1 files changed, 69 insertions, 18 deletions

diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java
index 19a82c3..2adc4b1 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java
@@ -8,17 +8,24 @@ import java.io.PrintWriter;
 import java.io.UnsupportedEncodingException;

 import java.net.URL;

 import java.util.ArrayList;

+import java.util.Iterator;

 import java.util.List;

 import java.util.Properties;

 

 import javax.servlet.RequestDispatcher;

 import javax.servlet.ServletContext;

 import javax.servlet.ServletException;

+import javax.servlet.http.Cookie;

 import javax.servlet.http.HttpServlet;

 import javax.servlet.http.HttpServletRequest;

 import javax.servlet.http.HttpServletResponse;

 import javax.servlet.http.HttpSession;

 

+import org.apache.commons.fileupload.FileItem;

+import org.apache.commons.fileupload.FileItemFactory;

+import org.apache.commons.fileupload.FileUploadException;

+import org.apache.commons.fileupload.disk.DiskFileItemFactory;

+import org.apache.commons.fileupload.servlet.ServletFileUpload;

 import org.apache.commons.logging.Log;

 import org.apache.commons.logging.LogFactory;

 

@@ -29,12 +36,14 @@ import at.gv.egiz.pdfas.web.SignSessionInformation;
 import at.gv.egiz.pdfas.web.VerifySessionInformation;

 import at.gv.egiz.pdfas.web.helper.SessionHelper;

 import at.gv.egiz.pdfas.web.helper.SignServletHelper;

+import at.gv.egiz.pdfas.web.helper.SigningTimeHelper;

 import at.gv.egiz.pdfas.web.helper.TempDirHelper;

 import at.knowcenter.wag.egov.egiz.PdfASID;

 import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;

 import at.knowcenter.wag.egov.egiz.exceptions.InvalidIDException;

 import at.knowcenter.wag.egov.egiz.exceptions.PresentableException;

 import at.knowcenter.wag.egov.egiz.exceptions.SignatorFactoryException;

+import at.knowcenter.wag.egov.egiz.exceptions.SignatureException;

 import at.knowcenter.wag.egov.egiz.pdf.SignatureHolder;

 import at.knowcenter.wag.egov.egiz.sig.SignatureResponse;

 import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorChooser;

@@ -156,15 +165,42 @@ public class DataURLServlet extends HttpServlet
 

   protected boolean isNullResponse(String xml_response)

   {

-    return xml_response.indexOf("NullOperationResponse") >= 0;

+    return xml_response != null && xml_response.indexOf("NullOperationResponse") != -1;

   }

   

-  protected void processSign(HttpServletRequest request, HttpServletResponse response, SignSessionInformation si) throws ServletException, IOException, ConnectorException, SignatorException, SignatorFactoryException

+  private static String retrieveXMLResponse(HttpServletRequest request) throws ServletException {

+     log.debug("Trying to fetch XMLResponse...");

+     String xml_response = null;

+     if (ServletFileUpload.isMultipartContent(request)) {

+        log.debug("Response is multipart.");

+        FileItemFactory factory = new DiskFileItemFactory();

+        ServletFileUpload upload = new ServletFileUpload(factory);

+        try {

+          List items = upload.parseRequest(request);

+          Iterator iter = items.iterator();

+          while (iter.hasNext()) {

+              FileItem item = (FileItem) iter.next();

+               if (item.isFormField() && "XMLResponse".equals(item.getFieldName())) {

+                  log.debug("XMLResponse part found.");

+                  xml_response = item.getString();

+                  break;

+               }

+          }

+        } catch (FileUploadException e) {

+           throw new ServletException(e);

+        }

+     } else {

+        xml_response = request.getParameter("XMLResponse");

+     }

+     log.debug("XMLResponse = " + xml_response);

+     return xml_response;

+  }

+  

+  protected void processSign(HttpServletRequest request, HttpServletResponse response, SignSessionInformation si) throws ServletException, IOException, ConnectorException, SignatorException, SignatorFactoryException, SignatureException

   {

     log.trace("processSign");

     

-    String xml_response = request.getParameter("XMLResponse"); //$NON-NLS-1$

-    log.debug("xml_response = " + xml_response); //$NON-NLS-1$

+    String xml_response = retrieveXMLResponse(request);

 

     if (isNullResponse(xml_response))

     {

@@ -202,6 +238,9 @@ public class DataURLServlet extends HttpServlet
 

         si.si.setSignSignatureObject(c.analyzeSignResponse(si.response_properties));

 

+        // workaround for invalid signing time

+        SigningTimeHelper.checkSigningTimeAgainstHostTime(si.si);

+

         PdfASID algorithm = FormFields.translateSignatureModeToPdfASID(si.mode);

         Signator signator = SignatorFactory.createSignator(algorithm);

 

@@ -227,21 +266,33 @@ public class DataURLServlet extends HttpServlet
       }

       else

       {

-         HttpSession session = request.getSession(true);

-         log.debug("Putting signed document into session (" + session.getId() + ").");

-         session.setAttribute(SessionAttributes.SIGNED_PDF_DOCUMENT, si);

-//         String serverURL = LocalRequestHelper.getLocalServerAddress(request, response);

-         String downloadURL = response.encodeRedirectURL(LocalRequestHelper.getLocalContextAddress(request, response) + "/ProvidePDF");

-         log.debug("Creating download URL \"" + downloadURL + "\".");

-         session.setAttribute(SessionAttributes.DOWNLOAD_URL_FOR_SIGNED_PDF_DOCUMENT, downloadURL);

-

-//         String redirectURL = response.encodeRedirectURL("/pdf-as/jsp/download.jsp");

-//         log.debug("Redirecting to " + redirectURL + ".");

-//         response.sendRedirect(redirectURL);

-         temporaryRedirect(LocalRequestHelper.getLocalContextAddress(request, response) + "/jsp/download.jsp", response);

+         // tzefferer: If PDF-AS has been called by an external web-application, we do not 

+         //            redirect to download.jsp but return the sign-response immediately

+         if (si.exappinf != null) {

+            log.debug("Entering external application interface mode. Skipping redirection to download page.");

+            SignServletHelper.returnSignResponse(si, response);

+            

+            // Not needed due to redirection of returnSignResponse.

+            // Just to clarify that there must not be any code after returnSignResponse.

+            return;

+         } else {

+            log.debug("Preparing download page.");

+            HttpSession session = request.getSession(true);

+            log.debug("Putting signed document into session (" + session.getId() + ").");

+            session.setAttribute(SessionAttributes.SIGNED_PDF_DOCUMENT, si);

+            String downloadURL = response.encodeRedirectURL(LocalRequestHelper.getLocalContextAddress(request, response) + "/ProvidePDF");

+            log.debug("Creating download URL \"" + downloadURL + "\".");

+            session.setAttribute(SessionAttributes.DOWNLOAD_URL_FOR_SIGNED_PDF_DOCUMENT, downloadURL);

+            Cookie cookie = new Cookie("JSESSIONID", session.getId());

+            response.addCookie(cookie);

+            temporaryRedirect(response.encodeRedirectURL(LocalRequestHelper.getLocalContextAddress(request, response) + "/jsp/download.jsp") , response);

+

+            // Not needed due to temporaryRedirect.

+            // Just to clarify that there must not be any code after temporaryRedirect.

+            return;

+         }

          

-         return;

-//        SignServletHelper.returnSignResponse(si, response);

+         // do not insert any code within this else block !

       }

     }

   }