      if (sm instanceof JavaWebStartSecurity) {
-        System.setSecurityManager(new LogSecurityManager((JavaWebStartSecurity) sm));
-      }
-    }
+
+    // SocketPerm * required (DataURL), FilePermission * write (JFileChooser) required,
+    // jetty does not allow fine-grained permission config (codeBase?)
+    // ie. we don't need a security manager
+    log.trace("disabling (JNLP) security manager");
+    System.setSecurityManager(null);
+
     messages = ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault());
+    //TODO replace with statusNotifier
     trayIcon = initTrayIcon();
   }
 
@@ -213,7 +215,7 @@ public class Launcher implements BKUControllerInterface, ActionListener {
         Image image = ImageIO.read(getClass().getResourceAsStream(iconResource));
 
         PopupMenu popup = new PopupMenu();
-        
+
         MenuItem helpItem = new MenuItem(messages.getString(LABEL_HELP));
         helpItem.addActionListener(this);
         helpItem.setActionCommand(HELP_COMMAND);
@@ -237,6 +239,7 @@ public class Launcher implements BKUControllerInterface, ActionListener {
         popup.add(aboutItem);
 
         TrayIcon ti = new TrayIcon(image, messages.getString(TOOLTIP_DEFAULT), popup);
+        ti.setImageAutoSize(true);
         ti.addActionListener(this);
         tray.add(ti);
         return ti;
@@ -301,7 +304,11 @@ public class Launcher implements BKUControllerInterface, ActionListener {
       }
       if (config.isCertRenewed()) {
         try {
-          browse(HTTP_SECURITY_LAYER_URL);
+          if ("".equals(messages.getLocale().getLanguage())) {
+            browse(HTTP_SECURITY_LAYER_URL);
+          } else {
+            browse(new URL(HTTP_SECURITY_LAYER_URL, messages.getLocale().getLanguage()));
+          }
         } catch (Exception ex) {
           log.error("failed to open system browser, install TLS certificate manually: " + HTTPS_SECURITY_LAYER_URL, ex);
         }
@@ -364,7 +371,11 @@ public class Launcher implements BKUControllerInterface, ActionListener {
     } else if (HELP_COMMAND.equals(e.getActionCommand())) {
       log.debug("help page requested via tray menu");
       try {
-        browse(HELP_URL);
+        if ("".equals(messages.getLocale().getLanguage())) {
+          browse(HELP_URL);
+        } else {
+          browse(new URL(HELP_URL, messages.getLocale().getLanguage()));
+        }
       } catch (Exception ex) {
         log.error("Failed to open " + HELP_URL, ex);
         String msg = MessageFormat.format(messages.getString(ERROR_OPEN_URL), HELP_URL);
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/LogSecurityManager.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/LogSecurityManager.java
deleted file mode 100644
index d589812e..00000000
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/LogSecurityManager.java
+++ /dev/null
@@ -1,443 +0,0 @@
-/*
- * Copyright 2008 Federal Chancellery Austria and
- * Graz University of Technology
- * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *     http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package at.gv.egiz.bku.webstart;
-
-import com.sun.javaws.security.JavaWebStartSecurity;
-import java.io.FileDescriptor;
-import java.net.InetAddress;
-import java.security.Permission;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * JVM argument -Djava.security.debug=access,failure
- * (passed as attribute to java element in jnlp) is ignored.
