Commit ab7ef744 authored by Tobias Wich's avatar Tobias Wich
Browse files

Merge branch 'master' into reqesidta

parents 3ca2efe7 8ed7db8f
......@@ -4,16 +4,21 @@ Prerequisites
In order to build the Open eCard project, some additional tools are needed.
Required dependencies are:
* Java JDK 7 or higher
Oracle JDK and OpenJDK are working correctly
* Java JDK 11 or higher - Oracle JDK and OpenJDK are working correctly (jlink is required for building modular runtime images)
* Maven in at least version 3.6.1
* Maven in at least version 3.0.3 for JRE builds and 3.1.1 for Android builds
https://maven.apache.org/download.html
* Git 1.7.11 or higher (older versions are probably also ok)
http://git-scm.com/downloads
Optional dependencies are:
* Java JDK 14 with the new jpackage tool for creating native packages (early-access builds are available)
https://jdk.java.net/jpackage/)
* Android SDK
The Android SDK dependent modules are built when the environment variable
ANDROID_HOME is set and points to the installation directory of the Android
......@@ -30,27 +35,69 @@ Optional dependencies are:
https://developer.android.com/tools/sdk/ndk/index.html
Prior to starting the build, all Git submodules must be initialized with the
following command, which must be issued form the project root:
$ git submodule update --init
Git submodule updates may also be necessary after pulling changes from the
remote repository. The `git status` command indicates when this is needed.
Native packages can be created with an early-access build of JDK-14 which contains the new jpackage tool. For this purpose, JDK-14 must be managed independently of other JDK versions. This can be done with Maven toolchains. For this purpose, a `toolchains.xml` file is required on the building machine. The default location of this file is `~/.m2/toolchains.xml`. It should look similar to this one (JDK paths must be adjusted):
```xml
<?xml version="1.0" encoding="UTF8"?>
<toolchains>
<!-- JDK toolchains -->
<toolchain>
<type>jdk</type>
<provides>
<version>14</version>
<vendor>OpenJDK</vendor>
<id>JavaSE-14</id>
</provides>
<configuration>
<jdkHome>/usr/lib/jvm/jdk-14/</jdkHome>
</configuration>
</toolchain>
<toolchain>
<type>jdk</type>
<provides>
<version>11</version>
<vendor>OpenJDK</vendor>
<id>JavaSE-11</id>
</provides>
<configuration>
<jdkHome>/usr/lib/jvm/java-11-openjdk-amd64/</jdkHome>
</configuration>
</toolchain>
</toolchains>
```
If native packages are not created on the building machine, the first toolchain is not required.
Build Sources
=============
A standard build is performed by the command:
$ mvn clean install
$ mvn clean install
In order to create Javadoc and source artifacts, perform the following command:
$ mvn clean javadoc:javadoc javadoc:jar source:jar install
$ mvn clean javadoc:javadoc javadoc:jar source:jar install
By default, only a modular runtime image is created. However, if the early-access build of JDK-14 with the new jpackage tool is added to the toolchains, a native application package can be created by using the property `desktop-package`:
$ mvn clean install -Ddesktop-package
Usually, the predefined package formats are used: dmg for Mac OS, deb for Linux and msi and exe for Windows. An additional property `jlink-jpackager.package-type` can replace the predefined format of the native application package (only for Mac and Linux). The possible formats are:
- dmg
- pkg
- deb
- rpm
A native package with the `pkg` format can be created by using the following command:
$ mvn clean install -Ddesktop-package -Djlink-jpackager.package-type=pkg
The developer has to make sure that all necessary packaging tools are installed. In case of Windows, msi and exe packages are built. For this purpose, two additional tools are required:
- [WiX toolset](https://wixtoolset.org/) - to create msi installers
- [Inno Setup](http://www.jrsoftware.org/isinfo.php) - to create exe installers (Path environment variable must be set)
Build Profiles
--------------
......@@ -61,7 +108,7 @@ performed and which artifacts are created.
