diff options
author | tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> | 2008-10-10 11:13:40 +0000 |
---|---|---|
committer | tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> | 2008-10-10 11:13:40 +0000 |
commit | 6ef9bdefc58cb2553f23aaa9711d6341e293c9f7 (patch) | |
tree | d627791fc5e394b0fa47c03a93d19b9e1ec65a36 /src/main/java/at/knowcenter/wag/egov/egiz/web | |
parent | 1318c462d46bb248e0587666c04944cfe2c83db6 (diff) | |
download | pdf-as-3-6ef9bdefc58cb2553f23aaa9711d6341e293c9f7.tar.gz pdf-as-3-6ef9bdefc58cb2553f23aaa9711d6341e293c9f7.tar.bz2 pdf-as-3-6ef9bdefc58cb2553f23aaa9711d6341e293c9f7.zip |
Deprecated webapp-folder removed from svn repository.
New DefaultConfiguration.zip integrated in order to allow mocca signatures.
Minor bug concerning choice of cce within the web application fixed.
Signature with new online bku MOCCA integrated (new signature device "moc" created).
Configuration keys for mocca added.
New error codes (371 = signature verification not supported by this connector, 372 = invalid signing time) introduced.
Optional check of the signing time for the web application implemented. At signature creation time the signing time is checked for plausibility. This is a workaround for the ITS:mac-linux signing time bug. New configuration key ("signing_time_tolerance") added (applies to web application only) to overcome invalid signing times. A signature is only accepted if its signing time is within a time frame of [current time - signing_time_tolerance, current time + signing_time_tolerance] where signing_time_tolerance is interpreted as seconds.
Bugfix: Correct extraction of signatures with wrong signing times implemented. (The order of the signatures is still invalid in case of false signing times.)
Optional override of the dynamic creation of the signature retrieval url (locrefcontent) implemented in order to overcome ssl problems (retrieve_signature_data_url_override). Note: Assure that this URL is accessible from the citizen card environment.
Download of signed pdf-file for external application interface adjusted.
Verification of mocca signed documents implemented.
Retrieval of xml response via multipart implemented (mocca strictly follows security layer spec)
git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@296 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
Diffstat (limited to 'src/main/java/at/knowcenter/wag/egov/egiz/web')
5 files changed, 89 insertions, 27 deletions
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/LocalRequestHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/LocalRequestHelper.java index 15792b9..0490c48 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/LocalRequestHelper.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/LocalRequestHelper.java @@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import at.gv.egiz.pdfas.utils.WebUtils;
import at.gv.egiz.pdfas.web.CurrentLocalOperation;
import at.gv.egiz.pdfas.web.SignSessionInformation;
import at.gv.egiz.pdfas.web.VerifySessionInformation;
@@ -88,8 +89,9 @@ public abstract class LocalRequestHelper */
public static String processLocalSign(SignSessionInformation si, HttpServletRequest request, HttpServletResponse response) throws IOException, PresentableException
{
- String host = request.getServerName(); // "129.27.153.77"
- URL loc_ref_URL = new URL(getLocalContextAddress(request, response) + "/RetrieveSignatureData");
+ String host = request.getServerName();
+// URL loc_ref_URL = new URL(WebUtils.addJSessionID(getLocalContextAddress(request, response) + "/RetrieveSignatureData", request));
+ URL loc_ref_URL = new URL(WebUtils.buildRetrieveSignatureDataURL(request, response));
String loc_ref_url = response.encodeURL(loc_ref_URL.toString());
LocalConnector c = ConnectorChooser.chooseLocalConnectorForSign(si.connector, si.type, loc_ref_url);
@@ -100,8 +102,9 @@ public abstract class LocalRequestHelper si.outputAvailable = false;
si.response_properties = null;
- URL data_URL = new URL(request.getScheme(), host, request.getServerPort(), request.getContextPath() + "/DataURL");
+ URL data_URL = new URL(request.getScheme(), host, request.getServerPort(), WebUtils.addJSessionID(request.getContextPath() + "/DataURL", request));
String data_url = response.encodeURL(data_URL.toString());
+ logger.debug("data_url = " + data_url);
request.setAttribute("local_request_url", local_request_url);
request.setAttribute("data_url", data_url);
@@ -180,7 +183,8 @@ public abstract class LocalRequestHelper // si.finished = false;
String host = request.getServerName();
- URL loc_ref_URL = new URL(getLocalContextAddress(request, response) + "/RetrieveSignatureData");
+// URL loc_ref_URL = new URL(WebUtils.addJSessionID(getLocalContextAddress(request, response) + "/RetrieveSignatureData", request));
+ URL loc_ref_URL = new URL(WebUtils.buildRetrieveSignatureDataURL(request, response));
String loc_ref_url = response.encodeURL(loc_ref_URL.toString());
for (int i = 0; i < si.currentLocalOperation.requests.length; i++)
@@ -216,7 +220,7 @@ public abstract class LocalRequestHelper String local_request_url = getLocalServiceAddress(si.type, si.connector);
- URL data_URL = new URL(request.getScheme(), host, request.getServerPort(), request.getContextPath() + "/DataURL");
+ URL data_URL = new URL(request.getScheme(), host, request.getServerPort(), WebUtils.addJSessionID(request.getContextPath() + "/DataURL", request));
String data_url = response.encodeURL(data_URL.toString());
request.setAttribute("local_request_url", local_request_url);
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java index 19a82c3..2adc4b1 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java @@ -8,17 +8,24 @@ import java.io.PrintWriter; import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.util.ArrayList;
+import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.FileItemFactory;
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -29,12 +36,14 @@ import at.gv.egiz.pdfas.web.SignSessionInformation; import at.gv.egiz.pdfas.web.VerifySessionInformation;
import at.gv.egiz.pdfas.web.helper.SessionHelper;
import at.gv.egiz.pdfas.web.helper.SignServletHelper;
+import at.gv.egiz.pdfas.web.helper.SigningTimeHelper;
import at.gv.egiz.pdfas.web.helper.TempDirHelper;
import at.knowcenter.wag.egov.egiz.PdfASID;
import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
import at.knowcenter.wag.egov.egiz.exceptions.InvalidIDException;
import at.knowcenter.wag.egov.egiz.exceptions.PresentableException;
import at.knowcenter.wag.egov.egiz.exceptions.SignatorFactoryException;
+import at.knowcenter.wag.egov.egiz.exceptions.SignatureException;
import at.knowcenter.wag.egov.egiz.pdf.SignatureHolder;
import at.knowcenter.wag.egov.egiz.sig.SignatureResponse;
import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorChooser;
@@ -156,15 +165,42 @@ public class DataURLServlet extends HttpServlet protected boolean isNullResponse(String xml_response)
{
- return xml_response.indexOf("NullOperationResponse") >= 0;
+ return xml_response != null && xml_response.indexOf("NullOperationResponse") != -1;
}
- protected void processSign(HttpServletRequest request, HttpServletResponse response, SignSessionInformation si) throws ServletException, IOException, ConnectorException, SignatorException, SignatorFactoryException
+ private static String retrieveXMLResponse(HttpServletRequest request) throws ServletException {
+ log.debug("Trying to fetch XMLResponse...");
+ String xml_response = null;
+ if (ServletFileUpload.isMultipartContent(request)) {
+ log.debug("Response is multipart.");
+ FileItemFactory factory = new DiskFileItemFactory();
+ ServletFileUpload upload = new ServletFileUpload(factory);
+ try {
