From 5812d840b420697b6821080a7cbb0f3c792fc1ac Mon Sep 17 00:00:00 2001 From: tknall Date: Thu, 19 Mar 2009 17:33:16 +0000 Subject: Build script for command line version updated. JavaDoc fixes. Some updates for debugging messages. Parser for MOCCA-CreateXMLSignatureResponses enhanced. Many updates and fixes for the external web app interface. New profile for invisible signatures added. git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@333 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../at/gv/egiz/pdfas/api/verify/VerifyResult.java | 6 +-- .../at/gv/egiz/pdfas/impl/api/CheckHelper.java | 2 +- .../egiz/pdfas/web/helper/SignServletHelper.java | 23 +++++++-- .../java/at/knowcenter/wag/egov/egiz/PdfAS.java | 2 +- .../wag/egov/egiz/cfg/SettingsReader.java | 2 +- .../wag/egov/egiz/pdf/PDFSignatureObjectIText.java | 4 +- .../sig/connectors/bku/DetachedBKUConnector.java | 6 +++ .../bku/EnvelopedBase64BKUConnector.java | 8 +++ .../connectors/moa/DetachedLocRefMOAConnector.java | 8 +++ .../moa/EnvelopingBase64MOAConnector.java | 8 +++ .../moa/MOASoapWithAttachmentConnector.java | 8 +++ .../mocca/LocRefDetachedMOCCAConnector.java | 9 ++++ .../egiz/sig/connectors/mocca/MOCCAHelper.java | 4 +- .../knowcenter/wag/egov/egiz/web/FormFields.java | 2 + .../wag/egov/egiz/web/servlets/DataURLServlet.java | 6 +++ .../egov/egiz/web/servlets/ProvidePDFServlet.java | 58 +++++++++++++--------- 16 files changed, 118 insertions(+), 38 deletions(-) (limited to 'src/main/java') diff --git a/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java index fa0e683..3886569 100644 --- a/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java +++ b/src/main/java/at/gv/egiz/pdfas/api/verify/VerifyResult.java @@ -96,11 +96,11 @@ public interface VerifyResult extends SignatureInformation public Date getVerificationTime(); /** - * Returns the hash input data as returned by MOA. + * Returns the hash input data as returned by MOA as Base64-encoded String. * *

* This will only return a value other than null if the corresponding - * VerifyParameter was set to true. + * {@link VerifyParameters} has been set to true. *

*

* Note that the HashInputData does not necessarily have to be exactly the @@ -108,7 +108,7 @@ public interface VerifyResult extends SignatureInformation * {@link SignatureInformation#getSignedData()} method. *

* - * @return Returns the hash input data as returned by MOA. + * @return Returns the base64 encoded hash input data as returned by MOA. * * @see SignatureInformation#getSignedData() */ diff --git a/src/main/java/at/gv/egiz/pdfas/impl/api/CheckHelper.java b/src/main/java/at/gv/egiz/pdfas/impl/api/CheckHelper.java index 4466d8b..0c2d7ca 100644 --- a/src/main/java/at/gv/egiz/pdfas/impl/api/CheckHelper.java +++ b/src/main/java/at/gv/egiz/pdfas/impl/api/CheckHelper.java @@ -159,7 +159,7 @@ public final class CheckHelper { if (!SignatureTypes.getInstance().getSignatureTypes().contains(profileId)) { - throw new IllegalArgumentException("The profileId must be defined in the configuration file. " + profileId); + throw new IllegalArgumentException("The profileId \"" + profileId + "\" must be defined in the configuration file."); } } catch (SignatureTypesException e) diff --git a/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java b/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java index 113169c..1e1864b 100644 --- a/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java +++ b/src/main/java/at/gv/egiz/pdfas/web/helper/SignServletHelper.java @@ -219,6 +219,7 @@ public class SignServletHelper ByteArrayDataSink bads = (ByteArrayDataSink)si.output; signed_pdf = bads.getByteArray(); } + HttpSession session = request.getSession(); PDFContainer entry = new PDFContainer(signed_pdf, si.exappinf.pdf_id); ProvidePDFServlet.signedDocuments.add(entry); @@ -244,23 +245,28 @@ public class SignServletHelper String query = invoke_url.substring(0, ind) + ";jsessionid=" + session_id + invoke_url.substring(ind) + sep + FormFields.FIELD_PDF_URL + "=" + providePDFServlet + "&" + FormFields.FIELD_PDF_ID - + "=" + pdf_id + "&" + FormFields.FIELD_FILE_LENGTH + "=" + signed_pdf.length; + + "=" + pdf_id + "&" + FormFields.FIELD_FILE_LENGTH + "=" + signed_pdf.length + + "&" + FormFields.FIELD_PDFAS_SESSION_ID + "=" + session.getId(); /* * Using the external web-interface of pdf-as (as described above) pdf-as should be run within * an iframe. In case of a signature performed with a local citizen card software or with the - * server bku the result has to be provided outside an iframe. To break out of the iframe a + * server bku the result has to be provided outside the iframe. To break out of the iframe a * helper jsp (redirect_to_parent) has to be used that redirects the user to the parent * window. */ + disableBrowserCacheForResponse(response); if (Constants.SIGNATURE_DEVICE_BKU.equals(si.connector) || Constants.SIGNATURE_DEVICE_MOC.equals(si.connector)) { - HttpSession session = request.getSession(); - log.debug("Local bku was used therefore pdf-as is supposed to run within an iframe."); + log.debug("Pdf-as is supposed to run within an iframe."); log.debug("Putting external application notify url (\"" + query + "\") in session (" + session.getId() + ") for later use."); - request.getSession().setAttribute(SessionAttributes.PARENT_WEBAPP_REDIRECT_URL, query); + session.setAttribute(SessionAttributes.PARENT_WEBAPP_REDIRECT_URL, query); String redirectHelper = response.encodeRedirectURL(request.getContextPath() + "/jsp/redirect_to_parent.jsp"); + log.debug("Redirecting to " + redirectHelper); + log.debug("The browser will finally be redirected outside the iframe to " + query + " in order to notify the external application."); + response.sendRedirect(redirectHelper); + } else { log.debug("Notifying external application by redirecting to \"" + query + "\"."); response.sendRedirect(query); @@ -270,6 +276,13 @@ public class SignServletHelper } + public static void disableBrowserCacheForResponse(HttpServletResponse response) { + log.debug("Disabling browser cache for HttpServletResponse."); + response.setHeader("Cache-Control", "no-cache"); + response.setHeader("Pragma","no-cache"); + response.setDateHeader("Expires", -1); + } + /** * Formats the file name according to the SignResult. * diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java b/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java index 5164ae4..c56a03e 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java @@ -96,7 +96,7 @@ public abstract class PdfAS * The current version of the pdf-as library. This version string is logged on every invocation * of the api or the web application. */ - public static final String PDFAS_VERSION = "3.0.9-20090206"; + public static final String PDFAS_VERSION = "3.0.9-20090319"; /** * The key of the strict mode setting. diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java b/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java index bca5b17..5fd67d2 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java @@ -394,7 +394,7 @@ public class SettingsReader implements Serializable logger_.info(" configuration path = \"" + CONFIG_PATH + "\""); logger_.info(" certstore path = \"" + CERT_PATH + "\""); logger_.info(" temporary path = \"" + TMP_PATH + "\""); - logger_.info(" file.encoding = \"" + System.getProperty("file.encoding") + "\""); + logger_.debug(" file.encoding = \"" + System.getProperty("file.encoding") + "\""); logger_.info(StringUtils.repeat("*", length + 25)); IAIK.addAsProvider(); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java index 78aafbf..dc85a4f 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java @@ -323,7 +323,7 @@ public class PDFSignatureObjectIText implements PDFSignatureObject String pdfa = SettingsReader.getInstance().getSetting("sig_obj." +profileid+".key."+SIG_PDFA1_B_VALID, "default."+SIG_PDFA1_B_VALID, "false"); pdfaValid= "true".equalsIgnoreCase(pdfa); SubsetLocal.set(!pdfaValid); - logger_.debug("Sign PDF/A complient:"+pdfa); + logger_.trace("Sign PDF/A complient:"+pdfa); } catch (SettingsException e1) { logger_.error(e1); @@ -346,7 +346,7 @@ public class PDFSignatureObjectIText implements PDFSignatureObject font_string = cell_style.getValueFont(); } - logger_.debug("using cell font: "+font_string); + logger_.trace("using cell font: "+font_string); Font cell_font; if(font_string.startsWith("TTF:")) diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java index d10afc6..5164771 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java @@ -130,6 +130,12 @@ public class DetachedBKUConnector implements Connector, LocalConnector BKUHelper.checkResponseForError(response_string); + // TODO[tknall] Parse server type and version in order to prevent unsupported cces from signing pdfs + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl + log.debug("BKU response header \"user-agent\" header: " + bkuUserAgentHeader); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser + log.debug("BKU response header \"server\" header: " + bkuServerHeader); + SignSignatureObject so; if (MOCCAHelper.isMOCCACCEId(bkuServerHeader == null ? bkuUserAgentHeader : bkuServerHeader)) { log.debug("Evaluating response as MOCCA response."); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java index 40a7732..f30b4b7 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java @@ -360,6 +360,14 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector BKUHelper.checkResponseForError(response_string); + // TODO[tknall] Parse server type and version in order to prevent unsupported cces from signing pdfs + String bkuServerHeader = response_properties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY); + String