From 5812d840b420697b6821080a7cbb0f3c792fc1ac Mon Sep 17 00:00:00 2001 From: tknall Date: Thu, 19 Mar 2009 17:33:16 +0000 Subject: Build script for command line version updated. JavaDoc fixes. Some updates for debugging messages. Parser for MOCCA-CreateXMLSignatureResponses enhanced. Many updates and fixes for the external web app interface. New profile for invisible signatures added. git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@333 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- pom.xml | 3 +- src/main/assembly/assemble_distribution_brz.xml | 2 +- src/main/assembly/assemble_distribution_cl.xml | 107 +++----------- src/main/distribution/brz/pdf-as.bat | 8 ++ src/main/distribution/cl/pdf-as.bat | 8 ++ src/main/distribution/cl/pdf-as.sh | 8 ++ src/main/distribution/pdf-as.bat | 8 -- .../at/gv/egiz/pdfas/api/verify/VerifyResult.java | 6 +- .../at/gv/egiz/pdfas/impl/api/CheckHelper.java | 2 +- .../egiz/pdfas/web/helper/SignServletHelper.java | 23 ++- .../java/at/knowcenter/wag/egov/egiz/PdfAS.java | 2 +- .../wag/egov/egiz/cfg/SettingsReader.java | 2 +- .../wag/egov/egiz/pdf/PDFSignatureObjectIText.java | 4 +- .../sig/connectors/bku/DetachedBKUConnector.java | 6 + .../bku/EnvelopedBase64BKUConnector.java | 8 ++ .../connectors/moa/DetachedLocRefMOAConnector.java | 8 ++ .../moa/EnvelopingBase64MOAConnector.java | 8 ++ .../moa/MOASoapWithAttachmentConnector.java | 8 ++ .../mocca/LocRefDetachedMOCCAConnector.java | 9 ++ .../egiz/sig/connectors/mocca/MOCCAHelper.java | 4 +- .../knowcenter/wag/egov/egiz/web/FormFields.java | 2 + .../wag/egov/egiz/web/servlets/DataURLServlet.java | 6 + .../egov/egiz/web/servlets/ProvidePDFServlet.java | 58 +++++--- src/main/resources/DefaultConfiguration.zip | Bin 648596 -> 648725 bytes src/main/webapp/jsp/error.jsp | 9 +- src/main/webapp/jsp/redirect_to_parent.jsp | 13 +- .../sitemesh/buergerkarte/pdf-as-template-de.jsp | 140 ------------------ .../sitemesh/buergerkarte/pdf-as-template.jsp | 160 --------------------- .../buergerkarte/test-pdf-as-template-de.jsp | 140 ------------------ .../sitemesh/buergerkarte/test-pdf-as-template.jsp | 160 --------------------- src/site/changes.xml | 9 ++ work/cfg/config.properties | 85 ++++++----- 32 files changed, 248 insertions(+), 768 deletions(-) create mode 100644 src/main/distribution/brz/pdf-as.bat create mode 100644 src/main/distribution/cl/pdf-as.bat create mode 100644 src/main/distribution/cl/pdf-as.sh delete mode 100644 src/main/distribution/pdf-as.bat delete mode 100644 src/main/webapp/sitemesh/buergerkarte/pdf-as-template-de.jsp delete mode 100644 src/main/webapp/sitemesh/buergerkarte/pdf-as-template.jsp delete mode 100644 src/main/webapp/sitemesh/buergerkarte/test-pdf-as-template-de.jsp delete mode 100644 src/main/webapp/sitemesh/buergerkarte/test-pdf-as-template.jsp diff --git a/pom.xml b/pom.xml index 31bc29c..5f89609 100644 --- a/pom.xml +++ b/pom.xml @@ -9,7 +9,7 @@ knowcenter pdf-as PDF-AS - 3.0.9-20090203 + 3.0.9-20090319 Amtssignatur fuer elektronische Aktenfuehrung @@ -132,6 +132,7 @@ src/main/assembly/assemble_distribution_brz.xml --> src/main/assembly/assemble_distribution_brz.xml + src/main/assembly/assemble_distribution_cl.xml diff --git a/src/main/assembly/assemble_distribution_brz.xml b/src/main/assembly/assemble_distribution_brz.xml index ca31425..76ae2b5 100644 --- a/src/main/assembly/assemble_distribution_brz.xml +++ b/src/main/assembly/assemble_distribution_brz.xml @@ -20,7 +20,7 @@ - src/main/distribution/pdf-as.bat + src/main/distribution/brz/pdf-as.bat true diff --git a/src/main/assembly/assemble_distribution_cl.xml b/src/main/assembly/assemble_distribution_cl.xml index 1cc3062..22684d9 100644 --- a/src/main/assembly/assemble_distribution_cl.xml +++ b/src/main/assembly/assemble_distribution_cl.xml @@ -1,105 +1,44 @@ - - distribution-cl + + distribution_cl zip - false + pdf-as + true + + + false + runtime + lib + + *:${project.artifactId}:jar + + + - distribution/jdk/1.5.0_06/jre - /pdf-as-cl/jre + src/main/distribution/cl + true + - **/* + pdf-as.