Catching OutOfMemory exceptions, returning appropriate error message/code

Binary signature: bug concerning indirect pdf objects fixed SignaturePositioning improved (Signature position can be declared by String which is parsed) Some more error codes (Out of memory, Invalid signature position) iText utility for creation of pdf files added ConfigUtils updated (destination of configuration to be extracted can now be chosen) PDFASUtils updated (more tools) WebApplication: Freetext pdf creation implemented WebApplication: XSS security updates git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@580 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
author: tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> 2010-03-16 12:07:29 +0000
committer: tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> 2010-03-16 12:07:29 +0000
commit: 11b5950be66bcc9d6f0bb28d3fc9d211bc70f4d9 (patch)
tree: 5a48a33069a318e269245998ecf89b387f331f67 /src/main/webapp
parent: da4926845267ca8bedf34917bd3bfb94aeafa153 (diff)
download: pdf-as-3-11b5950be66bcc9d6f0bb28d3fc9d211bc70f4d9.tar.gz
pdf-as-3-11b5950be66bcc9d6f0bb28d3fc9d211bc70f4d9.tar.bz2
pdf-as-3-11b5950be66bcc9d6f0bb28d3fc9d211bc70f4d9.zip
6 files changed, 103 insertions, 31 deletions
diff --git a/src/main/webapp/WEB-INF/decorators.xml b/src/main/webapp/WEB-INF/decorators.xml
index 352a902..a88892d 100644
--- a/src/main/webapp/WEB-INF/decorators.xml
+++ b/src/main/webapp/WEB-INF/decorators.xml
@@ -9,11 +9,6 @@
 		<pattern>/*.pdf</pattern>
 	</excludes>
 
-	<!--
-	<decorator name="standalone" page="/sitemesh/standalone.jsp">
-	<decorator name="production" page="/sitemesh/buergerkarte/pdf-as-template.jsp">
-	<decorator name="test"       page="/sitemesh/buergerkarte/test-pdf-as-template.jsp">
-	-->	  
 	<decorator name="standalone" page="/sitemesh/standalone.jsp">
 		<pattern>/*</pattern>
 	</decorator>
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index ce82e9a..4a7ad77 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -39,7 +39,15 @@
         </init-param>
         <init-param>
         	<param-name>forceRequestEncoding</param-name>
-        	<param-value>false</param-value>
+        	<param-value>true</param-value>
+        </init-param>
+        <init-param>
+        	<param-name>setResponseEncoding</param-name>
+        	<param-value>true</param-value>
+        </init-param>
+        <init-param>
+        	<param-name>forceResponseEncoding</param-name>
+        	<param-value>true</param-value>
         </init-param>
     </filter>
 
diff --git a/src/main/webapp/css/pdfas-styles.css b/src/main/webapp/css/pdfas-styles.css
index a7e1906..6831232 100644
--- a/src/main/webapp/css/pdfas-styles.css
+++ b/src/main/webapp/css/pdfas-styles.css
@@ -16,6 +16,13 @@ table.pdfassignature td.pdfaslabel {
 	/* word-spacing: nowrap; */
 }
 
