aboutsummaryrefslogtreecommitdiff
path: root/pdf-as-web/src/main/java/at
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-10-16 10:53:39 +0200
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-10-16 10:53:39 +0200
commit3d7fedde0944207f5afb49fec95b391ad24e5f06 (patch)
tree60fcf99d039ef36fe6ef063f3fe05259fef9e427 /pdf-as-web/src/main/java/at
parent59b738ffa58aef22454270d49d081a4506fc43cf (diff)
downloadpdf-as-3-3d7fedde0944207f5afb49fec95b391ad24e5f06.tar.gz
pdf-as-3-3d7fedde0944207f5afb49fec95b391ad24e5f06.tar.bz2
pdf-as-3-3d7fedde0944207f5afb49fec95b391ad24e5f06.zip
URL escape BUG fixed
Diffstat (limited to 'pdf-as-web/src/main/java/at')
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java1
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java47
2 files changed, 44 insertions, 4 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java
index 4dbe6f0..b566651 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java
@@ -182,6 +182,7 @@ public class SignServletHelper
SignResult signResult = pdfAs.sign(si.signParameters, si.sdi);
si.signResult = signResult;
si.signedPdf = data.getData();
+ si.output = data;
// PdfASID algorithm = FormFields.translateSignatureModeToPdfASID(si.mode);
// Signator signator = SignatorFactory.createSignator(algorithm);
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java
index 19b729a..6cb55fe 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java
@@ -32,6 +32,9 @@ import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@@ -108,6 +111,9 @@ public class SignServlet extends HttpServlet {
public static final String SUBMITFORM_FILENAME_KEY = "signupload.jsp:filenameKey";
public static final String SUBMITFORM_PREVIEW = "signupload.jsp:previewKey";
+ public static final String HTTP_PROTOCOL = "http";
+ public static final String HTTPS_PROTOCOL = "https";
+
// Added by rpiazzi to know if an error occured within IFrame because this
// calls for
// a different display of the error
@@ -133,6 +139,25 @@ public class SignServlet extends HttpServlet {
disp.forward(request, response);
}
+ private URL getEncodedURLFromStringQuery(String query)
+ throws MalformedURLException, URISyntaxException {
+
+ URL url = new URL(query);
+
+ if (url.getProtocol().equals(HTTP_PROTOCOL)
+ || url.getProtocol().equals(HTTPS_PROTOCOL)) {
+
+ URI uri = new URI(url.getProtocol(), url.getUserInfo(),
+ url.getHost(), url.getPort(), url.getPath(),
+ url.getQuery(), url.getRef());
+ url = uri.toURL();
+ return url;
+ }
+
+ throw new MalformedURLException(
+ "Only HTTP and HTTPS protocols supported");
+ }
+
/**
* Processes the sign upload.
*
@@ -156,7 +181,7 @@ public class SignServlet extends HttpServlet {
// TODO Auto-generated catch block
e.printStackTrace();
}
-
+
// check if pdf-as has been called by external webapp
if (request.getParameter(FormFields.FIELD_PDF_URL) != null) {
String preview = (String) request
@@ -248,7 +273,20 @@ public class SignServlet extends HttpServlet {
// wprinz: rem: this allocation is useless
// byte[] extern_pdf = new byte[Integer.parseInt(pdf_length)];
- URL source_url = new URL(query);
+ // URL source_url = new URL(query);
+
+ // Bugfix TZ: Encode URL
+ URL source_url = null;
+ try {
+ source_url = getEncodedURLFromStringQuery(query);
+ } catch (URISyntaxException e) {
+
+ request.setAttribute("error", e.getMessage());
+ request.setAttribute("cause", e.getCause());
+ request.setAttribute("resourcebundle", Boolean.TRUE);
+ dispatch(request, response, "/jsp/error.jsp");
+ }
+
InputStream is = source_url.openStream();
// extern_pdf = toByteArray(is);
@@ -365,12 +403,13 @@ public class SignServlet extends HttpServlet {
si.pdfDataSource = ud.pdfDataSource;
si.type = ud.sig_type;
if (md != null) {
- byte[] plain_digest = md.digest(ud.pdfDataSource.getAsByteArray());
+ byte[] plain_digest = md.digest(ud.pdfDataSource
+ .getAsByteArray());
plain_hex_digest = Hex.encodeHexString(plain_digest);
log.info("Original PDF HASH Value: " + plain_hex_digest);
si.plainPDFDigest = plain_hex_digest;
}
-
+
si.filename = formatFileName(ud.file_name);
si.download_inline = ud.download_inline;