From ed0667e0873d4103f1385dcbc8be3c46fe0ae2d8 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Wed, 19 Jun 2013 10:29:33 +0200 Subject: Added SHA256 hash calculation of original document do prevent application document injection --- .../main/java/at/gv/egiz/pdfas/web/FormFields.java | 2 + .../java/at/gv/egiz/pdfas/web/PDFContainer.java | 4 +- .../egiz/pdfas/web/helper/SignServletHelper.java | 2 +- .../egiz/pdfas/web/servlets/ProvidePDFServlet.java | 30 +- .../at/gv/egiz/pdfas/web/servlets/SignServlet.java | 1630 ++++++++++---------- .../pdfas/web/session/SignSessionInformation.java | 2 + 6 files changed, 862 insertions(+), 808 deletions(-) (limited to 'pdf-as-web/src/main/java/at') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/FormFields.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/FormFields.java index 9c95838..0888d7b 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/FormFields.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/FormFields.java @@ -153,6 +153,8 @@ public abstract class FormFields public static final String FIELD_MOBILETEST_ENABLED = "mobiletestenabled"; + public static final String FIELD_ORIGINAL_DIGEST = "origdigest"; + /** diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/PDFContainer.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/PDFContainer.java index 9bfd70f..5099f8d 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/PDFContainer.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/PDFContainer.java @@ -27,11 +27,13 @@ public class PDFContainer { public long id; public byte[] pdf; + public String originalDigest; - public PDFContainer(byte[] pdf, long id) { + public PDFContainer(byte[] pdf, long id, String originalDigest) { this.id = id; this.pdf = pdf; + this.originalDigest = originalDigest; } public boolean equals(Object pc) { diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java index cddd073..4dbe6f0 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java @@ -262,7 +262,7 @@ public class SignServletHelper byte [] signed_pdf = si.signedPdf; HttpSession session = request.getSession(); - PDFContainer entry = new PDFContainer(signed_pdf, si.exappinf.pdf_id); + PDFContainer entry = new PDFContainer(signed_pdf, si.exappinf.pdf_id, si.plainPDFDigest); ProvidePDFServlet.signedDocuments.add(entry); // notify webapp... diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java index 60c5d41..234640b 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java @@ -66,6 +66,8 @@ public class ProvidePDFServlet extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String pdfIdString = request.getParameter(FormFields.FIELD_PDF_ID); + String plainPDFDigest = request.getParameter(FormFields.FIELD_ORIGINAL_DIGEST); + HttpSession session = request.getSession(); if (pdfIdString == null) { @@ -85,6 +87,14 @@ public class ProvidePDFServlet extends HttpServlet { // Popup-Blocker, Link-Prefetching, IE 9 SmartScreen-Filter...??? // session.removeAttribute(SessionAttributes.SIGNED_PDF_DOCUMENT); log.debug("Returning signed pdf to browser."); + if(plainPDFDigest != null) { + if(!plainPDFDigest.equalsIgnoreCase(si.plainPDFDigest)) { + log.error("PDF Digests don't match!"); + log.error("Requested digest: " + plainPDFDigest); + log.error("Saved digest: " + si.plainPDFDigest); + return; + } + } SignServletHelper.returnSignResponse(si, request, response); log.debug("Removing free text (if any) from session."); session.removeAttribute(UpdateFormServlet.UPLOADFORM_FREETEXT_KEY); @@ -93,32 +103,38 @@ public class ProvidePDFServlet extends HttpServlet { } else { long pdfId = Long.parseLong(pdfIdString); - byte[] pdf = null; - + PDFContainer pdf = null; synchronized (signedDocuments) { Iterator it = signedDocuments.iterator(); while (it.hasNext() && pdf == null) { PDFContainer current = (PDFContainer) it.next(); if (current.id == pdfId) { - pdf = current.pdf; + pdf = current; signedDocuments.remove(current); } } } - if (pdf != null) { + if (pdf != null && pdf.pdf != null) { try { - + if(plainPDFDigest != null) { + if(!plainPDFDigest.equalsIgnoreCase(pdf.originalDigest)) { + log.error("PDF Digests don't match! 1"); + log.error("Requested digest: " + plainPDFDigest); + log.error("Saved digest: " + pdf.originalDigest); + return; + } + } SignServletHelper.disableBrowserCacheForResponse(response); response.setContentType("application/pdf"); - response.setContentLength(pdf.length); + response.setContentLength(pdf.pdf.length); //SignSessionInformation si = (SignSessionInformation)session.getAttribute(SessionAttributes.ATTRIBUTE_SESSION_INFORMATION); String filename = (String)session.getAttribute(SignServlet.SUBMITFORM_FILENAME_KEY); response.setHeader("Content-disposition", "attachment; filename=\""+filename+"\""); - InputStream is = new ByteArrayInputStream(pdf); + InputStream is = new ByteArrayInputStream(pdf.pdf); final int bufferSize = 1024; byte[] buffer = new byte[bufferSize]; int len = -1; diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java index cd2c38a..19b729a 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java @@ -33,6 +33,8 @@ import java.io.IOException; import java.io.InputStream; import java.io.UnsupportedEncodingException; import java.net.URL; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; import java.util.Iterator; import java.util.List; @@ -44,6 +46,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.apache.commons.codec.binary.Hex; import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.fileupload.disk.DiskFileItemFactory; @@ -78,807 +81,836 @@ import com.lowagie.text.DocumentException; * This method is the sign servlet for the pdf-as web application. It takes get * and post requests fill out jsp templates and give the user feedback about the * results of the sign process - * + * * @author wlackner * @author wprinz */ -public class SignServlet extends HttpServlet -{ - - /** - * SVUID. - */ - private static final long serialVersionUID = -4156938216903740438L; - - /** - * The log. - */ - private static Log log = LogFactory.getLog(SignServlet.class); - - - - public static final String SUBMITFORM_SIGNATURE_TYPE_KEY = "signupload.jsp:signatureType"; - public static final String SUBMITFORM_SIGNATURE_MODE_KEY = "signupload.jsp:signatureMode"; - public static final String SUBMITFORM_SIGNATURE_DEVICE_KEY = "signupload.jsp:signatureKey"; - public static final String SUBMITFORM_PDFA_KEY = "signupload.jsp:pdfaKey"; - public static final String SUBMITFORM_SOURCE_KEY = "signupload.jsp:sourceKey"; - public static final String SUBMITFORM_FREETEXT_KEY = "signupload.jsp:freeTextKey"; - public static final String SUBMITFORM_NOTE_KEY = "signupload.jsp:noteKey"; - public static final String SUBMITFORM_FILE_KEY = "signupload.jsp:fileKey"; - public static final String SUBMITFORM_FILENAME_KEY = "signupload.jsp:filenameKey"; - public static final String SUBMITFORM_PREVIEW = "signupload.jsp:previewKey"; - - - - - //Added by rpiazzi to know if an error occured within IFrame because this calls for - //a different display of the error - public static final String ERROR_WITHIN_IFRAME = "error_within_iframe"; - //Added by rpiazzi to know the height of the div's in further jsp's - public static final String HEIGHT_SIGN_DIV = "height_sign_div"; - //Added by rpiazzi - public static HttpSession session = null; - - protected void dispatch(HttpServletRequest request, HttpServletResponse response, String resource) throws ServletException, IOException - { - dispatch(request, response, resource, getServletContext()); - } - - protected static void dispatch(HttpServletRequest request, HttpServletResponse response, String resource, ServletContext context) throws ServletException, IOException - { - response.setContentType("text/html"); - response.setCharacterEncoding("UTF-8"); - - RequestDispatcher disp = context.getRequestDispatcher(resource); - disp.forward(request, response); - } - - /** - * Processes the sign upload. - * - * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) - */ - public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException - { - UploadedData ud = null; - ExternAppInformation exappinf = null; - SignaturePositioning sigpos = null; - - - // for performance measurement - long startTime = System.currentTimeMillis(); - - // check if pdf-as has been called by external webapp - if (request.getParameter(FormFields.FIELD_PDF_URL) != null) - { - String preview = (String) request.getParameter(FormFields.FIELD_PREVIEW); - String sig_type = (String) request.getParameter(FormFields.FIELD_SIGNATURE_TYPE); - String sig_app = (String) request.getParameter(FormFields.FIELD_CONNECTOR); - String sig_mode = (String) request.getParameter(FormFields.FIELD_MODE); - String filename = (String) request.getParameter(FormFields.FIELD_FILENAME); - String pdf_url = (String) request.getParameter(FormFields.FIELD_PDF_URL); - String pdf_id = (String) request.getParameter(FormFields.FIELD_PDF_ID); - String invoke_url = (String) request.getParameter(FormFields.FIELD_INVOKE_APP_URL); - String invoke_error_url = (String) request.getParameter(FormFields.FIELD_INVOKE_APP_ERROR_URL); - String session_id = (String) request.getParameter(FormFields.FIELD_SESSION_ID); - String sig_pos_y = (String) request.getParameter(FormFields.FIELD_SIGPOS_Y); - String sig_pos_p = (String) request.getParameter(FormFields.FIELD_SIGPOS_P); - String sig_pos_x = (String) request.getParameter(FormFields.FIELD_SIGPOS_X); - String sig_pos_w = (String) request.getParameter(FormFields.FIELD_SIGPOS_W); - String note = (String) request.getParameter(FormFields.FIELD_NOTE_ENABLED); - - //Added by rpiazzi - log.debug("Received external request from "+request.getRemoteAddr()); - log.debug("Parameter preview: "+preview); - log.debug("Parameter sig_type: "+sig_type); - log.debug("Parameter sig_app: "+sig_app); - log.debug("Parameter sig_mode: "+sig_mode); - log.debug("Parameter filename: "+filename); - log.debug("Parameter pdf_url: "+pdf_url); - log.debug("Parameter pdf_id: "+pdf_id); - log.debug("Parameter invoke_url: "+invoke_url); - log.debug("Parameter invoke_error_url: "+invoke_error_url); - log.debug("Parameter session_id: "+session_id); - log.debug("Parameter sig_pos_y: "+sig_pos_y); - log.debug("Parameter sig_pos_p: "+sig_pos_p); - log.debug("Parameter sig_pos_x: "+sig_pos_x); - log.debug("Parameter sig_pos_w: "+sig_pos_w); - log.debug("Parameter note: "+note); - //end added - - session = request.getSession(true); - - session.setAttribute(SignServlet.SUBMITFORM_FILENAME_KEY, filename); - - // added by tknall - if (sig_pos_y != null && sig_pos_p != null && sig_pos_x != null) { - if (sig_pos_w != null) { - try - { - sigpos = new SignaturePositioning("x:" + sig_pos_x + ";y:" + sig_pos_y + ";w:"+ sig_pos_w + ";p:" + sig_pos_p); - } - catch (PDFDocumentException e) - { - log.warn("Unable to create signature position object: " + e.getMessage(), e); - } - } - else { - try - { - sigpos = new SignaturePositioning("x:" + sig_pos_x + ";y:" + sig_pos_y + ";p:" + sig_pos_p); - } - catch (PDFDocumentException e) - { - log.warn("Unable to create signature position object: " + e.getMessage(), e); - } - } - } else { - log.debug("No signature position provided."); - } - - - // if we already have parameters "&" must be used instead of "?" - String paramSeparator = (pdf_url.indexOf("?") != -1) ? "&" : "?"; - String query = pdf_url + "/" + filename + paramSeparator + FormFields.FIELD_PDF_ID + "=" + pdf_id; - //query = pdf_url; - - log.debug("Query string for loading pdf: "+query); - - // wprinz: rem: this allocation is useless - // byte[] extern_pdf = new byte[Integer.parseInt(pdf_length)]; - URL source_url = new URL(query); - InputStream is = source_url.openStream(); - - // extern_pdf = toByteArray(is); - - // set UploadedData object... - UploadedData ud_extern = new UploadedData(); - - ud_extern.file_name = filename; - ud_extern.pdfDataSource = new ByteArrayPdfDataSource(IOUtils.toByteArray(is)); - - ud_extern.preview = "true".equalsIgnoreCase(preview); - ud_extern.sig_app = sig_app; - ud_extern.sig_mode = sig_mode; - ud_extern.sig_type = sig_type; - - if (note!=null) { - if (note.equals("true")) { - ud_extern.note=true; - ud_extern.sig_type = ud_extern.sig_type + "_NOTE"; - } - else { - ud_extern.note=false; - } - } - else { - ud_extern.note=true; - ud_extern.sig_type = ud_extern.sig_type + "_NOTE"; - } - - - ud_extern.pdfa = false; - - ud = ud_extern; - - exappinf = new ExternAppInformation(invoke_url, pdf_id, session_id, invoke_error_url); - - } - else - { - try - { - // tzefferer: modified - // UploadedData ud = retrieveUploadedDataFromRequest(request); - - UploadedData ud_form = retrieveUploadedDataFromRequest(request); - ud = ud_form; - // end modify - - } - catch (PdfAsException e) - { - log.error(e); - - //Added by rpiazzi to check if this attribute is still null - HttpSession session = request.getSession(); - String error_within_iframe = (String)session.getAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY); - if (error_within_iframe==null) { - session.setAttribute(SignServlet.ERROR_WITHIN_IFRAME, "no"); - } - //end added - - prepareDispatchToErrorPage(e, request); - dispatch(request, response, "/jsp/error.jsp"); - - - - - return; - } - catch (FileUploadException e) { - log.error(e); - - //Added by rpiazzi to check if this attribute is still null - HttpSession session = request.getSession(); - String error_within_iframe = (String)session.getAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY); - if (error_within_iframe==null) { - session.setAttribute(SignServlet.ERROR_WITHIN_IFRAME, "no"); - } - //end added - - request.setAttribute("error", e.getMessage()); - request.setAttribute("cause", e.getCause()); - request.setAttribute("resourcebundle", Boolean.TRUE); - dispatch(request, response, "/jsp/error.jsp"); - } - catch (IOException e) { - log.error(e); - - //Added by rpiazzi to check if this attribute is still null - HttpSession session = request.getSession(); - String error_within_iframe = (String)session.getAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY); - if (error_within_iframe==null) { - session.setAttribute(SignServlet.ERROR_WITHIN_IFRAME, "no"); - } - //end added - - request.setAttribute("error", e.getMessage()); - request.setAttribute("cause", e.getCause()); - request.setAttribute("resourcebundle", Boolean.TRUE); - dispatch(request, response, "/jsp/error.jsp"); - } - } - try - { - // not needed, that is done in sign() - // ud.pdfDataSource = PdfAS.applyStrictMode(ud.pdfDataSource); - - session = request.getSession(true); - - SignSessionInformation si = new SignSessionInformation(); // SessionTable.generateSessionInformationObject(); - si.connector = ud.sig_app; - - if ((ud.mobileTestEnabled) && (si.connector.equals("mobile"))) { - si.connector = Constants.SIGNATURE_DEVICE_MOBILETEST; - session.setAttribute(SignServlet.SUBMITFORM_SIGNATURE_DEVICE_KEY, si.connector); - } - - si.application = "sign"; - si.mode = ud.sig_mode; - si.pdfDataSource = ud.pdfDataSource; - si.type = ud.sig_type; - - si.filename = formatFileName(ud.file_name); - - si.download_inline = ud.download_inline; - si.pdfa = ud.pdfa; - si.note = ud.note; - - // added tzefferer: - si.exappinf = exappinf; - si.pos = sigpos; - // end add - - // added afitzek - si.startTime = startTime; - - log.info("Putting signature data into session " + session.getId()); - session.setAttribute(SessionAttributes.ATTRIBUTE_SESSION_INFORMATION, si); - - // String user_name = (String) - // request.getSession().getAttribute(SessionAttributes.ATTRIBUTE_USER_NAME); - // String user_password = (String) - // request.getSession().getAttribute(SessionAttributes.ATTRIBUTE_USER_PASSWORD); - // si.user_name = user_name; - // si.user_password = user_password; - - SignServletHelper.prepareSign(ApiHelper.getPdfAsFromContext(getServletContext()), si); - - //comment out by rpiazzi because preview has now its own Servlet - /*if (ud.preview) - { - String submit_url = response.encodeURL(request.getContextPath() + "/SignPreview"); - String signature_data_url = response.encodeURL(WebUtils.buildRetrieveSignatureDataURL(request, response)); - - request.setAttribute("submit_url", submit_url); - request.setAttribute("signature_data_url", signature_data_url); - if (si.mode.equals(FormFields.VALUE_MODE_TEXTUAL)){ - request.setAttribute("document_text", ((TextBased)si.sdi.getSignatureData()).getText()); - } - - dispatch(request, response, "/jsp/signpreview.jsp"); - - return; - }*/ - - - SignServletHelper.finishSign(si, request, response, getServletContext()); - - } - catch (PresentableException e) - { - log.error(e.getMessage(), e); - prepareDispatchToErrorPage(e, request); - dispatch(request, response, "/jsp/error.jsp"); - } catch (Exception e) { - log.error(e.getMessage(), e); - PresentableException pe = new PresentableException(ErrorCode.UNKNOWN_ERROR, e); - prepareDispatchToErrorPage(pe, request); - dispatch(request, response, "/jsp/error.jsp"); - } - } - - // tzefferer:added - public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException - { - HttpSession session = request.getSession(); - doPost(request, response); - } - // end add - - protected UploadedData retrieveUploadedDataFromRequest(HttpServletRequest request) throws ServletException, UnsupportedEncodingException, FileUploadException, PDFDocumentException, IOException - { - DiskFileItemFactory fif = new DiskFileItemFactory(); - fif.setRepository(WebSettingsReader.getTemporaryDirectory()); - ServletFileUpload sfu = new ServletFileUpload(fif); - - List items = sfu.parseRequest(request); - - //FileItem preview_fi = null; - FileItem mode_fi = null; - FileItem file_upload_fi = null; - //FileItem download_fi = null; - FileItem freeText_fi = null; - FileItem source_fi = null; - FileItem sig_type_fi = null; - FileItem sig_app_fi = null; - - boolean pdfaEnabled=false; - boolean noteEnabled=false; - String sig_type=""; - String sig_app=""; - String mode=""; - String doc_file_name; - DataSource pdfDataSource; - boolean mobileTestEnabled=false; - - Iterator it = items.iterator(); - session = request.getSession(true); - - - - //Added by rpiazzi. If servlet was called for preview data was already written into - //session. - //Now commented out because the preview function is no more supported - /*if ((((FileItem)items.get(0)).getFieldName().equals(SignServlet.SUBMITFORM_PREVIEW))) { - FileItem fi = (FileItem)items.get(1); - - sig_app_fi = fi; - session.setAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY, sig_app_fi.getString("UTF-8")); - - if (((String)session.getAttribute(SUBMITFORM_PDFA_KEY))!=null) { - if (((String)session.getAttribute(SUBMITFORM_PDFA_KEY)).equals("on")) { - pdfaEnabled = true; - } - } - if (((String)session.getAttribute(SUBMITFORM_NOTE_KEY))!=null) { - if (((String)session.getAttribute(SUBMITFORM_NOTE_KEY)).equals("on")) { - noteEnabled = true; - } - } - - sig_type = (String)session.getAttribute(SUBMITFORM_SIGNATURE_TYPE_KEY); - sig_app = sig_app_fi.getString("UTF-8"); - - mode = (String)session.getAttribute(SUBMITFORM_SIGNATURE_MODE_KEY); - doc_file_name = (String)session.getAttribute(SUBMITFORM_FILENAME_KEY); - pdfDataSource = (DataSource)session.getAttribute(SUBMITFORM_FILE_KEY); - - } - //end added - else {*/ - - //Added by rpiazzi to check wheter local bku button was hit. In this case the parameters - //were already put into session because before local bku, online bku has to be called - //and therefore this servlet was already called. - //First check if one submitted parameter is the local bku button. - boolean localFound = false; - int positionLocal = 0; - while (it.hasNext()) { - if (((FileItem)it.next()).getFieldName().equals(FormFields.FIELD_CONNECTOR_LOCALBKU)) { - localFound = true; - break; - } - positionLocal++; - } - - if (localFound) { - - session.setAttribute(SignServlet.ERROR_WITHIN_IFRAME, "no"); - pdfaEnabled = "on".equalsIgnoreCase((String)session.getAttribute(SUBMITFORM_PDFA_KEY)); - sig_type = (String)session.getAttribute(SUBMITFORM_SIGNATURE_TYPE_KEY); - noteEnabled = "on".equalsIgnoreCase((String)session.getAttribute(SUBMITFORM_NOTE_KEY)); - - session.setAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY, "bku"); - sig_app = "bku"; - mode = (String)session.getAttribute(SUBMITFORM_SIGNATURE_MODE_KEY); - doc_file_name = (String)session.getAttribute(SUBMITFORM_FILENAME_KEY); - pdfDataSource = (DataSource)session.getAttribute(SUBMITFORM_FILE_KEY); - } - //end added - //else get settings from form fields - else { - session.setAttribute(SignServlet.ERROR_WITHIN_IFRAME, "yes"); - it = items.iterator(); - while (it.hasNext()) - { - FileItem item = (FileItem) it.next(); - log.debug("item = " + item.getFieldName()); //$NON-NLS-1$ - - if (log.isDebugEnabled()) - { - if (item.isFormField()) - { - String item_string = item.getString("UTF-8"); //$NON-NLS-1$ - log.debug(" form field string = " + item_string); //$NON-NLS-1$ - } - else - { - log.debug(" filename = " + item.getName()); //$NON-NLS-1$ - log.debug(" filesize = " + item.getSize()); //$NON-NLS-1$ - } - } - - if (item.getFieldName().equals(FormFields.FIELD_SIGNATURE_TYPE)) - { - sig_type_fi = item; - session.setAttribute(SUBMITFORM_SIGNATURE_TYPE_KEY, item.getString("UTF-8")); - sig_type=item.getString("UTF-8"); - continue; - } - - if ((item.getFieldName().equals(FormFields.FIELD_CONNECTOR_SMARTCARD)) || (item.getFieldName().equals(FormFields.FIELD_CONNECTOR_MOBILE)) || (item.getFieldName().equals(FormFields.FIELD_CONNECTOR_LOCALBKU))) { - if (item.getFieldName().equals(FormFields.FIELD_CONNECTOR_SMARTCARD)) { - session.setAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY, "moc"); - sig_app = "moc"; - } - if (item.getFieldName().equals(FormFields.FIELD_CONNECTOR_MOBILE)) { - session.setAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY, "mobile"); - sig_app = "mobile"; - } - if (item.getFieldName().equals(FormFields.FIELD_CONNECTOR_LOCALBKU)) { - session.setAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY, "bku"); - sig_app = "bku"; - } - continue; - } - - if (item.getFieldName().equals(FormFields.FIELD_MODE)) - { - mode_fi = item; - session.setAttribute(SUBMITFORM_SIGNATURE_MODE_KEY, mode_fi.getString("UTF-8")); - continue; - } - - if (item.getFieldName().equals(FormFields.FIELD_SOURCE_FILE)) - { - //changed by rpiazzi - //Item always contains something as it is just hidden by javascript - // because of this just set the value if not empty - if (item!=null) { - file_upload_fi = item; - } - continue; - - } - - //Added by rpiazzi to ignore the form fields for the inactive mode - //but not more needed - /*if (item.getFieldName().equals(FormFields.FIELD_MODE_INACTIVE)) { - continue; - }*/ - //end added - - /*Commented out by rpiazzi because not more needed - * if (item.getFieldName().equals(FormFields.FIELD_DOWNLOAD)) - { - download_fi = item; - continue; - }*/ - - if (FormFields.FIELD_PDFA_ENABLED.equals(item.getFieldName())) { - if (item.getString("UTF-8")!=null) { - session.setAttribute(SUBMITFORM_PDFA_KEY, "on"); - pdfaEnabled=true; - } - else { - session.setAttribute(SUBMITFORM_PDFA_KEY, "off"); - pdfaEnabled=false; - } - continue; - } - - if (FormFields.FIELD_SOURCE_FREETEXT.equals(item.getFieldName())) { - freeText_fi = item; - String value = freeText_fi.getString("UTF-8"); - if (value != null) { - session.setAttribute(SUBMITFORM_FREETEXT_KEY, value); - } - continue; - } - - if (FormFields.FIELD_SOURCE.equals(item.getFieldName())) { - source_fi = item; - session.setAttribute(SUBMITFORM_SOURCE_KEY, item.getString("UTF-8")); - continue; - } - - //Added by rpiazzi. Feature added for inserting note into signature block - if (FormFields.FIELD_NOTE_ENABLED.equals(item.getFieldName())) { - if (item.getString("UTF-8")!=null) { - session.setAttribute(SUBMITFORM_NOTE_KEY, "on"); - noteEnabled=true; - } - else { - session.setAttribute(SUBMITFORM_NOTE_KEY, "off"); - noteEnabled=false; - } - continue; - } - //end added - - //Added by rpiazzi to let later jsp's know the height of the div elements - if (FormFields.FIELD_HEIGHT_SIGNDIV.equals(item.getFieldName())) { - session.setAttribute(HEIGHT_SIGN_DIV, item.getString("UTF-8")); - continue; - } - //end added - - if (FormFields.FIELD_MOBILETEST_ENABLED.equals(item.getFieldName())) { - if (item.getString("UTF-8")!=null) { - if (item.getString("UTF-8").equals("on")) { - mobileTestEnabled=true; - } - } - continue; - } - - throw new ServletException("Unrecognized POST data."); //$NON-NLS-1$ - - } - - if (sig_type_fi == null || (file_upload_fi == null && freeText_fi== null)) - { - throw new ServletException("Insufficient data provided in request"); //$NON-NLS-1$ - } - - mode = mode_fi.getString("UTF-8"); //$NON-NLS-1$ - if (!mode.equals(FormFields.VALUE_MODE_BINARY) && !mode.equals(FormFields.VALUE_MODE_TEXTUAL) && !mode.equals(FormFields.VALUE_MODE_DETACHED)) - { - throw new ServletException("The mode '" + mode + "' is unrecognized."); //$NON-NLS-1$ //$NON-NLS-2$ - } - - - //Commented out by rpiazzi because not more needed - /*boolean download_inline = true; - if (download_fi.getString("UTF-8").equals(FormFields.VALUE_DOWNLOAD_ATTACHMENT)) //$NON-NLS-1$ - { - download_inline = false; - }*/ - - - // distinguish between file and freetext - if (source_fi.getString("UTF-8").equals(FormFields.VALUE_SOURCE_FILE)) { - log.debug("Processing file."); - File f = new File(file_upload_fi.getName()); - doc_file_name = f.getName(); - log.debug("file content type =" + file_upload_fi.getContentType()); //$NON-NLS-1$ - - String extension = VerifyServlet.extractExtension(doc_file_name); - if (extension != null && !extension.equals("pdf")) //$NON-NLS-1$ - { - throw new PDFDocumentException(201, "The provided file '" + doc_file_name + "' doesn't have the PDF extension (.pdf)."); //$NON-NLS-1$//$NON-NLS-2$ - } - - if (file_upload_fi.getSize() <= 0) - { - throw new PDFDocumentException(250, "The document is empty."); //$NON-NLS-1$ - } - - try - { - pdfDataSource = new ByteArrayPdfDataSource(IOUtils.toByteArray(file_upload_fi.getInputStream())); - session.setAttribute(SUBMITFORM_FILE_KEY, pdfDataSource); - session.setAttribute(SUBMITFORM_FILENAME_KEY, doc_file_name); - } - catch (IOException e) - { - throw new PDFDocumentException(201, "Couldn't store the file in the temp dir.", e); - } - } else { - log.debug("Processing free text."); - try { - byte[] freeTextPDF = IText.createPDF(freeText_fi.getString("UTF-8"), pdfaEnabled); - pdfDataSource = new ByteArrayPdfDataSource(freeTextPDF); - doc_file_name = IText.DEFAULT_FILENAME; - session.setAttribute(SUBMITFORM_FILE_KEY, pdfDataSource); - session.setAttribute(SUBMITFORM_FILENAME_KEY, doc_file_name); - } catch (DocumentException e) { - throw new PDFDocumentException(201, "Unable to create PDF document.", e); - } catch (IOException e) { - throw new PDFDocumentException(201, "Unable to create PDF document.", e); - } - - //} - // byte[] pdf = file_upload_fi.get(); - } - } - - - - - - - UploadedData ud = new UploadedData(); - - ud.preview = false; - ud.pdfa = pdfaEnabled; - ud.download_inline = false; - ud.sig_type = sig_type; - ud.sig_app = sig_app; - ud.sig_mode = mode; - ud.file_name = doc_file_name; - ud.pdfDataSource = pdfDataSource; - ud.note = noteEnabled; - - //Added by rpiazzi - if (ud.note && !ud.sig_type.contains("NOTE")) { - ud.sig_type += "_NOTE"; - session.setAttribute(SUBMITFORM_SIGNATURE_TYPE_KEY, ud.sig_type); - } - - if (mobileTestEnabled) { - ud.mobileTestEnabled=true; - } - - //end added - - return ud; - } - - - - - - public static void prepareDispatchToErrorPage(PdfAsException pe, HttpServletRequest request) - { - request.setAttribute("PresentableException", pe); -// if (pe instanceof ErrorCodeException) -// { - request.setAttribute("error", "Fehler " + pe.getErrorCode()); - - String cause = ErrorCodeHelper.getMessageForErrorCode(pe.getErrorCode()); - - if (pe instanceof ExternalErrorException) - { - ExternalErrorException eee = (ExternalErrorException) pe; - cause = eee.getExternalErrorCode() + ": " + eee.getExternalErrorMessage(); - } - request.setAttribute("cause", cause); - - if (pe.getErrorCode() == ErrorCode.PLACEHOLDER_EXCEPTION) - { - PlaceholderException phe = null; - if (pe instanceof PlaceholderException) - { - phe = (PlaceholderException) pe; - } - else - { - phe = (PlaceholderException) pe.getCause(); - } - - request.setAttribute("cause", "Der Platzhalter des Feldes " + phe.getField() + " ist um " + phe.getMissing() + " Bytes zu kurz. " + cause); - } - - //Added by rpiazzi to know if error happened when request was within iframe - //In this case the visualization of the error has to be done differently - /*HttpSession session = request.getSession(); - if (((String)session.getAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY)).equals(Constants.SIGNATURE_DEVICE_BKU)) { - request.setAttribute(ERROR_WITHIN_IFRAME, "no"); - } - else { - request.setAttribute(ERROR_WITHIN_IFRAME, "yes"); - }*/ - //end added - - -// } -// else -// { -// request.setAttribute("error", "PresentableException"); -// request.setAttribute("cause", pe.toString()); -// } - } - - /** - * Formats the file name so that it is suitable for content disposition. - * - * @param file_name - * The file name. - * @return Returns the formatted file name. - */ - public static String formatFileName(String file_name) - { - File file = new File(file_name); - String file_name_only = file.getName(); - // the file_name contains \\ ==> remove them so Internet Explorer works - // correctly. - return file_name_only; - } - - - - - - // tzefferer: added - public static byte[] toByteArray(InputStream inputStream) throws IOException - { - - if (inputStream == null) - { - return null; - } - - ByteArrayOutputStream out = new ByteArrayOutputStream(8192); - int n; - byte[] buffer = new byte[2048]; - BufferedInputStream bufIn = new BufferedInputStream(inputStream); - try - { - while ((n = bufIn.read(buffer)) != -1) - { - out.write(buffer, 0, n); - } - } - finally - { - if (bufIn != null) - { - bufIn.close(); - } - } - return out.toByteArray(); - } - - // end add - - protected static class UploadedData - { - protected boolean preview = false; - - protected boolean pdfa = false; - - protected boolean download_inline = false; - - protected String sig_type = null; - - protected String sig_app = null; - - protected String sig_mode = null; - - protected String file_name = null; - - protected DataSource pdfDataSource = null; - - protected boolean mobileTestEnabled = false; - - //added by rpiazzi - protected boolean note = false; - // protected byte[] pdf = null; - } +public class SignServlet extends HttpServlet { + + /** + * SVUID. + */ + private static final long serialVersionUID = -4156938216903740438L; + + /** + * The log. + */ + private static Log log = LogFactory.getLog(SignServlet.class); + + public static final String SUBMITFORM_SIGNATURE_TYPE_KEY = "signupload.jsp:signatureType"; + public static final String SUBMITFORM_SIGNATURE_MODE_KEY = "signupload.jsp:signatureMode"; + public static final String SUBMITFORM_SIGNATURE_DEVICE_KEY = "signupload.jsp:signatureKey"; + public static final String SUBMITFORM_PDFA_KEY = "signupload.jsp:pdfaKey"; + public static final String SUBMITFORM_SOURCE_KEY = "signupload.jsp:sourceKey"; + public static final String SUBMITFORM_FREETEXT_KEY = "signupload.jsp:freeTextKey"; + public static final String SUBMITFORM_NOTE_KEY = "signupload.jsp:noteKey"; + public static final String SUBMITFORM_FILE_KEY = "signupload.jsp:fileKey"; + public static final String SUBMITFORM_FILENAME_KEY = "signupload.jsp:filenameKey"; + public static final String SUBMITFORM_PREVIEW = "signupload.jsp:previewKey"; + + // Added by rpiazzi to know if an error occured within IFrame because this + // calls for + // a different display of the error + public static final String ERROR_WITHIN_IFRAME = "error_within_iframe"; + // Added by rpiazzi to know the height of the div's in further jsp's + public static final String HEIGHT_SIGN_DIV = "height_sign_div"; + // Added by rpiazzi + public static HttpSession session = null; + + protected void dispatch(HttpServletRequest request, + HttpServletResponse response, String resource) + throws ServletException, IOException { + dispatch(request, response, resource, getServletContext()); + } + + protected static void dispatch(HttpServletRequest request, + HttpServletResponse response, String resource, + ServletContext context) throws ServletException, IOException { + response.setContentType("text/html"); + response.setCharacterEncoding("UTF-8"); + + RequestDispatcher disp = context.getRequestDispatcher(resource); + disp.forward(request, response); + } + + /** + * Processes the sign upload. + * + * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, + * javax.servlet.http.HttpServletResponse) + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + UploadedData ud = null; + ExternAppInformation exappinf = null; + SignaturePositioning sigpos = null; + + // for performance measurement + long startTime = System.currentTimeMillis(); + + String plain_hex_digest = null; + MessageDigest md = null; + try { + md = MessageDigest.getInstance("SHA-256"); + } catch (NoSuchAlgorithmException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + // check if pdf-as has been called by external webapp + if (request.getParameter(FormFields.FIELD_PDF_URL) != null) { + String preview = (String) request + .getParameter(FormFields.FIELD_PREVIEW); + String sig_type = (String) request + .getParameter(FormFields.FIELD_SIGNATURE_TYPE); + String sig_app = (String) request + .getParameter(FormFields.FIELD_CONNECTOR); + String sig_mode = (String) request + .getParameter(FormFields.FIELD_MODE); + String filename = (String) request + .getParameter(FormFields.FIELD_FILENAME); + String pdf_url = (String) request + .getParameter(FormFields.FIELD_PDF_URL); + String pdf_id = (String) request + .getParameter(FormFields.FIELD_PDF_ID); + String invoke_url = (String) request + .getParameter(FormFields.FIELD_INVOKE_APP_URL); + String invoke_error_url = (String) request + .getParameter(FormFields.FIELD_INVOKE_APP_ERROR_URL); + String session_id = (String) request + .getParameter(FormFields.FIELD_SESSION_ID); + String sig_pos_y = (String) request + .getParameter(FormFields.FIELD_SIGPOS_Y); + String sig_pos_p = (String) request + .getParameter(FormFields.FIELD_SIGPOS_P); + String sig_pos_x = (String) request + .getParameter(FormFields.FIELD_SIGPOS_X); + String sig_pos_w = (String) request + .getParameter(FormFields.FIELD_SIGPOS_W); + String note = (String) request + .getParameter(FormFields.FIELD_NOTE_ENABLED); + + // Added by rpiazzi + log.debug("Received external request from " + + request.getRemoteAddr()); + log.debug("Parameter preview: " + preview); + log.debug("Parameter sig_type: " + sig_type); + log.debug("Parameter sig_app: " + sig_app); + log.debug("Parameter sig_mode: " + sig_mode); + log.debug("Parameter filename: " + filename); + log.debug("Parameter pdf_url: " + pdf_url); + log.debug("Parameter pdf_id: " + pdf_id); + log.debug("Parameter invoke_url: " + invoke_url); + log.debug("Parameter invoke_error_url: " + invoke_error_url); + log.debug("Parameter session_id: " + session_id); + log.debug("Parameter sig_pos_y: " + sig_pos_y); + log.debug("Parameter sig_pos_p: " + sig_pos_p); + log.debug("Parameter sig_pos_x: " + sig_pos_x); + log.debug("Parameter sig_pos_w: " + sig_pos_w); + log.debug("Parameter note: " + note); + // end added + + session = request.getSession(true); + + session.setAttribute(SignServlet.SUBMITFORM_FILENAME_KEY, filename); + + // added by tknall + if (sig_pos_y != null && sig_pos_p != null && sig_pos_x != null) { + if (sig_pos_w != null) { + try { + sigpos = new SignaturePositioning("x:" + sig_pos_x + + ";y:" + sig_pos_y + ";w:" + sig_pos_w + ";p:" + + sig_pos_p); + } catch (PDFDocumentException e) { + log.warn("Unable to create signature position object: " + + e.getMessage(), e); + } + } else { + try { + sigpos = new SignaturePositioning("x:" + sig_pos_x + + ";y:" + sig_pos_y + ";p:" + sig_pos_p); + } catch (PDFDocumentException e) { + log.warn("Unable to create signature position object: " + + e.getMessage(), e); + } + } + } else { + log.debug("No signature position provided."); + } + + // if we already have parameters "&" must be used instead of "?" + String paramSeparator = (pdf_url.indexOf("?") != -1) ? "&" : "?"; + String query = pdf_url + "/" + filename + paramSeparator + + FormFields.FIELD_PDF_ID + "=" + pdf_id; + // query = pdf_url; + + log.debug("Query string for loading pdf: " + query); + + // wprinz: rem: this allocation is useless + // byte[] extern_pdf = new byte[Integer.parseInt(pdf_length)]; + URL source_url = new URL(query); + InputStream is = source_url.openStream(); + + // extern_pdf = toByteArray(is); + + // set UploadedData object... + UploadedData ud_extern = new UploadedData(); + + ud_extern.file_name = filename; + byte[] plain_pdf_data = IOUtils.toByteArray(is); + + ud_extern.pdfDataSource = new ByteArrayPdfDataSource(plain_pdf_data); + + ud_extern.preview = "true".equalsIgnoreCase(preview); + ud_extern.sig_app = sig_app; + ud_extern.sig_mode = sig_mode; + ud_extern.sig_type = sig_type; + + if (note != null) { + if (note.equals("true")) { + ud_extern.note = true; + ud_extern.sig_type = ud_extern.sig_type + "_NOTE"; + } else { + ud_extern.note = false; + } + } else { + ud_extern.note = true; + ud_extern.sig_type = ud_extern.sig_type + "_NOTE"; + } + + ud_extern.pdfa = false; + + ud = ud_extern; + + exappinf = new ExternAppInformation(invoke_url, pdf_id, session_id, + invoke_error_url); + + } else { + try { + // tzefferer: modified + // UploadedData ud = retrieveUploadedDataFromRequest(request); + + UploadedData ud_form = retrieveUploadedDataFromRequest(request); + ud = ud_form; + // end modify + + } catch (PdfAsException e) { + log.error(e); + + // Added by rpiazzi to check if this attribute is still null + HttpSession session = request.getSession(); + String error_within_iframe = (String) session + .getAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY); + if (error_within_iframe == null) { + session.setAttribute(SignServlet.ERROR_WITHIN_IFRAME, "no"); + } + // end added + + prepareDispatchToErrorPage(e, request); + dispatch(request, response, "/jsp/error.jsp"); + + return; + } catch (FileUploadException e) { + log.error(e); + + // Added by rpiazzi to check if this attribute is still null + HttpSession session = request.getSession(); + String error_within_iframe = (String) session + .getAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY); + if (error_within_iframe == null) { + session.setAttribute(SignServlet.ERROR_WITHIN_IFRAME, "no"); + } + // end added + + request.setAttribute("error", e.getMessage()); + request.setAttribute("cause", e.getCause()); + request.setAttribute("resourcebundle", Boolean.TRUE); + dispatch(request, response, "/jsp/error.jsp"); + } catch (IOException e) { + log.error(e); + + // Added by rpiazzi to check if this attribute is still null + HttpSession session = request.getSession(); + String error_within_iframe = (String) session + .getAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY); + if (error_within_iframe == null) { + session.setAttribute(SignServlet.ERROR_WITHIN_IFRAME, "no"); + } + // end added + + request.setAttribute("error", e.getMessage()); + request.setAttribute("cause", e.getCause()); + request.setAttribute("resourcebundle", Boolean.TRUE); + dispatch(request, response, "/jsp/error.jsp"); + } + } + try { + // not needed, that is done in sign() + // ud.pdfDataSource = PdfAS.applyStrictMode(ud.pdfDataSource); + + session = request.getSession(true); + + SignSessionInformation si = new SignSessionInformation(); // SessionTable.generateSessionInformationObject(); + si.connector = ud.sig_app; + + if ((ud.mobileTestEnabled) && (si.connector.equals("mobile"))) { + si.connector = Constants.SIGNATURE_DEVICE_MOBILETEST; + session.setAttribute( + SignServlet.SUBMITFORM_SIGNATURE_DEVICE_KEY, + si.connector); + } + + si.application = "sign"; + si.mode = ud.sig_mode; + si.pdfDataSource = ud.pdfDataSource; + si.type = ud.sig_type; + if (md != null) { + byte[] plain_digest = md.digest(ud.pdfDataSource.getAsByteArray()); + plain_hex_digest = Hex.encodeHexString(plain_digest); + log.info("Original PDF HASH Value: " + plain_hex_digest); + si.plainPDFDigest = plain_hex_digest; + } + + si.filename = formatFileName(ud.file_name); + + si.download_inline = ud.download_inline; + si.pdfa = ud.pdfa; + si.note = ud.note; + + // added tzefferer: + si.exappinf = exappinf; + si.pos = sigpos; + // end add + + // added afitzek + si.startTime = startTime; + + log.info("Putting signature data into session " + session.getId()); + session.setAttribute( + SessionAttributes.ATTRIBUTE_SESSION_INFORMATION, si); + + // String user_name = (String) + // request.getSession().getAttribute(SessionAttributes.ATTRIBUTE_USER_NAME); + // String user_password = (String) + // request.getSession().getAttribute(SessionAttributes.ATTRIBUTE_USER_PASSWORD); + // si.user_name = user_name; + // si.user_password = user_password; + + SignServletHelper.prepareSign( + ApiHelper.getPdfAsFromContext(getServletContext()), si); + + // comment out by rpiazzi because preview has now its own Servlet + /* + * if (ud.preview) { String submit_url = + * response.encodeURL(request.getContextPath() + "/SignPreview"); + * String signature_data_url = + * response.encodeURL(WebUtils.buildRetrieveSignatureDataURL + * (request, response)); + * + * request.setAttribute("submit_url", submit_url); + * request.setAttribute("signature_data_url", signature_data_url); + * if (si.mode.equals(FormFields.VALUE_MODE_TEXTUAL)){ + * request.setAttribute("document_text", + * ((TextBased)si.sdi.getSignatureData()).getText()); } + * + * dispatch(request, response, "/jsp/signpreview.jsp"); + * + * return; } + */ + + SignServletHelper.finishSign(si, request, response, + getServletContext()); + + } catch (PresentableException e) { + log.error(e.getMessage(), e); + prepareDispatchToErrorPage(e, request); + dispatch(request, response, "/jsp/error.jsp"); + } catch (Exception e) { + log.error(e.getMessage(), e); + PresentableException pe = new PresentableException( + ErrorCode.UNKNOWN_ERROR, e); + prepareDispatchToErrorPage(pe, request); + dispatch(request, response, "/jsp/error.jsp"); + } + } + + // tzefferer:added + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + HttpSession session = request.getSession(); + doPost(request, response); + } + + // end add + + protected UploadedData retrieveUploadedDataFromRequest( + HttpServletRequest request) throws ServletException, + UnsupportedEncodingException, FileUploadException, + PDFDocumentException, IOException { + DiskFileItemFactory fif = new DiskFileItemFactory(); + fif.setRepository(WebSettingsReader.getTemporaryDirectory()); + ServletFileUpload sfu = new ServletFileUpload(fif); + + List items = sfu.parseRequest(request); + + // FileItem preview_fi = null; + FileItem mode_fi = null; + FileItem file_upload_fi = null; + // FileItem download_fi = null; + FileItem freeText_fi = null; + FileItem source_fi = null; + FileItem sig_type_fi = null; + FileItem sig_app_fi = null; + + boolean pdfaEnabled = false; + boolean noteEnabled = false; + String sig_type = ""; + String sig_app = ""; + String mode = ""; + String doc_file_name; + DataSource pdfDataSource; + boolean mobileTestEnabled = false; + + Iterator it = items.iterator(); + session = request.getSession(true); + + // Added by rpiazzi. If servlet was called for preview data was already + // written into + // session. + // Now commented out because the preview function is no more supported + /* + * if ((((FileItem)items.get(0)).getFieldName().equals(SignServlet. + * SUBMITFORM_PREVIEW))) { FileItem fi = (FileItem)items.get(1); + * + * sig_app_fi = fi; + * session.setAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY, + * sig_app_fi.getString("UTF-8")); + * + * if (((String)session.getAttribute(SUBMITFORM_PDFA_KEY))!=null) { if + * (((String)session.getAttribute(SUBMITFORM_PDFA_KEY)).equals("on")) { + * pdfaEnabled = true; } } if + * (((String)session.getAttribute(SUBMITFORM_NOTE_KEY))!=null) { if + * (((String)session.getAttribute(SUBMITFORM_NOTE_KEY)).equals("on")) { + * noteEnabled = true; } } + * + * sig_type = + * (String)session.getAttribute(SUBMITFORM_SIGNATURE_TYPE_KEY); sig_app + * = sig_app_fi.getString("UTF-8"); + * + * mode = (String)session.getAttribute(SUBMITFORM_SIGNATURE_MODE_KEY); + * doc_file_name = + * (String)session.getAttribute(SUBMITFORM_FILENAME_KEY); pdfDataSource + * = (DataSource)session.getAttribute(SUBMITFORM_FILE_KEY); + * + * } //end added else { + */ + + // Added by rpiazzi to check wheter local bku button was hit. In this + // case the parameters + // were already put into session because before local bku, online bku + // has to be called + // and therefore this servlet was already called. + // First check if one submitted parameter is the local bku button. + boolean localFound = false; + int positionLocal = 0; + while (it.hasNext()) { + if (((FileItem) it.next()).getFieldName().equals( + FormFields.FIELD_CONNECTOR_LOCALBKU)) { + localFound = true; + break; + } + positionLocal++; + } + + if (localFound) { + + session.setAttribute(SignServlet.ERROR_WITHIN_IFRAME, "no"); + pdfaEnabled = "on".equalsIgnoreCase((String) session + .getAttribute(SUBMITFORM_PDFA_KEY)); + sig_type = (String) session + .getAttribute(SUBMITFORM_SIGNATURE_TYPE_KEY); + noteEnabled = "on".equalsIgnoreCase((String) session + .getAttribute(SUBMITFORM_NOTE_KEY)); + + session.setAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY, "bku"); + sig_app = "bku"; + mode = (String) session.getAttribute(SUBMITFORM_SIGNATURE_MODE_KEY); + doc_file_name = (String) session + .getAttribute(SUBMITFORM_FILENAME_KEY); + pdfDataSource = (DataSource) session + .getAttribute(SUBMITFORM_FILE_KEY); + } + // end added + // else get settings from form fields + else { + session.setAttribute(SignServlet.ERROR_WITHIN_IFRAME, "yes"); + it = items.iterator(); + while (it.hasNext()) { + FileItem item = (FileItem) it.next(); + log.debug("item = " + item.getFieldName()); //$NON-NLS-1$ + + if (log.isDebugEnabled()) { + if (item.isFormField()) { + String item_string = item.getString("UTF-8"); //$NON-NLS-1$ + log.debug(" form field string = " + item_string); //$NON-NLS-1$ + } else { + log.debug(" filename = " + item.getName()); //$NON-NLS-1$ + log.debug(" filesize = " + item.getSize()); //$NON-NLS-1$ + } + } + + if (item.getFieldName().equals(FormFields.FIELD_SIGNATURE_TYPE)) { + sig_type_fi = item; + session.setAttribute(SUBMITFORM_SIGNATURE_TYPE_KEY, + item.getString("UTF-8")); + sig_type = item.getString("UTF-8"); + continue; + } + + if ((item.getFieldName() + .equals(FormFields.FIELD_CONNECTOR_SMARTCARD)) + || (item.getFieldName() + .equals(FormFields.FIELD_CONNECTOR_MOBILE)) + || (item.getFieldName() + .equals(FormFields.FIELD_CONNECTOR_LOCALBKU))) { + if (item.getFieldName().equals( + FormFields.FIELD_CONNECTOR_SMARTCARD)) { + session.setAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY, + "moc"); + sig_app = "moc"; + } + if (item.getFieldName().equals( + FormFields.FIELD_CONNECTOR_MOBILE)) { + session.setAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY, + "mobile"); + sig_app = "mobile"; + } + if (item.getFieldName().equals( + FormFields.FIELD_CONNECTOR_LOCALBKU)) { + session.setAttribute(SUBMITFORM_SIGNATURE_DEVICE_KEY, + "bku"); + sig_app = "bku"; + } + continue; + } + + if (item.getFieldName().equals(FormFields.FIELD_MODE)) { + mode_fi = item; + session.setAttribute(SUBMITFORM_SIGNATURE_MODE_KEY, + mode_fi.getString("UTF-8")); + continue; + } + + if (item.getFieldName().equals(FormFields.FIELD_SOURCE_FILE)) { + // changed by rpiazzi + // Item always contains something as it is just hidden by + // javascript + // because of this just set the value if not empty + if (item != null) { + file_upload_fi = item; + } + continue; + + } + + // Added by rpiazzi to ignore the form fields for the inactive + // mode + // but not more needed + /* + * if + * (item.getFieldName().equals(FormFields.FIELD_MODE_INACTIVE)) + * { continue; } + */ + // end added + + /* + * Commented out by rpiazzi because not more needed if + * (item.getFieldName().equals(FormFields.FIELD_DOWNLOAD)) { + * download_fi = item; continue; } + */ + + if (FormFields.FIELD_PDFA_ENABLED.equals(item.getFieldName())) { + if (item.getString("UTF-8") != null) { + session.setAttribute(SUBMITFORM_PDFA_KEY, "on"); + pdfaEnabled = true; + } else { + session.setAttribute(SUBMITFORM_PDFA_KEY, "off"); + pdfaEnabled = false; + } + continue; + } + + if (FormFields.FIELD_SOURCE_FREETEXT + .equals(item.getFieldName())) { + freeText_fi = item; + String value = freeText_fi.getString("UTF-8"); + if (value != null) { + session.setAttribute(SUBMITFORM_FREETEXT_KEY, value); + } + continue; + } + + if (FormFields.FIELD_SOURCE.equals(item.getFieldName())) { + source_fi = item; + session.setAttribute(SUBMITFORM_SOURCE_KEY, + item.getString("UTF-8")); + continue; + } + + // Added by rpiazzi. Feature added for inserting note into + // signature block + if (FormFields.FIELD_NOTE_ENABLED.equals(item.getFieldName())) { + if (item.getString("UTF-8") != null) { + session.setAttribute(SUBMITFORM_NOTE_KEY, "on"); + noteEnabled = true; + } else { + session.setAttribute(SUBMITFORM_NOTE_KEY, "off"); + noteEnabled = false; + } + continue; + } + // end added + + // Added by rpiazzi to let later jsp's know the height of the + // div elements + if (FormFields.FIELD_HEIGHT_SIGNDIV.equals(item.getFieldName())) { + session.setAttribute(HEIGHT_SIGN_DIV, + item.getString("UTF-8")); + continue; + } + // end