From 12fe32df6f5b17abb5d1f9bac9f5fb87b961f0c2 Mon Sep 17 00:00:00 2001 From: tkellner Date: Wed, 10 Apr 2013 18:56:29 +0000 Subject: Configuration Changes git-svn-id: https://joinup.ec.europa.eu/svn/pdf-over/trunk@49 174cde9d-5d70-4d2a-aa98-46368bc2aaf7 --- .../states/mobilebku/ASITTrustManager.java | 179 +++++++++++++++++++-- .../workflow/states/mobilebku/ATrustHelper.java | 112 +++++++++++-- .../states/mobilebku/TrustedSocketFactory.java | 4 +- 3 files changed, 269 insertions(+), 26 deletions(-) (limited to 'pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku') diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ASITTrustManager.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ASITTrustManager.java index 2428ef65..6f557bc6 100644 --- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ASITTrustManager.java +++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ASITTrustManager.java @@ -16,13 +16,22 @@ package at.asit.pdfover.gui.workflow.states.mobilebku; // Imports +import java.security.KeyStore; import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; - +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.apache.commons.lang.ArrayUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.w3c.dom.Document; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; /** * @@ -34,31 +43,181 @@ public class ASITTrustManager implements X509TrustManager { private static final Logger log = LoggerFactory .getLogger(ASITTrustManager.class); - /* (non-Javadoc) - * @see javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.X509Certificate[], java.lang.String) + /* + * The default X509TrustManager returned by SunX509. We'll delegate + * decisions to it, and fall back to the logic in this class if the default + * X509TrustManager doesn't trust it. + */ + X509TrustManager sunJSSEX509TrustManager; + + /** + * Trust Manager for A-Trust Certificates + */ + X509TrustManager atrustTrustManager; + + /** + * Constructs the TrustManager + * + * @throws Exception + */ + public ASITTrustManager() throws Exception { + // create a "default" JSSE X509TrustManager. + + TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); //$NON-NLS-1$ + tmf.init((KeyStore) null); + + TrustManager tms[] = tmf.getTrustManagers(); + + /* + * Iterate over the returned trustmanagers, look for an instance of + * X509TrustManager. If found, use that as our "default" trust manager. + */ + for (int i = 0; i < tms.length; i++) { + if (tms[i] instanceof X509TrustManager) { + this.sunJSSEX509TrustManager = (X509TrustManager) tms[i]; + break; + } + } + + /* + * A-Trust Certificates + */ + + KeyStore atrustKeyStore = KeyStore.getInstance(KeyStore + .getDefaultType()); + + atrustKeyStore.load(null); + + String usedCertificates = "/certificates/used_certificates.xml"; //$NON-NLS-1$ + + Document doc = DocumentBuilderFactory.newInstance() + .newDocumentBuilder() + .parse(this.getClass().getResourceAsStream(usedCertificates)); + + Node certificates = doc.getFirstChild(); + + if (!certificates.getNodeName().equals("certificates")) { //$NON-NLS-1$ + throw new Exception( + "Used certificates xml is invalid! no certificates node"); //$NON-NLS-1$ + } + + NodeList certificateList = certificates.getChildNodes(); + + for (int i = 0; i < certificateList.getLength(); i++) { + try { + + Node certificateNode = certificateList.item(i); + + if (certificateNode.getNodeName().equals("#text")) { //$NON-NLS-1$ + continue; // Ignore dummy text node .. + } + + if (!certificateNode.getNodeName().equals("certificate")) { //$NON-NLS-1$ + log.warn("Ignoring XML node: " + certificateNode.getNodeName()); //$NON-NLS-1$ + continue; + } + + String certResource = "/certificates/" + certificateNode.getTextContent() + ".crt"; //$NON-NLS-1$ //$NON-NLS-2$ + + X509Certificate cert = (X509Certificate) CertificateFactory + .getInstance("X509"). //$NON-NLS-1$ + generateCertificate( + this.getClass().getResourceAsStream( + certResource)); + + atrustKeyStore.setCertificateEntry(certificateNode.getTextContent(), cert); + + log.debug("Loaded certificate : " + certResource); //$NON-NLS-1$ + + } catch (Exception ex) { + log.error("Failed to load certificate [" + "]", ex); //$NON-NLS-1$ //$NON-NLS-2$ + } + } + + tmf.init(atrustKeyStore); + + tms = tmf.getTrustManagers(); + + /* + * Iterate over the returned trustmanagers, look for an instance of + * X509TrustManager. If found, use that as our "default" trust manager. + */ + for (int i = 0; i < tms.length; i++) { + if (tms[i] instanceof X509TrustManager) { + this.atrustTrustManager = (X509TrustManager) tms[i]; + break; + } + } + + if (this.sunJSSEX509TrustManager != null + && this.atrustTrustManager != null) { + return; + } + + /* + * Find some other way to initialize, or else we have to fail the + * constructor. + */ + throw new Exception("Couldn't initialize ASITTrustManager"); //$NON-NLS-1$ + } + + /* + * (non-Javadoc) + * + * @see + * javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert. + * X509Certificate[], java.lang.String) */ @Override public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { - // Ignore client certificates ... + try { + this.atrustTrustManager.checkServerTrusted(arg0, arg1); + } catch (CertificateException ex) { + try { + this.sunJSSEX509TrustManager.checkClientTrusted(arg0, arg1); + } catch (CertificateException ex2) { + log.info("checkClientTrusted: ", ex2); //$NON-NLS-1$ + throw ex2; + } + } } - /* (non-Javadoc) - * @see javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String) + /* + * (non-Javadoc) + * + * @see + * javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert. + * X509Certificate[], java.lang.String) */ @Override public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { - // TODO: Check trusted server certificate! + try { + this.atrustTrustManager.checkServerTrusted(arg0, arg1); + } catch (CertificateException ex) { + try { + this.sunJSSEX509TrustManager.checkServerTrusted(arg0, arg1); + } catch (CertificateException ex2) { + log.info("checkServerTrusted: ", ex2); //$NON-NLS-1$ + throw ex2; + } + } } - /* (non-Javadoc) + /* + * (non-Javadoc) + * * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() */ @Override public X509Certificate[] getAcceptedIssuers() { - // TODO: Build accepted issuers - return null; + + X509Certificate[] default_certs = this.sunJSSEX509TrustManager.getAcceptedIssuers(); + + X509Certificate[] atrust_cerst = this.atrustTrustManager.getAcceptedIssuers(); + + return (X509Certificate[]) ArrayUtils.addAll(default_certs, atrust_cerst); } } diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ATrustHelper.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ATrustHelper.java index c9254317..1ea265ad 100644 --- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ATrustHelper.java +++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/ATrustHelper.java @@ -16,9 +16,18 @@ package at.asit.pdfover.gui.workflow.states.mobilebku; // Imports +import java.util.regex.Matcher; +import java.util.regex.Pattern; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.asit.pdfover.gui.composites.MobileBKUEnterNumberComposite; +import at.asit.pdfover.gui.exceptions.InvalidNumberException; +import at.asit.pdfover.gui.exceptions.InvalidPasswordException; +import at.asit.pdfover.gui.exceptions.PasswordTooLongException; +import at.asit.pdfover.gui.exceptions.PasswordTooShortException; + /** * */ @@ -30,36 +39,111 @@ public class ATrustHelper { .getLogger(ATrustHelper.class); /** + * Regular expression for mobile phone numbers: this allows the entrance of + * mobile numbers in the following formats: + * + * +(countryCode)99999999999 00(countryCode)99999999999 099999999999 + * 1030199999999999 (A-Trust Test bku) + */ + private static final String NUMBER_REGEX = "^((\\+[\\d]{2})|(00[\\d]{2})|(0)|(10301))([1-9][\\d]+)$"; //$NON-NLS-1$ + + /** + * Extracts a