* target - /pdf-as-cl - - pdf-as*.jar - - - - distribution/cfg - /pdf-as-cl/cfg - - *.properties - - - - distribution/certificates - /pdf-as-cl/certificates - - **/* - - - - distribution/pdfastmp - /pdf-as-cl/pdfastmp - - **/* - - - - distribution/images - /pdf-as-cl/images - - **/* - - - - work/templates - /pdf-as-cl/templates + - **/* + ${project.build.finalName}.jar - - .svn - - work/licenses - /pdf-as-cl/licenses + dok + doc - **/* - - - .svn - - - - distribution/scripts - /pdf-as-cl - - - SIGN_BIN_BKU.bat - SIGN_TEXT_BKU.bat - VERIFY_ALL_BKU.bat - - - - distribution/doc - /pdf-as-cl - - Demotext.pdf + *.pdf - - - distribution/scripts/pdf-as.bat - /pdf-as-cl - true - - - - - false - runtime - /pdf-as-cl/lib - - - diff --git a/src/main/distribution/brz/pdf-as.bat b/src/main/distribution/brz/pdf-as.bat new file mode 100644 index 0000000..88eb615 --- /dev/null +++ b/src/main/distribution/brz/pdf-as.bat @@ -0,0 +1,8 @@ +@echo off + +rem Deploy embedded default configuration to current folder +rem Note: Configuration is not deployed if it already exists. +rem java -Dpdf-as.work-dir=. -jar ${project.build.finalName}.jar -ddc + +rem Start commandline +java -Dpdf-as.work-dir=. -jar ${project.build.finalName}.jar %* diff --git a/src/main/distribution/cl/pdf-as.bat b/src/main/distribution/cl/pdf-as.bat new file mode 100644 index 0000000..c4753c5 --- /dev/null +++ b/src/main/distribution/cl/pdf-as.bat @@ -0,0 +1,8 @@ +@echo off + +rem Deploys embedded default configuration to USER_HOME/PDF-AS. +rem Note: Configuration is not deployed if it already exists. +java -jar ${project.build.finalName}.jar -ddc + +rem Start commandline +java -jar ${project.build.finalName}.jar %* diff --git a/src/main/distribution/cl/pdf-as.sh b/src/main/distribution/cl/pdf-as.sh new file mode 100644 index 0000000..254b86a --- /dev/null +++ b/src/main/distribution/cl/pdf-as.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Deploys embedded default configuration to USER_HOME/PDF-AS. +# Note: Configuration is not deployed if it already exists. +java -jar ${project.build.finalName}.jar -ddc + +# Start commandline +java -jar ${project.build.finalName}.jar $@ diff --git a/src/main/distribution/pdf-as.bat b/src/main/distribution/pdf-as.bat deleted file mode 100644 index 88eb615..0000000 --- a/src/main/distribution/pdf-as.bat +++ /dev/null @@ -1,8 +0,0 @@ -@echo off - -rem Deploy embedded default configuration to current folder -rem Note: Configuration is not deployed if it already exists. -rem java -Dpdf-as.work-dir=. -jar ${project.build.finalName}.jar -ddc - -rem Start commandline -java -Dpdf-as.work-dir=. -jar ${project.build.finalName}.jar %* diff --git a/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java index fa0e683..3886569 100644 --- a/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java +++ b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java @@ -96,11 +96,11 @@ public interface VerifyResult extends SignatureInformation public Date getVerificationTime(); /** - * Returns the hash input data as returned by MOA. + * Returns the hash input data as returned by MOA as Base64-encoded String. * *

* This will only return a value other than null if the corresponding - * VerifyParameter was set to true. + * {@link VerifyParameters} has been set to true. *

*

* Note that the HashInputData does not necessarily have to be exactly the @@ -108,7 +108,7 @@ public interface VerifyResult extends SignatureInformation * {@link SignatureInformation#getSignedData()} method. *

* - * @return Returns the hash input data as returned by MOA. + * @return Returns the base64 encoded hash input data as returned by MOA. * * @see SignatureInformation#getSignedData() */ diff --git a/src/main/java/at/gv/egiz/pdfas/impl/api/CheckHelper.java b/src/main/java/at/gv/egiz/pdfas/impl/api/CheckHelper.java index 4466d8b..0c2d7ca 100644 --- a/src/main/java/at/gv/egiz/pdfas/impl/api/CheckHelper.java +++ b/src/main/java/at/gv/egiz/pdfas/impl/api/CheckHelper.java @@ -159,7 +159,7 @@ public final class CheckHelper { if (!SignatureTypes.getInstance().getSignatureTypes().contains(profileId)) { - throw new IllegalArgumentException("The profileId must be defined in the configuration file. " + profileId); + throw new IllegalArgumentException("The profileId \"" + profileId + "\" must be defined in the configuration file."); } } catch (SignatureTypesException e) diff --git a/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java b/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java index 113169c..1e1864b 100644 --- a/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java +++ b/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java @@ -219,6 +219,7 @@ public class SignServletHelper ByteArrayDataSink bads = (ByteArrayDataSink)si.output; signed_pdf = bads.getByteArray(); } + HttpSession session = request.getSession(); PDFContainer entry = new PDFContainer(signed_pdf, si.exappinf.pdf_id); ProvidePDFServlet.signedDocuments.add(entry); @@ -244,23 +245,28 @@ public class SignServletHelper String query = invoke_url.substring(0, ind) + ";jsessionid=" + session_id + invoke_url.substring(ind) + sep + FormFields.FIELD_PDF_URL + "=" + providePDFServlet + "&" + FormFields.FIELD_PDF_ID - + "=" + pdf_id + "&" + FormFields.FIELD_FILE_LENGTH + "=" + signed_pdf.length; + + "=" + pdf_id + "&" + FormFields.FIELD_FILE_LENGTH + "=" + signed_pdf.length + + "&" + FormFields.FIELD_PDFAS_SESSION_ID + "=" + session.getId(); /* * Using the external web-interface of pdf-as (as described above) pdf-as should be run within * an iframe. In case of a signature performed with a local citizen card software or with the - * server bku the result has to be provided outside an iframe. To break out of the iframe a + * server bku the result has to be provided outside the iframe. To break out of the iframe a * helper jsp (redirect_to_parent) has to be used that redirects the user to the parent * window. */ + disableBrowserCacheForResponse(response); if (Constants.SIGNATURE_DEVICE_BKU.equals(si.connector) || Constants.SIGNATURE_DEVICE_MOC.equals(si.connector)) { - HttpSession session = request.getSession(); - log.debug("Local bku was used therefore pdf-as is supposed to run within an iframe."); + log.debug("Pdf-as is supposed to run within an iframe."); log.debug("Putting external application notify url (\"" + query + "\") in session (" + session.getId() + ") for later use."); - request.getSession().setAttribute(SessionAttributes.PARENT_WEBAPP_REDIRECT_URL, query); + session.setAttribute(SessionAttributes.PARENT_WEBAPP_REDIRECT_URL, query); String redirectHelper = response.encodeRedirectURL(request.getContextPath() + "/jsp/redirect_to_parent.jsp"); + log.debug("Redirecting to " + redirectHelper); + log.debug("The browser will finally be redirected outside the iframe to " + query + " in order to notify the external application."); + response.sendRedirect(redirectHelper); + } else { log.debug("Notifying external application by redirecting to \"" + query + "\"."); response.sendRedirect(query); @@ -270,6 +276,13 @@ public class SignServletHelper } + public static void disableBrowserCacheForResponse(HttpServletResponse response) { + log.debug("Disabling browser cache for HttpServletResponse."); + response.setHeader("Cache-Control", "no-cache"); + response.setHeader("Pragma","no-cache"); + response.setDateHeader("Expires", -1); + } + /** * Formats the file name according to the SignResult. * diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java b/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java index 5164ae4..c56a03e 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java @@ -96,7 +96,7 @@ public abstract class PdfAS * The current version of the pdf-as library. This version string is logged on every invocation * of the api or the web application. */ - public static final String PDFAS_VERSION = "3.0.9-20090206"; + public static final String PDFAS_VERSION = "3.0.9-20090319"; /** * The key of the strict mode setting. diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java b/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java index bca5b17..5fd67d2 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java @@ -394,7 +394,7 @@ public class SettingsReader implements Serializable logger_.info(" configuration path = \"" + CONFIG_PATH + "\""); logger_.info(" certstore path = \"" + CERT_PATH + "\""); logger_.info(" temporary path = \"" + TMP_PATH + "\""); - logger_.info(" file.encoding = \"" + System.getProperty("file.encoding") + "\""); + logger_.debug(" file.encoding = \"" + System.getProperty("file.encoding") + "\""); logger_.info(StringUtils.repeat("*", length + 25)); IAIK.addAsProvider(); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java index 78aafbf..dc85a4f 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java @@ -323,7 +323,7 @@ public class PDFSignatureObjectIText implements PDFSignatureObject String pdfa = SettingsReader.getInstance().getSetting("sig_obj." +profileid+".key."+SIG_PDFA1_B_VALID, "default."