Configuration Changes

git-svn-id: https://svn.iaik.tugraz.at/svn/egiz/prj/current/12PDF-OVER-4.0@12530 3a0b52a2-8410-0410-bc02-ff6273a87459
author: tkellner <tkellner@3a0b52a2-8410-0410-bc02-ff6273a87459> 2012-10-01 08:30:37 +0000
committer: tkellner <tkellner@3a0b52a2-8410-0410-bc02-ff6273a87459> 2012-10-01 08:30:37 +0000
commit: 065d2df5e1df70d21534c6cbda608dca5b7d500b (patch)
tree: 5abb7677d6009e02e129d1685567d296b32b20a2 /trunk/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku
parent: 9ebf57b69c7caefd80db2184a90cabe5ba56893c (diff)
download: pdf-over-065d2df5e1df70d21534c6cbda608dca5b7d500b.tar.gz
pdf-over-065d2df5e1df70d21534c6cbda608dca5b7d500b.tar.bz2
pdf-over-065d2df5e1df70d21534c6cbda608dca5b7d500b.zip
3 files changed, 269 insertions, 26 deletions
diff --git a/trunk/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ASITTrustManager.java b/trunk/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ASITTrustManager.java
index 2428ef65..6f557bc6 100644
--- a/trunk/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ASITTrustManager.java
+++ b/trunk/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ASITTrustManager.java
@@ -16,13 +16,22 @@
 package at.asit.pdfover.gui.workflow.states.mobilebku;
 
 // Imports
+import java.security.KeyStore;
 import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
-
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;
 
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.commons.lang.ArrayUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
 
 /**
  * 
@@ -34,31 +43,181 @@ public class ASITTrustManager implements X509TrustManager {
 	private static final Logger log = LoggerFactory
 			.getLogger(ASITTrustManager.class);
 
-	/* (non-Javadoc)
-	 * @see javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.X509Certificate[], java.lang.String)
+	/*
+	 * The default X509TrustManager returned by SunX509. We'll delegate
+	 * decisions to it, and fall back to the logic in this class if the default
+	 * X509TrustManager doesn't trust it.
+	 */
+	X509TrustManager sunJSSEX509TrustManager;
+
+	/**
+	 * Trust Manager for A-Trust Certificates
+	 */
+	X509TrustManager atrustTrustManager;
+
+	/**
+	 * Constructs the TrustManager
+	 * 
+	 * @throws Exception
+	 */
+	public ASITTrustManager() throws Exception {
+		// create a "default" JSSE X509TrustManager.
+
+		TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); //$NON-NLS-1$
+		tmf.init((KeyStore) null);
+
+		TrustManager tms[] = tmf.getTrustManagers();
+
+		/*
+		 * Iterate over the returned trustmanagers, look for an instance of
+		 * X509TrustManager. If found, use that as our "default" trust manager.
+		 */
+		for (int i = 0; i < tms.length; i++) {
+			if (tms[i] instanceof X509TrustManager) {
+				this.sunJSSEX509TrustManager = (X509TrustManager) tms[i];
+				break;
+			}
+		}
+
+		/*
+		 * A-Trust Certificates
+		 */
+
+		KeyStore atrustKeyStore = KeyStore.getInstance(KeyStore
+				.getDefaultType());
+
+		atrustKeyStore.load(null);
+
+		String usedCertificates = "/certificates/used_certificates.xml"; //$NON-NLS-1$
+
+		Document doc = DocumentBuilderFactory.newInstance()
+				.newDocumentBuilder()
+				.parse(this.getClass().getResourceAsStream(usedCertificates));
+
+		Node certificates = doc.getFirstChild();
+
+		if (!certificates.getNodeName().equals("certificates")) { //$NON-NLS-1$
+			throw new Exception(
+					"Used certificates xml is invalid! no certificates node"); //$NON-NLS-1$
+		}
+
+		NodeList certificateList = certificates.getChildNodes();
+
+		for (int i = 0; i < certificateList.getLength(); i++) {
+			try {
+
+				Node certificateNode = certificateList.item(i);
+
+				if (certificateNode.getNodeName().equals("#text")) { //$NON-NLS-1$
+					continue; // Ignore dummy text node ..
+				}
+
+				if (!certificateNode.getNodeName().equals("certificate")) { //$NON-NLS-1$
+					log.warn("Ignoring XML node: " + certificateNode.getNodeName()); //$NON-NLS-1$
+					continue;
+				}
+
+				String certResource = "/certificates/" + certificateNode.getTextContent() + ".crt"; //$NON-NLS-1$ //$NON-NLS-2$
+
+				X509Certificate cert = (X509Certificate) CertificateFactory
+						.getInstance("X509"). //$NON-NLS-1$
+						generateCertificate(
+								this.getClass().getResourceAsStream(
+										certResource));
+
+				atrustKeyStore.setCertificateEntry(certificateNode.getTextContent(), cert);
+
+				log.debug("Loaded certificate : " + certResource); //$NON-NLS-1$
+
+			} catch (Exception ex) {
+				log.error("Failed to load certificate [" + "]", ex); //$NON-NLS-1$ //$NON-NLS-2$
+			}
+		}
+
+		tmf.init(atrustKeyStore);
+
+		tms = tmf.getTrustManagers();
+
+		/*
+		 * Iterate over the returned trustmanagers, look for an instance of
+		 * X509TrustManager. If found, use that as our "default" trust manager.
+		 */
+		for (int i = 0; i < tms.length; i++) {
+			if (tms[i] instanceof X509TrustManager) {
+				this.atrustTrustManager = (X509TrustManager) tms[i];
+				break;
+			}
+		}
+
+		if (this.sunJSSEX509TrustManager != null
+				&& this.atrustTrustManager != null) {
+			return;
+		}
+
+		/*
+		 * Find some other way to initialize, or else we have to fail the
+		 * constructor.
+		 */
+		throw new Exception("Couldn't initialize ASITTrustManager"); //$NON-NLS-1$
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see
+	 * javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.
+	 * X509Certificate[], java.lang.String)
 	 */
 	@Override
 	public void checkClientTrusted(X509Certificate[] arg0, String arg1)
 			throws CertificateException {
-		// Ignore client certificates ...
+		try {
+			this.atrustTrustManager.checkServerTrusted(arg0, arg1);
+		} catch (CertificateException ex) {
+			try {
+				this.sunJSSEX509TrustManager.checkClientTrusted(arg0, arg1);
+			} catch (CertificateException ex2) {
+				log.info("checkClientTrusted: ", ex2); //$NON-NLS-1$
+				throw ex2;
+			}
+		}
 	}
 
-	/* (non-Javadoc)
-	 * @see javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String)
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see
+	 * javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.
+	 * X509Certificate[], java.lang.String)
 	 */
 	@Override
 	public void checkServerTrusted(X509Certificate[] arg0, String arg1)
 			throws CertificateException {
-		// TODO: Check trusted server certificate!
+		try {
+			this.atrustTrustManager.checkServerTrusted(arg0, arg1);
+		} catch (CertificateException ex) {
+			try {
+				this.sunJSSEX509TrustManager.checkServerTrusted(arg0, arg1);
+			} catch (CertificateException ex2) {
+				log.info("checkServerTrusted: ", ex2); //$NON-NLS-1$
+				throw ex2;
+			}
+		}
 	}
 
-	/* (non-Javadoc)
+	/*
+	 * (non-Javadoc)
+	 * 
 	 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
 	 */
 	@Override
 	public X509Certificate[] getAcceptedIssuers() {
-		// TODO: Build accepted issuers
-		return null;
+
+		X509Certificate[] default_certs = this.sunJSSEX509TrustManager.getAcceptedIssuers();
+
+		X509Certificate[] atrust_cerst = this.atrustTrustManager.getAcceptedIssuers();
+		
+		return (X509Certificate[]) ArrayUtils.addAll(default_certs, atrust_cerst);
 	}
 
 }
diff --git a/trunk/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ATrustHelper.java b/trunk/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ATrustHelper.java
index c9254317..1ea265ad 100644
--- a/trunk/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ATrustHelper.java
+++ b/trunk/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ATrustHelper.java
@@ -16,9 +16,18 @@
 package at.asit.pdfover.gui.workflow.states.mobilebku;
 
 // Imports
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import at.asit.pdfover.gui.composites.MobileBKUEnterNumberComposite;
+import at.asit.pdfover.gui.exceptions.InvalidNumberException;
+import at.asit.pdfover.gui.exceptions.InvalidPasswordException;
+import at.asit.pdfover.gui.exceptions.PasswordTooLongException;
+import at.asit.pdfover.gui.exceptions.PasswordTooShortException;
+
 /**
  * 
  */
@@ -30,36 +39,111 @@ public class ATrustHelper {
 			.getLogger(ATrustHelper.class);
 
 	/**
+	 * Regular expression for mobile phone numbers: this allows the entrance of
+	 * mobile numbers in the following formats:
+	 * 
+	 * +(countryCode)99999999999 00(countryCode)99999999999 099999999999
+	 * 1030199999999999 (A-Trust Test bku)
+	 */
+	private static final String NUMBER_REGEX = "^((\\+[\\d]{2})|(00[\\d]{2})|(0)|(10301))([1-9][\\d]+)$"; //$NON-NLS-1$
+
+	/**
+	 * Extracts a substring from data starting after start and ending with end
+	 * 
 	 * @param data
+	 *            the whole data string
 	 * @param start
+	 *            the start marker
 	 * @param end
-	 * @return
+	 *            the end marker
+	 * @return the substring
 	 * @throws Exception
 	 */
-	public static String extractTag(String data, String start, String end) throws Exception {
+	public static String extractTag(String data, String start, String end)
+			throws Exception {
 		int startidx = data.indexOf(start);
-		if(startidx > 0) {
-			startidx = startidx+start.length();
+		if (startidx > 0) {
+			startidx = startidx + start.length();
 			int endidx = data.indexOf(end, startidx);
-			if(endidx > startidx) {
+			if (endidx > startidx) {
 				return data.substring(startidx, endidx);
-			} else {
-				// TODO: throw exception
-				throw new Exception("end tag not available!");
 			}
-		} else {
-			// TODO: throw exception
-			throw new Exception("start tag not available!");
+			// TODO: throw proper exception
+			log.error("extracting Tag: end tag not valid!: " + start + " ... " + end); //$NON-NLS-1$//$NON-NLS-2$
+			throw new Exception("end tag not available!"); //$NON-NLS-1$
 		}
+		// TODO: throw proper exception
+		log.error("extracting Tag: start tag not valid!: " + start + " ... " + end); //$NON-NLS-1$//$NON-NLS-2$
+		throw new Exception("start tag not available!"); //$NON-NLS-1$
 	}
-	
+
+	/**
+	 * Validates the Mobile phone number
+	 * 
+	 * @param number
+	 * @return the normalized Phone number
+	 * @throws InvalidNumberException
+	 */
+	public static String normalizeMobileNumber(String number)
+			throws InvalidNumberException {
+		// Verify number and normalize
+
+		// Compile and use regular expression
+		Pattern pattern = Pattern.compile(NUMBER_REGEX);
+		Matcher matcher = pattern.matcher(number);
+
+		if (!matcher.find()) {
+			throw new InvalidNumberException();
+		}
+
+		if (matcher.groupCount() != 6) {
+			throw new InvalidNumberException();
+		}
+
+		String countryCode = matcher.group(1);
+
+		String normalNumber = matcher.group(6);
+
+		if (countryCode.equals("10301")) { //$NON-NLS-1$
+			// A-Trust Testnumber! Don't change
+			return number;
+		}
+
+		countryCode = countryCode.replace("00", "+"); //$NON-NLS-1$ //$NON-NLS-2$
+
+		if (countryCode.equals("0")) { //$NON-NLS-1$
+			countryCode = "+43"; //$NON-NLS-1$
+		}
+
+		return countryCode + normalNumber;
+	}
+
+	/**
+	 * Validate given Password for Mobile BKU
+	 * 
+	 * @param password
+	 * @throws InvalidPasswordException
+	 */
+	public static void validatePassword(String password)
+			throws InvalidPasswordException {
+		if (password.length() < 6 || password.length() > 20) {
+			if (password.length() < 6) {
+				throw new PasswordTooShortException();
+			}
+			throw new PasswordTooLongException();
+		}
+	}
+
 	/**
+	 * Removes file extension from URL
+	 * 
 	 * @param query
-	 * @return
+	 *            the url string
+	 * @return the stripped url
 	 */
 	public static String stripQueryString(String query) {
 		int pathidx = query.lastIndexOf('/');
-		if(pathidx > 0) {
+		if (pathidx > 0) {
 			return query.substring(0, pathidx);
 		}
 		return query;
diff --git a/trunk/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/TrustedSocketFactory.java b/trunk/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/TrustedSocketFactory.java
index bfe84605..5e9d8159 100644
--- a/trunk/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/TrustedSocketFactory.java
+++ b/trunk/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/TrustedSocketFactory.java
@@ -46,8 +46,8 @@ public class TrustedSocketFactory implements ProtocolSocketFactory {
 	private static final Logger log = LoggerFactory
 			.getLogger(TrustedSocketFactory.class);
 
-	private static SSLSocketFactory getFactory() throws NoSuchAlgorithmException,
-			KeyManagementException {
+	private SSLSocketFactory getFactory() throws NoSuchAlgorithmException,
+			KeyManagementException, Exception {
 		SSLContext sslContext = SSLContext.getInstance("TLS"); //$NON-NLS-1$
 		sslContext.init(null, new TrustManager[] { new ASITTrustManager() },
 				new java.security.SecureRandom());
author	tkellner <tkellner@3a0b52a2-8410-0410-bc02-ff6273a87459>	2012-10-01 08:30:37 +0000
committer	tkellner <tkellner@3a0b52a2-8410-0410-bc02-ff6273a87459>	2012-10-01 08:30:37 +0000
commit	065d2df5e1df70d21534c6cbda608dca5b7d500b (patch)
tree	5abb7677d6009e02e129d1685567d296b32b20a2 /trunk/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku
parent	9ebf57b69c7caefd80db2184a90cabe5ba56893c (diff)
download	pdf-over-065d2df5e1df70d21534c6cbda608dca5b7d500b.tar.gz pdf-over-065d2df5e1df70d21534c6cbda608dca5b7d500b.tar.bz2 pdf-over-065d2df5e1df70d21534c6cbda608dca5b7d500b.zip