+textarea.freetext {
+	width: 450px;
+	height: 150px;
+	font: 1em 'Courier New', courier, monospace;
+	margin: 0px 0px 0px 0px;
+}
+
 table#pdfasupperformtable {
 	margin-top: 10px;
 }
diff --git a/src/main/webapp/jsp/SIGNATURBLOCK.jsp b/src/main/webapp/jsp/SIGNATURBLOCK.jsp
index 336365b..66e64e3 100644
--- a/src/main/webapp/jsp/SIGNATURBLOCK.jsp
+++ b/src/main/webapp/jsp/SIGNATURBLOCK.jsp
@@ -26,7 +26,7 @@
 	   if ("SIGNATURBLOCK_DE".equals(type)) {
 	      sbValue     = "Signaturwert";
 	      sbLabel     = "signatur-logo_de-100.png";
-	      sbMetaValue = "Informationen zur Prüfung der elektronischen Signatur und des Ausdrucks finden Sie unter: <input type=\"text\" name=\"vservice\" readonly=\"readonly\" disabled=\"disabled\" value=\"https://www.buergerkarte.at/signature-verification\" size=\"50\" maxlength=\"255\"/>";
+	      sbMetaValue = "Informationen zur Prüfung der elektronischen Signatur und des Ausdrucks finden Sie unter: <input type=\"text\" name=\"vservice\" readonly=\"readonly\" disabled=\"disabled\" value=\"http://www.signaturpruefung.gv.at\" size=\"50\" maxlength=\"255\"/>";
 	      sbName      = "Unterzeichner";
 	      sbDate      = "Datum/Zeit-UTC";
 	      sbIssuer    = "Aussteller-Zertifikat";
@@ -37,7 +37,7 @@
 	   } else {
 	      sbValue     = "Signature Value";
 	      sbLabel     = "signatur-logo_en-100.png";
-	      sbMetaValue = "Information about the verification of the electronic signature and of the printout can be found at: <input type=\"text\" name=\"vservice\" readonly=\"readonly\" disabled=\"disabled\" value=\"https://www.buergerkarte.at/signature-verification\" size=\"50\" maxlength=\"255\"/>";
+	      sbMetaValue = "Information about the verification of the electronic signature and of the printout can be found at: <input type=\"text\" name=\"vservice\" readonly=\"readonly\" disabled=\"disabled\" value=\"http://www.signature-verification.gv.at\" size=\"50\" maxlength=\"255\"/>";
 	      sbName      = "Signatory";
 	      sbDate      = "Date/Time-UTC";
 	      sbIssuer    = "Issuer-Certificate";
@@ -92,15 +92,8 @@
 	<tr>
 		<td class="pdfaslabel" nowrap="nowrap"><%= sbID %></td>
 		<td class="pdfasvalue">
-			<% if (Constants.SIGNATURE_DEVICE_MOC.equals(device)) { %>
-				<div class="pdfasnobreak">etsi-moc-1.0@12345678</div>
-			<% } else { %>
-				<div class="pdfasnobreak">etsi-bka-1.0@1234567890-123456789@</div>
-				<div class="pdfasnobreak">12345-1234-</div>
-				<div class="pdfasnobreak">0-</div>
-				<div class="pdfasnobreak">12345-</div>
-				<div class="pdfasnobreak">12345</div></td>
-			<% } // end if %>
+			<div class="pdfasnobreak">etsi-moc-1.1@dbc17c36</div>
+		</td>
 	</tr>
 	<tr>
 		<td class="pdfaslabel" nowrap="nowrap"><%= sbMeta %></td>
diff --git a/src/main/webapp/jsp/error.jsp b/src/main/webapp/jsp/error.jsp
index d135f88..8a06691 100644
--- a/src/main/webapp/jsp/error.jsp
+++ b/src/main/webapp/jsp/error.jsp
@@ -8,6 +8,7 @@
 <%@ page import="org.apache.commons.httpclient.util.EncodingUtil" %>
 <%@ page import="org.apache.commons.httpclient.NameValuePair" %>
 <%@ page import="at.gv.egiz.pdfas.web.helper.SignServletHelper" %>
+<%@ page import="org.apache.commons.lang.StringEscapeUtils" %>
 <%@ page import="java.io.*" %>
 
