aboutsummaryrefslogtreecommitdiff
path: root/pdf-as-web
diff options
context:
space:
mode:
Diffstat (limited to 'pdf-as-web')
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java4
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/DigestHelper.java27
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java43
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java12
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java1
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java14
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java24
7 files changed, 103 insertions, 22 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java
index 3c6a7f21..6609e51d 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java
@@ -108,4 +108,8 @@ public class WebConfiguration {
return false;
}
+ public static boolean isProvidePdfURLinWhitelist(String url) {
+ //TODO implement whitelisting for pdfURLS
+ return false;
+ }
}
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/DigestHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/DigestHelper.java
new file mode 100644
index 00000000..af002da4
--- /dev/null
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/DigestHelper.java
@@ -0,0 +1,27 @@
+package at.gv.egiz.pdfas.web.helper;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import org.apache.commons.codec.binary.Hex;
+
+public class DigestHelper {
+
+ public static final String SHA1 = "SHA-1";
+ public static final String SHA224 = "SHA-224";
+ public static final String SHA256 = "SHA-256";
+ public static final String SHA384 = "SHA-384";
+ public static final String SHA512 = "SHA-512";
+
+ public static String DefaulAlgorithm = SHA256;
+
+ public static String getHexEncodedHash(byte[] data) throws NoSuchAlgorithmException {
+ return getHexEncodedHash(data, DefaulAlgorithm);
+ }
+
+ public static String getHexEncodedHash(byte[] data, String algorithm) throws NoSuchAlgorithmException {
+ MessageDigest md = MessageDigest.getInstance(algorithm);
+ byte[] hash = md.digest(data);
+ return Hex.encodeHexString(hash);
+ }
+}
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
index e61a113a..2f62269b 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
@@ -20,6 +20,7 @@ import org.slf4j.LoggerFactory;
import com.lowagie.text.html.WebColors;
+import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.lib.api.ByteArrayDataSink;
import at.gv.egiz.pdfas.lib.api.ByteArrayDataSource;
import at.gv.egiz.pdfas.lib.api.Configuration;
@@ -65,6 +66,8 @@ public class PdfAsHelper {
private static final String PDF_ERR_URL = "PDF_ERR_URL";
private static final String PDF_INVOKE_URL = "PDF_INVOKE_URL";
private static final String REQUEST_FROM_DU = "REQ_DATA_URL";
+ private static final String SIGNATURE_DATA_HASH = "SIGNATURE_DATA_HASH";
+ private static final String SIGNATURE_ACTIVE = "SIGNATURE_ACTIVE";
private static final Logger logger = LoggerFactory
.getLogger(PdfAsHelper.class);
@@ -110,7 +113,7 @@ public class PdfAsHelper {
}
}
}
-
+
private static String buildPosString(HttpServletRequest request,
HttpServletResponse response) throws PdfAsWebException {
String posP = PdfAsParameterExtractor.getSigPosP(request);
@@ -177,11 +180,6 @@ public class PdfAsHelper {
return sb.toString();
}
- public static void doSignature(HttpServletRequest request,
- HttpServletResponse response, byte[] pdfData) throws Exception {
-
- }
-
/**
* Create synchronous PDF Signature
*
@@ -242,6 +240,13 @@ public class PdfAsHelper {
HttpServletResponse response, ServletContext context, byte[] pdfData)
throws Exception {
+ // TODO: Protect session so that only one PDF can be signed during one session
+ /*if(PdfAsHelper.isSignatureActive(request)) {
+ throw new PdfAsException("Signature is active in this session");
+ }
+
+ PdfAsHelper.setSignatureActive(request, true);*/
+
validatePdfSize(request, response, pdfData);
HttpSession session = request.getSession();
@@ -609,4 +614,30 @@ public class PdfAsHelper {
}
return false;
}
+
+ public static void setSignatureDataHash(HttpServletRequest request, String value) {
+ request.setAttribute(SIGNATURE_DATA_HASH, value);
+ }
+
+ public static String getSignatureDataHash(HttpServletRequest request) {
+ Object obj = request.getAttribute(SIGNATURE_DATA_HASH);
+ if (obj != null) {
+ return obj.toString();
+ }
+ return "";
+ }
+
+ public static void setSignatureActive(HttpServletRequest request, boolean value) {
