Deprecated webapp-folder removed from svn repository.

New DefaultConfiguration.zip integrated in order to allow mocca signatures.
Minor bug concerning choice of cce within the web application fixed.
Signature with new online bku MOCCA integrated (new signature device "moc" created).
Configuration keys for mocca added.
New error codes (371 = signature verification not supported by this connector, 372 = invalid signing time) introduced.
Optional check of the signing time for the web application implemented. At signature creation time the signing time is checked for plausibility. This is a workaround for the ITS:mac-linux signing time bug. New configuration key ("signing_time_tolerance") added (applies to web application only) to overcome invalid signing times. A signature is only accepted if its signing time is within a time frame of [current time - signing_time_tolerance, current time + signing_time_tolerance] where signing_time_tolerance is interpreted as seconds.
Bugfix: Correct extraction of signatures with wrong signing times implemented. (The order of the signatures is still invalid in case of false signing times.)
Optional override of the dynamic creation of the signature retrieval url (locrefcontent) implemented in order to overcome ssl problems (retrieve_signature_data_url_override). Note: Assure that this URL is accessible from the citizen card environment.
Download of signed pdf-file for external application interface adjusted.
Verification of mocca signed documents implemented.
Retrieval of xml response via multipart implemented (mocca strictly follows security layer spec)


git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@296 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c

1 files changed, 100 insertions, 0 deletions

diff --git a/src/main/java/at/gv/egiz/pdfas/utils/WebUtils.java b/src/main/java/at/gv/egiz/pdfas/utils/WebUtils.java
new file mode 100644
index 0000000..4bca486
--- /dev/null
+++ b/src/main/java/at/gv/egiz/pdfas/utils/WebUtils.java
@@ -0,0 +1,100 @@
+package at.gv.egiz.pdfas.utils;

+

+import javax.servlet.http.HttpServletRequest;

+import javax.servlet.http.HttpServletResponse;

+import javax.servlet.http.HttpSession;

+

+import org.apache.commons.lang.StringUtils;

+import org.apache.commons.logging.Log;

+import org.apache.commons.logging.LogFactory;

+

+import at.knowcenter.wag.egov.egiz.cfg.SettingsReader;

+import at.knowcenter.wag.egov.egiz.exceptions.SettingNotFoundException;

+import at.knowcenter.wag.egov.egiz.exceptions.SettingsException;

+import at.knowcenter.wag.egov.egiz.web.LocalRequestHelper;

+

+/**

+ * @author tknall

+ */

+public final class WebUtils {

+

+   private WebUtils() {

+   }

+

+   /**

+    * The log.

+    */

+   private final static Log LOG = LogFactory.getLog(WebUtils.class);

+   

+   /**

+    * The configuration key that replaces a dynamically generated retrieve signature data url.

+    */

+   private final static String RETRIEVE_SIGNATURE_DATA_URL_OVERRIDE_KEY = "retrieve_signature_data_url_override";

+   

+   /**

+    * Unlike {@link HttpServletResponse#encodeURL(String)} that adds only a

+    * {@code JSESSIONID} entry to the given url if needed, this method always

+    * adds the session id (except if already present within the url.

+    * 

+    * @param url

+    *           The given url.

+    * @param session

+    *           The {@link HttpSession}.

+    * @return The given url plus a session id.

+    */

+   public static String addJSessionID(String url, HttpSession session) {

+      if (url == null) {

+         return null;

+      }

+      if (!StringUtils.containsIgnoreCase(url, ";jsessionid=")) {

+         url = url + ";jsessionid=" + session.getId();

+         LOG.debug("Adding jsessionid " + session.getId());

+      } else {

+         LOG.debug("No need to add a jsessionid.");

+      }

+      LOG.debug("Returning url " + url);

+      return url;

+   }

+

+   /**

+    * Unlike {@link HttpServletResponse#encodeURL(String)} that adds only a

+    * {@code JSESSIONID} entry to the given url if needed, this method always

+    * adds the session id (except if already present within the url.

+    * 

+    * @param url

+    *           The given url.

+    * @param request

+    *           The {@link HttpServletRequest}.

+    * @return The given url plus a session id.

+    */

+   public static String addJSessionID(String url, HttpServletRequest request) {

+      return addJSessionID(url, request.getSession());

+   }

+   

+   /**

+    * Either dynamically creates locref content url or uses a url provides by the pdf-as

+    * configuration (key {@code retrieve_signature_data_url_override}).

+    * @param request The {@link HttpServletRequest}.

+    * @param response The {@link HttpServletResponse}.

+    * @return The retrieve signature data url.

+    */

+   public static String buildRetrieveSignatureDataURL(HttpServletRequest request, HttpServletResponse response) {

+      String override = null;

+      LOG.debug("Building retrieve signature data url.");

+      try {

+         override = SettingsReader.getInstance().getSetting(RETRIEVE_SIGNATURE_DATA_URL_OVERRIDE_KEY, null);

+      } catch (SettingsException e) {

+         LOG.error(e);

+      }

+      String result;

+      if (override == null) {

+         result = WebUtils.addJSessionID(LocalRequestHelper.getLocalContextAddress(request, response) + "/RetrieveSignatureData", request);         

+      } else {

+         LOG.debug("Override url found: " + override);

+         result = WebUtils.addJSessionID(override, request);         

+      }

+      LOG.debug("RetrieveSignatureDataURL = " + result);

+      return result;

+   }

+

+}