bkuUserAgentHeader = response_properties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl + log.debug("BKU response header \"user-agent\" header: " + bkuUserAgentHeader); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser + log.debug("BKU response header \"server\" header: " + bkuServerHeader); + SignSignatureObject so = BKUHelper.parseCreateXMLResponse(response_string, new HotfixIdFormatter()); log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java index b31d1ec..6ad5b94 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java @@ -107,6 +107,14 @@ public class DetachedLocRefMOAConnector implements Connector BKUHelper.checkResponseForError(response_string); + // TODO[tknall] Parse server type and version in order to prevent unsupported cces from signing pdfs + String bkuServerHeader = response_properties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY); + String bkuUserAgentHeader = response_properties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl + log.debug("BKU response header \"user-agent\" header: " + bkuUserAgentHeader); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser + log.debug("BKU response header \"server\" header: " + bkuServerHeader); + SignSignatureObject so = MOAHelper.parseCreateXMLResponse(response_string, new DetachedLocRefMOAIdFormatter()); log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java index a6db63c..b309432 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java @@ -218,6 +218,14 @@ public class EnvelopingBase64MOAConnector implements Connector BKUHelper.checkResponseForError(response_string); + // TODO[tknall] Parse server type and version in order to prevent unsupported cces from signing pdfs + String bkuServerHeader = response_properties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY); + String bkuUserAgentHeader = response_properties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl + log.debug("BKU response header \"user-agent\" header: " + bkuUserAgentHeader); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser + log.debug("BKU response header \"server\" header: " + bkuServerHeader); + SignSignatureObject so = MOAHelper.parseCreateXMLResponse(response_string, new OldMOAIdFormatter()); log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java index 7776698..abd2b09 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java @@ -115,6 +115,14 @@ public class MOASoapWithAttachmentConnector implements Connector BKUHelper.checkResponseForError(response_string); + // TODO[tknall] Parse server type and version in order to prevent unsupported cces from signing pdfs + String bkuServerHeader = response_properties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY); + String bkuUserAgentHeader = response_properties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl + log.debug("BKU response header \"user-agent\" header: " + bkuUserAgentHeader); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser + log.debug("BKU response header \"server\" header: " + bkuServerHeader); + SignSignatureObject so = MOAHelper.parseCreateXMLResponse(response_string, new DetachedLocRefMOAIdFormatter()); log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java index 30212eb..c44f34b 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java @@ -115,6 +115,15 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { log.debug("analyzeSignResponse:"); String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY); BKUHelper.checkResponseForError(response_string); + + // TODO[tknall] Parse server type and version in order to prevent unsupported cces from signing pdfs + String bkuServerHeader = response_properties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY); + String bkuUserAgentHeader = response_properties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl + log.debug("BKU response header \"user-agent\" header: " + bkuUserAgentHeader); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser + log.debug("BKU response header \"server\" header: " + bkuServerHeader); + SignSignatureObject so = MOCCAHelper.parseCreateXMLResponse(response_string, new DetachedMOCIdFormatter()); so.response_properties = response_properties; log.debug("analyzeSignResponse finished."); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/MOCCAHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/MOCCAHelper.java index 1bb89be..fe23584 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/MOCCAHelper.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/MOCCAHelper.java @@ -73,11 +73,11 @@ public final class MOCCAHelper { log.debug("xmlResponse = " + xmlResponse); } - Pattern iss_nam_p_s = Pattern.compile("<[\\w]*:?X509IssuerName>"); + Pattern iss_nam_p_s = Pattern.compile("<[\\w]*:?X509IssuerName[^>]*>"); Pattern iss_nam_p_e = Pattern.compile(""); Pattern sig_tim_p_s = Pattern.compile("<[\\w]*:?SigningTime>"); Pattern sig_tim_p_e = Pattern.compile(""); - Pattern ser_num_p_s = Pattern.compile("<[\\w]*:?X509SerialNumber>"); + Pattern ser_num_p_s = Pattern.compile("<[\\w]*:?X509SerialNumber[^>]*>"); Pattern ser_num_p_e = Pattern.compile(""); Pattern sig_cer_p_s = Pattern.compile("<[\\w]*:?X509Certificate>"); Pattern sig_cer_p_e = Pattern.compile(""); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/FormFields.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/FormFields.java index 7b8164a..7137741 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/FormFields.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/FormFields.java @@ -85,6 +85,8 @@ public abstract class FormFields public static final String FIELD_PDF_ID = "pdf-id"; + public static final String FIELD_PDFAS_SESSION_ID = "pdfas-session-id"; + public static final String FIELD_FILE_LENGTH = "num-bytes"; public static final String FIELD_INVOKE_APP_URL = "invoke-app-url"; diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java index f74bd1c..7947d90 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java @@ -210,6 +210,12 @@ public class DataURLServlet extends HttpServlet log.debug("There are still requests to be performed -> answering with request."); //$NON-NLS-1$ + // TODO[tknall] Parse user agent's cce type and version in order to prevent unsupported cces from signing pdfs + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl + log.debug("BKU response header \"user-agent\" header: " + request.getHeader("User-Agent")); + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser + log.debug("BKU response header \"server\" header: " + request.getHeader("Server")); + LocalRequest local_request = si.localRequest; String request_string = local_request.getRequestString(); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/ProvidePDFServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/ProvidePDFServlet.java index c40f3c6..803dc59 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/ProvidePDFServlet.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/ProvidePDFServlet.java @@ -42,9 +42,9 @@ public class ProvidePDFServlet extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String pdfIdString = request.getParameter(FormFields.FIELD_PDF_ID); + HttpSession session = request.getSession(); if (pdfIdString == null) { - HttpSession session = request.getSession(true); log.debug("No " + FormFields.FIELD_PDF_ID + " provided. Trying to retrieve PDF from session (" + session.getId() + ")."); SignSessionInformation si = (SignSessionInformation) session.getAttribute(SessionAttributes.SIGNED_PDF_DOCUMENT); if (si == null) { @@ -59,39 +59,51 @@ public class ProvidePDFServlet extends HttpServlet { log.debug("Signed pdf found."); session.removeAttribute(SessionAttributes.SIGNED_PDF_DOCUMENT); log.debug("Returning signed pdf to browser."); -// log.debug("Invalidating session."); -// session.invalidate(); SignServletHelper.returnSignResponse(si, request, response); return; } } else { long pdfId = Long.parseLong(pdfIdString); - Iterator it = signedDocuments.iterator(); + byte[] pdf = null; + + synchronized (signedDocuments) { + Iterator it = signedDocuments.iterator(); - while (it.hasNext()) { - PDFContainer current = (PDFContainer) it.next(); - if (current.id == pdfId) { - try { - byte[] pdf = current.pdf; - - response.setContentType("application/pdf"); - response.setContentLength(pdf.length); - - InputStream is = new ByteArrayInputStream(pdf); - final int bufferSize = 1024; - byte[] buffer = new byte[bufferSize]; - int len = -1; - while ((len = is.read(buffer)) != -1) { - response.getOutputStream().write(buffer, 0, len); - } - response.getOutputStream().flush(); + while (it.hasNext() && pdf == null) { + PDFContainer current = (PDFContainer) it.next(); + if (current.id == pdfId) { + pdf = current.pdf; signedDocuments.remove(current); - } catch (IOException e) { - log.error("IO excepton while providing pdf document: " + e.getMessage(), e); } } } + + if (pdf != null) { + try { + + SignServletHelper.disableBrowserCacheForResponse(response); + response.setContentType("application/pdf"); + response.setContentLength(pdf.length); + + InputStream is = new ByteArrayInputStream(pdf); + final int bufferSize = 1024; + byte[] buffer = new byte[bufferSize]; + int len = -1; + while ((len = is.read(buffer)) != -1) { + response.getOutputStream().write(buffer, 0, len); + } + response.getOutputStream().flush(); + log.debug("File sent. Invalidating session."); + session.invalidate(); + } catch (IOException e) { + log.error("IO excepton while providing pdf document: " + e.getMessage(), e); + } + } else { + log.error("Unable to find signed pdf (id=" + pdfId + ") in session (" + session.getId() + ")."); + return; + } + } } -- cgit v1.2.3