+SIG_PDFA1_B_VALID, "false"); pdfaValid= "true".equalsIgnoreCase(pdfa); SubsetLocal.set(!pdfaValid); - logger_.debug("Sign PDF/A complient:"+pdfa); + logger_.trace("Sign PDF/A complient:"+pdfa); } catch (SettingsException e1) { logger_.error(e1); @@ -346,7 +346,7 @@ public class PDFSignatureObjectIText implements PDFSignatureObject font_string = cell_style.getValueFont(); } - logger_.debug("using cell font: "+font_string); + logger_.trace("using cell font: "+font_string); Font cell_font; if(font_string.startsWith("TTF:")) diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java index d10afc6..5164771 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java @@ -130,6 +130,12 @@ public class DetachedBKUConnector implements Connector, LocalConnector BKUHelper.checkResponseForError(response_string); + // TODO[tknall] Parse server type and version in order to prevent unsupported cces from signing pdfs + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl + log.debug("BKU response header \"user-agent\" header: " + bkuUserAgentHeader); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser + log.debug("BKU response header \"server\" header: " + bkuServerHeader); + SignSignatureObject so; if (MOCCAHelper.isMOCCACCEId(bkuServerHeader == null ? bkuUserAgentHeader : bkuServerHeader)) { log.debug("Evaluating response as MOCCA response."); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java index 40a7732..f30b4b7 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java @@ -360,6 +360,14 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector BKUHelper.checkResponseForError(response_string); + // TODO[tknall] Parse server type and version in order to prevent unsupported cces from signing pdfs + String bkuServerHeader = response_properties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY); + String bkuUserAgentHeader = response_properties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl + log.debug("BKU response header \"user-agent\" header: " + bkuUserAgentHeader); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser + log.debug("BKU response header \"server\" header: " + bkuServerHeader); + SignSignatureObject so = BKUHelper.parseCreateXMLResponse(response_string, new HotfixIdFormatter()); log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java index b31d1ec..6ad5b94 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java @@ -107,6 +107,14 @@ public class DetachedLocRefMOAConnector implements Connector BKUHelper.checkResponseForError(response_string); + // TODO[tknall] Parse server type and version in order to prevent unsupported cces from signing pdfs + String bkuServerHeader = response_properties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY); + String bkuUserAgentHeader = response_properties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl + log.debug("BKU response header \"user-agent\" header: " + bkuUserAgentHeader); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser + log.debug("BKU response header \"server\" header: " + bkuServerHeader); + SignSignatureObject so = MOAHelper.parseCreateXMLResponse(response_string, new DetachedLocRefMOAIdFormatter()); log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java index a6db63c..b309432 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java @@ -218,6 +218,14 @@ public class EnvelopingBase64MOAConnector implements Connector BKUHelper.checkResponseForError(response_string); + // TODO[tknall] Parse server type and version in order to prevent unsupported cces from signing pdfs + String bkuServerHeader = response_properties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY); + String bkuUserAgentHeader = response_properties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl + log.debug("BKU response header \"user-agent\" header: " + bkuUserAgentHeader); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser + log.debug("BKU response header \"server\" header: " + bkuServerHeader); + SignSignatureObject so = MOAHelper.parseCreateXMLResponse(response_string, new OldMOAIdFormatter()); log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java index 7776698..abd2b09 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java @@ -115,6 +115,14 @@ public class MOASoapWithAttachmentConnector implements Connector BKUHelper.checkResponseForError(response_string); + // TODO[tknall] Parse server type and version in order to prevent unsupported cces from signing pdfs + String bkuServerHeader = response_properties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY); + String bkuUserAgentHeader = response_properties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl + log.debug("BKU response header \"user-agent\" header: " + bkuUserAgentHeader); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser + log.debug("BKU response header \"server\" header: " + bkuServerHeader); + SignSignatureObject so = MOAHelper.parseCreateXMLResponse(response_string, new DetachedLocRefMOAIdFormatter()); log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java index 30212eb..c44f34b 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java @@ -115,6 +115,15 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { log.debug("analyzeSignResponse:"); String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY); BKUHelper.checkResponseForError(response_string); + + // TODO[tknall] Parse server type and version in order to prevent unsupported cces from signing pdfs + String bkuServerHeader = response_properties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY); + String bkuUserAgentHeader = response_properties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl + log.debug("BKU response header \"user-agent\" header: " + bkuUserAgentHeader); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser + log.debug("BKU response header \"server\" header: " + bkuServerHeader); + SignSignatureObject so = MOCCAHelper.parseCreateXMLResponse(response_string, new DetachedMOCIdFormatter()); so.response_properties = response_properties; log.debug("analyzeSignResponse finished."); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/MOCCAHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/MOCCAHelper.java index 1bb89be..fe23584 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/MOCCAHelper.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/MOCCAHelper.java @@ -73,11 +73,11 @@ public final class MOCCAHelper { log.debug("xmlResponse = " + xmlResponse); } - Pattern iss_nam_p_s = Pattern.compile("<[\\w]*:?X509IssuerName>"); + Pattern iss_nam_p_s = Pattern.compile("<[\\w]*:?X509IssuerName[^>]*>"); Pattern iss_nam_p_e = Pattern.compile(""); Pattern sig_tim_p_s = Pattern.compile("<[\\w]*:?SigningTime>"); Pattern sig_tim_p_e = Pattern.compile(""); - Pattern ser_num_p_s = Pattern.compile("<[\\w]*:?X509SerialNumber>"); + Pattern ser_num_p_s = Pattern.compile("<[\\w]*:?X509SerialNumber[^>]*>"); Pattern ser_num_p_e = Pattern.compile(""); Pattern sig_cer_p_s = Pattern.compile("<[\\w]*:?X509Certificate>"); Pattern sig_cer_p_e = Pattern.compile(""); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/FormFields.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/FormFields.java index 7b8164a..7137741 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/FormFields.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/FormFields.java @@ -85,6 +85,8 @@ public abstract class FormFields public static final String FIELD_PDF_ID = "pdf-id"; + public static final String FIELD_PDFAS_SESSION_ID = "pdfas-session-id"; + public static final String FIELD_FILE_LENGTH = "num-bytes"; public static final String FIELD_INVOKE_APP_URL = "invoke-app-url"; diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java index f74bd1c..7947d90 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java @@ -210,6 +210,12 @@ public class DataURLServlet extends HttpServlet log.debug("There are still requests to be performed -> answering with request."); //$NON-NLS-1$ + // TODO[tknall] Parse user agent's cce type and version in order to prevent unsupported cces from signing pdfs + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl + log.debug("BKU response header \"user-agent\" header: " + request.getHeader("User-Agent")); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser + log.debug("BKU response header \"server\" header: " + request.getHeader("Server")); + LocalRequest local_request = si.localRequest; String request_string = local_request.getRequestString(); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/ProvidePDFServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/ProvidePDFServlet.java index c40f3c6..803dc59 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/ProvidePDFServlet.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/ProvidePDFServlet.java @@ -42,9 +42,9 @@ public class ProvidePDFServlet extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String pdfIdString = request.getParameter(FormFields.FIELD_PDF_ID); + HttpSession session = request.getSession(); if (pdfIdString == null) { - HttpSession session = request.getSession(true); log.debug("No " + FormFields.FIELD_PDF_ID + " provided. Trying to retrieve PDF from session (" + session.getId() + ")."); SignSessionInformation si = (SignSessionInformation) session.getAttribute(SessionAttributes.SIGNED_PDF_DOCUMENT); if (si == null) { @@ -59,39 +59,51 @@ public class ProvidePDFServlet extends HttpServlet { log.debug("Signed pdf found."); session.removeAttribute(SessionAttributes.SIGNED_PDF_DOCUMENT); log.debug("Returning signed pdf to browser."); -// log.debug("Invalidating session."); -// session.invalidate(); SignServletHelper.returnSignResponse(si, request, response); return; } } else { long pdfId = Long.parseLong(pdfIdString); - Iterator it = signedDocuments.iterator(); + byte[] pdf = null; + + synchronized (signedDocuments) { + Iterator it = signedDocuments.iterator(); - while (it.hasNext()) { - PDFContainer current = (PDFContainer) it.next(); - if (current.id == pdfId) { - try { - byte[] pdf = current.pdf; - - response.setContentType("application/pdf"); - response.setContentLength(pdf.length); - - InputStream is = new ByteArrayInputStream(pdf); - final int bufferSize = 1024; - byte[] buffer = new byte[bufferSize]; - int len = -1; - while ((len = is.read(buffer)) != -1) { - response.getOutputStream().write(buffer, 0, len); - } - response.getOutputStream().flush(); + while (it.hasNext() && pdf == null) { + PDFContainer current = (PDFContainer) it.next(); + if (current.id == pdfId) { + pdf = current.pdf; signedDocuments.remove(current); - } catch (IOException e) { - log.error("IO excepton while providing pdf document: " + e.getMessage(), e); } } } + + if (pdf != null) { + try { + + SignServletHelper.disableBrowserCacheForResponse(response); + response.setContentType("application/pdf"); + response.setContentLength(pdf.length); + + InputStream is = new ByteArrayInputStream(pdf); + final int bufferSize = 1024; + byte[] buffer = new byte[bufferSize]; + int len = -1; + while ((len = is.read(buffer)) != -1) { + response.getOutputStream().write(buffer, 0, len); + } + response.getOutputStream().flush(); + log.debug("File sent. Invalidating session."); + session.invalidate(); + } catch (IOException e) { + log.error("IO excepton while providing pdf document: " + e.getMessage(), e); + } + } else { + log.error("Unable to find signed pdf (id=" + pdfId + ") in session (" + session.getId() + ")."); + return; + } + } } diff --git a/src/main/resources/DefaultConfiguration.zip b/src/main/resources/DefaultConfiguration.zip index a7f41b5..04574f0 100644 Binary files a/src/main/resources/DefaultConfiguration.zip and b/src/main/resources/DefaultConfiguration.zip differ diff --git a/src/main/webapp/jsp/error.jsp b/src/main/webapp/jsp/error.jsp index 4bd49a4..bcac0dc 100644 --- a/src/main/webapp/jsp/error.jsp +++ b/src/main/webapp/jsp/error.jsp @@ -6,6 +6,7 @@ <%@ page import="at.knowcenter.wag.egov.egiz.web.SessionAttributes" %> <%@ page import="org.apache.commons.httpclient.util.EncodingUtil" %> <%@ page import="org.apache.commons.httpclient.NameValuePair" %> +<%@ page import="at.gv.egiz.pdfas.web.helper.SignServletHelper" %> <%@ page import="java.io.*" %> <%@ include file="language.jsp" %> @@ -16,14 +17,19 @@ <fmt:message key="error.title"/> + + + <% - PresentableException pe = (PresentableException)request.getAttribute("PresentableException"); + PresentableException pe; if (exception != null && exception instanceof PresentableException) { pe = (PresentableException)exception; SignServlet.prepareDispatchToErrorPage(pe, request); + } else { + pe = (PresentableException)request.getAttribute("PresentableException"); } String error = request.getParameter("error"); @@ -56,6 +62,7 @@ session.setAttribute(SessionAttributes.PARENT_WEBAPP_REDIRECT_URL, errorUrl); } String redirectHelper = response.encodeRedirectURL(request.getContextPath() + "/jsp/redirect_to_parent.jsp"); + SignServletHelper.disableBrowserCacheForResponse(response); response.sendRedirect(redirectHelper); } diff --git a/src/main/webapp/jsp/redirect_to_parent.jsp b/src/main/webapp/jsp/redirect_to_parent.jsp index 7791109..6bce9f6 100644 --- a/src/main/webapp/jsp/redirect_to_parent.jsp +++ b/src/main/webapp/jsp/redirect_to_parent.jsp @@ -5,7 +5,10 @@ <%@ include file="language.jsp" %> - + + + + <fmt:message key="pleasewait.title"/> <% String query = (String) session.getAttribute(SessionAttributes.PARENT_WEBAPP_REDIRECT_URL); @@ -14,7 +17,13 @@ -
+ +