 <%@ include file="language.jsp" %>
@@ -80,12 +81,12 @@
 		<div class="pdfasnote">
 			<% if (rb) { %>
 				<fmt:message key="<%= error %>"/>
-			<% } else { out.write(error); } %>
+			<% } else { out.write(StringEscapeUtils.escapeHtml(error)); } %>
 		</div>
 		<div class="pdfasnote"><fmt:message key="error.cause"/>: <strong>
 			<% if (rb) { %>
 				<fmt:message key="<%= cause %>"/>
-			<% } else { out.write(cause); } %>
+			<% } else { out.write(StringEscapeUtils.escapeHtml(cause)); } %>
 		</strong></div>
 		<% if (!isExternalInvocation && !paramInvok) { %>
 			<div class="pdfasverticalspace"></div>
@@ -99,7 +100,7 @@
 		    pe.printStackTrace(pw);
 		    sw.close();
 		    pw.close();
-		    out.print(sw);
+		    out.print(StringEscapeUtils.escapeHtml(sw.toString()));
 		  }
 		%>
 		</pre>
diff --git a/src/main/webapp/jsp/signupload.jsp b/src/main/webapp/jsp/signupload.jsp
index 010012b..f6c02fe 100644
--- a/src/main/webapp/jsp/signupload.jsp
+++ b/src/main/webapp/jsp/signupload.jsp
@@ -1,5 +1,6 @@
 <%@ page import="at.knowcenter.wag.egov.egiz.web.FormFields" %>
 <%@ page import="at.knowcenter.wag.egov.egiz.web.SessionAttributes" %>
+<%@ page import="org.apache.commons.lang.StringEscapeUtils" %>
 <%@ page import="at.gv.egiz.pdfas.api.commons.Constants" %>
 <%@ page import="at.gv.egiz.pdfas.web.i18n.LanguageDecoratorMapper"%>
 <%@ page import="at.knowcenter.wag.egov.egiz.web.servlets.UpdateFormServlet"%>
@@ -41,18 +42,35 @@
 				updateform.<%= FormFields.FIELD_MODE %>.value           = submitform.<%= FormFields.FIELD_MODE %>.value; 
 				updateform.<%= FormFields.FIELD_CONNECTOR %>.value      = submitform.<%= FormFields.FIELD_CONNECTOR %>.value; 
 				updateform.<%= FormFields.FIELD_PDFA_ENABLED %>.value   = (submitform.<%= FormFields.FIELD_PDFA_ENABLED %>.checked == true);
+				updateform.<%= FormFields.FIELD_SOURCE %>.value         = submitform.<%= FormFields.FIELD_SOURCE %>.value;
+				if (submitform.<%= FormFields.FIELD_FREETEXT %>) {
+					updateform.<%= FormFields.FIELD_FREETEXT %>.value    = submitform.<%= FormFields.FIELD_FREETEXT %>.value; 
+				}
 				updateform.submit();
 				return(false);
 			}
 			function submitForm(preview) {
 				var submitform = document.getElementById('submitform');
-				if (!submitform.fileupload.value) {
-					if (preview) {
-						alert('<fmt:message key="signupload.documentnotselected.preview"/>');
-					} else {
-						alert('<fmt:message key="signupload.documentnotselected"/>');
+				if (submitform.fileupload) {
+					// file
+					if (!submitform.fileupload.value) {
+						if (preview) {
+							alert('<fmt:message key="signupload.documentnotselected.preview"/>');
+						} else {
+							alert('<fmt:message key="signupload.documentnotselected"/>');
+						}
+						return(false);
+					}
+				} else {
+					// freetext
+					if (!submitform.freetext.value) {
+						if (preview) {
+							alert('<fmt:message key="signupload.nofreetext.preview"/>');
+						} else {
+							alert('<fmt:message key="signupload.nofreetext"/>');
+						}
+						return(false);
 					}
-					return(false);
 				}
 				if (preview) {
 					submitform.<%= FormFields.FIELD_PREVIEW %>.value='true';
@@ -118,6 +136,21 @@
 	      }
 	   }
       session.setAttribute(UpdateFormServlet.UPLOADFORM_SIGNATURE_TYPE_KEY, type);
+      
+      // source
+      String source = (String) session.getAttribute(UpdateFormServlet.UPLOADFORM_SOURCE_KEY);
+      if (source == null) {
+         source = FormFields.VALUE_SOURCE_FILE;
+      }
+      session.setAttribute(UpdateFormServlet.UPLOADFORM_SOURCE_KEY, source);
+      boolean freeText = FormFields.VALUE_SOURCE_FREETEXT.equals(source);
+      
+      // freetext
+      String freeTextValue = (String) session.getAttribute(UpdateFormServlet.UPLOADFORM_FREETEXT_KEY);
+      if (freeTextValue == null) {
+         freeTextValue = "";
+      }
+      session.setAttribute(UpdateFormServlet.UPLOADFORM_FREETEXT_KEY, freeTextValue);
 