Maven profiles are selected on the commandline by adding the -P option as
follows:
$ mvn -Pprofile1,profile2 <Maven goals>
$ mvn -Pprofile1,profile2 <Maven goals>
The following global profiles are defined:
......
......@@ -25,7 +25,6 @@ The simplified build instructions are as follows:
$ git clone git://github.com/ecsec/open-ecard.git
$ cd open-ecard
$ git submodule update --init
$ mvn clean install
......@@ -36,6 +35,34 @@ as follows:
$ cd open-ecard-$version
$ mvn clean install
Finally, you can run the Open eCard App from command line:
$ ./packager/richclient-packager/target/open-ecard/bin/open-ecard
Packaging
-----------
Native packages which are based on a modular runtime image can be built with the new [jpackage](https://openjdk.java.net/jeps/343) tool which is a candidate for JDK-14. Early-access builds are already [provided](https://jdk.java.net/jpackage/). Native packages for the Open eCard can be built by downloading the JDK-14 early-access build, referencing it as toolchain and by specifying the following property:
$ mvn clean install -Ddesktop-package
By default, the packager will take the predefined package types, such as dmg for Mac OS and deb for Linux-based systems. The package type can be overridden for Mac and Linux packages by using the following user property:
$ mvn clean install -Ddesktop-package -Djlink-jpackager.package-type=<type>
Thereby, the following types are available:
- dmg
- pkg
- deb
- rpm
You have to make sure the required packaging tools are installed. In case of Windows, msi and exe packages are built. For this purpose, two additional tools are required:
- [WiX toolset](https://wixtoolset.org/) - to create msi installers
- [Inno Setup](http://www.jrsoftware.org/isinfo.php) - to create exe installers (Path environment variable must be set)
More information about the required JDK versions and the setup of the toolchain, can be found in the INSTALL.md file.
License
=======
......
......@@ -2,11 +2,12 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.openecard</groupId>
<artifactId>app</artifactId>
<version>1.3.1-SNAPSHOT</version>
</parent>
<parent>
<groupId>org.openecard</groupId>
<artifactId>src-parent</artifactId>
<version>1.4.0-rc.4-SNAPSHOT</version>
<relativePath>../src-parent/</relativePath>
</parent>
<groupId>org.openecard</groupId>
<artifactId>addon</artifactId>
......
......@@ -36,5 +36,6 @@ public class AuxDataKeys {
public static final String REDIRECT_LOCATION = PREFIX + "redirect_location" ;
public static final String RESPONSE_HEADERS = PREFIX + "response_headers";
public static final String MINOR_PROCESS_RESULT = PREFIX + "minor_result";
}
......@@ -5,7 +5,7 @@
<parent>
<groupId>org.openecard</groupId>
<artifactId>addons</artifactId>
<version>1.3.1-SNAPSHOT</version>
<version>1.4.0-rc.4-SNAPSHOT</version>
</parent>
<groupId>org.openecard.addons</groupId>
......
......@@ -5,7 +5,7 @@
<parent>
<groupId>org.openecard</groupId>
<artifactId>addons</artifactId>
<version>1.3.1-SNAPSHOT</version>
<version>1.4.0-rc.4-SNAPSHOT</version>
</parent>
<groupId>org.openecard.addons</groupId>
......
......@@ -5,7 +5,7 @@
<parent>
<groupId>org.openecard</groupId>
<artifactId>addons</artifactId>
<version>1.3.1-SNAPSHOT</version>
<version>1.4.0-rc.4-SNAPSHOT</version>
</parent>
<groupId>org.openecard.addons</groupId>
......
......@@ -4,8 +4,9 @@
<parent>
<groupId>org.openecard</groupId>
<artifactId>app</artifactId>
<version>1.3.1-SNAPSHOT</version>
<artifactId>src-parent</artifactId>
<version>1.4.0-rc.4-SNAPSHOT</version>
<relativePath>../src-parent/</relativePath>
</parent>
<groupId>org.openecard</groupId>
......