added + + if (FormFields.FIELD_MOBILETEST_ENABLED.equals(item + .getFieldName())) { + if (item.getString("UTF-8") != null) { + if (item.getString("UTF-8").equals("on")) { + mobileTestEnabled = true; + } + } + continue; + } + + throw new ServletException("Unrecognized POST data."); //$NON-NLS-1$ + + } + + if (sig_type_fi == null + || (file_upload_fi == null && freeText_fi == null)) { + throw new ServletException( + "Insufficient data provided in request"); //$NON-NLS-1$ + } + + mode = mode_fi.getString("UTF-8"); //$NON-NLS-1$ + if (!mode.equals(FormFields.VALUE_MODE_BINARY) + && !mode.equals(FormFields.VALUE_MODE_TEXTUAL) + && !mode.equals(FormFields.VALUE_MODE_DETACHED)) { + throw new ServletException( + "The mode '" + mode + "' is unrecognized."); //$NON-NLS-1$ //$NON-NLS-2$ + } + + // Commented out by rpiazzi because not more needed + /* + * boolean download_inline = true; if + * (download_fi.getString("UTF-8") + * .equals(FormFields.VALUE_DOWNLOAD_ATTACHMENT)) //$NON-NLS-1$ { + * download_inline = false; } + */ + + // distinguish between file and freetext + if (source_fi.getString("UTF-8").equals( + FormFields.VALUE_SOURCE_FILE)) { + log.debug("Processing file."); + File f = new File(file_upload_fi.getName()); + doc_file_name = f.getName(); + log.debug("file content type =" + file_upload_fi.getContentType()); //$NON-NLS-1$ + + String extension = VerifyServlet + .extractExtension(doc_file_name); + if (extension != null && !extension.equals("pdf")) //$NON-NLS-1$ + { + throw new PDFDocumentException( + 201, + "The provided file '" + doc_file_name + "' doesn't have the PDF extension (.pdf)."); //$NON-NLS-1$//$NON-NLS-2$ + } + + if (file_upload_fi.getSize() <= 0) { + throw new PDFDocumentException(250, + "The document is empty."); //$NON-NLS-1$ + } + + try { + pdfDataSource = new ByteArrayPdfDataSource( + IOUtils.toByteArray(file_upload_fi.getInputStream())); + session.setAttribute(SUBMITFORM_FILE_KEY, pdfDataSource); + session.setAttribute(SUBMITFORM_FILENAME_KEY, doc_file_name); + } catch (IOException e) { + throw new PDFDocumentException(201, + "Couldn't store the file in the temp dir.", e); + } + } else { + log.debug("Processing free text."); + try { + byte[] freeTextPDF = IText.createPDF( + freeText_fi.getString("UTF-8"), pdfaEnabled); + pdfDataSource = new ByteArrayPdfDataSource(freeTextPDF); + doc_file_name = IText.DEFAULT_FILENAME; + session.setAttribute(SUBMITFORM_FILE_KEY, pdfDataSource); + session.setAttribute(SUBMITFORM_FILENAME_KEY, doc_file_name); + } catch (DocumentException e) { + throw new PDFDocumentException(201, + "Unable to create PDF document.", e); + } catch (IOException e) { + throw new PDFDocumentException(201, + "Unable to create PDF document.", e); + } + + // } + // byte[] pdf = file_upload_fi.get(); + } + } + + UploadedData ud = new UploadedData(); + + ud.preview = false; + ud.pdfa = pdfaEnabled; + ud.download_inline = false; + ud.sig_type = sig_type; + ud.sig_app = sig_app; + ud.sig_mode = mode; + ud.file_name = doc_file_name; + ud.pdfDataSource = pdfDataSource; + ud.note = noteEnabled; + + // Added by rpiazzi + if (ud.note && !ud.sig_type.contains("NOTE")) { + ud.sig_type += "_NOTE"; + session.setAttribute(SUBMITFORM_SIGNATURE_TYPE_KEY, ud.sig_type); + } + + if (mobileTestEnabled) { + ud.mobileTestEnabled = true; + } + + // end added + + return ud; + } + + public static void prepareDispatchToErrorPage(PdfAsException pe, + HttpServletRequest request) { + request.setAttribute("PresentableException", pe); + // if (pe instanceof ErrorCodeException) + // { + request.setAttribute("error", "Fehler " + pe.getErrorCode()); + + String cause = ErrorCodeHelper + .getMessageForErrorCode(pe.getErrorCode()); + + if (pe instanceof ExternalErrorException) { + ExternalErrorException eee = (ExternalErrorException) pe; + cause = eee.getExternalErrorCode() + ": " + + eee.getExternalErrorMessage(); + } + request.setAttribute("cause", cause); + + if (pe.getErrorCode() == ErrorCode.PLACEHOLDER_EXCEPTION) { + PlaceholderException phe = null; + if (pe instanceof PlaceholderException) { + phe = (PlaceholderException) pe; + } else { + phe = (PlaceholderException) pe.getCause(); + } + + request.setAttribute("cause", + "Der Platzhalter des Feldes " + phe.getField() + " ist um " + + phe.getMissing() + " Bytes zu kurz. " + cause); + } + + // Added by rpiazzi to know if error happened when request was within + // iframe + // In this case the visualization of the error has to be done + // differently + /* + * HttpSession session = request.getSession(); if + * (((String)session.getAttribute + * (SUBMITFORM_SIGNATURE_DEVICE_KEY)).equals + * (Constants.SIGNATURE_DEVICE_BKU)) { + * request.setAttribute(ERROR_WITHIN_IFRAME, "no"); } else { + * request.setAttribute(ERROR_WITHIN_IFRAME, "yes"); } + */ + // end added + + // } + // else + // { + // request.setAttribute("error", "PresentableException"); + // request.setAttribute("cause", pe.toString()); + // } + } + + /** + * Formats the file name so that it is suitable for content disposition. + * + * @param file_name + * The file name. + * @return Returns the formatted file name. + */ + public static String formatFileName(String file_name) { + File file = new File(file_name); + String file_name_only = file.getName(); + // the file_name contains \\ ==> remove them so Internet Explorer works + // correctly. + return file_name_only; + } + + // tzefferer: added + public static byte[] toByteArray(InputStream inputStream) + throws IOException { + + if (inputStream == null) { + return null; + } + + ByteArrayOutputStream out = new ByteArrayOutputStream(8192); + int n; + byte[] buffer = new byte[2048]; + BufferedInputStream bufIn = new BufferedInputStream(inputStream); + try { + while ((n = bufIn.read(buffer)) != -1) { + out.write(buffer, 0, n); + } + } finally { + if (bufIn != null) { + bufIn.close(); + } + } + return out.toByteArray(); + } + + // end add + + protected static class UploadedData { + protected boolean preview = false; + + protected boolean pdfa = false; + + protected boolean download_inline = false; + + protected String sig_type = null; + + protected String sig_app = null; + + protected String sig_mode = null; + + protected String file_name = null; + + protected DataSource pdfDataSource = null; + + protected boolean mobileTestEnabled = false; + + // added by rpiazzi + protected boolean note = false; + // protected byte[] pdf = null; + } } - diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/session/SignSessionInformation.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/session/SignSessionInformation.java index 11efbc1..ed05715 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/session/SignSessionInformation.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/session/SignSessionInformation.java @@ -187,4 +187,6 @@ public class SignSessionInformation implements HttpSessionBindingListener, Seria log.debug("Unbound SignSessionInformation from session (ID=" + event.getSession().getId() + ")."); } + + public String plainPDFDigest; } -- cgit v1.2.3