From 11b5950be66bcc9d6f0bb28d3fc9d211bc70f4d9 Mon Sep 17 00:00:00 2001
From: tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>
Date: Tue, 16 Mar 2010 12:07:29 +0000
Subject: Catching OutOfMemory exceptions, returning appropriate error
 message/code Binary signature: bug concerning indirect pdf objects fixed
 SignaturePositioning improved (Signature position can be declared by String
 which is parsed) Some more error codes (Out of memory, Invalid signature
 position) iText utility for creation of pdf files added ConfigUtils updated
 (destination of configuration to be extracted can now be chosen) PDFASUtils
 updated (more tools) WebApplication: Freetext pdf creation implemented
 WebApplication: XSS security updates

git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@580 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
---
 src/main/webapp/WEB-INF/decorators.xml |  5 --
 src/main/webapp/WEB-INF/web.xml        | 10 +++-
 src/main/webapp/css/pdfas-styles.css   |  7 +++
 src/main/webapp/jsp/SIGNATURBLOCK.jsp  | 15 ++----
 src/main/webapp/jsp/error.jsp          |  7 +--
 src/main/webapp/jsp/signupload.jsp     | 90 +++++++++++++++++++++++++++++-----
 6 files changed, 103 insertions(+), 31 deletions(-)

(limited to 'src/main/webapp')

diff --git a/src/main/webapp/WEB-INF/decorators.xml b/src/main/webapp/WEB-INF/decorators.xml
index 352a902..a88892d 100644
--- a/src/main/webapp/WEB-INF/decorators.xml
+++ b/src/main/webapp/WEB-INF/decorators.xml
@@ -9,11 +9,6 @@
 		<pattern>/*.pdf</pattern>
 	</excludes>
 
-	<!--
-	<decorator name="standalone" page="/sitemesh/standalone.jsp">
-	<decorator name="production" page="/sitemesh/buergerkarte/pdf-as-template.jsp">
-	<decorator name="test"       page="/sitemesh/buergerkarte/test-pdf-as-template.jsp">
-	-->	  
 	<decorator name="standalone" page="/sitemesh/standalone.jsp">
 		<pattern>/*</pattern>
 	</decorator>
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index ce82e9a..4a7ad77 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -39,7 +39,15 @@
         </init-param>
         <init-param>
         	<param-name>forceRequestEncoding</param-name>
-        	<param-value>false</param-value>
+        	<param-value>true</param-value>
+        </init-param>
+        <init-param>
+        	<param-name>setResponseEncoding</param-name>
+        	<param-value>true</param-value>
+        </init-param>
+        <init-param>
+        	<param-name>forceResponseEncoding</param-name>
+        	<param-value>true</param-value>
         </init-param>
     </filter>
 
diff --git a/src/main/webapp/css/pdfas-styles.css b/src/main/webapp/css/pdfas-styles.css
index a7e1906..6831232 100644
--- a/src/main/webapp/css/pdfas-styles.css
+++ b/src/main/webapp/css/pdfas-styles.css
@@ -16,6 +16,13 @@ table.pdfassignature td.pdfaslabel {
 	/* word-spacing: nowrap; */
 }
 