+ List items = upload.parseRequest(request);
+ Iterator iter = items.iterator();
+ while (iter.hasNext()) {
+ FileItem item = (FileItem) iter.next();
+ if (item.isFormField() && "XMLResponse".equals(item.getFieldName())) {
+ log.debug("XMLResponse part found.");
+ xml_response = item.getString();
+ break;
+ }
+ }
+ } catch (FileUploadException e) {
+ throw new ServletException(e);
+ }
+ } else {
+ xml_response = request.getParameter("XMLResponse");
+ }
+ log.debug("XMLResponse = " + xml_response);
+ return xml_response;
+ }
+
+ protected void processSign(HttpServletRequest request, HttpServletResponse response, SignSessionInformation si) throws ServletException, IOException, ConnectorException, SignatorException, SignatorFactoryException, SignatureException
{
log.trace("processSign");
- String xml_response = request.getParameter("XMLResponse"); //$NON-NLS-1$
- log.debug("xml_response = " + xml_response); //$NON-NLS-1$
+ String xml_response = retrieveXMLResponse(request);
if (isNullResponse(xml_response))
{
@@ -202,6 +238,9 @@ public class DataURLServlet extends HttpServlet si.si.setSignSignatureObject(c.analyzeSignResponse(si.response_properties));
+ // workaround for invalid signing time
+ SigningTimeHelper.checkSigningTimeAgainstHostTime(si.si);
+
PdfASID algorithm = FormFields.translateSignatureModeToPdfASID(si.mode);
Signator signator = SignatorFactory.createSignator(algorithm);
@@ -227,21 +266,33 @@ public class DataURLServlet extends HttpServlet }
else
{
- HttpSession session = request.getSession(true);
- log.debug("Putting signed document into session (" + session.getId() + ").");
- session.setAttribute(SessionAttributes.SIGNED_PDF_DOCUMENT, si);
-// String serverURL = LocalRequestHelper.getLocalServerAddress(request, response);
- String downloadURL = response.encodeRedirectURL(LocalRequestHelper.getLocalContextAddress(request, response) + "/ProvidePDF");
- log.debug("Creating download URL \"" + downloadURL + "\".");
- session.setAttribute(SessionAttributes.DOWNLOAD_URL_FOR_SIGNED_PDF_DOCUMENT, downloadURL);
-
-// String redirectURL = response.encodeRedirectURL("/pdf-as/jsp/download.jsp");
-// log.debug("Redirecting to " + redirectURL + ".");
-// response.sendRedirect(redirectURL);
- temporaryRedirect(LocalRequestHelper.getLocalContextAddress(request, response) + "/jsp/download.jsp", response);
+ // tzefferer: If PDF-AS has been called by an external web-application, we do not
+ // redirect to download.jsp but return the sign-response immediately
+ if (si.exappinf != null) {
+ log.debug("Entering external application interface mode. Skipping redirection to download page.");
+ SignServletHelper.returnSignResponse(si, response);
+
+ // Not needed due to redirection of returnSignResponse.
+ // Just to clarify that there must not be any code after returnSignResponse.
+ return;
+ } else {
+ log.debug("Preparing download page.");
+ HttpSession session = request.getSession(true);
+ log.debug("Putting signed document into session (" + session.getId() + ").");
+ session.setAttribute(SessionAttributes.SIGNED_PDF_DOCUMENT, si);
+ String downloadURL = response.encodeRedirectURL(LocalRequestHelper.getLocalContextAddress(request, response) + "/ProvidePDF");
+ log.debug("Creating download URL \"" + downloadURL + "\".");
+ session.setAttribute(SessionAttributes.DOWNLOAD_URL_FOR_SIGNED_PDF_DOCUMENT, downloadURL);
+ Cookie cookie = new Cookie("JSESSIONID", session.getId());
+ response.addCookie(cookie);
+ temporaryRedirect(response.encodeRedirectURL(LocalRequestHelper.getLocalContextAddress(request, response) + "/jsp/download.jsp") , response);
+
+ // Not needed due to temporaryRedirect.
+ // Just to clarify that there must not be any code after temporaryRedirect.
+ return;
+ }
- return;
-// SignServletHelper.returnSignResponse(si, response);
+ // do not insert any code within this else block !
