Merge branch 'SL20_development' of gitlab.iaik.tugraz.at:egiz/pdf-as-4 into SL20_development

# Conflicts:
#	pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java
#	pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java

7 files changed, 79 insertions, 16 deletions

diff --git a/build.gradle b/build.gradle
index 7c4bf510..c3c2ae2d 100644
--- a/build.gradle
+++ b/build.gradle
@@ -16,7 +16,7 @@ task wrapper(type: Wrapper) {
 allprojects {
 	apply plugin: 'com.github.ben-manes.versions'
 	repositories {  mavenCentral()  }
-	version = '4.1.4-Snapshot'
+	version = '4.2.0-Snapshot'
 }
 
 configurations {
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java
index a82771bd..3088a564 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java
@@ -62,7 +62,9 @@ public class SL20Connector extends BaseSLConnector {
 			HttpResponse httpResp = httpClient.execute(httpReq);			
 			log.debug("Response from VDA received ");
 			
-			return SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp);
+			JsonObject sl20Resp = SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp);
+			log.trace("SL20 command: " + sl20Resp.toString());
+			return sl20Resp;
 						
 		} catch (URISyntaxException | IOException e) {
 			log.warn("Can NOT build SL20 http requst. Reason:" + e.getMessage(), e);
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20Constants.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20Constants.java
index 59c3079d..fdefa1d9 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20Constants.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20Constants.java
@@ -160,6 +160,8 @@ public class SL20Constants {
 	//createCAdES Signture
 	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID = "keyId";	
 	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT = "content";
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTURL = "contentUrl";
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE = "contentMode";	
 	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE = "mimeType";
 	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY = "padesComatibility";
 	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE = "excludedByteRange";
@@ -176,7 +178,8 @@ public class SL20Constants {
 	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_XL = "cAdES-X-L";
 	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_A = "cAdES-A";
 	
-	
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_DETACHED = "detached";
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_ENVELOPING = "enveloping";
 	
 	//create binding key command
 	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID = "kontoID";
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java
index efbc2890..7cbb7800 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java
@@ -2,13 +2,10 @@ package at.gv.egiz.sl20.utils;
 
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
-import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 
-import org.apache.commons.codec.binary.Base64;
-import org.bouncycastle.util.encoders.Base64Encoder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -182,14 +179,37 @@ public class SL20JSONBuilderUtils {
 	}
 		
 	public static JsonObject createCreateCAdESCommandParameters(String keyId,
-			String pdfUrl, String mimeType, boolean padesCompatiblem, List<String> byteRanges, String cadesLevel,
+			byte[] content, String contentUrl, String contentMode, String mimeType, boolean padesCompatiblem, List<JsonElement> byteRanges, String cadesLevel,			
 			String dataUrl, X509Certificate x5cEnc) throws CertificateEncodingException, SLCommandoBuildException {		
 		JsonObject params = new JsonObject();
 		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID, keyId, true);		
-		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT, pdfUrl, true);
+		
+		if (content != null && contentUrl != null) {
+			log.warn(SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT + " and " 
+					+ SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTURL + " can not SET TWICE");
+			throw new SLCommandoBuildException();
+			
+		}
+		
+		if (content != null)
+			addSingleByteElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT, content, true);
+		
+		else if (contentUrl != null )
+			addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTURL, contentUrl, true);
+		
+		else {
+			log.warn(SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT + " and " 
+					+ SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTURL + " is NULL");
+			throw new SLCommandoBuildException();
+			
+		}
+			
+		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE, contentMode, true);
 		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE, mimeType, true);		
 		addSingleBooleanElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY, padesCompatiblem, false);		
-		addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE, byteRanges);		
+		
+		//addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE, byteRanges);		
+		addArrayOfElements(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE, byteRanges);
 		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL, cadesLevel, false);		
 		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL, dataUrl, true);
 		addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_GETCERTIFICATE_X5CENC, x5cEnc, false);		
@@ -452,6 +472,18 @@ public class SL20JSONBuilderUtils {
 		}
 	}
 	
+	private static void addArrayOfElements(JsonObject parent, String keyId, List<JsonElement> values) throws SLCommandoBuildException {		
+		validateParentAndKey(parent, keyId);
+		if (values != null) {
+			JsonArray callReqParamsArray = new JsonArray();
+			parent.add(keyId, callReqParamsArray  );
+			for(JsonElement el : values)
+				callReqParamsArray.add(el);
+			
+		}
+		
+	}
+	
 	private static void addArrayOfStrings(JsonObject parent, String keyId, List<String> values) throws SLCommandoBuildException {
 		validateParentAndKey(parent, keyId);		
 		if (values != null) {
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
index bd904aae..4b69e5a8 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
@@ -60,6 +60,8 @@ import org.apache.http.entity.ContentType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.google.gson.JsonArray;
+import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 
 import at.gv.egiz.pdfas.api.ws.PDFASSignParameters;
@@ -67,6 +69,7 @@ import at.gv.egiz.pdfas.api.ws.PDFASSignParameters.Connector;
 import at.gv.egiz.pdfas.api.ws.PDFASSignResponse;
 import at.gv.egiz.pdfas.api.ws.PDFASVerificationResponse;
 import at.gv.egiz.pdfas.common.exceptions.PDFASError;
+import at.gv.egiz.pdfas.common.utils.PDFUtils;
 import at.gv.egiz.pdfas.lib.api.ByteArrayDataSource;
 import at.gv.egiz.pdfas.lib.api.Configuration;
 import at.gv.egiz.pdfas.lib.api.IConfigurationConstants;
@@ -1143,7 +1146,6 @@ public class PdfAsHelper {
 							command, signedCommand);
 										
