From 58cde3a4fecf71e7a6115f64c9e01a348b14dc42 Mon Sep 17 00:00:00 2001 From: Jakob Heher Date: Fri, 29 Apr 2022 16:09:51 +0200 Subject: get rid of buergerkarte.at certificate whitelist (it hasn't been used in forever) --- .../java/at/asit/pdfover/commons/Constants.java | 12 - .../gui/bku/mobile/SimpleXMLTrustManager.java | 48 ---- .../gui/utils/CertificateDownloadSource.java | 243 --------------------- .../pdfover/gui/workflow/StateMachineImpl.java | 3 - 4 files changed, 306 deletions(-) delete mode 100644 pdf-over-gui/src/main/java/at/asit/pdfover/gui/utils/CertificateDownloadSource.java diff --git a/pdf-over-commons/src/main/java/at/asit/pdfover/commons/Constants.java b/pdf-over-commons/src/main/java/at/asit/pdfover/commons/Constants.java index 19f2d7e5..2ee13a55 100644 --- a/pdf-over-commons/src/main/java/at/asit/pdfover/commons/Constants.java +++ b/pdf-over-commons/src/main/java/at/asit/pdfover/commons/Constants.java @@ -367,18 +367,6 @@ public class Constants { /** Accepted certificate list resource */ public static final String RES_CERT_LIST = RES_CERT_PATH + "certificates.xml"; //$NON-NLS-1$ - - /** Accepted certificate list config */ - public static final String RES_CERT_PATH_ADDED = CONFIG_DIRECTORY + "/certificates/"; //$NON-NLS-1$ - - /** Accepted certificate list resource */ - public static final String RES_CERT_LIST_ADDED = RES_CERT_PATH_ADDED + "certificates.xml"; //$NON-NLS-1$ - - /** Download URL for accepted certificates */ - - public static final String CERTIFICATE_DOWNLOAD_XML_URL = "https://www.buergerkarte.at/trust/"; //$NON-NLS-1$ - - public static final String CERTIFICATE_XML_FILE = "certificates.xml"; //$NON-NLS-1$ public static final String LABEL_TAN = "input_tan"; //$NON-NLS-1$ diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/SimpleXMLTrustManager.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/SimpleXMLTrustManager.java index 039f2ecf..e715184a 100644 --- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/SimpleXMLTrustManager.java +++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/SimpleXMLTrustManager.java @@ -15,8 +15,6 @@ */ package at.asit.pdfover.gui.bku.mobile; -import java.io.File; -import java.io.FileInputStream; // Imports import java.security.KeyStore; import java.security.cert.CertificateException; @@ -135,52 +133,6 @@ public class SimpleXMLTrustManager implements X509TrustManager { e.toString(); } - File added_cert = new File(Constants.RES_CERT_LIST_ADDED); - - //check if the additional certificates.xml file exists// - - if (added_cert.exists()) { - Node certificates_added = null; - - Document doc_added = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(added_cert); - - certificates_added = doc_added.getFirstChild(); - - NodeList certificates_added_list = certificates_added.getChildNodes(); - - //if exists, add trusted certificates to cert-Store - for (int i = 0; i < certificates_added_list.getLength(); i++) { - try { - - Node certificateNode = certificates_added_list.item(i); - - if (certificateNode.getNodeName().equals("#text")) { //$NON-NLS-1$ - continue; // Ignore dummy text node .. - } - - if (!certificateNode.getNodeName().equals("certificate")) { //$NON-NLS-1$ - log.warn("Ignoring XML node: " + certificateNode.getNodeName()); //$NON-NLS-1$ - continue; - } - - if (!certificateNode.getTextContent().equals("")) { - String certResource = Constants.RES_CERT_PATH_ADDED + certificateNode.getTextContent(); - - FileInputStream addedNode = new FileInputStream(certResource); - - X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X509"). //$NON-NLS-1$ - generateCertificate(addedNode); - - myKeyStore.setCertificateEntry(certificateNode.getTextContent(), cert); - - log.debug("Loaded certificate : " + certResource); //$NON-NLS-1$ - } - } catch (Exception ex) { - log.error("Failed to load certificate [" + "]", ex); //$NON-NLS-1$ //$NON-NLS-2$ - } - } - } - tmf.init(myKeyStore); tms = tmf.getTrustManagers(); diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/utils/CertificateDownloadSource.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/utils/CertificateDownloadSource.java deleted file mode 100644 index 34b8cb53..00000000 --- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/utils/CertificateDownloadSource.java +++ /dev/null @@ -1,243 +0,0 @@ -/* - * Copyright 2017 by A-SIT, Secure Information Technology Center Austria - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://joinup.ec.europa.eu/software/page/eupl - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - */ -package at.asit.pdfover.gui.utils; - -import java.io.BufferedInputStream; -import java.io.BufferedReader; -//Imports -import java.io.File; -import java.io.FileOutputStream; -import java.io.FileReader; -import java.io.IOException; -import java.io.InputStream; -import java.net.ConnectException; -import java.net.InetSocketAddress; -import java.net.NoRouteToHostException; -import java.net.Proxy; -import java.net.URL; -import java.net.URLConnection; -import javax.xml.parsers.ParserConfigurationException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.xml.sax.SAXException; - -import at.asit.pdfover.commons.Constants; -import at.asit.pdfover.gui.workflow.config.ConfigProvider; - -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; - -import org.w3c.dom.Document; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; - -/** - * Download of accepted certificates - */ -public class CertificateDownloadSource { - - /** - * SLF4J Logger instance - **/ - /** - * SLF4J Logger instance - **/ - private static final Logger log = LoggerFactory.getLogger(CertificateDownloadSource.class); - private static URL url = null; - - /** - * @throws ParserConfigurationException - * - */ - public static void getAcceptedCertificates(ConfigProvider cp) { - try { - - URL url = new URL(Constants.CERTIFICATE_DOWNLOAD_XML_URL + Constants.CERTIFICATE_XML_FILE); - URLConnection connection = null; - String host = null; - int port=0; - - - - if (!cp.getProxyHost().equals("")) { //$NON-NLS-1$ - log.info("Found PDF-Over Host settings: "+cp.getProxyHost().toString()); //$NON-NLS-1$ - - try{ - host = cp.getProxyHost(); - port = cp.getProxyPort(); - Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(host, port)); - - - connection = url.openConnection(proxy);} - catch (NoRouteToHostException nrte) - {log.info("No route to host (Host unreachable)");} //$NON-NLS-1$ - catch (ConnectException nrte) - {log.info("Proxy-Connection refused)");} //$NON-NLS-1$ - catch (IllegalArgumentException iae) - {log.info("Illegal Argument for Proxy and/or Host)");} //$NON-NLS-1$ - - } else { - log.info("Opening default connection"); //$NON-NLS-1$ - connection = url.openConnection(); - - } - - - InputStream is = connection.getInputStream(); - - BufferedInputStream bis = new BufferedInputStream(is); - FileOutputStream fis2 = new FileOutputStream(new File(Constants.RES_CERT_LIST_ADDED)); - - byte[] buffer = new byte[1024]; - int count = 0; - while ((count = bis.read(buffer, 0, 1024)) != -1) { - fis2.write(buffer, 0, count); - } - fis2.close(); - bis.close(); - downloadCertificatesFromServer(host,port); - - } catch (Exception e) { - // if file can not be downloaded, try to create it// - try { - DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); - DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); - Document doc = dBuilder.newDocument(); - - // root element - Node rootElement = doc.createElement("certificates"); //$NON-NLS-1$ - doc.appendChild(rootElement); - TransformerFactory transformerFactory = TransformerFactory.newInstance(); - Transformer transformer = transformerFactory.newTransformer(); - DOMSource source = new DOMSource(doc); - StreamResult result = new StreamResult(new File(Constants.RES_CERT_LIST_ADDED)); - - transformer.transform(source, result); - } catch (TransformerException e1) { - // TODO Auto-generated catch block - e1.printStackTrace(); - } catch (ParserConfigurationException e1) { - // TODO Auto-generated catch block - e1.printStackTrace(); - } - - e.printStackTrace(); - } // $NON-NLS-1$ - - } - - /** - * Download accepted Certificates from Server - */ - public static void downloadCertificatesFromServer(String proxyHost, int proxyPort) { - - BufferedReader br = null; - FileReader fr = null; - - try { - - File added_cert = new File(Constants.RES_CERT_LIST_ADDED); - - if (added_cert.exists()) { - Document doc_added = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(added_cert); - - Node certificates_added = doc_added.getFirstChild(); - NodeList certificates_added_list = certificates_added.getChildNodes(); - log.info("===== Starting to download accepted certificates ====="); //$NON-NLS-1$ - - // identify the certificate that has to be downloaded - for (int i = 0; i < certificates_added_list.getLength(); i++) { - try { - - Node certificateNode = certificates_added_list.item(i); - - if (certificateNode.getNodeName().equals("#text")) { //$NON-NLS-1$ - continue; // Ignore dummy text node .. - } - - if (!certificateNode.getNodeName().equals("certificate")) { //$NON-NLS-1$ - log.warn("Ignoring XML node: " + certificateNode.getNodeName()); //$NON-NLS-1$ - continue; - } - - URLConnection connection; - if (!certificateNode.getTextContent().equals("")) { //$NON-NLS-1$ - String certResource = Constants.CERTIFICATE_DOWNLOAD_XML_URL - + certificateNode.getTextContent(); - URL url = new URL(certResource); - - if (proxyHost!=null){ - Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHost, proxyPort)); - connection = url.openConnection(proxy); - }else - {connection = url.openConnection();} - InputStream is = connection.getInputStream(); - BufferedInputStream bis = new BufferedInputStream(is); - FileOutputStream fis = new FileOutputStream( - new File(Constants.RES_CERT_PATH_ADDED + certificateNode.getTextContent())); - byte[] buffer = new byte[1024]; - int count = 0; - while ((count = bis.read(buffer, 0, 1024)) != -1) { - fis.write(buffer, 0, count); - } - fis.close(); - bis.close(); - } - } catch (Exception ex) { - log.debug(ex.toString()); // $NON-NLS-1$ - } - - } - } else { - log.info("Certificates-File could not be downloaded, will be created"); //$NON-NLS-1$ - } - } - - catch (IOException e) { - - e.printStackTrace(); - - } catch (SAXException e) { - - e.printStackTrace(); - } catch (ParserConfigurationException e) { - - e.printStackTrace(); - } finally { - - try { - if (br != null) - br.close(); - - if (fr != null) - fr.close(); - - } catch (IOException ex) { - - ex.printStackTrace(); - - } - - } - - } - -} diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/StateMachineImpl.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/StateMachineImpl.java index 3af65a24..7280c96a 100644 --- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/StateMachineImpl.java +++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/StateMachineImpl.java @@ -27,7 +27,6 @@ import org.slf4j.LoggerFactory; import at.asit.pdfover.gui.MainWindow; import at.asit.pdfover.gui.controls.Dialog.BUTTONS; import at.asit.pdfover.gui.controls.ErrorDialog; -import at.asit.pdfover.gui.utils.CertificateDownloadSource; import at.asit.pdfover.commons.Messages; import at.asit.pdfover.gui.workflow.config.ConfigManipulator; import at.asit.pdfover.gui.workflow.config.ConfigOverlayManipulator; @@ -263,8 +262,6 @@ public class StateMachineImpl implements StateMachine, GUIProvider { // Call update to start processing ... update(); - CertificateDownloadSource.getAcceptedCertificates(this.getConfigProvider()); - // if a user interaction is required we have a shell ... -- cgit v1.2.3