1 files changed, 23 insertions, 7 deletions

diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java
index 60c5d41..234640b 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java
@@ -66,6 +66,8 @@ public class ProvidePDFServlet extends HttpServlet {
    public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

       

       String pdfIdString = request.getParameter(FormFields.FIELD_PDF_ID);

+      String plainPDFDigest = request.getParameter(FormFields.FIELD_ORIGINAL_DIGEST);

+      

       HttpSession session = request.getSession();

       

       if (pdfIdString == null) {

@@ -85,6 +87,14 @@ public class ProvidePDFServlet extends HttpServlet {
             // Popup-Blocker, Link-Prefetching, IE 9 SmartScreen-Filter...???

             // session.removeAttribute(SessionAttributes.SIGNED_PDF_DOCUMENT);

             log.debug("Returning signed pdf to browser.");

+            if(plainPDFDigest != null) {

+        		if(!plainPDFDigest.equalsIgnoreCase(si.plainPDFDigest)) {

+        			log.error("PDF Digests don't match!");

+        			log.error("Requested digest: " + plainPDFDigest);

+        			log.error("Saved digest: " + si.plainPDFDigest);

+                    return;

+        		}

+        	}

             SignServletHelper.returnSignResponse(si, request, response);

             log.debug("Removing free text (if any) from session.");

             session.removeAttribute(UpdateFormServlet.UPLOADFORM_FREETEXT_KEY);

@@ -93,32 +103,38 @@ public class ProvidePDFServlet extends HttpServlet {
       } else {

          long pdfId = Long.parseLong(pdfIdString);

 

-         byte[] pdf = null;

-         

+         PDFContainer pdf = null;

          synchronized (signedDocuments) {

             Iterator it = signedDocuments.iterator();

 

             while (it.hasNext() && pdf == null) {

                PDFContainer current = (PDFContainer) it.next();

                if (current.id == pdfId) {

-                  pdf = current.pdf;

+                  pdf = current;

                   signedDocuments.remove(current);

                }

             }

          }

          

-         if (pdf != null) {

+         if (pdf != null && pdf.pdf != null) {

             try {

-

+            	if(plainPDFDigest != null) {

+            		if(!plainPDFDigest.equalsIgnoreCase(pdf.originalDigest)) {

+            			log.error("PDF Digests don't match! 1");

+            			log.error("Requested digest: " + plainPDFDigest);

+            			log.error("Saved digest: " + pdf.originalDigest);

+                        return;

+            		}

+            	}

                SignServletHelper.disableBrowserCacheForResponse(response);

                response.setContentType("application/pdf");

-               response.setContentLength(pdf.length);

+               response.setContentLength(pdf.pdf.length);

                //SignSessionInformation si = (SignSessionInformation)session.getAttribute(SessionAttributes.ATTRIBUTE_SESSION_INFORMATION);

                String filename = (String)session.getAttribute(SignServlet.SUBMITFORM_FILENAME_KEY);

                

                response.setHeader("Content-disposition", "attachment; filename=\""+filename+"\"");

                

-               InputStream is = new ByteArrayInputStream(pdf);

+               InputStream is = new ByteArrayInputStream(pdf.pdf);

                final int bufferSize = 1024;

                byte[] buffer = new byte[bufferSize];

                int len = -1;