+textarea.freetext {
+	width: 450px;
+	height: 150px;
+	font: 1em 'Courier New', courier, monospace;
+	margin: 0px 0px 0px 0px;
+}
+
 table#pdfasupperformtable {
 	margin-top: 10px;
 }
diff --git a/src/main/webapp/jsp/SIGNATURBLOCK.jsp b/src/main/webapp/jsp/SIGNATURBLOCK.jsp
index 336365b..66e64e3 100644
--- a/src/main/webapp/jsp/SIGNATURBLOCK.jsp
+++ b/src/main/webapp/jsp/SIGNATURBLOCK.jsp
@@ -26,7 +26,7 @@
 	   if ("SIGNATURBLOCK_DE".equals(type)) {
 	      sbValue     = "Signaturwert";
 	      sbLabel     = "signatur-logo_de-100.png";
-	      sbMetaValue = "Informationen zur Prüfung der elektronischen Signatur und des Ausdrucks finden Sie unter: <input type=\"text\" name=\"vservice\" readonly=\"readonly\" disabled=\"disabled\" value=\"https://www.buergerkarte.at/signature-verification\" size=\"50\" maxlength=\"255\"/>";
+	      sbMetaValue = "Informationen zur Prüfung der elektronischen Signatur und des Ausdrucks finden Sie unter: <input type=\"text\" name=\"vservice\" readonly=\"readonly\" disabled=\"disabled\" value=\"http://www.signaturpruefung.gv.at\" size=\"50\" maxlength=\"255\"/>";
 	      sbName      = "Unterzeichner";
 	      sbDate      = "Datum/Zeit-UTC";
 	      sbIssuer    = "Aussteller-Zertifikat";
@@ -37,7 +37,7 @@
 	   } else {
 	      sbValue     = "Signature Value";
 	      sbLabel     = "signatur-logo_en-100.png";
-	      sbMetaValue = "Information about the verification of the electronic signature and of the printout can be found at: <input type=\"text\" name=\"vservice\" readonly=\"readonly\" disabled=\"disabled\" value=\"https://www.buergerkarte.at/signature-verification\" size=\"50\" maxlength=\"255\"/>";
+	      sbMetaValue = "Information about the verification of the electronic signature and of the printout can be found at: <input type=\"text\" name=\"vservice\" readonly=\"readonly\" disabled=\"disabled\" value=\"http://www.signature-verification.gv.at\" size=\"50\" maxlength=\"255\"/>";
 	      sbName      = "Signatory";
 	      sbDate      = "Date/Time-UTC";
 	      sbIssuer    = "Issuer-Certificate";
@@ -92,15 +92,8 @@
 	<tr>
 		<td class="pdfaslabel" nowrap="nowrap"><%= sbID %></td>
 		<td class="pdfasvalue">
-			<% if (Constants.SIGNATURE_DEVICE_MOC.equals(device)) { %>
-				<div class="pdfasnobreak">etsi-moc-1.0@12345678</div>
-			<% } else { %>
-				<div class="pdfasnobreak">etsi-bka-1.0@1234567890-123456789@</div>
-				<div class="pdfasnobreak">12345-1234-</div>
-				<div class="pdfasnobreak">0-</div>
-				<div class="pdfasnobreak">12345-</div>
-				<div class="pdfasnobreak">12345</div></td>
-			<% } // end if %>
+			<div class="pdfasnobreak">etsi-moc-1.1@dbc17c36</div>
+		</td>
 	</tr>
 	<tr>
 		<td class="pdfaslabel" nowrap="nowrap"><%= sbMeta %></td>
diff --git a/src/main/webapp/jsp/error.jsp b/src/main/webapp/jsp/error.jsp
index d135f88..8a06691 100644
--- a/src/main/webapp/jsp/error.jsp
+++ b/src/main/webapp/jsp/error.jsp
@@ -8,6 +8,7 @@
 <%@ page import="org.apache.commons.httpclient.util.EncodingUtil" %>
 <%@ page import="org.apache.commons.httpclient.NameValuePair" %>
 <%@ page import="at.gv.egiz.pdfas.web.helper.SignServletHelper" %>
+<%@ page import="org.apache.commons.lang.StringEscapeUtils" %>
 <%@ page import="java.io.*" %>
 