+ request.setAttribute(SIGNATURE_ACTIVE, new Boolean(value));
+ }
+
+ public static boolean isSignatureActive(HttpServletRequest request) {
+ Object obj = request.getAttribute(SIGNATURE_ACTIVE);
+ if (obj != null) {
+ if (obj instanceof Boolean) {
+ return ((Boolean) obj).booleanValue();
+ }
+ }
+ return false;
+ }
}
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java
index 5a79bb4a..4d6ad1fe 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java
@@ -70,16 +70,4 @@ public class PdfAsParameterExtractor {
public static String getSigPosW(HttpServletRequest request) {
return (String)request.getAttribute(PARAM_SIG_POS_W);
}
-
- // legacy Parameter
- public static final String PARAM_PDF_ID = "pdf-id";
- public static final String PARAM_SESSION_ID = "session-id";
-
- public static String getPdfId(HttpServletRequest request) {
- return (String)request.getAttribute(PARAM_PDF_ID);
- }
-
- public static String getSessionId(HttpServletRequest request) {
- return (String)request.getAttribute(PARAM_SESSION_ID);
- }
}
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java
index 7c90dbc8..9532e074 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java
@@ -17,6 +17,7 @@ public class RemotePDFFetcher {
throw new PdfAsWebException("Not a valid URL!", e);
}
if(url.getProtocol().equals("http") || url.getProtocol().equals("https")) {
+
try {
InputStream is = url.openStream();
return StreamUtils.inputStreamToByteArray(is);
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
index c96225bd..3a6bc971 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
@@ -2,7 +2,6 @@ package at.gv.egiz.pdfas.web.servlets;
import java.io.File;
import java.io.IOException;
-import java.io.PrintWriter;
import java.util.List;
import javax.servlet.ServletException;
@@ -18,14 +17,12 @@ import org.slf4j.LoggerFactory;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner;
-import at.gv.egiz.pdfas.sigs.pades.PAdESSigner;
import at.gv.egiz.pdfas.web.config.WebConfiguration;
import at.gv.egiz.pdfas.web.exception.PdfAsWebException;
+import at.gv.egiz.pdfas.web.helper.DigestHelper;
import at.gv.egiz.pdfas.web.helper.PdfAsHelper;
import at.gv.egiz.pdfas.web.helper.PdfAsParameterExtractor;
import at.gv.egiz.pdfas.web.helper.RemotePDFFetcher;
-import at.gv.egiz.sl.util.BKUSLConnector;
-import at.gv.egiz.sl.util.MOAConnector;
/**
* Servlet implementation class Sign
@@ -209,6 +206,15 @@ public class ExternSignServlet extends HttpServlet {
String errorUrl = PdfAsParameterExtractor.getInvokeErrorURL(request);
PdfAsHelper.setErrorURL(request, response, errorUrl);
+ if(pdfData == null) {
+ throw new PdfAsException("No Signature data available");
+ }
+
+ String pdfDataHash = DigestHelper.getHexEncodedHash(pdfData);
+
+ PdfAsHelper.setSignatureDataHash(request, pdfDataHash);
+ logger.debug("Storing signatures data hash: " + pdfDataHash);
+
logger.debug("Starting signature creation with: " + connector);
IPlainSigner signer;
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java
index 6ce0e1c9..9bf66fe9 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java
@@ -8,14 +8,23 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import at.gv.egiz.pdfas.web.helper.PdfAsHelper;
/**
* Servlet implementation class PDFData
*/
public class PDFData extends HttpServlet {
+
private static final long serialVersionUID = 1L;
+ private static final Logger logger = LoggerFactory
+ .getLogger(PDFData.class);
+
+ private static String ORIGINAL_DIGEST = "origdigest";
+
/**
* @see HttpServlet#HttpServlet()
*/
@@ -45,7 +54,22 @@ public class PDFData extends HttpServlet {
HttpServletResponse response) throws ServletException, IOException {
byte[] signedData = PdfAsHelper.getSignedPdf(request, response);
+ String plainPDFDigest = request.getParameter(ORIGINAL_DIGEST);
+
if (signedData != null) {
+ if(plainPDFDigest != null) {
+ String signatureDataHash = PdfAsHelper.getSignatureDataHash(request);
+ if(!plainPDFDigest.equalsIgnoreCase(signatureDataHash)) {
+ logger.error("Digest Hash mismatch!");
+ logger.error("Requested digest: " + plainPDFDigest);
+ logger.error("Saved digest: " + signatureDataHash);
+
+ PdfAsHelper.setSessionException(request, response,
+ "Signature Data digest do not match!", null);
+ PdfAsHelper.gotoError(getServletContext(), request, response);
+ return;
+ }
+ }
response.setContentType("application/pdf");
OutputStream os = response.getOutputStream();
os.write(signedData);