- * 
- * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
- */
-public class LogSecurityManager extends SecurityManager {
-
-  protected static final Logger log = LoggerFactory.getLogger(LogSecurityManager.class);
-  JavaWebStartSecurity sm;
-
-  public LogSecurityManager(JavaWebStartSecurity sm) {
-    this.sm = sm;
-//    AppPolicy policy = AppPolicy.getInstance();
-//    SecurityManager sm = System.getSecurityManager();
-  }
-
-  @Override
-  public void checkAccept(String host, int port) {
-    try {
-      sm.checkAccept(host, port);
-    } catch (SecurityException ex) {
-      log.warn("checkAccept(" + host + ", " + port + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkAccess(Thread g) {
-    try {
-      sm.checkAccess(g);
-    } catch (SecurityException ex) {
-      log.warn("checkAccess(" + g + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkAccess(ThreadGroup g) {
-    try {
-      sm.checkAccess(g);
-    } catch (SecurityException ex) {
-      log.warn("checkAccess(" + g + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-
-  }
-
-  @Override
-  public void checkAwtEventQueueAccess() {
-    try {
-      sm.checkAwtEventQueueAccess();
-    } catch (SecurityException ex) {
-      log.warn("checkAwtEventQAccess():" + ex.getMessage(), ex);
-      throw ex;
-    }
-
-  }
-
-  @Override
-  public void checkConnect(String host, int port) {
-    try {
-      sm.checkConnect(host, port);
-    } catch (SecurityException ex) {
-      log.warn("checkConnect(" + host + ", " + port + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkConnect(String host, int port, Object context) {
-    try {
-      sm.checkConnect(host, port, context);
-    } catch (SecurityException ex) {
-      log.warn("checkConnect(" + host + ", " + port + ", " + context + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkCreateClassLoader() {
-    try {
-      sm.checkCreateClassLoader();
-    } catch (SecurityException ex) {
-      log.warn("checkCreateClassLoader(): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkDelete(String file) {
-    try {
-      sm.checkDelete(file);
-    } catch (SecurityException ex) {
-      log.warn("checkDelete(" + file + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkExec(String cmd) {
-    try {
-      sm.checkExec(cmd);
-    } catch (SecurityException ex) {
-      log.warn("checkExec(" + cmd + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkExit(int status) {
-    try {
-      sm.checkExit(status);
-    } catch (SecurityException ex) {
-      log.warn("checkExit(" + status + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkLink(String lib) {
-    try {
-      sm.checkLink(lib);
-    } catch (SecurityException ex) {
-      log.warn("checkLink(" + lib + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkListen(int port) {
-    try {
-      sm.checkListen(port);
-    } catch (SecurityException ex) {
-      log.warn("checkListen(" + port + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkMemberAccess(Class<?> clazz, int which) {
-    try {
-      sm.checkMemberAccess(clazz, which);
-    } catch (SecurityException ex) {
-      log.warn("checkMemberAccess(" + clazz + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkMulticast(InetAddress maddr) {
-    try {
-      sm.checkMulticast(maddr);
-    } catch (SecurityException ex) {
-      log.warn("checkMulticast(" + maddr + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @SuppressWarnings("deprecation")
-  @Override
-  public void checkMulticast(InetAddress maddr, byte ttl) {
-    try {
-      sm.checkMulticast(maddr,ttl);
-    } catch (SecurityException ex) {
-      log.warn("checkMulticast(" + maddr + "," + ttl + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkPackageAccess(String pkg) {
-    try {
-      sm.checkPackageAccess(pkg);
-    } catch (SecurityException ex) {
-      log.warn("checkPackageAccess(" + pkg + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkPackageDefinition(String pkg) {
-    try {
-      sm.checkPackageDefinition(pkg);
-    } catch (SecurityException ex) {
-      log.warn("checkPackageDefinition(" + pkg + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkPermission(Permission perm) {
-    try {
-      sm.checkPermission(perm);
-    } catch (SecurityException ex) {
-      log.warn("checkPermission(" + perm.toString() + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkPermission(Permission perm, Object context) {
-    try {
-      sm.checkPermission(perm, context);
-    } catch (SecurityException ex) {
-      log.warn("checkPermission(" + perm.toString() + ", ctx): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkPrintJobAccess() {
-    try {
-      sm.checkPrintJobAccess();
-    } catch (SecurityException ex) {
