1 files changed, 24 insertions, 0 deletions

diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java
index 6ce0e1c9..9bf66fe9 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java
@@ -8,14 +8,23 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import at.gv.egiz.pdfas.web.helper.PdfAsHelper;
 
 /**
  * Servlet implementation class PDFData
  */
 public class PDFData extends HttpServlet {
+	
 	private static final long serialVersionUID = 1L;
 
+	private static final Logger logger = LoggerFactory
+			.getLogger(PDFData.class);
+	
+	private static String ORIGINAL_DIGEST = "origdigest";
+	
 	/**
 	 * @see HttpServlet#HttpServlet()
 	 */
@@ -45,7 +54,22 @@ public class PDFData extends HttpServlet {
 			HttpServletResponse response) throws ServletException, IOException {
 		byte[] signedData = PdfAsHelper.getSignedPdf(request, response);
 
+		String plainPDFDigest = request.getParameter(ORIGINAL_DIGEST);
+		
 		if (signedData != null) {
+			if(plainPDFDigest != null) {
+				String signatureDataHash = PdfAsHelper.getSignatureDataHash(request);
+				if(!plainPDFDigest.equalsIgnoreCase(signatureDataHash)) {
+					logger.error("Digest Hash mismatch!");
+					logger.error("Requested digest: " + plainPDFDigest);
+					logger.error("Saved     digest: " + signatureDataHash);
+					
+					PdfAsHelper.setSessionException(request, response,
+							"Signature Data digest do not match!", null);
+					PdfAsHelper.gotoError(getServletContext(), request, response);
+					return;
+				}
+			}
 			response.setContentType("application/pdf");
 			OutputStream os = response.getOutputStream();
 			os.write(signedData);