diff options
Diffstat (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java')
| -rw-r--r-- | pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java | 47 |
1 files changed, 43 insertions, 4 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java index 19b729a..6cb55fe 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java @@ -32,6 +32,9 @@ import java.io.File; import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@@ -108,6 +111,9 @@ public class SignServlet extends HttpServlet { public static final String SUBMITFORM_FILENAME_KEY = "signupload.jsp:filenameKey";
public static final String SUBMITFORM_PREVIEW = "signupload.jsp:previewKey";
+ public static final String HTTP_PROTOCOL = "http";
+ public static final String HTTPS_PROTOCOL = "https";
+
// Added by rpiazzi to know if an error occured within IFrame because this
// calls for
// a different display of the error
@@ -133,6 +139,25 @@ public class SignServlet extends HttpServlet { disp.forward(request, response);
}
+ private URL getEncodedURLFromStringQuery(String query)
+ throws MalformedURLException, URISyntaxException {
+
+ URL url = new URL(query);
+
+ if (url.getProtocol().equals(HTTP_PROTOCOL)
+ || url.getProtocol().equals(HTTPS_PROTOCOL)) {
+
+ URI uri = new URI(url.getProtocol(), url.getUserInfo(),
+ url.getHost(), url.getPort(), url.getPath(),
+ url.getQuery(), url.getRef());
+ url = uri.toURL();
+ return url;
+ }
+
+ throw new MalformedURLException(
+ "Only HTTP and HTTPS protocols supported");
+ }
+
/**
* Processes the sign upload.
*
@@ -156,7 +181,7 @@ public class SignServlet extends HttpServlet { // TODO Auto-generated catch block
e.printStackTrace();
}
-
+
// check if pdf-as has been called by external webapp
if (request.getParameter(FormFields.FIELD_PDF_URL) != null) {
String preview = (String) request
@@ -248,7 +273,20 @@ public class SignServlet extends HttpServlet { // wprinz: rem: this allocation is useless
// byte[] extern_pdf = new byte[Integer.parseInt(pdf_length)];
- URL source_url = new URL(query);
+ // URL source_url = new URL(query);
+
+ // Bugfix TZ: Encode URL
+ URL source_url = null;
+ try {
+ source_url = getEncodedURLFromStringQuery(query);
+ } catch (URISyntaxException e) {
+
+ request.setAttribute("error", e.getMessage());
+ request.setAttribute("cause", e.getCause());
+ request.setAttribute("resourcebundle", Boolean.TRUE);
+ dispatch(request, response, "/jsp/error.jsp");
+ }
+
InputStream is = source_url.openStream();
// extern_pdf = toByteArray(is);
@@ -365,12 +403,13 @@ public class SignServlet extends HttpServlet { si.pdfDataSource = ud.pdfDataSource;
si.type = ud.sig_type;
if (md != null) {
- byte[] plain_digest = md.digest(ud.pdfDataSource.getAsByteArray());
+ byte[] plain_digest = md.digest(ud.pdfDataSource
+ .getAsByteArray());
plain_hex_digest = Hex.encodeHexString(plain_digest);
log.info("Original PDF HASH Value: " + plain_hex_digest);
si.plainPDFDigest = plain_hex_digest;
}
-
+
si.filename = formatFileName(ud.file_name);
si.download_inline = ud.download_inline;
|