 <%@ include file="language.jsp" %>
@@ -80,12 +81,12 @@
 		<div class="pdfasnote">
 			<% if (rb) { %>
 				<fmt:message key="<%= error %>"/>
-			<% } else { out.write(error); } %>
+			<% } else { out.write(StringEscapeUtils.escapeHtml(error)); } %>
 		</div>
 		<div class="pdfasnote"><fmt:message key="error.cause"/>: <strong>
 			<% if (rb) { %>
 				<fmt:message key="<%= cause %>"/>
-			<% } else { out.write(cause); } %>
+			<% } else { out.write(StringEscapeUtils.escapeHtml(cause)); } %>
 		</strong></div>
 		<% if (!isExternalInvocation && !paramInvok) { %>
 			<div class="pdfasverticalspace"></div>
@@ -99,7 +100,7 @@
 		    pe.printStackTrace(pw);
 		    sw.close();
 		    pw.close();
-		    out.print(sw);
+		    out.print(StringEscapeUtils.escapeHtml(sw.toString()));
 		  }
 		%>
 		</pre>
diff --git a/src/main/webapp/jsp/signupload.jsp b/src/main/webapp/jsp/signupload.jsp
index 010012b..f6c02fe 100644
--- a/src/main/webapp/jsp/signupload.jsp
+++ b/src/main/webapp/jsp/signupload.jsp
@@ -1,5 +1,6 @@
 <%@ page import="at.knowcenter.wag.egov.egiz.web.FormFields" %>
 <%@ page import="at.knowcenter.wag.egov.egiz.web.SessionAttributes" %>
+<%@ page import="org.apache.commons.lang.StringEscapeUtils" %>
 <%@ page import="at.gv.egiz.pdfas.api.commons.Constants" %>
 <%@ page import="at.gv.egiz.pdfas.web.i18n.LanguageDecoratorMapper"%>
 <%@ page import="at.knowcenter.wag.egov.egiz.web.servlets.UpdateFormServlet"%>
@@ -41,18 +42,35 @@
 				updateform.<%= FormFields.FIELD_MODE %>.value           = submitform.<%= FormFields.FIELD_MODE %>.value; 
 				updateform.<%= FormFields.FIELD_CONNECTOR %>.value      = submitform.<%= FormFields.FIELD_CONNECTOR %>.value; 
 				updateform.<%= FormFields.FIELD_PDFA_ENABLED %>.value   = (submitform.<%= FormFields.FIELD_PDFA_ENABLED %>.checked == true);
+				updateform.<%= FormFields.FIELD_SOURCE %>.value         = submitform.<%= FormFields.FIELD_SOURCE %>.value;
+				if (submitform.<%= FormFields.FIELD_FREETEXT %>) {
+					updateform.<%= FormFields.FIELD_FREETEXT %>.value    = submitform.<%= FormFields.FIELD_FREETEXT %>.value; 
+				}
 				updateform.submit();
 				return(false);
 			}
 			function submitForm(preview) {
 				var submitform = document.getElementById('submitform');
-				if (!submitform.fileupload.value) {
-					if (preview) {
-						alert('<fmt:message key="signupload.documentnotselected.preview"/>');
-					} else {
-						alert('<fmt:message key="signupload.documentnotselected"/>');
+				if (submitform.fileupload) {
+					// file
+					if (!submitform.fileupload.value) {
+						if (preview) {
+							alert('<fmt:message key="signupload.documentnotselected.preview"/>');
+						} else {
+							alert('<fmt:message key="signupload.documentnotselected"/>');
+						}
+						return(false);
+					}
+				} else {
+					// freetext
+					if (!submitform.freetext.value) {
+						if (preview) {
+							alert('<fmt:message key="signupload.nofreetext.preview"/>');
+						} else {
+							alert('<fmt:message key="signupload.nofreetext"/>');
+						}
+						return(false);
 					}
-					return(false);
 				}
 				if (preview) {
 					submitform.<%= FormFields.FIELD_PREVIEW %>.value='true';
@@ -118,6 +136,21 @@
 	      }
 	   }
       session.setAttribute(UpdateFormServlet.UPLOADFORM_SIGNATURE_TYPE_KEY, type);
+      
+      // source
+      String source = (String) session.getAttribute(UpdateFormServlet.UPLOADFORM_SOURCE_KEY);
+      if (source == null) {
+         source = FormFields.VALUE_SOURCE_FILE;
+      }
+      session.setAttribute(UpdateFormServlet.UPLOADFORM_SOURCE_KEY, source);
+      boolean freeText = FormFields.VALUE_SOURCE_FREETEXT.equals(source);
+      
+      // freetext
+      String freeTextValue = (String) session.getAttribute(UpdateFormServlet.UPLOADFORM_FREETEXT_KEY);
+      if (freeTextValue == null) {
+         freeTextValue = "";
+      }
+      session.setAttribute(UpdateFormServlet.UPLOADFORM_FREETEXT_KEY, freeTextValue);
 
 	   %>
 </head>
@@ -131,13 +164,29 @@
 		<fmt:message key="common.title"/>
 	<% } // end if %>		   
 </h1>
-<h2 align="left"><fmt:message key="signupload.heading2"/></h2>
-<div class="pdfasnote"><fmt:message key="signupload.selectfilenote"/></div>
-<form name="updateform" id="updateform" method="post" action="<%= request.getContextPath() %>/UpdateForm">
+<h2 align="left">
+	<% if (freeText) {  %>
+		<fmt:message key="signupload.heading2.freetext"/>
+	<% } else { %>
+		<fmt:message key="signupload.heading2"/>
+	<% } %>
+</h2>
+<div class="pdfasnote">
+	<% if (freeText) { %>
+		<fmt:message key="signupload.selectfilenote.freetext"/>
+	<% } else { %>
+		<fmt:message key="signupload.selectfilenote"/>
+	<% } %>
+</div>
+<form name="updateform" id="updateform" accept-charset="UTF-8" method="post" action="<%= request.getContextPath() %>/UpdateForm">
 	<input type="hidden" name="<%= FormFields.FIELD_SIGNATURE_TYPE %>" value=""/>
 	<input type="hidden" name="<%= FormFields.FIELD_MODE %>" value=""/>
 	<input type="hidden" name="<%= FormFields.FIELD_CONNECTOR %>" value=""/>
-	<input type="hidden" name="<%= FormFields.FIELD_PDFA_ENABLED%>" value=""/>
+	<input type="hidden" name="<%= FormFields.FIELD_PDFA_ENABLED %>" value=""/>
+	<input type="hidden" name="<%= FormFields.FIELD_SOURCE %>" value=""/>
+	<% if (freeText) { %>
+		<input type="hidden" name="<%= FormFields.FIELD_FREETEXT %>" value=""/>
+	<% } // end if %>
 </form>
 <form name="submitform" id="submitform"
       enctype="multipart/form-data"
@@ -183,12 +232,31 @@
 				</select>
 			</td>
 		</tr>
+		<!--
 		<tr>
 			<td align="left" nowrap="nowrap"><label><fmt:message key="signupload.file"/>:</label></td>
 			<td align="left"><input size="50" type="file" id="fileupload" name="<%= FormFields.FIELD_UPLOAD %>" accept="application/pdf"/></td>
 		</tr>
+		-->
+		<tr>
+			<td align="left" nowrap="nowrap" style="vertical-align: top;">
+				<select name="<%= FormFields.FIELD_SOURCE %>" onchange="return updateForm();">
+					<option value="<%= FormFields.VALUE_SOURCE_FILE %>" <%= FormFields.VALUE_SOURCE_FILE.equals(source) ? "selected=\"selected\"" : "" %>><fmt:message key="signupload.file"/></option>
+					<option value="<%= FormFields.VALUE_SOURCE_FREETEXT %>" <%= FormFields.VALUE_SOURCE_FREETEXT.equals(source) ? "selected=\"selected\"" : "" %>><fmt:message key="signupload.freetext"/></option>
+				</select>
+			</td>
+			<td align="left">
+				<% if (freeText) { %>
+					<textarea class="freetext" id="freetext" name="<%= FormFields.FIELD_FREETEXT %>"><%= StringEscapeUtils.escapeHtml(freeTextValue) %></textarea>
+				<% } else { %>
+					<input size="50" type="file" id="fileupload" name="<%= FormFields.FIELD_UPLOAD %>" accept="application/pdf"/>
+				<% } // end if freetext %>
+			</td>
+		</tr>
 	</table>
-	<div class="pdfasnote"><span class="pdfasemphasis"><fmt:message key="signupload.note.prefix"/>:</span> <fmt:message key="signupload.note"/> <% if (pdfa) { %><fmt:message key="signupload.note.pdfa"/><% } %></div>
+	<div class="pdfasnote"><span class="pdfasemphasis">
+		<fmt:message key="signupload.note.prefix"/>:</span> <% if (!freeText) { %><fmt:message key="signupload.note.file"/><% } %> <fmt:message key="signupload.note"/> <% if (pdfa) { %><fmt:message key="signupload.note.pdfa"/><% } %>
+	</div>
 
 	<input type="hidden" name="<%= FormFields.FIELD_DOWNLOAD %>" value="<%= FormFields.VALUE_DOWNLOAD_ATTACHMENT %>"/>
 	<input type="hidden" name="<%= FormFields.FIELD_PREVIEW %>" value="false" />
-- 
cgit v1.2.3