From dd04951a76fc6406755a94ecf547c0797f062fa2 Mon Sep 17 00:00:00 2001
From: clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Fri, 28 Aug 2009 17:53:01 +0000
Subject: replace installCertificate servlet with der encoded crt file in
 webapp/ moved local-webstart profile to BKUWebStart (jnlp-inline goal) help
 note for internet explorer on visat/7

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@482 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../java/at/gv/egiz/bku/webstart/Container.java    |  47 +++++++++++--------
 .../java/at/gv/egiz/bku/webstart/Launcher.java     |   6 +--
 .../java/at/gv/egiz/bku/webstart/TLSServerCA.java  |  10 ++--
 BKUWebStart/src/main/jnlp/keystore.ks              | Bin 0 -> 5635 bytes
 .../src/main/jnlp/resources/img/chip128.png        | Bin 0 -> 7775 bytes
 BKUWebStart/src/main/jnlp/resources/img/chip16.png | Bin 0 -> 787 bytes
 BKUWebStart/src/main/jnlp/resources/img/chip24.png | Bin 0 -> 1227 bytes
 BKUWebStart/src/main/jnlp/resources/img/chip32.png | Bin 0 -> 1753 bytes
 BKUWebStart/src/main/jnlp/resources/img/chip48.png | Bin 0 -> 2771 bytes
 BKUWebStart/src/main/jnlp/resources/img/splash.png | Bin 0 -> 41455 bytes
 .../src/main/jnlp/resources/img/version.xml        |  52 +++++++++++++++++++++
 BKUWebStart/src/main/jnlp/resources/player.jnlp    |   3 ++
 BKUWebStart/src/main/jnlp/template-local.xml       |  40 ++++++++++++++++
 13 files changed, 132 insertions(+), 26 deletions(-)
 create mode 100644 BKUWebStart/src/main/jnlp/keystore.ks
 create mode 100644 BKUWebStart/src/main/jnlp/resources/img/chip128.png
 create mode 100644 BKUWebStart/src/main/jnlp/resources/img/chip16.png
 create mode 100644 BKUWebStart/src/main/jnlp/resources/img/chip24.png
 create mode 100644 BKUWebStart/src/main/jnlp/resources/img/chip32.png
 create mode 100644 BKUWebStart/src/main/jnlp/resources/img/chip48.png
 create mode 100644 BKUWebStart/src/main/jnlp/resources/img/splash.png
 create mode 100644 BKUWebStart/src/main/jnlp/resources/img/version.xml
 create mode 100644 BKUWebStart/src/main/jnlp/resources/player.jnlp
 create mode 100644 BKUWebStart/src/main/jnlp/template-local.xml

(limited to 'BKUWebStart/src')

diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
index 3bf74d3c..2feae267 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
@@ -22,7 +22,6 @@ import java.security.KeyStore;
 import java.security.Permissions;
 import java.security.SecurityPermission;
 import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
 import java.util.PropertyPermission;
 import javax.smartcardio.CardPermission;
 import org.apache.commons.logging.Log;
@@ -38,7 +37,6 @@ public class Container {
 
   public static final String HTTP_PORT_PROPERTY = "mocca.http.port";
   public static final String HTTPS_PORT_PROPERTY = "mocca.http.port";
-  public static final String SERVER_CA_CERTIFICATE_ATTRIBUTE = "mocca.tls.server.ca.certificate";
   private static Log log = LogFactory.getLog(Container.class);
 
   static {
@@ -51,6 +49,8 @@ public class Container {
     }
   }
   private Server server;
+  private WebAppContext webapp;
+  private Certificate caCertificate;
 
   public void init() throws IOException {
 //    System.setProperty("DEBUG", "true");
@@ -118,33 +118,19 @@ public class Container {
 
     server.setConnectors(new Connector[]{connector, sslConnector});
 
-    WebAppContext webapp = new WebAppContext();
+    webapp = new WebAppContext();
     webapp.setLogUrlOnStart(true);
     webapp.setContextPath("/");
     webapp.setExtractWAR(true);
     webapp.setParentLoaderPriority(false);
 
-    try {
-      // no way to get certificate from within the servlet (SSLEngine/Jetty SSLSocketConnector/SSLContext?)
-      if (log.isTraceEnabled()) {
-        log.trace("local ca certificate from " + keystoreFile + " in webapp context at " + SERVER_CA_CERTIFICATE_ATTRIBUTE);
-      }
-      BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile));
-      KeyStore sslKeyStore = KeyStore.getInstance("JKS");
-      sslKeyStore.load(bis, passwd.toCharArray());
-      Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS);
-      webapp.setAttribute(SERVER_CA_CERTIFICATE_ATTRIBUTE, sslChain[sslChain.length - 1]);
-      bis.close();
-    } catch (Exception ex) {
-      log.error("Failed to load local ca certificate", ex);
-      log.warn("automated web certificate installation will not be available");
-    }
-
     webapp.setWar(copyWebapp(webapp.getTempDirectory()));
     webapp.setPermissions(getPermissions(webapp.getTempDirectory()));
 
     server.setHandler(webapp);
     server.setGracefulShutdown(1000 * 3);
+    
+    loadCACertificate(keystoreFile, passwd.toCharArray());
   }
 
