diff options
Diffstat (limited to 'pdf-as-web')
3 files changed, 41 insertions, 18 deletions
diff --git a/pdf-as-web/build.gradle b/pdf-as-web/build.gradle index 926d19fd..319aa7f8 100644 --- a/pdf-as-web/build.gradle +++ b/pdf-as-web/build.gradle @@ -57,7 +57,7 @@ dependencies { api project (':pdf-as-web-statistic-api') api project (':pdf-as-pdfbox-2') api group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5' - api group: 'commons-io', name: 'commons-io', version: '2.16.1' + api group: 'commons-io', name: 'commons-io', version: '2.21.0' api group: 'opensymphony', name: 'sitemesh', version: '2.4.2' api group: 'javax.xml.bind', name: 'jaxb-api', version: '2.3.1' api group: 'javax.xml.ws', name: 'jaxws-api', version: '2.3.1' @@ -65,16 +65,16 @@ dependencies { api "commons-codec:commons-codec:1.17.1" api 'org.apache.commons:commons-lang3:3.17.0' api group: 'org.apache.commons', name: 'commons-collections4', version: '4.4' - api 'org.apache.cxf:cxf-rt-transports-http:3.5.9' - api 'org.apache.cxf:cxf-rt-frontend-jaxws:3.5.9' + api 'org.apache.cxf:cxf-rt-transports-http:3.5.11' + api 'org.apache.cxf:cxf-rt-frontend-jaxws:3.5.11' api 'com.thetransactioncompany:cors-filter:2.10' api 'ch.qos.logback:logback-classic:1.2.13' api 'ch.qos.logback:logback-core:1.2.13' - api 'org.json:json:20240303' + api 'org.json:json:20251224' api group: 'javax.jws', name: 'javax.jws-api', version: '1.1' compileOnly 'javax.servlet:javax.servlet-api:3.0.1' - testImplementation 'org.springframework:spring-test:5.3.31' - testImplementation 'org.springframework:spring-web:5.3.31' + testImplementation 'org.springframework:spring-test:5.3.39' + testImplementation 'org.springframework:spring-web:5.3.39' } diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/exception/PdfAsSecurityLayerException.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/exception/PdfAsSecurityLayerException.java index 08577034..bc5a4d02 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/exception/PdfAsSecurityLayerException.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/exception/PdfAsSecurityLayerException.java @@ -33,5 +33,10 @@ public class PdfAsSecurityLayerException extends Exception { public PdfAsSecurityLayerException(String info, int errorcode) { super("SecurityLayer Error: [" + errorcode + "] " + info); } + + public PdfAsSecurityLayerException(String info, int errorcode, Exception e) { + super("SecurityLayer Error: [" + errorcode + "] " + info, e); + + } } diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java index 50c3b063..18e14c97 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java @@ -32,6 +32,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.bind.JAXBElement; +import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -78,41 +79,58 @@ public class DataURLServlet extends HttpServlet { } protected void process(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { + HttpServletResponse response) throws ServletException, IOException { + String xmlResponse = null; + try { if(!PdfAsHelper.checkDataUrlAccess(request)) { throw new Exception("No valid dataURL access"); + } PdfAsHelper.setFromDataUrl(request); - String xmlResponse = request.getParameter("XMLResponse"); + xmlResponse = request.getParameter("XMLResponse"); - //System.out.println(xmlResponse); + if (StringUtils.isEmpty(xmlResponse)) { + logger.error("SL response is null or empty"); + throw new PdfAsSecurityLayerException("SL response is null or empty", 9999); + + } JAXBElement<?> jaxbObject = (JAXBElement<?>) SLMarschaller.unmarshalFromString(xmlResponse); if(jaxbObject.getValue() instanceof InfoboxReadResponseType) { InfoboxReadResponseType infoboxReadResponseType = (InfoboxReadResponseType)jaxbObject.getValue(); logger.info("Got InfoboxReadResponseType"); PdfAsHelper.injectCertificate(request, response, PdfAsHelper.getCertificate(infoboxReadResponseType), getServletContext()); + } else if(jaxbObject.getValue() instanceof CreateCMSSignatureResponseType) { CreateCMSSignatureResponseType createCMSSignatureResponseType = (CreateCMSSignatureResponseType)jaxbObject.getValue(); logger.info("Got CreateCMSSignatureResponseType"); PdfAsHelper.injectSignature(request, response, createCMSSignatureResponseType.getCMSSignature(), getServletContext()); + } else if(jaxbObject.getValue() instanceof ErrorResponseType) { ErrorResponseType errorResponseType = (ErrorResponseType)jaxbObject.getValue(); logger.warn("SecurityLayer: " + errorResponseType.getErrorCode() + " " + errorResponseType.getInfo()); - throw new PdfAsSecurityLayerException(errorResponseType.getInfo(), - errorResponseType.getErrorCode()); + throw new PdfAsSecurityLayerException(errorResponseType.getInfo(), errorResponseType.getErrorCode()); + } else { logger.error("Unknown SL response {}", xmlResponse); - throw new PdfAsSecurityLayerException("Unknown SL response", - 9999); + throw new PdfAsSecurityLayerException("Unknown SL response", 9999); + } - } catch (Exception e) { - logger.warn("Error in DataURL Servlet. " , e); - PdfAsHelper.setSessionException(request, response, e.getMessage(), - e); + + } catch (PdfAsSecurityLayerException e) { + PdfAsHelper.setSessionException(request, response, e.getMessage(), e); + PdfAsHelper.gotoError(getServletContext(), request, response); + + } catch (Exception e) { + logger.debug("Receive XML response from VDA: {}", + StringUtils.isNotEmpty(xmlResponse) ? xmlResponse : " ...empty response..."); + logger.warn("General Error in DataURL Servlet. " , e); + + PdfAsHelper.setSessionException(request, response, e.getMessage(), + new PdfAsSecurityLayerException("Invalid SL response", 9999, e)); PdfAsHelper.gotoError(getServletContext(), request, response); + } } |