-      log.info("checkPrintJobAccess(): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  /**
-   * allowed
-   */
-  @Override
-  public void checkPropertiesAccess() {
-    try {
-      sm.checkPropertiesAccess();
-    } catch (SecurityException ex) {
-      log.info("checkPropertiesAccess(): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  /**
-   * access to all properties allowed
-   * @param key
-   */
-  @Override
-  public void checkPropertyAccess(String key) {
-    try {
-      sm.checkPropertyAccess(key);
-    } catch (SecurityException ex) {
-      log.info("checkPropertyAccess(" + key + "): " + ex.getMessage());
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkRead(FileDescriptor fd) {
-    try {
-      sm.checkRead(fd);
-    } catch (SecurityException ex) {
-      log.warn("checkRead(" + fd + ") " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkRead(String file) {
-    try {
-      sm.checkRead(file);
-    } catch (SecurityException ex) {
-      log.warn("checkRead(" + file + ") " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkRead(String file, Object context) {
-    try {
-      sm.checkRead(file, context);
-    } catch (SecurityException ex) {
-      log.warn("checkRead(" + file + ") " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkSecurityAccess(String target) {
-    try {
-      sm.checkSecurityAccess(target);
-    } catch (SecurityException ex) {
-      log.info("checkSecurityAccess(" + target + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public void checkSetFactory() {
-    log.info("checkSetFactory() ");
-    try {
-      sm.checkSetFactory();
-    } catch (SecurityException ex) {
-      log.warn("checkSetFactroy(): " + ex.getMessage(), ex);
-      throw ex;
-    }
-
-  }
-
-  @Override
-  public void checkSystemClipboardAccess() {
-    try {
-      sm.checkSystemClipboardAccess();
-    } catch (SecurityException ex) {
-      log.info("checkSystemClipboardAccess(): " + ex.getMessage(), ex);
-      throw ex;
-    }
-  }
-
-  @Override
-  public boolean checkTopLevelWindow(Object window) {
-    log.info("checkTopLevelWindow(Object window)");
-    try {
-      return sm.checkTopLevelWindow(window);
-    } catch (SecurityException ex) {
-      log.warn("checkTopLevelWindow(" + window + "): " + ex.getMessage(), ex);
-      throw ex;
-    }
-
-  }
-
-  @Override
-  public void checkWrite(FileDescriptor fd) {
-    try {
-      sm.checkWrite(fd);
-    } catch (SecurityException ex) {
-      log.info("checkWrite(" + fd + "): " + ex.getMessage(), ex);
-    }
-  }
-
-  @Override
-  public void checkWrite(String file) {
-    try {
-      sm.checkWrite(file);
-    } catch (SecurityException ex) {
-      log.info("checkWrite(" + file + "): " + ex.getMessage(), ex);
-    }
-  }
-
-//  @Override
-//  protected int classDepth(String name) {
-//    log.info("classDepth(String name)"); return this.classDepth(name);
-//  }
-//
-//  @Override
-//  protected int classLoaderDepth() {
-//    log.info("classLoaderDepth"); return sm.classLoaderDepth();
-//  }
-//
-//  @Override
-//  protected Object clone() throws CloneNotSupportedException {
-//    log.info("clone"); return sm.clone();
-//  }
-//
-//  @Override
-//  protected ClassLoader currentClassLoader() {
-//    log.info("currentClassLoader"); return sm.currentClassLoader();
-//  }
-//
-//  @Override
-//  protected Class<?> currentLoadedClass() {
-//    log.info("currentLoadedClass"); return sm.currentLoadedClass();
-//  }
-  @Override
-  public boolean equals(Object obj) {
-    log.info("equals");
-    return sm.equals(obj);
-  }
-
-//  @Override
-//  protected void finalize() throws Throwable {
-//    log.info("finalize"); sm.finalize();
-//  }
-//  @Override
-//  protected Class[] getClassContext() {
-//    log.info("getClassContext"); return sm.getClassContext();
-//  }
-  @SuppressWarnings("deprecation")
-  @Override
-  public boolean getInCheck() {
-    log.info("getInCheck");
-    return sm.getInCheck();
-  }
-
-  @Override
-  public Object getSecurityContext() {
-    log.info("getSecurityContext");
-    return sm.getSecurityContext();
-  }
-
-  @Override
-  public ThreadGroup getThreadGroup() {
-    log.info("getThreadGroup");
-    return sm.getThreadGroup();
-  }
-
-  @Override
-  public int hashCode() {
-    log.info("hashCode");
-    return sm.hashCode();
-  }
-
-//  @Override
-//  protected boolean inClass(String name) {
-//    log.info("inClass"); return sm.inClass(name);
-//  }
-//
-//  @Override
-//  protected boolean inClassLoader() {
-//    log.info(""); return sm.inClassLoader();
-//  }
-  @Override
-  public String toString() {
-    log.info("toString");
-    return sm.toString();
-  }
-}
diff --git a/BKUWebStart/src/main/jnlp/keystore.ks b/BKUWebStart/src/main/jnlp/keystore.ks
index 824c3a40..ba0b4652 100644
Binary files a/BKUWebStart/src/main/jnlp/keystore.ks and b/BKUWebStart/src/main/jnlp/keystore.ks differ
diff --git a/BKUWebStart/src/main/jnlp/template-local.xml b/BKUWebStart/src/main/jnlp/template-local.xml
index f9a7d917..2e89f2ed 100644
--- a/BKUWebStart/src/main/jnlp/template-local.xml
+++ b/BKUWebStart/src/main/jnlp/template-local.xml
@@ -5,16 +5,18 @@
     <title>MOCCA Developement</title>
     <vendor>E-Government Innovationszentrum (EGIZ)</vendor>
     <homepage href="${project.Url}"/>
-    <description>${project.Description} (BKU) MOCCA Web Start - Developement Version</description>
-    <description kind="short">${project.Description}</description>
-    <icon kind="shortcut" href="img/chip16.png" width="16" height="16"/>
-    <icon kind="shortcut" href="img/chip24.png" width="24" height="24"/>
-    <icon kind="shortcut" href="img/chip32.png" width="32" height="32"/>
+    <description>MOCCA Web Start - Developement Version</description>
+    <description kind="short">MOCCA Development</description>
     <icon kind="shortcut" href="img/chip48.png" width="48" height="48"/>
-    <icon kind="default" href="img/chip16.png" width="16" height="16"/>
-    <icon kind="default" href="img/chip24.png" width="24" height="24"/>
-    <icon kind="default" href="img/chip32.png" width="32" height="32"/>
+    <icon kind="shortcut" href="img/chip32.png" width="32" height="32"/>
+    <icon kind="shortcut" href="img/chip24.png" width="24" height="24"/>
+    <icon kind="shortcut" href="img/chip16.png" width="16" height="16"/>
     <icon kind="default" href="img/chip48.png" width="48" height="48"/>
+    <icon kind="default" href="img/chip32.png" width="32" height="32"/>
+    <icon kind="default" href="img/chip24.png" width="24" height="24"/>
+    <icon kind="default" href="img/chip16.png" width="16" height="16"/>
+    <!-- MacOS X (dock, programmumschalter) icon (unfortunately also iconf for trayIcon INFO message) -->
+    <icon kind="default" href="img/chip128.png" width="128" height="128"/>
     <icon kind="splash" href="img/splash.png"/>
     <shortcut online="true">
       <desktop/>
diff --git a/BKUWebStart/src/main/jnlp/template-unstable.xml b/BKUWebStart/src/main/jnlp/template-unstable.xml
index 7d0f474a..d562d4ed 100644
--- a/BKUWebStart/src/main/jnlp/template-unstable.xml
+++ b/BKUWebStart/src/main/jnlp/template-unstable.xml
@@ -11,10 +11,12 @@
     <icon kind="shortcut" href="img/chip24.png" width="24" height="24"/>
     <icon kind="shortcut" href="img/chip32.png" width="32" height="32"/>
     <icon kind="shortcut" href="img/chip48.png" width="48" height="48"/>
+    <icon kind="shortcut" href="img/chip128.png" width="128" height="128"/>
     <icon kind="default" href="img/chip16.png" width="16" height="16"/>
     <icon kind="default" href="img/chip24.png" width="24" height="24"/>
     <icon kind="default" href="img/chip32.png" width="32" height="32"/>
     <icon kind="default" href="img/chip48.png" width="48" height="48"/>
+    <icon kind="default" href="img/chip128.png" width="128" height="128"/>
     <icon kind="splash" href="img/splash.png"/>
     <shortcut online="true">
       <desktop/>
diff --git a/BKUWebStart/src/main/jnlp/template.xml b/BKUWebStart/src/main/jnlp/template.xml
index b56f88b7..83130493 100644
--- a/BKUWebStart/src/main/jnlp/template.xml
+++ b/BKUWebStart/src/main/jnlp/template.xml
@@ -11,10 +11,12 @@
     <icon kind="shortcut" href="img/chip24.png" width="24" height="24"/>
     <icon kind="shortcut" href="img/chip32.png" width="32" height="32"/>
     <icon kind="shortcut" href="img/chip48.png" width="48" height="48"/>
+    <icon kind="shortcut" href="img/chip128.png" width="128" height="128"/>
     <icon kind="default" href="img/chip16.png" width="16" height="16"/>
     <icon kind="default" href="img/chip24.png" width="24" height="24"/>
     <icon kind="default" href="img/chip32.png" width="32" height="32"/>
     <icon kind="default" href="img/chip48.png" width="48" height="48"/>
+    <icon kind="default" href="img/chip128.png" width="128" height="128"/>
     <icon kind="splash" href="img/splash.png"/>
     <shortcut online="true">
       <desktop/>
diff --git a/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/messages.properties b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/messages.properties
index 9ba359be..8b27b6e3 100644
--- a/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/messages.properties
+++ b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/messages.properties
@@ -15,12 +15,12 @@
 
 tray.caption.default=B\u00FCrgerkarte
 tray.caption.error=Fehler
-tray.message.start=B\u00FCrgerkartenumgebung wird gestartet...
-tray.message.start.offline=B\u00FCrgerkartenumgebung wird offline gestartet...
-tray.message.config=Konfiguration wird geladen
-tray.message.certs=Zertifikate werden geladen
-tray.message.finished=B\u00FCrgerkartenumgebung erfolgreich gestartet
-tray.message.shutdown=B\u00FCrgerkartenumgebung wird beendet
+tray.message.start=wird gestartet...
+tray.message.start.offline=wird offline gestartet...
+tray.message.config=lade Konfiguration
+tray.message.certs=lade Zertifikate
+tray.message.finished=erfolgreich gestartet
+tray.message.shutdown=wird beendet
 tray.error.start=B\u00FCrgerkartenumgebung konnte nicht gestartet werden
 tray.error.config=Konfiguration konnte nicht initialisiert werden, B\u00FCrberkartenumgebung wird nicht gestartet
 tray.error.bind=Die f\u00FCr die B\u00FCrgerkartenumgebung reservierte Adresse wird bereits von einem anderen Dienst verwendet
diff --git a/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/messages_en.properties b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/messages_en.properties
new file mode 100644
index 00000000..ee11f2a8
--- /dev/null
+++ b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/messages_en.properties
@@ -0,0 +1,38 @@
+# Copyright 2008 Federal Chancellery Austria and
+# Graz University of Technology
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+tray.caption.default=CitizenCard
+tray.caption.error=Error
+tray.message.start=starting...
+tray.message.start.offline=starting offline...
+tray.message.config=loading configuration
+tray.message.certs=loading certificates
+tray.message.finished=successfully started
+tray.message.shutdown=shutting down CitizenCard environment
+tray.error.start=failed to start CitizenCard environment
+tray.error.config=failed to initialize configuration, CitizenCard environment not started
+tray.error.bind=another service is using the address reserved for the CitizenCard environment
+tray.error.pin.connect=failed to connect to PIN management
+tray.error.open.url=failed to open {0}
+tray.label.shutdown=Close
+tray.label.pin=PIN management
+tray.label.help=Help
+tray.label.about=About...
+tray.tooltip.default=CitizenCard
+about.frame.title=CitizenCard
+about.title=<html>CitizenCard Environment
+about.version=<html>Version: {0}
+button.ok=Confirm
+button.close=Close
diff --git a/BKUWebStart/src/test/java/at/gv/egiz/bku/webstart/ConfiguratorTest.java b/BKUWebStart/src/test/java/at/gv/egiz/bku/webstart/ConfiguratorTest.java
index 4f5798d5..3700212d 100644
--- a/BKUWebStart/src/test/java/at/gv/egiz/bku/webstart/ConfiguratorTest.java
+++ b/BKUWebStart/src/test/java/at/gv/egiz/bku/webstart/ConfiguratorTest.java
@@ -158,6 +158,18 @@ public class ConfiguratorTest {
     result = Configurator.updateRequired(oldVersion, minVersion);
     assertEquals(expResult, result);
 
+    oldVersion = "1.2.3-r123";
+    minVersion = "1.2.4-r124";
+    expResult = true;
+    result = Configurator.updateRequired(oldVersion, minVersion);
+    assertEquals(expResult, result);
+
+    oldVersion = "1.2.3-SNAPSHOT-r123";
+    minVersion = "1.2.4-SNAPSHOT";
+    expResult = true;
+    result = Configurator.updateRequired(oldVersion, minVersion);
+    assertEquals(expResult, result);
+
     oldVersion = "1";
     minVersion = "2";
     expResult = true;
diff --git a/BKUWebStart/src/test/resources/commons-logging.properties b/BKUWebStart/src/test/resources/commons-logging.properties
deleted file mode 100644
index 29292562..00000000
--- a/BKUWebStart/src/test/resources/commons-logging.properties
+++ /dev/null
@@ -1 +0,0 @@
-org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger
-- 
cgit v1.2.3