/** * Copyright 2006 by Know-Center, Graz, Austria * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a * joint initiative of the Federal Chancellery Austria and Graz University of * Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egiz.pdfas.web.servlets; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.util.Collections; import java.util.HashSet; import java.util.Iterator; import java.util.Set; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import at.gv.egiz.pdfas.web.FormFields; import at.gv.egiz.pdfas.web.PDFContainer; import at.gv.egiz.pdfas.web.servlets.SignServlet; import at.gv.egiz.pdfas.web.helper.SignServletHelper; import at.gv.egiz.pdfas.web.session.SessionAttributes; import at.gv.egiz.pdfas.web.session.SignSessionInformation; import at.knowcenter.wag.egov.egiz.exceptions.PresentableException; public class ProvidePDFServlet extends HttpServlet { /** * SVUID. */ private static final long serialVersionUID = 1L; /** * The log. */ private static Log log = LogFactory.getLog(ProvidePDFServlet.class); public static Set signedDocuments = Collections.synchronizedSet(new HashSet()); public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String pdfIdString = request.getParameter(FormFields.FIELD_PDF_ID); String plainPDFDigest = request.getParameter(FormFields.FIELD_ORIGINAL_DIGEST); HttpSession session = request.getSession(); if (pdfIdString == null) { log.debug("No " + FormFields.FIELD_PDF_ID + " provided. Trying to retrieve PDF from session (" + session.getId() + ")."); SignSessionInformation si = (SignSessionInformation) session.getAttribute(SessionAttributes.SIGNED_PDF_DOCUMENT); if (si == null) { log.warn("Unable to find signed pdf in session (" + session.getId() + ")."); SignServlet.prepareDispatchToErrorPage(new PresentableException(600, "Das signierte Dokument konnte nicht gefunden werden."), request); response.setContentType("text/html"); response.setCharacterEncoding("UTF-8"); RequestDispatcher disp = super.getServletContext().getRequestDispatcher("/jsp/error.jsp"); disp.forward(request, response); return; } else { log.debug("Signed pdf found."); // do NOT remove signed pdf document from session since IE9 loads this page/servlet twice...) // Popup-Blocker, Link-Prefetching, IE 9 SmartScreen-Filter...??? // session.removeAttribute(SessionAttributes.SIGNED_PDF_DOCUMENT); log.debug("Returning signed pdf to browser."); if(plainPDFDigest != null) { if(!plainPDFDigest.equalsIgnoreCase(si.plainPDFDigest)) { log.error("PDF Digests don't match!"); log.error("Requested digest: " + plainPDFDigest); log.error("Saved digest: " + si.plainPDFDigest); return; } } SignServletHelper.returnSignResponse(si, request, response); log.debug("Removing free text (if any) from session."); session.removeAttribute(UpdateFormServlet.UPLOADFORM_FREETEXT_KEY); return; } } else { long pdfId = Long.parseLong(pdfIdString); PDFContainer pdf = null; synchronized (signedDocuments) { Iterator it = signedDocuments.iterator(); while (it.hasNext() && pdf == null) { PDFContainer current = (PDFContainer) it.next(); if (current.id == pdfId) { pdf = current; signedDocuments.remove(current); } } } if (pdf != null && pdf.pdf != null) { try { if(plainPDFDigest != null) { if(!plainPDFDigest.equalsIgnoreCase(pdf.originalDigest)) { log.error("PDF Digests don't match! 1"); log.error("Requested digest: " + plainPDFDigest); log.error("Saved digest: " + pdf.originalDigest); return; } } SignServletHelper.disableBrowserCacheForResponse(response); response.setContentType("application/pdf"); response.setContentLength(pdf.pdf.length); //SignSessionInformation si = (SignSessionInformation)session.getAttribute(SessionAttributes.ATTRIBUTE_SESSION_INFORMATION); String filename = (String)session.getAttribute(SignServlet.SUBMITFORM_FILENAME_KEY); response.setHeader("Content-disposition", "attachment; filename=\""+filename+"\""); InputStream is = new ByteArrayInputStream(pdf.pdf); final int bufferSize = 1024; byte[] buffer = new byte[bufferSize]; int len = -1; while ((len = is.read(buffer)) != -1) { response.getOutputStream().write(buffer, 0, len); } response.getOutputStream().flush(); log.debug("File sent. Invalidating session."); session.invalidate(); } catch (IOException e) { log.error("IO excepton while providing pdf document: " + e.getMessage(), e); } } else { log.error("Unable to find signed pdf (id=" + pdfId + ") in session (" + session.getId() + ")."); return; } } } public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } }