diff options
author | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2014-02-06 12:47:21 +0100 |
---|---|---|
committer | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2014-02-06 12:47:21 +0100 |
commit | 5ea41481c10aa43ab1df5e0b7ba0c18c3262c9eb (patch) | |
tree | f915ba3e7c132e47a57ae4ec74c872d32a1d3acc /pdf-as-web/src/main/java/at | |
parent | 8238b1a96ab240ac30525f2b254518cd052d2501 (diff) | |
download | pdf-as-4-5ea41481c10aa43ab1df5e0b7ba0c18c3262c9eb.tar.gz pdf-as-4-5ea41481c10aa43ab1df5e0b7ba0c18c3262c9eb.tar.bz2 pdf-as-4-5ea41481c10aa43ab1df5e0b7ba0c18c3262c9eb.zip |
Started verification implementation, HTTP Session cleanup
Diffstat (limited to 'pdf-as-web/src/main/java/at')
6 files changed, 359 insertions, 75 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java index bcda2263..d782c4dc 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java @@ -47,6 +47,7 @@ public class ExceptionCatchFilter implements Filter { if(request instanceof HttpServletRequest) { logger.debug("Processing Parameters into Attributes"); HttpServletRequest httpRequest = (HttpServletRequest)request; + PdfAsHelper.logAccess(httpRequest); Enumeration<String> parameterNames = httpRequest.getParameterNames(); while(parameterNames.hasMoreElements()) { String name = parameterNames.nextElement(); diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 12d7ffc5..13e8159f 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -18,24 +18,19 @@ import org.apache.commons.lang3.StringEscapeUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.lowagie.text.html.WebColors; - -import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.lib.api.ByteArrayDataSink; import at.gv.egiz.pdfas.lib.api.ByteArrayDataSource; import at.gv.egiz.pdfas.lib.api.Configuration; import at.gv.egiz.pdfas.lib.api.DataSink; import at.gv.egiz.pdfas.lib.api.PdfAs; import at.gv.egiz.pdfas.lib.api.PdfAsFactory; -import at.gv.egiz.pdfas.lib.api.SignaturePosition; import at.gv.egiz.pdfas.lib.api.StatusRequest; import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner; import at.gv.egiz.pdfas.lib.api.sign.SignParameter; import at.gv.egiz.pdfas.lib.api.sign.SignResult; -import at.gv.egiz.pdfas.lib.impl.PdfAsImpl; -import at.gv.egiz.pdfas.lib.impl.SignaturePositionImpl; +import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter; +import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; import at.gv.egiz.pdfas.sigs.pades.PAdESSigner; -import at.gv.egiz.pdfas.sigs.pades.PAdESSignerKeystore; import at.gv.egiz.pdfas.sigs.pkcs7detached.PKCS7DetachedSigner; import at.gv.egiz.pdfas.web.config.WebConfiguration; import at.gv.egiz.pdfas.web.exception.PdfAsWebException; @@ -69,6 +64,7 @@ public class PdfAsHelper { private static final String REQUEST_FROM_DU = "REQ_DATA_URL"; private static final String SIGNATURE_DATA_HASH = "SIGNATURE_DATA_HASH"; private static final String SIGNATURE_ACTIVE = "SIGNATURE_ACTIVE"; + private static final String VERIFICATION_RESULT = "VERIFICATION_RESULT"; private static final Logger logger = LoggerFactory .getLogger(PdfAsHelper.class); @@ -78,14 +74,14 @@ public class PdfAsHelper { static { logger.debug("Creating PDF-AS"); - pdfAs = PdfAsFactory.createPdfAs(new File(WebConfiguration.getPdfASDir())); + pdfAs = PdfAsFactory.createPdfAs(new File(WebConfiguration + .getPdfASDir())); logger.debug("Creating PDF-AS done"); } - + public static void init() { logger.debug("PDF-AS Helper initialized"); } - private static void validatePdfSize(HttpServletRequest request, HttpServletResponse response, byte[] pdfData) @@ -113,7 +109,7 @@ public class PdfAsHelper { } } } - + private static String buildPosString(HttpServletRequest request, HttpServletResponse response) throws PdfAsWebException { String posP = PdfAsParameterExtractor.getSigPosP(request); @@ -180,6 +176,38 @@ public class PdfAsHelper { return sb.toString(); } + public static List<VerifyResult> synchornousVerify( + HttpServletRequest request, HttpServletResponse response, + byte[] pdfData) throws Exception { + String signidxString = PdfAsParameterExtractor.getSigIdx(request); + int signIdx = -1; + if (signidxString != null) { + try { + signIdx = Integer.parseInt(signidxString); + } catch (Throwable e) { + logger.error("Failed to parse Signature Index: " + + signidxString); + } + } + + logger.error("Verifing Signature index: " + signIdx); + + Configuration config = pdfAs.getConfiguration(); + + ByteArrayDataSource dataSource = new ByteArrayDataSource(pdfData); + + VerifyParameter verifyParameter = PdfAsFactory.createVerifyParameter( + config, dataSource); + + verifyParameter.setDataSource(dataSource); + verifyParameter.setConfiguration(config); + verifyParameter.setWhichSignature(signIdx); + + List<VerifyResult> results = pdfAs.verify(verifyParameter); + + return results; + } + /** * Create synchronous PDF Signature * @@ -213,9 +241,11 @@ public class PdfAsHelper { if (connector.equals("moa")) { signer = new PAdESSigner(new MOAConnector(config)); } else { - signer = new PKCS7DetachedSigner(WebConfiguration.getKeystoreFile(), + signer = new PKCS7DetachedSigner( + WebConfiguration.getKeystoreFile(), WebConfiguration.getKeystoreAlias(), - WebConfiguration.getKeystorePass(), WebConfiguration.getKeystoreKeyPass(), + WebConfiguration.getKeystorePass(), + WebConfiguration.getKeystoreKeyPass(), WebConfiguration.getKeystoreType()); } @@ -240,17 +270,21 @@ public class PdfAsHelper { HttpServletResponse response, ServletContext context, byte[] pdfData) throws Exception { - // TODO: Protect session so that only one PDF can be signed during one session - /*if(PdfAsHelper.isSignatureActive(request)) { - throw new PdfAsException("Signature is active in this session"); - } - - PdfAsHelper.setSignatureActive(request, true);*/ - + // TODO: Protect session so that only one PDF can be signed during one + // session + /* + * if(PdfAsHelper.isSignatureActive(request)) { throw new + * PdfAsException("Signature is active in this session"); } + * + * PdfAsHelper.setSignatureActive(request, true); + */ + validatePdfSize(request, response, pdfData); HttpSession session = request.getSession(); + logger.info("Starting signature in session: " + session.getId()); + Configuration config = pdfAs.getConfiguration(); session.setAttribute(PDF_CONFIG, config); @@ -262,12 +296,14 @@ public class PdfAsHelper { String connector = PdfAsParameterExtractor.getConnector(request); IPlainSigner signer; - if (connector.equals("bku") || connector.equals("onlinebku") || connector.equals("mobilebku")) { + if (connector.equals("bku") || connector.equals("onlinebku") + || connector.equals("mobilebku")) { BKUSLConnector conn = new BKUSLConnector(config); signer = new PAdESSigner(conn); session.setAttribute(PDF_SL_CONNECTOR, conn); } else { - throw new PdfAsWebException("Invalid connector (bku | onlinebku | mobilebku | moa | jks)"); + throw new PdfAsWebException( + "Invalid connector (bku | onlinebku | mobilebku | moa | jks)"); } signParameter.setPlainSigner(signer); @@ -318,6 +354,10 @@ public class PdfAsHelper { StatusRequest statusRequest = (StatusRequest) session .getAttribute(PDF_STATUS); + if(statusRequest == null) { + throw new PdfAsWebException("No Signature running in session:" + session.getId()); + } + statusRequest.setCertificate(getCertificate(infoboxReadResponseType)); statusRequest = pdfAs.process(statusRequest); session.setAttribute(PDF_STATUS, statusRequest); @@ -336,6 +376,10 @@ public class PdfAsHelper { StatusRequest statusRequest = (StatusRequest) session .getAttribute(PDF_STATUS); + if(statusRequest == null) { + throw new PdfAsWebException("No Signature running in session:" + session.getId()); + } + statusRequest.setSigature(createCMSSignatureResponseType .getCMSSignature()); statusRequest = pdfAs.process(statusRequest); @@ -343,6 +387,11 @@ public class PdfAsHelper { PdfAsHelper.process(request, response, context); } + + public static void logAccess(HttpServletRequest request) { + HttpSession session = request.getSession(); + logger.debug("Access to " + request.getServletPath() + " in Session: " + session.getId()); + } public static void process(HttpServletRequest request, HttpServletResponse response, ServletContext context) @@ -356,7 +405,8 @@ public class PdfAsHelper { String connector = (String) session.getAttribute(PDF_SL_INTERACTIVE); - if (connector.equals("bku") || connector.equals("onlinebku") || connector.equals("mobilebku")) { + if (connector.equals("bku") || connector.equals("onlinebku") + || connector.equals("mobilebku")) { BKUSLConnector bkuSLConnector = (BKUSLConnector) session .getAttribute(PDF_SL_CONNECTOR); @@ -374,18 +424,14 @@ public class PdfAsHelper { JAXBElement<InfoboxReadRequestType> readRequest = of .createInfoboxReadRequest(readCertificateRequest); - String url = request.getContextPath() + "/DataURL;jsessionid=" - + session.getId(); - String fullurl = request.getScheme() + "://" - + request.getServerName() + ":" - + request.getServerPort() + url; + String url = generateDataURL(request, response); String slRequest = SLMarschaller.marshalToString(readRequest); String template = getTemplateSL(); template = template.replace("##BKU##", generateBKUURL(connector)); template = template.replace("##XMLRequest##", StringEscapeUtils.escapeHtml4(slRequest)); - template = template.replace("##DataURL##", fullurl); + template = template.replace("##DataURL##", url); response.getWriter().write(template); response.getWriter().close(); } else if (statusRequest.needSignature()) { @@ -431,28 +477,31 @@ public class PdfAsHelper { .toFile(PdfAsHelper.class.getResource("/template_sl.html"))); return xml; } - + public static String getErrorRedirectTemplateSL() throws IOException { String xml = FileUtils.readFileToString(FileUtils - .toFile(PdfAsHelper.class.getResource("/template_error_redirect.html"))); + .toFile(PdfAsHelper.class + .getResource("/template_error_redirect.html"))); return xml; } - + public static String getProvideTemplate() throws IOException { - String xml = FileUtils.readFileToString(FileUtils - .toFile(PdfAsHelper.class.getResource("/template_provide.html"))); + String xml = FileUtils + .readFileToString(FileUtils.toFile(PdfAsHelper.class + .getResource("/template_provide.html"))); return xml; } - + public static String getErrorTemplate() throws IOException { String xml = FileUtils.readFileToString(FileUtils .toFile(PdfAsHelper.class.getResource("/template_error.html"))); return xml; } - + public static String getInvokeRedirectTemplateSL() throws IOException { String xml = FileUtils.readFileToString(FileUtils - .toFile(PdfAsHelper.class.getResource("/template_invoke_redirect.html"))); + .toFile(PdfAsHelper.class + .getResource("/template_invoke_redirect.html"))); return xml; } @@ -542,7 +591,7 @@ public class PdfAsHelper { Object obj = session.getAttribute(PDF_ERR_URL); return obj == null ? null : obj.toString(); } - + public static void setInvokeURL(HttpServletRequest request, HttpServletResponse response, String url) { HttpSession session = request.getSession(); @@ -582,6 +631,11 @@ public class PdfAsHelper { return dataURL; } + public static void regenerateSession(HttpServletRequest request) { + request.getSession(false).invalidate(); + request.getSession(true); + } + public static String generateDataURL(HttpServletRequest request, HttpServletResponse response) { return generateURL(request, response, PDF_DATAURL_PAGE); @@ -591,7 +645,7 @@ public class PdfAsHelper { HttpServletResponse response) { return generateURL(request, response, PDF_PROVIDE_PAGE); } - + public static String generateErrorURL(HttpServletRequest request, HttpServletResponse response) { return generateURL(request, response, PDF_ERROR_PAGE); @@ -601,13 +655,13 @@ public class PdfAsHelper { HttpServletResponse response) { return generateURL(request, response, PDF_PDFDATA_PAGE); } - + public static String generateBKUURL(String connector) { - if(connector.equals("bku")) { + if (connector.equals("bku")) { return WebConfiguration.getLocalBKUURL(); - } else if(connector.equals("onlinebku")) { + } else if (connector.equals("onlinebku")) { return WebConfiguration.getOnlineBKUURL(); - } else if(connector.equals("mobilebku")) { + } else if (connector.equals("mobilebku")) { return WebConfiguration.getHandyBKUURL(); } return WebConfiguration.getLocalBKUURL(); @@ -626,8 +680,9 @@ public class PdfAsHelper { } return false; } - - public static void setSignatureDataHash(HttpServletRequest request, String value) { + + public static void setSignatureDataHash(HttpServletRequest request, + String value) { HttpSession session = request.getSession(); session.setAttribute(SIGNATURE_DATA_HASH, value); } @@ -640,7 +695,7 @@ public class PdfAsHelper { } return ""; } - + public static void setPDFFileName(HttpServletRequest request, String value) { HttpSession session = request.getSession(); session.setAttribute(PDF_FILE_NAME, value); @@ -654,13 +709,36 @@ public class PdfAsHelper { } return "document.pdf"; } - - public static void setSignatureActive(HttpServletRequest request, boolean value) { - request.setAttribute(SIGNATURE_ACTIVE, new Boolean(value)); + + public static void setVerificationResult(HttpServletRequest request, + List<VerifyResult> value) { + HttpSession session = request.getSession(); + session.setAttribute(VERIFICATION_RESULT, value); + } + + public static List<VerifyResult> getVerificationResult( + HttpServletRequest request) { + HttpSession session = request.getSession(); + Object obj = session.getAttribute(VERIFICATION_RESULT); + if (obj != null) { + try { + return (List<VerifyResult>) obj; + } catch (Throwable e) { + logger.error("Invalid object type"); + } + } + return null; + } + + public static void setSignatureActive(HttpServletRequest request, + boolean value) { + HttpSession session = request.getSession(); + session.setAttribute(SIGNATURE_ACTIVE, new Boolean(value)); } public static boolean isSignatureActive(HttpServletRequest request) { - Object obj = request.getAttribute(SIGNATURE_ACTIVE); + HttpSession session = request.getSession(); + Object obj = session.getAttribute(SIGNATURE_ACTIVE); if (obj != null) { if (obj instanceof Boolean) { return ((Boolean) obj).booleanValue(); diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java index 4d6ad1fe..b20a6656 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java @@ -18,6 +18,7 @@ public class PdfAsParameterExtractor { public static final String PARAM_SIG_POS_Y = "sig-pos-y"; public static final String PARAM_SIG_POS_X = "sig-pos-x"; public static final String PARAM_SIG_POS_W = "sig-pos-w"; + public static final String PARAM_SIG_IDX = "sig-idx"; public static String getConnector(HttpServletRequest request) { String connector = (String)request.getAttribute(PARAM_CONNECTOR); @@ -70,4 +71,8 @@ public class PdfAsParameterExtractor { public static String getSigPosW(HttpServletRequest request) { return (String)request.getAttribute(PARAM_SIG_POS_W); } + + public static String getSigIdx(HttpServletRequest request) { + return (String)request.getAttribute(PARAM_SIG_IDX); + } } diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java index 7847d840..dcb93fb1 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java @@ -58,26 +58,28 @@ public class DataURLServlet extends HttpServlet { PdfAsHelper.setFromDataUrl(request); String xmlResponse = request.getParameter("XMLResponse"); - System.out.println(xmlResponse); + //System.out.println(xmlResponse); JAXBElement jaxbObject = (JAXBElement) SLMarschaller.unmarshalFromString(xmlResponse); if(jaxbObject.getValue() instanceof InfoboxReadResponseType) { InfoboxReadResponseType infoboxReadResponseType = (InfoboxReadResponseType)jaxbObject.getValue(); + logger.info("Got InfoboxReadResponseType"); PdfAsHelper.injectCertificate(request, response, infoboxReadResponseType, getServletContext()); } else if(jaxbObject.getValue() instanceof CreateCMSSignatureResponseType) { CreateCMSSignatureResponseType createCMSSignatureResponseType = (CreateCMSSignatureResponseType)jaxbObject.getValue(); + logger.info("Got CreateCMSSignatureResponseType"); PdfAsHelper.injectSignature(request, response, createCMSSignatureResponseType, getServletContext()); } else if(jaxbObject.getValue() instanceof ErrorResponseType) { ErrorResponseType errorResponseType = (ErrorResponseType)jaxbObject.getValue(); logger.error("SecurityLayer: " + errorResponseType.getErrorCode() + " " + errorResponseType.getInfo()); throw new PdfAsSecurityLayerException(errorResponseType.getInfo(), errorResponseType.getErrorCode()); - } else { throw new PdfAsSecurityLayerException("Unknown SL response", 9999); } } catch (Exception e) { + logger.error("Error in DataURL Servlet. " , e); PdfAsHelper.setSessionException(request, response, e.getMessage(), e); PdfAsHelper.gotoError(getServletContext(), request, response); diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java index fe26f097..b2649a57 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java @@ -60,6 +60,8 @@ public class ExternSignServlet extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + //PdfAsHelper.regenerateSession(request); + System.out.println("Get signing request"); logger.info("Get signing request"); @@ -93,6 +95,8 @@ public class ExternSignServlet extends HttpServlet { protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + //PdfAsHelper.regenerateSession(request); + System.out.println("Post signing request"); logger.info("Post signing request"); diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/VerifyServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/VerifyServlet.java index 4418c30b..0dd96e78 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/VerifyServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/VerifyServlet.java @@ -1,5 +1,8 @@ package at.gv.egiz.pdfas.web.servlets; +import iaik.x509.X509Certificate; + +import java.io.File; import java.io.IOException; import java.util.List; @@ -8,53 +11,244 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.fileupload.FileItem; +import org.apache.commons.fileupload.disk.DiskFileItemFactory; +import org.apache.commons.fileupload.servlet.ServletFileUpload; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.lib.api.ByteArrayDataSource; import at.gv.egiz.pdfas.lib.api.Configuration; import at.gv.egiz.pdfas.lib.api.PdfAs; import at.gv.egiz.pdfas.lib.api.PdfAsFactory; import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter; import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; +import at.gv.egiz.pdfas.web.exception.PdfAsWebException; +import at.gv.egiz.pdfas.web.helper.PdfAsHelper; +import at.gv.egiz.pdfas.web.helper.PdfAsParameterExtractor; +import at.gv.egiz.pdfas.web.helper.RemotePDFFetcher; /** * Servlet implementation class VerifyServlet */ public class VerifyServlet extends HttpServlet { private static final long serialVersionUID = 1L; - - /** - * @see HttpServlet#HttpServlet() - */ - public VerifyServlet() { - super(); - } + + private static final Logger logger = LoggerFactory + .getLogger(ExternSignServlet.class); + + private static final String UPLOAD_PDF_DATA = "pdfFile"; + private static final String UPLOAD_DIRECTORY = "upload"; + private static final int THRESHOLD_SIZE = 1024 * 1024 * 3; // 3MB + private static final int MAX_FILE_SIZE = 1024 * 1024 * 40; // 40MB + private static final int MAX_REQUEST_SIZE = 1024 * 1024 * 50; // 50MB /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) + * @see HttpServlet#HttpServlet() */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - // TODO Auto-generated method stub + public VerifyServlet() { + super(); } /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - // TODO Auto-generated method stub + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + System.out.println("Get verify request"); + logger.info("Get verify request"); + + String errorUrl = PdfAsParameterExtractor.getInvokeErrorURL(request); + PdfAsHelper.setErrorURL(request, response, errorUrl); + try { + // Mandatory Parameters on Get Request: + String invokeUrl = PdfAsParameterExtractor.getInvokeURL(request); + PdfAsHelper.setInvokeURL(request, response, invokeUrl); + + String pdfUrl = PdfAsParameterExtractor.getPdfUrl(request); + + if (pdfUrl == null) { + throw new PdfAsWebException( + "No PDF URL given! Use POST request to sign without PDF URL."); + } + + byte[] pdfData = RemotePDFFetcher.fetchPdfFile(pdfUrl); + doVerify(request, response, pdfData); + } catch (Exception e) { + PdfAsHelper.setSessionException(request, response, e.getMessage(), + e); + PdfAsHelper.gotoError(getServletContext(), request, response); + } + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + System.out.println("Post signing request"); + logger.info("Post signing request"); + + String errorUrl = PdfAsParameterExtractor.getInvokeErrorURL(request); + PdfAsHelper.setErrorURL(request, response, errorUrl); + + try { + byte[] filecontent = null; + + // checks if the request actually contains upload file + if (!ServletFileUpload.isMultipartContent(request)) { + // No Uploaded data! + if (PdfAsParameterExtractor.getPdfUrl(request) != null) { + doGet(request, response); + return; + } else { + throw new PdfAsWebException("No Signature data defined!"); + } + } else { + // configures upload settings + DiskFileItemFactory factory = new DiskFileItemFactory(); + factory.setSizeThreshold(THRESHOLD_SIZE); + factory.setRepository(new File(System + .getProperty("java.io.tmpdir"))); + + ServletFileUpload upload = new ServletFileUpload(factory); + upload.setFileSizeMax(MAX_FILE_SIZE); + upload.setSizeMax(MAX_REQUEST_SIZE); + + // constructs the directory path to store upload file + String uploadPath = getServletContext().getRealPath("") + + File.separator + UPLOAD_DIRECTORY; + // creates the directory if it does not exist + File uploadDir = new File(uploadPath); + if (!uploadDir.exists()) { + uploadDir.mkdir(); + } + + List formItems = upload.parseRequest(request); + logger.debug(formItems.size() + " Items in form data"); + if (formItems.size() < 1) { + // No Uploaded data! + // Try do get + // No Uploaded data! + if (PdfAsParameterExtractor.getPdfUrl(request) != null) { + doGet(request, response); + return; + } else { + throw new PdfAsWebException( + "No Signature data defined!"); + } + } else { + for (int i = 0; i < formItems.size(); i++) { + Object obj = formItems.get(i); + if (obj instanceof FileItem) { + FileItem item = (FileItem) obj; + if (item.getFieldName().equals(UPLOAD_PDF_DATA)) { + filecontent = item.get(); + try { + File f = new File(item.getName()); + String name = f.getName(); + logger.debug("Got upload: " + + item.getName()); + if (name != null) { + if (!(name.endsWith(".pdf") || name + .endsWith(".PDF"))) { + name += ".pdf"; + } + + logger.debug("Setting Filename in session: " + + name); + PdfAsHelper.setPDFFileName(request, + name); + } + } catch (Throwable e) { + logger.error("In resolving filename", e); + } + if (filecontent.length < 10) { + filecontent = null; + } else { + logger.debug("Found pdf Data! Size: " + + filecontent.length); + } + } else { + request.setAttribute(item.getFieldName(), + item.getString()); + logger.debug("Setting " + item.getFieldName() + + " = " + item.getString()); + } + } else { + logger.debug(obj.getClass().getName() + " - " + + obj.toString()); + } + } + } + } + + if (filecontent == null) { + if (PdfAsParameterExtractor.getPdfUrl(request) != null) { + filecontent = RemotePDFFetcher + .fetchPdfFile(PdfAsParameterExtractor + .getPdfUrl(request)); + } + } + + if (filecontent == null) { + Object sourceObj = request.getAttribute("source"); + if (sourceObj != null) { + String source = sourceObj.toString(); + if (source.equals("internal")) { + request.setAttribute("FILEERR", true); + request.getRequestDispatcher("index.jsp").forward( + request, response); + return; + } + } + throw new PdfAsException("No Signature data available"); + } + + doVerify(request, response, filecontent); + } catch (Exception e) { + PdfAsHelper.setSessionException(request, response, e.getMessage(), + e); + PdfAsHelper.gotoError(getServletContext(), request, response); + } } - protected void doVerify(HttpServletRequest request, HttpServletResponse response, - byte[] pdfData, int whichSignature) { - PdfAs pdfAs = PdfAsFactory.createPdfAs(null); - Configuration conf = pdfAs.getConfiguration(); - VerifyParameter parameter = PdfAsFactory.createVerifyParameter(conf, new ByteArrayDataSource(pdfData)); - parameter.setWhichSignature(whichSignature); + protected void doVerify(HttpServletRequest request, + HttpServletResponse response, byte[] pdfData) throws Exception { + throw new Exception(""); - //List<VerifyResult> results = pdfAs.verify(parameter); + /*List<VerifyResult> results = PdfAsHelper.synchornousVerify(request, + response, pdfData); + + PdfAsHelper.setVerificationResult(request, results); // Create HTML Snippet for each Verification Result // Put these results into the web page - // Or create a JSON response with the verification results for automated processing - + // Or create a JSON response with the verification results for automated + // processing + for (int i = 0; i < results.size(); i++) { + VerifyResult result = results.get(i); + + if (result.isVerificationDone()) { + + int certCode = result.getCertificateCheck().getCode(); + String certMessage = result.getCertificateCheck().getMessage(); + + int valueCode = result.getValueCheckCode().getCode(); + String valueMessage = result.getValueCheckCode().getMessage(); + + Exception e = result.getVerificationException(); + + X509Certificate cert = result.getSignerCertificate(); + byte[] data = result.getSignatureData(); + + + } + }*/ } - + } |