......@@ -5,7 +5,7 @@
<parent>
<groupId>org.openecard</groupId>
<artifactId>addons</artifactId>
<version>1.3.1-SNAPSHOT</version>
<version>1.4.0-rc.4-SNAPSHOT</version>
</parent>
<groupId>org.openecard.addons</groupId>
......
......@@ -5,7 +5,7 @@
<parent>
<groupId>org.openecard</groupId>
<artifactId>addons</artifactId>
<version>1.3.1-SNAPSHOT</version>
<version>1.4.0-rc.4-SNAPSHOT</version>
</parent>
<groupId>org.openecard.addons</groupId>
......
......@@ -111,7 +111,11 @@ public class PAOSTask implements Callable<StartPAOSResponse> {
sp.getSupportedDIDProtocols().addAll(supportedDIDs);
return p.sendStartPAOS(sp);
} finally {
TCTokenHandler.disconnectHandle(dispatcher, connectionHandle);
try {
TCTokenHandler.disconnectHandle(dispatcher, connectionHandle);
} catch (Exception ex) {
LOG.warn("Error disconnecting finished handle.", ex);
}
}
}
......
......@@ -33,7 +33,7 @@ import org.openecard.crypto.tls.CertificateVerifier;
*
* @author Tobias Wich
*/
public class SaveEServiceCertHandler implements CertificateVerifier {
public class SaveEidServerCertHandler implements CertificateVerifier {
boolean firstCert = true;
......@@ -42,7 +42,7 @@ public class SaveEServiceCertHandler implements CertificateVerifier {
if (firstCert) {
firstCert = false;
DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
dynCtx.put(TR03112Keys.ESERVICE_CERTIFICATE, chain);
dynCtx.put(TR03112Keys.EIDSERVER_CERTIFICATE, chain);
}
}
......
......@@ -375,22 +375,35 @@ public class TCTokenHandler {
break;
}
LOG.debug("Processing InnerException.", innerException);
if (innerException instanceof WSException) {
WSException ex = (WSException) innerException;
errorMsg = createResponseFromWsEx(ex, response);
} else if (innerException instanceof PAOSConnectionException) {
response.setResult(WSHelper.makeResultError(ResultMinor.TRUSTED_CHANNEL_ESTABLISCHMENT_FAILED,
response.setResult(WSHelper.makeResultError(ResultMinor.TRUSTED_CHANNEL_ESTABLISHMENT_FAILED,
w.getLocalizedMessage()));
response.setAdditionalResultMinor(ECardConstants.Minor.Disp.COMM_ERROR);
} else if (innerException instanceof InterruptedException) {
response.setResultCode(BindingResultCode.INTERRUPTED);
response.setResult(WSHelper.makeResultError(ResultMinor.CANCELLATION_BY_USER, errorMsg));
response.setAdditionalResultMinor(ECardConstants.Minor.App.SESS_TERMINATED);
} else if (innerException instanceof DocumentValidatorException) {
errorMsg = LANG_TR.translationForKey(SCHEMA_VALIDATION_FAILED);
// it is ridiculous, that this should be a client error, but the test spec demands this
response.setResult(WSHelper.makeResultError(ResultMinor.CLIENT_ERROR, w.getMessage()));
response.setAdditionalResultMinor(ECardConstants.Minor.SAL.Support.SCHEMA_VAILD_FAILED);
} else {
errorMsg = createMessageFromUnknownError(w);
response.setResult(WSHelper.makeResultError(ResultMinor.CLIENT_ERROR, w.getMessage()));
response.setAdditionalResultMinor(ECardConstants.Minor.App.UNKNOWN_ERROR);
}
String paosAdditionalMinor = w.getAdditionalResultMinor();
if (paosAdditionalMinor != null) {
LOG.debug("Replacing minor from inner exception with minor from PAOSException.");
