From 02e562d514c339618bbd304a3685f12eaae29fcb Mon Sep 17 00:00:00 2001 From: Bianca Schnalzer Date: Mon, 30 Oct 2017 10:30:19 +0100 Subject: using PDF-AS 4.1.1., updated error handling for connection and MobileBKU --- .../asit/pdfover/gui/bku/mobile/IAIKHandler.java | 21 ++- .../pdfover/gui/bku/mobile/MobileBKUHelper.java | 2 +- .../gui/bku/mobile/SimpleXMLTrustManager.java | 144 ++++++++++----------- .../gui/utils/CertificateDownloadSource.java | 91 +++++++++---- .../src/main/resources/cfg/PDFASConfig.zip | Bin 971621 -> 971775 bytes 5 files changed, 157 insertions(+), 101 deletions(-) diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/IAIKHandler.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/IAIKHandler.java index c4b7e6b9..de34796c 100644 --- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/IAIKHandler.java +++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/IAIKHandler.java @@ -163,6 +163,19 @@ public class IAIKHandler extends MobileBKUHandler { new SLResponse(responseData, status.getServer(), null, null)); return; } + + if (responseData.contains("tanCodeLogon")) + { + refVal = MobileBKUHelper.extractContentFromTagWithParam(responseData, + "span", "id", "tanCodeLogon:refValue"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ + } + else + { + refVal = MobileBKUHelper.extractContentFromTagWithParam(responseData, + "span", "id", "j_idt5:refValue"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ + } + + if (responseData.contains("/error")) { //$NON-NLS-1$ // Error response - try again @@ -177,9 +190,9 @@ public class IAIKHandler extends MobileBKUHandler { return; } - refVal = MobileBKUHelper.extractContentFromTagWithParam(responseData, - "span", "id", "j_idt5:refValue"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ - + + + String viewState = MobileBKUHelper.extractValueFromTagWithParam( responseData, "input", "name", "javax.faces.ViewState", "value"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$ status.setViewState(viewState); @@ -187,6 +200,8 @@ public class IAIKHandler extends MobileBKUHandler { if (!responseData.contains("tanCodeLogon.jsf")) { //$NON-NLS-1$ // Assume that we need to confirm reference value dialog log.debug("viewState: " + viewState); //$NON-NLS-1$ + + PostMethod post = new PostMethod(redirectURL); post.getParams().setContentCharset("utf-8"); //$NON-NLS-1$ diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/MobileBKUHelper.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/MobileBKUHelper.java index 1e4431a4..52444ad1 100644 --- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/MobileBKUHelper.java +++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/MobileBKUHelper.java @@ -99,7 +99,7 @@ public class MobileBKUHelper { public static String extractTagWithParam(String data, String tag, String param, String value) throws Exception { String start = '<' + tag; - int startidx, endidx = 0; + int startidx, endidx = 0; while ((startidx = data.indexOf(start, endidx)) != -1) { endidx = data.indexOf('>', startidx); if (endidx == -1) { diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/SimpleXMLTrustManager.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/SimpleXMLTrustManager.java index 46a4dcfc..9e166e89 100644 --- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/SimpleXMLTrustManager.java +++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/SimpleXMLTrustManager.java @@ -83,102 +83,103 @@ public class SimpleXMLTrustManager implements X509TrustManager { } /* - *Certificates + * Certificates */ - KeyStore myKeyStore = KeyStore.getInstance(KeyStore - .getDefaultType()); + KeyStore myKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); myKeyStore.load(null); - Document doc = DocumentBuilderFactory.newInstance() - .newDocumentBuilder() + Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder() .parse(this.getClass().getResourceAsStream(Constants.RES_CERT_LIST)); - - - File added_cert = new File(Constants.RES_CERT_LIST_ADDED); - - Document doc_added = DocumentBuilderFactory.newInstance() - .newDocumentBuilder() - .parse(added_cert); - - Node certificates_added = doc_added.getFirstChild(); Node certificates = doc.getFirstChild(); + NodeList certificateList = certificates.getChildNodes(); - if (!certificates.getNodeName().equals("certificates") && !certificates_added.getNodeName().equals("certificates")) { //$NON-NLS-1$ - throw new Exception( - "Used certificates xml is invalid! no certificates node"); //$NON-NLS-1$ - } + try { + if (!certificates.getNodeName().equals("certificates")) { //$NON-NLS-1$ + throw new Exception("Used certificates xml is invalid! no certificates node"); //$NON-NLS-1$ + } - NodeList certificates_added_list = certificates_added.getChildNodes(); - NodeList certificateList = certificates.getChildNodes(); - - for (int i = 0; i < certificateList.getLength(); i++) { - try { + //add trusted certificates to certStore// + for (int i = 0; i < certificateList.getLength(); i++) { + try { - Node certificateNode = certificateList.item(i); + Node certificateNode = certificateList.item(i); - if (certificateNode.getNodeName().equals("#text")) { //$NON-NLS-1$ - continue; // Ignore dummy text node .. - } + if (certificateNode.getNodeName().equals("#text")) { //$NON-NLS-1$ + continue; // Ignore dummy text node .. + } - if (!certificateNode.getNodeName().equals("certificate")) { //$NON-NLS-1$ - log.warn("Ignoring XML node: " + certificateNode.getNodeName()); //$NON-NLS-1$ - continue; - } + if (!certificateNode.getNodeName().equals("certificate")) { //$NON-NLS-1$ + log.warn("Ignoring XML node: " + certificateNode.getNodeName()); //$NON-NLS-1$ + continue; + } - String certResource = Constants.RES_CERT_PATH+ certificateNode.getTextContent(); + String certResource = Constants.RES_CERT_PATH + certificateNode.getTextContent(); - X509Certificate cert = (X509Certificate) CertificateFactory - .getInstance("X509"). //$NON-NLS-1$ - generateCertificate( - this.getClass().getResourceAsStream( - certResource)); + X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X509"). //$NON-NLS-1$ + generateCertificate(this.getClass().getResourceAsStream(certResource)); - myKeyStore.setCertificateEntry(certificateNode.getTextContent(), cert); + myKeyStore.setCertificateEntry(certificateNode.getTextContent(), cert); - log.debug("Loaded certificate : " + certResource); //$NON-NLS-1$ + log.debug("Loaded certificate : " + certResource); //$NON-NLS-1$ - } catch (Exception ex) { - log.error("Failed to load certificate [" + "]", ex); //$NON-NLS-1$ //$NON-NLS-2$ + } catch (Exception ex) { + log.error("Failed to load certificate [" + "]", ex); //$NON-NLS-1$ //$NON-NLS-2$ + } } + } + + catch (Exception e) { + e.toString(); + } + + File added_cert = new File(Constants.RES_CERT_LIST_ADDED); - - for (int i = 0; i < certificates_added_list.getLength(); i++) { - try { + //check if the additional certificates.xml file exists// - Node certificateNode = certificates_added_list.item(i); + if (added_cert.exists()) { + Node certificates_added = null; - if (certificateNode.getNodeName().equals("#text")) { //$NON-NLS-1$ - continue; // Ignore dummy text node .. - } + Document doc_added = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(added_cert); - if (!certificateNode.getNodeName().equals("certificate")) { //$NON-NLS-1$ - log.warn("Ignoring XML node: " + certificateNode.getNodeName()); //$NON-NLS-1$ - continue; - } - - if (!certificateNode.getTextContent().equals("")) - { - String certResource = Constants.RES_CERT_PATH_ADDED + certificateNode.getTextContent(); + certificates_added = doc_added.getFirstChild(); + + NodeList certificates_added_list = certificates_added.getChildNodes(); - FileInputStream addedNode = new FileInputStream(certResource); - - X509Certificate cert = (X509Certificate) CertificateFactory - .getInstance("X509"). //$NON-NLS-1$ - generateCertificate( - addedNode); + //if exists, add trusted certificates to cert-Store + for (int i = 0; i < certificates_added_list.getLength(); i++) { + try { - myKeyStore.setCertificateEntry(certificateNode.getTextContent(), cert); + Node certificateNode = certificates_added_list.item(i); - log.debug("Loaded certificate : " + certResource); //$NON-NLS-1$ + if (certificateNode.getNodeName().equals("#text")) { //$NON-NLS-1$ + continue; // Ignore dummy text node .. + } + + if (!certificateNode.getNodeName().equals("certificate")) { //$NON-NLS-1$ + log.warn("Ignoring XML node: " + certificateNode.getNodeName()); //$NON-NLS-1$ + continue; + } + + if (!certificateNode.getTextContent().equals("")) { + String certResource = Constants.RES_CERT_PATH_ADDED + certificateNode.getTextContent(); + + FileInputStream addedNode = new FileInputStream(certResource); + + X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X509"). //$NON-NLS-1$ + generateCertificate(addedNode); + + myKeyStore.setCertificateEntry(certificateNode.getTextContent(), cert); + + log.debug("Loaded certificate : " + certResource); //$NON-NLS-1$ + } + } catch (Exception ex) { + log.error("Failed to load certificate [" + "]", ex); //$NON-NLS-1$ //$NON-NLS-2$ } - } catch (Exception ex) { - log.error("Failed to load certificate [" + "]", ex); //$NON-NLS-1$ //$NON-NLS-2$ } } - tmf.init(myKeyStore); @@ -195,8 +196,7 @@ public class SimpleXMLTrustManager implements X509TrustManager { } } - if (this.sunJSSEX509TrustManager != null - && this.atrustTrustManager != null) { + if (this.sunJSSEX509TrustManager != null && this.atrustTrustManager != null) { return; } @@ -215,8 +215,7 @@ public class SimpleXMLTrustManager implements X509TrustManager { * X509Certificate[], java.lang.String) */ @Override - public void checkClientTrusted(X509Certificate[] arg0, String arg1) - throws CertificateException { + public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { try { this.atrustTrustManager.checkServerTrusted(arg0, arg1); } catch (CertificateException ex) { @@ -237,8 +236,7 @@ public class SimpleXMLTrustManager implements X509TrustManager { * X509Certificate[], java.lang.String) */ @Override - public void checkServerTrusted(X509Certificate[] arg0, String arg1) - throws CertificateException { + public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { try { this.atrustTrustManager.checkServerTrusted(arg0, arg1); } catch (CertificateException ex) { diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/utils/CertificateDownloadSource.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/utils/CertificateDownloadSource.java index 31c559db..24f229d0 100644 --- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/utils/CertificateDownloadSource.java +++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/utils/CertificateDownloadSource.java @@ -1,30 +1,33 @@ +/* + * Copyright 2017 by A-SIT, Secure Information Technology Center Austria + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://joinup.ec.europa.eu/software/page/eupl + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + */ package at.asit.pdfover.gui.utils; import java.io.BufferedInputStream; import java.io.BufferedReader; //Imports import java.io.File; -import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.FileReader; import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.net.URLConnection; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; - -import javax.security.auth.login.Configuration; -import javax.swing.JOptionPane; -import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; -import org.apache.log4j.PropertyConfigurator; -import org.eclipse.swt.SWT; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.w3c.dom.Document; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; import org.xml.sax.SAXException; import at.asit.pdfover.gui.Constants; @@ -34,6 +37,21 @@ import at.asit.pdfover.gui.utils.SWTLoader; import at.asit.pdfover.gui.workflow.StateMachineImpl; import at.asit.pdfover.gui.workflow.config.ConfigProvider; import at.asit.pdfover.gui.workflow.config.ConfigProviderImpl; +import at.gv.egiz.sl.schema.ToBeEncryptedType.Element; + +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; +import org.w3c.dom.Attr; +import org.w3c.dom.Document; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import java.io.File; /** @@ -51,6 +69,7 @@ public class CertificateDownloadSource { private static URL url=null; /** + * @throws ParserConfigurationException * */ public static void getAcceptedCertificates() @@ -74,10 +93,34 @@ public class CertificateDownloadSource { bis.close(); downloadCertificatesFromServer(); - } catch (IOException e) { - log.debug("File not found");} + } catch (Exception e) { + //if file can not be downloaded, try to create it// + try { + DocumentBuilderFactory dbFactory = + DocumentBuilderFactory.newInstance(); + DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); + Document doc = dBuilder.newDocument(); + + // root element + Node rootElement = doc.createElement("certificates"); + doc.appendChild(rootElement); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + Transformer transformer = transformerFactory.newTransformer(); + DOMSource source = new DOMSource(doc); + StreamResult result = new StreamResult(new File(Constants.RES_CERT_LIST_ADDED)); + + transformer.transform(source, result); + } catch (TransformerException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } catch (ParserConfigurationException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } + + + e.printStackTrace();} //$NON-NLS-1$ - } /** @@ -103,6 +146,7 @@ public class CertificateDownloadSource { Node certificates_added = doc_added.getFirstChild(); NodeList certificates_added_list = certificates_added.getChildNodes(); + log.info("===== Starting to download accepted certificates ====="); //identify the certificate that has to be downloaded for (int i = 0; i < certificates_added_list.getLength(); i++) { @@ -120,10 +164,9 @@ public class CertificateDownloadSource { } if (!certificateNode.getTextContent().equals("")) - {ConfigProviderImpl cpi = new ConfigProviderImpl(); - + { String certResource = Constants.CERTIFICATE_DOWNLOAD_XML_URL + certificateNode.getTextContent(); - log.info("===== Starting to download accepted certificates ====="); + URL url = new URL(certResource); URLConnection connection = url.openConnection(); InputStream is = connection.getInputStream(); @@ -141,13 +184,14 @@ public class CertificateDownloadSource { } catch (Exception ex) { log.debug(ex.toString()); //$NON-NLS-1$ } - } - } - - - } catch (IOException e) { + } } + else{ + log.info("Certificates-File could not be downloaded, will be created");} //$NON-NLS-1$ + } + catch (IOException e) { + e.printStackTrace(); } catch (SAXException e) { @@ -159,7 +203,6 @@ public class CertificateDownloadSource { } finally { try { - if (br != null) br.close(); diff --git a/pdf-over-gui/src/main/resources/cfg/PDFASConfig.zip b/pdf-over-gui/src/main/resources/cfg/PDFASConfig.zip index 19ab9219..b4d1e3a4 100644 Binary files a/pdf-over-gui/src/main/resources/cfg/PDFASConfig.zip and b/pdf-over-gui/src/main/resources/cfg/PDFASConfig.zip differ -- cgit v1.2.3