   /**
@@ -234,6 +220,12 @@ public class Container {
 
   public void start() throws Exception {
     server.start();
+    // webapp.getBaseResource() 
+    File caCertFile = new File(webapp.getTempDirectory(), "webapp/ca.crt");
+    BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(caCertFile));
+    bos.write(caCertificate.getEncoded());
+    bos.flush();
+    bos.close();
   }
 
   public boolean isRunning() {
@@ -251,4 +243,21 @@ public class Container {
   public void join() throws InterruptedException {
     server.join();
   }
+
+  private void loadCACertificate(File keystoreFile, char[] passwd) {
+    try {
+      if (log.isTraceEnabled()) {
+        log.trace("local ca certificate from " + keystoreFile);
+      }
+      BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile));
+      KeyStore sslKeyStore = KeyStore.getInstance("JKS");
+      sslKeyStore.load(bis, passwd);
+      Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS);
+      caCertificate = sslChain[sslChain.length - 1];
+      bis.close();
+    } catch (Exception ex) {
+      log.error("Failed to load local ca certificate", ex);
+      log.warn("automated web certificate installation will not be available");
+    }
+  }
 }
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java
index 8cc9817f..2bf42ccb 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java
@@ -9,8 +9,6 @@ import java.net.URISyntaxException;
 import java.util.Locale;
 import java.util.ResourceBundle;
 
-import java.util.logging.Level;
-import java.util.logging.Logger;
 import javax.jnlp.UnavailableServiceException;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -28,9 +26,7 @@ import java.awt.event.ActionEvent;
 import java.awt.event.ActionListener;
 import java.awt.event.WindowAdapter;
 import java.net.BindException;
-import java.net.HttpURLConnection;
 import java.net.MalformedURLException;
-import java.net.URI;
 import java.net.URL;
 import java.security.GeneralSecurityException;
 import java.text.MessageFormat;
@@ -175,6 +171,7 @@ public class Launcher implements BKUControllerInterface, ActionListener {
       }
       throw ex;
     } catch (Exception ex) {
+      ex.printStackTrace();
       log.fatal("Failed to launch server, " + ex.getMessage(), ex);
       trayIcon.displayMessage(messages.getString(CAPTION_ERROR),
               messages.getString(ERROR_START), TrayIcon.MessageType.ERROR);
@@ -381,6 +378,7 @@ public class Launcher implements BKUControllerInterface, ActionListener {
       Launcher launcher = new Launcher();
       launcher.launch();
     } catch (Exception ex) {
+      ex.printStackTrace();
       log.debug(ex);
       log.info("waiting to shutdown...");
       Thread.sleep(5000);
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java
index fd94958e..08a06570 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java
@@ -64,9 +64,13 @@ public class TLSServerCA {
 
     caCert.addExtension(new SubjectKeyIdentifier(caKeyPair.getPublic()));
 
-    caCert.addExtension(new BasicConstraints(true));
-    caCert.addExtension(new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign
-        | KeyUsage.digitalSignature));
+    BasicConstraints bc = new BasicConstraints(true);
+    bc.setCritical(true);
+    caCert.addExtension(bc);
+    KeyUsage ku = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign
+        | KeyUsage.digitalSignature);
+    ku.setCritical(true);
+    caCert.addExtension(ku);
 