LOG.debug("InnerException minor: {}", response.getAuxResultData().get(AuxDataKeys.MINOR_PROCESS_RESULT));
LOG.debug("PAOSException minor: {}", paosAdditionalMinor);
response.setAdditionalResultMinor(paosAdditionalMinor);
}
showErrorMessage(errorMsg);
......@@ -548,7 +561,10 @@ public class TCTokenHandler {
private String createResponseFromWsEx(WSException ex, TCTokenResponse response) {
String errorMsg;
switch (ex.getResultMinor()) {
String minor = ex.getResultMinor();
switch (minor) {
case ECardConstants.Minor.Disp.TIMEOUT:
case ECardConstants.Minor.SAL.CANCELLATION_BY_USER:
case ECardConstants.Minor.IFD.CANCELLATION_BY_USER:
errorMsg = LANG_TOKEN.translationForKey("cancel");
......@@ -594,6 +610,9 @@ public class TCTokenHandler {
errorMsg = LANG_TR.translationForKey(ERROR_WHILE_AUTHENTICATION);
response.setResult(WSHelper.makeResultError(ResultMinor.SERVER_ERROR, errorMsg));
}
response.setAdditionalResultMinor(minor);
return errorMsg;
}
......
......@@ -250,6 +250,7 @@ public class TCTokenRequest {
if (usableCards == null) {
// user aborted the card insertion dialog
LOG.info("Waiting for cards has not returned a result, cancelling process.");
throw new UserCancellationException(null, LANG.translationForKey(CARD_INSERTION_ABORT));
}
......
/****************************************************************************
* Copyright (C) 2012-2014 ecsec GmbH.
* Copyright (C) 2012-2019 ecsec GmbH.
* All rights reserved.
* Contact: ecsec GmbH (info@ecsec.de)
*
......@@ -42,10 +42,12 @@ import org.openecard.common.util.UrlBuilder;
*
* @author Moritz Horsch
* @author Hans-Martin Haase
* @author Tobias Wich
*/
public class TCTokenResponse extends BindingResult {
private static final I18n lang = I18n.getTranslation("tr03112");
private static final I18n LANG = I18n.getTranslation("tr03112");
private Result result;
private TCToken token;
private Future<?> bindingTask;
......@@ -71,6 +73,10 @@ public class TCTokenResponse extends BindingResult {
this.result = result;
}
public void setAdditionalResultMinor(String minor) {
this.addAuxResultData(AuxDataKeys.MINOR_PROCESS_RESULT, minor);
}
/**
* Sets the TCToken as received in the request.
*
......@@ -151,7 +157,7 @@ public class TCTokenResponse extends BindingResult {
} catch (URISyntaxException ex) {
// this is a code failure as the URLs are verified upfront
// TODO: translate when exception changes
throw new IllegalArgumentException(lang.getOriginalMessage(INVALID_URL), ex);
throw new IllegalArgumentException(LANG.getOriginalMessage(INVALID_URL), ex);
}
}
......
......@@ -396,7 +396,7 @@ public class TCTokenVerifier {
}
URI refreshUrlAsUrl = createUrlWithErrorParams(refreshUrl,
ResultMinor.TRUSTED_CHANNEL_ESTABLISCHMENT_FAILED, ex.getMessage());
ResultMinor.TRUSTED_CHANNEL_ESTABLISHMENT_FAILED, ex.getMessage());
throw new InvalidTCTokenElement(refreshUrlAsUrl.toString(), ex);
} catch (IOException | HttpResourceException | InvalidUrlException | InvalidProxyException | ValidationError | URISyntaxException ex1) {
String errorUrl = token.getComErrorAddressWithParams(ResultMinor.COMMUNICATION_ERROR);
......