 					//store requestId
-					
 					request.getSession(false).setAttribute(PDF_SESSION_PREFIX + SL20Constants.SL20_REQID, reqId);
 
 					//forward SL2.0 command
@@ -1192,9 +1194,24 @@ public class PdfAsHelper {
 				
 			} else if (slConnector instanceof SL20Connector) {				
 				//convert byte range
-				List<String> byteRanges = new ArrayList<String>();
-				for (int el : statusRequest.getSignatureDataByteRange())
-					byteRanges.add(String.valueOf(el));
+				
+				int[] exclude_range = PDFUtils.buildExcludeRange(statusRequest.getSignatureDataByteRange());
+				logger.info("Exclude Byte Range: " + exclude_range[0] + " " + exclude_range[1]);
+				
+				List<JsonElement> byteRanges = new ArrayList<JsonElement>();
+				if (statusRequest.getSignatureDataByteRange().length % 2 != 0) {
+					logger.warn("ByteRange is not a set of pairs. Something is maybe suspect");
+					
+				}
+				
+				for (int i=0; i<exclude_range.length/2; i++) {
+					JsonArray el = new JsonArray();
+					el.add(exclude_range[2*i]);
+					el.add(exclude_range[2*i + 1]);
+					byteRanges.add(el);
+										
+				}
+					
 				
 				java.security.cert.X509Certificate x5cEnc = null;
 				if (WebConfiguration.isSL20EncryptionEnabled() && joseTools != null)
@@ -1205,11 +1222,15 @@ public class PdfAsHelper {
 				if (pack.getRequestType().getPAdESFlag() != null)
 					padesCompatibel = pack.getRequestType().getPAdESFlag();
 				
+				byte[] data = PDFUtils.blackOutSignature(statusRequest.getSignatureData(), 
+						statusRequest.getSignatureDataByteRange());
+				
 				JsonObject createCAdESSigParams = 
 						SL20JSONBuilderUtils.createCreateCAdESCommandParameters(
 								pack.getRequestType().getKeyboxIdentifier(), 
 								//statusRequest.getSignatureData(),
 								generateNSPdfURL(request,response),
+								SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_DETACHED,
 								pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), 
 								padesCompatibel , 
 								byteRanges, 
@@ -1226,7 +1247,7 @@ public class PdfAsHelper {
 					
 				} else {
 					JsonObject getCertCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES, createCAdESSigParams);
-					sl20CreateCAdES = SL20JSONBuilderUtils.createGenericRequest(UUID.randomUUID().toString(), null, getCertCommand, null);
+					sl20CreateCAdES = SL20JSONBuilderUtils.createGenericRequest(reqId, null, getCertCommand, null);
 					
 				}	
 				
@@ -1791,6 +1812,8 @@ public class PdfAsHelper {
 				redirectTwoCommand, 
 				null); 
 		
+		logger.trace("SL2.0 command: " + respContainer.toString());
+		
 		//workaround for A-Trust
 		if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && 
 				request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java
index 7ddf0a55..31f5a2ef 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java
@@ -93,7 +93,7 @@ public class SLDataURLServlet extends HttpServlet {
 				
 			}
 
-			logger.trace("Received SL2.0 result: " + sl20Result);		
+			logger.trace("Received SL2.0 command: " + sl20Result);		
 			
 			//parse SL2.0 command/result into JSON				
 			try {
@@ -144,6 +144,8 @@ public class SLDataURLServlet extends HttpServlet {
 			//extract payloaf
 			JsonObject payLoad = payLoadContainer.getPayload();
 			
+			logger.trace("SL2.0 payLoad on DataURL: " + payLoad.toString());
+			
 			//check response type
 			if (SL20JSONExtractorUtils.getStringValue(
 					payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true)
@@ -175,7 +177,7 @@ public class SLDataURLServlet extends HttpServlet {
 												
 					List<X509Certificate> sortedCerts = X509Utils.sortCertificates(certs);
 					logger.debug("Sorting of certificate completed. Select end-user certificate ... ");
-					PdfAsHelper.injectCertificate(request, response, Base64.getDecoder().decode(sortedCerts.get(0).getEncoded()), getServletContext());
+					PdfAsHelper.injectCertificate(request, response, sortedCerts.get(0).getEncoded(), getServletContext());
 					
 				}
 				
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java
index f5d6ff55..e43ebfcf 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java
@@ -21,6 +21,7 @@ public class SL20HttpBindingUtils {
 	
 	public static void writeIntoResponse(HttpServletRequest request, HttpServletResponse response, JsonObject sl20Forward, String redirectURL) throws IOException, URISyntaxException {
 		//forward SL2.0 command
+		log.trace("SL20 command: " + sl20Forward.toString());
 		if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && 
 				request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {
 			log.debug("Client request containts 'native client' header ... ");