substring from data starting after start and ending with end + * * @param data + * the whole data string * @param start + * the start marker * @param end - * @return + * the end marker + * @return the substring * @throws Exception */ - public static String extractTag(String data, String start, String end) throws Exception { + public static String extractTag(String data, String start, String end) + throws Exception { int startidx = data.indexOf(start); - if(startidx > 0) { - startidx = startidx+start.length(); + if (startidx > 0) { + startidx = startidx + start.length(); int endidx = data.indexOf(end, startidx); - if(endidx > startidx) { + if (endidx > startidx) { return data.substring(startidx, endidx); - } else { - // TODO: throw exception - throw new Exception("end tag not available!"); } - } else { - // TODO: throw exception - throw new Exception("start tag not available!"); + // TODO: throw proper exception + log.error("extracting Tag: end tag not valid!: " + start + " ... " + end); //$NON-NLS-1$//$NON-NLS-2$ + throw new Exception("end tag not available!"); //$NON-NLS-1$ } + // TODO: throw proper exception + log.error("extracting Tag: start tag not valid!: " + start + " ... " + end); //$NON-NLS-1$//$NON-NLS-2$ + throw new Exception("start tag not available!"); //$NON-NLS-1$ } - + + /** + * Validates the Mobile phone number + * + * @param number + * @return the normalized Phone number + * @throws InvalidNumberException + */ + public static String normalizeMobileNumber(String number) + throws InvalidNumberException { + // Verify number and normalize + + // Compile and use regular expression + Pattern pattern = Pattern.compile(NUMBER_REGEX); + Matcher matcher = pattern.matcher(number); + + if (!matcher.find()) { + throw new InvalidNumberException(); + } + + if (matcher.groupCount() != 6) { + throw new InvalidNumberException(); + } + + String countryCode = matcher.group(1); + + String normalNumber = matcher.group(6); + + if (countryCode.equals("10301")) { //$NON-NLS-1$ + // A-Trust Testnumber! Don't change + return number; + } + + countryCode = countryCode.replace("00", "+"); //$NON-NLS-1$ //$NON-NLS-2$ + + if (countryCode.equals("0")) { //$NON-NLS-1$ + countryCode = "+43"; //$NON-NLS-1$ + } + + return countryCode + normalNumber; + } + + /** + * Validate given Password for Mobile BKU + * + * @param password + * @throws InvalidPasswordException + */ + public static void validatePassword(String password) + throws InvalidPasswordException { + if (password.length() < 6 || password.length() > 20) { + if (password.length() < 6) { + throw new PasswordTooShortException(); + } + throw new PasswordTooLongException(); + } + } + /** + * Removes file extension from URL + * * @param query - * @return + * the url string + * @return the stripped url */ public static String stripQueryString(String query) { int pathidx = query.lastIndexOf('/'); - if(pathidx > 0) { + if (pathidx > 0) { return query.substring(0, pathidx); } return query; diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/TrustedSocketFactory.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/TrustedSocketFactory.java index bfe84605..5e9d8159 100644 --- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/TrustedSocketFactory.java +++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/mobilebku/TrustedSocketFactory.java @@ -46,8 +46,8 @@ public class TrustedSocketFactory implements ProtocolSocketFactory { private static final Logger log = LoggerFactory .getLogger(TrustedSocketFactory.class); - private static SSLSocketFactory getFactory() throws NoSuchAlgorithmException, - KeyManagementException { + private SSLSocketFactory getFactory() throws NoSuchAlgorithmException, + KeyManagementException, Exception { SSLContext sslContext = SSLContext.getInstance("TLS"); //$NON-NLS-1$ sslContext.init(null, new TrustManager[] { new ASITTrustManager() }, new java.security.SecureRandom()); -- cgit v1.2.3