}
}
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/SignServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/SignServlet.java index 6330f0c..124b2a3 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/SignServlet.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/SignServlet.java @@ -45,6 +45,7 @@ import at.gv.egiz.pdfas.exceptions.ErrorCode; import at.gv.egiz.pdfas.exceptions.ErrorCodeHelper;
import at.gv.egiz.pdfas.exceptions.external.ExternalErrorException;
import at.gv.egiz.pdfas.framework.input.PdfDataSource;
+import at.gv.egiz.pdfas.utils.WebUtils;
import at.gv.egiz.pdfas.web.SignSessionInformation;
import at.gv.egiz.pdfas.web.helper.SignServletHelper;
import at.gv.egiz.pdfas.web.helper.TempDirHelper;
@@ -282,7 +283,8 @@ public class SignServlet extends HttpServlet if (ud.preview)
{
String submit_url = response.encodeURL(request.getContextPath() + "/SignPreview");
- String signature_data_url = response.encodeURL(request.getContextPath() + "/RetrieveSignatureData");
+// String signature_data_url = response.encodeURL(WebUtils.addJSessionID(request.getContextPath() + "/RetrieveSignatureData", request));
+ String signature_data_url = response.encodeURL(WebUtils.buildRetrieveSignatureDataURL(request, response));
request.setAttribute("submit_url", submit_url);
request.setAttribute("signature_data_url", signature_data_url);
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyPreviewServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyPreviewServlet.java index 9b8583d..5e1819e 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyPreviewServlet.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyPreviewServlet.java @@ -41,6 +41,7 @@ import org.apache.commons.logging.LogFactory; import at.gv.egiz.pdfas.framework.input.TextDataSource;
import at.gv.egiz.pdfas.utils.StreamUtils;
+import at.gv.egiz.pdfas.utils.WebUtils;
import at.gv.egiz.pdfas.web.VerifySessionInformation;
import at.gv.egiz.pdfas.web.helper.SessionHelper;
import at.gv.egiz.pdfas.web.helper.TempDirHelper;
@@ -566,7 +567,8 @@ public class VerifyPreviewServlet extends HttpServlet }
String host = request.getServerName();
- URL loc_ref_URL = new URL(LocalRequestHelper.getLocalContextAddress(request, response) + "/RetrieveSignatureData");
+// URL loc_ref_URL = new URL(WebUtils.addJSessionID(LocalRequestHelper.getLocalContextAddress(request, response) + "/RetrieveSignatureData", request));
+ URL loc_ref_URL = new URL(WebUtils.buildRetrieveSignatureDataURL(request, response));
String loc_ref_url = response.encodeURL(loc_ref_URL.toString());
List results = PdfAS.verifySignatureHoldersWeb(holders_to_verify, si, loc_ref_url);
@@ -685,7 +687,8 @@ public class VerifyPreviewServlet extends HttpServlet }
String host = request.getServerName();
- URL loc_ref_URL = new URL(LocalRequestHelper.getLocalContextAddress(request, response) + "/RetrieveSignatureData");
+// URL loc_ref_URL = new URL(WebUtils.addJSessionID(LocalRequestHelper.getLocalContextAddress(request, response) + "/RetrieveSignatureData", request));
+ URL loc_ref_URL = new URL(WebUtils.buildRetrieveSignatureDataURL(request, response));
String loc_ref_url = response.encodeURL(loc_ref_URL.toString());
List results = PdfAS.verifySignatureHoldersWeb(holders_to_verify, si, loc_ref_url);
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java index 387ae08..1029a5f 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java @@ -45,6 +45,7 @@ import at.gv.egiz.pdfas.framework.input.ExtractionStage; import at.gv.egiz.pdfas.framework.input.PdfDataSource;
import at.gv.egiz.pdfas.framework.input.TextDataSource;
import at.gv.egiz.pdfas.framework.vfilter.VerificationFilterParameters;
+import at.gv.egiz.pdfas.utils.WebUtils;
import at.gv.egiz.pdfas.web.VerifySessionInformation;
import at.gv.egiz.pdfas.web.helper.TempDirHelper;
import at.knowcenter.wag.egov.egiz.PdfAS;
@@ -151,7 +152,8 @@ public class VerifyServlet extends HttpServlet String host = request.getServerName();
// TODO still required for old communication with MOA-SS/SP
- URL loc_ref_URL = new URL(LocalRequestHelper.getLocalContextAddress(request, response) + "/RetrieveSignatureData");
+// URL loc_ref_URL = new URL(WebUtils.addJSessionID(LocalRequestHelper.getLocalContextAddress(request, response) + "/RetrieveSignatureData", request));
+ URL loc_ref_URL = new URL(WebUtils.buildRetrieveSignatureDataURL(request, response));
String loc_ref_url = response.encodeURL(loc_ref_URL.toString());
List results = PdfAS.verifySignatureHoldersWeb(signature_holders, si, loc_ref_url);
|