     GregorianCalendar date = new GregorianCalendar();
     date.add(Calendar.HOUR_OF_DAY, -1);
diff --git a/BKUWebStart/src/main/jnlp/keystore.ks b/BKUWebStart/src/main/jnlp/keystore.ks
new file mode 100644
index 00000000..824c3a40
Binary files /dev/null and b/BKUWebStart/src/main/jnlp/keystore.ks differ
diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip128.png b/BKUWebStart/src/main/jnlp/resources/img/chip128.png
new file mode 100644
index 00000000..c36d8079
Binary files /dev/null and b/BKUWebStart/src/main/jnlp/resources/img/chip128.png differ
diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip16.png b/BKUWebStart/src/main/jnlp/resources/img/chip16.png
new file mode 100644
index 00000000..96b580e9
Binary files /dev/null and b/BKUWebStart/src/main/jnlp/resources/img/chip16.png differ
diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip24.png b/BKUWebStart/src/main/jnlp/resources/img/chip24.png
new file mode 100644
index 00000000..efd6dbeb
Binary files /dev/null and b/BKUWebStart/src/main/jnlp/resources/img/chip24.png differ
diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip32.png b/BKUWebStart/src/main/jnlp/resources/img/chip32.png
new file mode 100644
index 00000000..e7efb020
Binary files /dev/null and b/BKUWebStart/src/main/jnlp/resources/img/chip32.png differ
diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip48.png b/BKUWebStart/src/main/jnlp/resources/img/chip48.png
new file mode 100644
index 00000000..491fbcac
Binary files /dev/null and b/BKUWebStart/src/main/jnlp/resources/img/chip48.png differ
diff --git a/BKUWebStart/src/main/jnlp/resources/img/splash.png b/BKUWebStart/src/main/jnlp/resources/img/splash.png
new file mode 100644
index 00000000..597fbc60
Binary files /dev/null and b/BKUWebStart/src/main/jnlp/resources/img/splash.png differ
diff --git a/BKUWebStart/src/main/jnlp/resources/img/version.xml b/BKUWebStart/src/main/jnlp/resources/img/version.xml
new file mode 100644
index 00000000..5e160beb
--- /dev/null
+++ b/BKUWebStart/src/main/jnlp/resources/img/version.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<jnlp-versions>
+  <resource>
+    <pattern>
+      <name>chip16.png</name>
+      <version-id>2.0</version-id>
+    </pattern>
+    <file>chip16.png</file>
+  </resource>
+  <resource>
+    <pattern>
+      <name>chip24.png</name>
+      <version-id>2.0</version-id>
+    </pattern>
+    <file>chip24.png</file>
+  </resource>
+  <resource>
+    <pattern>
+      <name>chip32.png</name>
+      <version-id>2.0</version-id>
+    </pattern>
+    <file>chip32.png</file>
+  </resource>
+  <resource>
+    <pattern>
+      <name>chip48.png</name>
+      <version-id>2.0</version-id>
+    </pattern>
+    <file>chip48.png</file>
+  </resource>
+  <resource>
+    <pattern>
+      <name>chip64.png</name>
+      <version-id>2.0</version-id>
+    </pattern>
+    <file>chip64.png</file>
+  </resource>
+  <resource>
+    <pattern>
+      <name>chip128.png</name>
+      <version-id>2.0</version-id>
+    </pattern>
+    <file>chip128.png</file>
+  </resource>
+  <resource>
+    <pattern>
+      <name>splash.png</name>
+      <version-id>2.0</version-id>
+    </pattern>
+    <file>splash.png</file>
+  </resource>
+</jnlp-versions>
diff --git a/BKUWebStart/src/main/jnlp/resources/player.jnlp b/BKUWebStart/src/main/jnlp/resources/player.jnlp
new file mode 100644
index 00000000..da08ebc2
--- /dev/null
+++ b/BKUWebStart/src/main/jnlp/resources/player.jnlp
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Jump specific JNL file for launching the player -->
+<player/>
\ No newline at end of file
diff --git a/BKUWebStart/src/main/jnlp/template-local.xml b/BKUWebStart/src/main/jnlp/template-local.xml
new file mode 100644
index 00000000..12ff9d8c
--- /dev/null
+++ b/BKUWebStart/src/main/jnlp/template-local.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="$jnlpspec" codebase="file:${project.build.directory}/jnlp" href="$outputFile">
+
+  <information>
+    <title>${project.Description}</title>
+    <vendor>E-Government Innovationszentrum (EGIZ)</vendor>
+    <homepage href="${project.Url}"/>
+    <description>${project.Description} (BKU) MOCCA Web Start</description>
+    <description kind="short">${project.Description}</description>
+    <icon kind="shortcut" href="img/chip16.png" width="16" height="16"/>
+    <icon kind="shortcut" href="img/chip24.png" width="24" height="24"/>
+    <icon kind="shortcut" href="img/chip32.png" width="32" height="32"/>
+    <icon kind="shortcut" href="img/chip48.png" width="48" height="48"/>
+    <icon kind="default" href="img/chip16.png" width="16" height="16"/>
+    <icon kind="default" href="img/chip24.png" width="24" height="24"/>
+    <icon kind="default" href="img/chip32.png" width="32" height="32"/>
+    <icon kind="default" href="img/chip48.png" width="48" height="48"/>
+    <icon kind="splash" href="img/splash.png"/>
+    <shortcut online="true">
+      <desktop/>
+      <menu submenu="e-Government"/>
+    </shortcut>
+
+    <offline-allowed/>
+
+  </information>
+  
+  <security>
+    <all-permissions/>
+  </security>
+
+  <update check="timeout" policy="prompt-update"/>
+
+  <resources>
+    <java version="1.6+" java-vm-args="-Djava.security.debug=access,failure"/>
+     $dependencies
+  </resources>
+
+  <application-desc main-class="$mainClass"/>
+</jnlp>
\ No newline at end of file
-- 
cgit v1.2.3