From 3d7fedde0944207f5afb49fec95b391ad24e5f06 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Wed, 16 Oct 2013 10:53:39 +0200 Subject: URL escape BUG fixed --- .../egiz/pdfas/web/helper/SignServletHelper.java | 1 + .../at/gv/egiz/pdfas/web/servlets/SignServlet.java | 47 ++++++++++++++++++++-- 2 files changed, 44 insertions(+), 4 deletions(-) (limited to 'pdf-as-web') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java index 4dbe6f0..b566651 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java @@ -182,6 +182,7 @@ public class SignServletHelper SignResult signResult = pdfAs.sign(si.signParameters, si.sdi); si.signResult = signResult; si.signedPdf = data.getData(); + si.output = data; // PdfASID algorithm = FormFields.translateSignatureModeToPdfASID(si.mode); // Signator signator = SignatorFactory.createSignator(algorithm); diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java index 19b729a..6cb55fe 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java @@ -32,6 +32,9 @@ import java.io.File; import java.io.IOException; import java.io.InputStream; import java.io.UnsupportedEncodingException; +import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; import java.net.URL; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -108,6 +111,9 @@ public class SignServlet extends HttpServlet { public static final String SUBMITFORM_FILENAME_KEY = "signupload.jsp:filenameKey"; public static final String SUBMITFORM_PREVIEW = "signupload.jsp:previewKey"; + public static final String HTTP_PROTOCOL = "http"; + public static final String HTTPS_PROTOCOL = "https"; + // Added by rpiazzi to know if an error occured within IFrame because this // calls for // a different display of the error @@ -133,6 +139,25 @@ public class SignServlet extends HttpServlet { disp.forward(request, response); } + private URL getEncodedURLFromStringQuery(String query) + throws MalformedURLException, URISyntaxException { + + URL url = new URL(query); + + if (url.getProtocol().equals(HTTP_PROTOCOL) + || url.getProtocol().equals(HTTPS_PROTOCOL)) { + + URI uri = new URI(url.getProtocol(), url.getUserInfo(), + url.getHost(), url.getPort(), url.getPath(), + url.getQuery(), url.getRef()); + url = uri.toURL(); + return url; + } + + throw new MalformedURLException( + "Only HTTP and HTTPS protocols supported"); + } + /** * Processes the sign upload. * @@ -156,7 +181,7 @@ public class SignServlet extends HttpServlet { // TODO Auto-generated catch block e.printStackTrace(); } - + // check if pdf-as has been called by external webapp if (request.getParameter(FormFields.FIELD_PDF_URL) != null) { String preview = (String) request @@ -248,7 +273,20 @@ public class SignServlet extends HttpServlet { // wprinz: rem: this allocation is useless // byte[] extern_pdf = new byte[Integer.parseInt(pdf_length)]; - URL source_url = new URL(query); + // URL source_url = new URL(query); + + // Bugfix TZ: Encode URL + URL source_url = null; + try { + source_url = getEncodedURLFromStringQuery(query); + } catch (URISyntaxException e) { + + request.setAttribute("error", e.getMessage()); + request.setAttribute("cause", e.getCause()); + request.setAttribute("resourcebundle", Boolean.TRUE); + dispatch(request, response, "/jsp/error.jsp"); + } + InputStream is = source_url.openStream(); // extern_pdf = toByteArray(is); @@ -365,12 +403,13 @@ public class SignServlet extends HttpServlet { si.pdfDataSource = ud.pdfDataSource; si.type = ud.sig_type; if (md != null) { - byte[] plain_digest = md.digest(ud.pdfDataSource.getAsByteArray()); + byte[] plain_digest = md.digest(ud.pdfDataSource + .getAsByteArray()); plain_hex_digest = Hex.encodeHexString(plain_digest); log.info("Original PDF HASH Value: " + plain_hex_digest); si.plainPDFDigest = plain_hex_digest; } - + si.filename = formatFileName(ud.file_name); si.download_inline = ud.download_inline; -- cgit v1.2.3