 	   %>
 </head>
@@ -131,13 +164,29 @@
 		<fmt:message key="common.title"/>
 	<% } // end if %>		   
 </h1>
-<h2 align="left"><fmt:message key="signupload.heading2"/></h2>
-<div class="pdfasnote"><fmt:message key="signupload.selectfilenote"/></div>
-<form name="updateform" id="updateform" method="post" action="<%= request.getContextPath() %>/UpdateForm">
+<h2 align="left">
+	<% if (freeText) {  %>
+		<fmt:message key="signupload.heading2.freetext"/>
+	<% } else { %>
+		<fmt:message key="signupload.heading2"/>
+	<% } %>
+</h2>
+<div class="pdfasnote">
+	<% if (freeText) { %>
+		<fmt:message key="signupload.selectfilenote.freetext"/>
+	<% } else { %>
+		<fmt:message key="signupload.selectfilenote"/>
+	<% } %>
+</div>
+<form name="updateform" id="updateform" accept-charset="UTF-8" method="post" action="<%= request.getContextPath() %>/UpdateForm">
 	<input type="hidden" name="<%= FormFields.FIELD_SIGNATURE_TYPE %>" value=""/>
 	<input type="hidden" name="<%= FormFields.FIELD_MODE %>" value=""/>
 	<input type="hidden" name="<%= FormFields.FIELD_CONNECTOR %>" value=""/>
-	<input type="hidden" name="<%= FormFields.FIELD_PDFA_ENABLED%>" value=""/>
+	<input type="hidden" name="<%= FormFields.FIELD_PDFA_ENABLED %>" value=""/>
+	<input type="hidden" name="<%= FormFields.FIELD_SOURCE %>" value=""/>
+	<% if (freeText) { %>
+		<input type="hidden" name="<%= FormFields.FIELD_FREETEXT %>" value=""/>
+	<% } // end if %>
 </form>
 <form name="submitform" id="submitform"
       enctype="multipart/form-data"
@@ -183,12 +232,31 @@
 				</select>
 			</td>
 		</tr>
+		<!--
 		<tr>
 			<td align="left" nowrap="nowrap"><label><fmt:message key="signupload.file"/>:</label></td>
 			<td align="left"><input size="50" type="file" id="fileupload" name="<%= FormFields.FIELD_UPLOAD %>" accept="application/pdf"/></td>
 		</tr>
+		-->
+		<tr>
+			<td align="left" nowrap="nowrap" style="vertical-align: top;">
+				<select name="<%= FormFields.FIELD_SOURCE %>" onchange="return updateForm();">
+					<option value="<%= FormFields.VALUE_SOURCE_FILE %>" <%= FormFields.VALUE_SOURCE_FILE.equals(source) ? "selected=\"selected\"" : "" %>><fmt:message key="signupload.file"/></option>
+					<option value="<%= FormFields.VALUE_SOURCE_FREETEXT %>" <%= FormFields.VALUE_SOURCE_FREETEXT.equals(source) ? "selected=\"selected\"" : "" %>><fmt:message key="signupload.freetext"/></option>
+				</select>
+			</td>
+			<td align="left">
+				<% if (freeText) { %>
+					<textarea class="freetext" id="freetext" name="<%= FormFields.FIELD_FREETEXT %>"><%= StringEscapeUtils.escapeHtml(freeTextValue) %></textarea>
+				<% } else { %>
+					<input size="50" type="file" id="fileupload" name="<%= FormFields.FIELD_UPLOAD %>" accept="application/pdf"/>
+				<% } // end if freetext %>
+			</td>
+		</tr>
 	</table>
-	<div class="pdfasnote"><span class="pdfasemphasis"><fmt:message key="signupload.note.prefix"/>:</span> <fmt:message key="signupload.note"/> <% if (pdfa) { %><fmt:message key="signupload.note.pdfa"/><% } %></div>
+	<div class="pdfasnote"><span class="pdfasemphasis">
+		<fmt:message key="signupload.note.prefix"/>:</span> <% if (!freeText) { %><fmt:message key="signupload.note.file"/><% } %> <fmt:message key="signupload.note"/> <% if (pdfa) { %><fmt:message key="signupload.note.pdfa"/><% } %>
+	</div>
 
 	<input type="hidden" name="<%= FormFields.FIELD_DOWNLOAD %>" value="<%= FormFields.VALUE_DOWNLOAD_ATTACHMENT %>"/>
 	<input type="hidden" name="<%= FormFields.FIELD_PREVIEW %>" value="false" />
author	tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>	2010-03-16 12:07:29 +0000
committer	tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>	2010-03-16 12:07:29 +0000
commit	11b5950be66bcc9d6f0bb28d3fc9d211bc70f4d9 (patch)
tree	5a48a33069a318e269245998ecf89b387f331f67 /src/main/webapp
parent	da4926845267ca8bedf34917bd3bfb94aeafa153 (diff)
download	pdf-as-3-11b5950be66bcc9d6f0bb28d3fc9d211bc70f4d9.tar.gz pdf-as-3-11b5950be66bcc9d6f0bb28d3fc9d211bc70f4d9.tar.bz2 pdf-as-3-11b5950be66bcc9d6f0bb28d3fc9d211bc70f4d9.zip