......@@ -36,8 +36,9 @@ public class TR03112Keys {
public static final String TCTOKEN_CHECKS = "tctoken_checks";
public static final String ACTIVATION_THREAD = "activation_thread";
public static final String CONNECTION_HANDLE = "connection_handle";
public static final String SAME_CHANNEL = "same_channel";
public static final String ESERVICE_CERTIFICATE_DESC = "eservice_certificate_description";
public static final String ESERVICE_CERTIFICATE = "eservice_certificate";
public static final String EIDSERVER_CERTIFICATE = "eservice_certificate";
public static final String TCTOKEN_URL = "TCTokenURL";
public static final String TCTOKEN_SERVER_CERTIFICATES = "tctoken_server_certificates";
public static final String IS_REFRESH_URL_VALID = "is_refresh_url_valid";
......
......@@ -49,6 +49,7 @@ import static org.openecard.binding.tctoken.ex.ErrorTranslations.*;
import org.bouncycastle.tls.BasicTlsPSKIdentity;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import org.openecard.common.DynamicContext;
import org.openecard.crypto.common.ReusableSecureRandom;
import org.openecard.crypto.tls.verify.JavaSecVerifier;
......@@ -119,6 +120,9 @@ public class TlsConnectionHandler {
if (tlsClient instanceof ClientCertDefaultTlsClient) {
((ClientCertDefaultTlsClient) tlsClient).setEnforceSameSession(true);
}
// save the info that we have a same channel situtation
DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
dynCtx.put(TR03112Keys.SAME_CHANNEL, Boolean.TRUE);
} else {
// kill open channel in tctoken request, it is not needed anymore
if (tokenRequest.getTokenContext() != null) {
......@@ -171,7 +175,7 @@ public class TlsConnectionHandler {
// make sure nobody changes the server when the connection gets reestablished
tlsAuth.addCertificateVerifier(new SameCertVerifier());
// save eService certificate for use in EAC
tlsAuth.addCertificateVerifier(new SaveEServiceCertHandler());
tlsAuth.addCertificateVerifier(new SaveEidServerCertHandler());
// set the authentication class in the tls client
tlsClient.setAuthentication(tlsAuth);
......
......@@ -33,7 +33,7 @@ public class ResultMinor {
/**
* Indicates that the eID-Client failed to set up a trusted channel to the eID-Server.
*/
public static final String TRUSTED_CHANNEL_ESTABLISCHMENT_FAILED = "trustedChannelEstablishmentFailed";
public static final String TRUSTED_CHANNEL_ESTABLISHMENT_FAILED = "trustedChannelEstablishmentFailed";
/**
* Indicates that the user aborted the authentication.
......
......@@ -30,9 +30,9 @@ import org.openecard.addon.sal.FunctionType;
import org.openecard.addon.sal.ProtocolStep;
import org.openecard.binding.tctoken.TR03112Keys;
import org.openecard.common.DynamicContext;
import org.openecard.common.ECardException;
import org.openecard.common.WSHelper;
import org.openecard.common.interfaces.Dispatcher;
import org.openecard.common.sal.protocol.exception.ProtocolException;
import org.openecard.common.tlv.TLVException;
import org.openecard.sal.protocol.eac.anytype.EAC2OutputType;
import org.openecard.sal.protocol.eac.anytype.EACAdditionalInputType;
......@@ -92,7 +92,11 @@ public class ChipAuthenticationStep implements ProtocolStep<DIDAuthenticate, DID
eac2Output = auth.performAuth(eac2Output, internalData);
response.setAuthenticationProtocolData(eac2Output.getAuthDataType());
} catch (ParserConfigurationException | ProtocolException | TLVException e) {
} catch (ECardException e) {
LOG.error(e.getMessage(), e);
response.setResult(e.getResult());
dynCtx.put(EACProtocol.AUTHENTICATION_DONE, false);
} catch (ParserConfigurationException | TLVException e) {
LOG.error(e.getMessage(), e);
response.setResult(WSHelper.makeResultUnknownError(e.getMessage()));
dynCtx.put(EACProtocol.AUTHENTICATION_DONE, false);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment