From 01b1abedb9f5beb97df777605412d84a5bb63d7d Mon Sep 17 00:00:00 2001
From: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>
Date: Fri, 23 Jan 2015 11:01:20 +0100
Subject: extended PDF-AS-WEB to support multiple Software Keystores

---
 .../gv/egiz/pdfas/api/ws/PDFASSignParameters.java  |   9 ++
 .../gv/egiz/pdfas/web/config/WebConfiguration.java |  76 +++++++++----
 .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java   | 120 +++++++++++++++++----
 .../pdfas/web/helper/PdfAsParameterExtractor.java  |   6 ++
 .../egiz/pdfas/web/servlets/ExternSignServlet.java |  19 +++-
 5 files changed, 187 insertions(+), 43 deletions(-)

diff --git a/pdf-as-common/src/main/java/at/gv/egiz/pdfas/api/ws/PDFASSignParameters.java b/pdf-as-common/src/main/java/at/gv/egiz/pdfas/api/ws/PDFASSignParameters.java
index c6f3993e..5fa5c3ee 100644
--- a/pdf-as-common/src/main/java/at/gv/egiz/pdfas/api/ws/PDFASSignParameters.java
+++ b/pdf-as-common/src/main/java/at/gv/egiz/pdfas/api/ws/PDFASSignParameters.java
@@ -77,6 +77,7 @@ public class PDFASSignParameters implements Serializable {
 	String invokeTarget;
 	String invokeErrorUrl;
 	String transactionId;
+	String keyIdentifier;
 	String profile;
 	PDFASPropertyMap preprocessor;
 	
@@ -136,6 +137,14 @@ public class PDFASSignParameters implements Serializable {
 	public void setTransactionId(String transactionId) {
 		this.transactionId = transactionId;
 	}
+	
+	@XmlElement(required = false, nillable = true, name="keyIdentifier")
+	public String getKeyIdentifier() {
+		return keyIdentifier;
+	}
+	public void setKeyIdentifier(String keyIdentifier) {
+		this.keyIdentifier = keyIdentifier;
+	}
 
 	@XmlElement(required = false, nillable = true, name="preprocessorArguments")
 	public PDFASPropertyMap getPreprocessor() {
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java
index c16eec27..46430724 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java
@@ -54,12 +54,22 @@ public class WebConfiguration implements IConfigurationConstants {
 	public static final String RELOAD_PASSWORD = "reload.pwd";
 	public static final String RELOAD_ENABLED = "reload.enabled";
 
-	public static final String KEYSTORE_ENABLED = "ks.enabled";
-	public static final String KEYSTORE_FILE = "ks.file";
-	public static final String KEYSTORE_TYPE = "ks.type";
-	public static final String KEYSTORE_PASS = "ks.pass";
-	public static final String KEYSTORE_ALIAS = "ks.key.alias";
-	public static final String KEYSTORE_KEY_PASS = "ks.key.pass";
+	public static final String KEYSTORE_LIST = "ksl";
+	public static final String KEYSTORE_DEFAULT = "ks";
+	
+	public static final String KEYSTORE_ENABLED = "enabled";
+	public static final String KEYSTORE_FILE = "file";
+	public static final String KEYSTORE_TYPE = "type";
+	public static final String KEYSTORE_PASS = "pass";
+	public static final String KEYSTORE_ALIAS = "key.alias";
+	public static final String KEYSTORE_KEY_PASS = "key.pass";
+	
+	public static final String KEYSTORE_DEFAULT_ENABLED = KEYSTORE_DEFAULT + "." + KEYSTORE_ENABLED;
+	public static final String KEYSTORE_DEFAULT_FILE = KEYSTORE_DEFAULT + "." + KEYSTORE_FILE;
+	public static final String KEYSTORE_DEFAULT_TYPE = KEYSTORE_DEFAULT + "." + KEYSTORE_TYPE;
+	public static final String KEYSTORE_DEFAULT_PASS = KEYSTORE_DEFAULT + "." + KEYSTORE_PASS;
+	public static final String KEYSTORE_DEFAULT_ALIAS = KEYSTORE_DEFAULT + "." + KEYSTORE_ALIAS;
+	public static final String KEYSTORE_DEFAULT_KEY_PASS = KEYSTORE_DEFAULT + "." + KEYSTORE_KEY_PASS;
 
 	public static final String WHITELIST_ENABLED = "whitelist.enabled";
 	public static final String WHITELIST_VALUE_PRE = "whitelist.url.";
@@ -202,24 +212,44 @@ public class WebConfiguration implements IConfigurationConstants {
 		return properties.getProperty(PDF_AS_WORK_DIR);
 	}
 
-	public static String getKeystoreFile() {
-		return properties.getProperty(KEYSTORE_FILE);
+	public static String getKeystoreDefaultFile() {
+		return properties.getProperty(KEYSTORE_DEFAULT_FILE);
+	}
+
+	public static String getKeystoreDefaultType() {
+		return properties.getProperty(KEYSTORE_DEFAULT_TYPE);
+	}
+
+	public static String getKeystoreDefaultPass() {
+		return properties.getProperty(KEYSTORE_DEFAULT_PASS);
+	}
+
+	public static String getKeystoreDefaultAlias() {
+		return properties.getProperty(KEYSTORE_DEFAULT_ALIAS);
+	}
+
+	public static String getKeystoreDefaultKeyPass() {
+		return properties.getProperty(KEYSTORE_DEFAULT_KEY_PASS);
+	}
+	
+	public static String getKeystoreFile(String keyIdentifier) {
+		return properties.getProperty(KEYSTORE_LIST + "." + keyIdentifier + "." + KEYSTORE_FILE);
 	}
 
-	public static String getKeystoreType() {
-		return properties.getProperty(KEYSTORE_TYPE);
+	public static String getKeystoreType(String keyIdentifier) {
+		return properties.getProperty(KEYSTORE_LIST + "." + keyIdentifier + "." + KEYSTORE_TYPE);
 	}
 
-	public static String getKeystorePass() {
-		return properties.getProperty(KEYSTORE_PASS);
+	public static String getKeystorePass(String keyIdentifier) {
+		return properties.getProperty(KEYSTORE_LIST + "." + keyIdentifier + "." + KEYSTORE_PASS);
 	}
 
-	public static String getKeystoreAlias() {
-		return properties.getProperty(KEYSTORE_ALIAS);
+	public static String getKeystoreAlias(String keyIdentifier) {
+		return properties.getProperty(KEYSTORE_LIST + "." + keyIdentifier + "." + KEYSTORE_ALIAS);
 	}
 
-	public static String getKeystoreKeyPass() {
-		return properties.getProperty(KEYSTORE_KEY_PASS);
+	public static String getKeystoreKeyPass(String keyIdentifier) {
+		return properties.getProperty(KEYSTORE_LIST + "." + keyIdentifier + "." + KEYSTORE_KEY_PASS);
 	}
 
 	public static boolean getMOASSEnabled() {
@@ -232,8 +262,18 @@ public class WebConfiguration implements IConfigurationConstants {
 		return false;
 	}
 
-	public static boolean getKeystoreEnabled() {
-		String value = properties.getProperty(KEYSTORE_ENABLED);
+	public static boolean getKeystoreDefaultEnabled() {
+		String value = properties.getProperty(KEYSTORE_DEFAULT_ENABLED);
+		if (value != null) {
+			if (value.equals("true")) {
+				return true;
+			}
+		}
+		return false;
+	}
+	
+	public static boolean getKeystoreEnabled(String keyIdentifier) {
+		String value = properties.getProperty(KEYSTORE_LIST + "." + keyIdentifier + "." + KEYSTORE_ENABLED);
 		if (value != null) {
 			if (value.equals("true")) {
 				return true;
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
index 7f900b0f..93faf99a 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
@@ -222,9 +222,9 @@ public class PdfAsHelper {
 				Float.parseFloat(posW);
 			} catch (NumberFormatException e) {
 				if (!posW.equalsIgnoreCase("auto")) {
-				throw new PdfAsWebException(
-						PdfAsParameterExtractor.PARAM_SIG_POS_W
-								+ " has invalid value!", e);
+					throw new PdfAsWebException(
+							PdfAsParameterExtractor.PARAM_SIG_POS_W
+									+ " has invalid value!", e);
 				} else {
 					sb.append("w:auto;");
 				}
@@ -255,8 +255,8 @@ public class PdfAsHelper {
 			} catch (NumberFormatException e) {
 				if (!posR.equalsIgnoreCase("auto")) {
 					throw new PdfAsWebException(
-						PdfAsParameterExtractor.PARAM_SIG_POS_R
-								+ " has invalid value!", e);
+							PdfAsParameterExtractor.PARAM_SIG_POS_R
+									+ " has invalid value!", e);
 				}
 			}
 			sb.append("r:" + posR.trim() + ";");
@@ -270,8 +270,8 @@ public class PdfAsHelper {
 			} catch (NumberFormatException e) {
 				if (!posF.equalsIgnoreCase("auto")) {
 					throw new PdfAsWebException(
-						PdfAsParameterExtractor.PARAM_SIG_POS_F
-								+ " has invalid value!", e);
+							PdfAsParameterExtractor.PARAM_SIG_POS_F
+									+ " has invalid value!", e);
 				} else {
 					sb.append("f:0;");
 				}
@@ -293,8 +293,7 @@ public class PdfAsHelper {
 			try {
 				signIdx = Integer.parseInt(signidxString);
 			} catch (Throwable e) {
-				logger.warn("Failed to parse Signature Index: "
-						+ signidxString);
+				logger.warn("Failed to parse Signature Index: " + signidxString);
 			}
 		}
 
@@ -374,12 +373,51 @@ public class PdfAsHelper {
 		if (connector.equals("moa")) {
 			signer = new PAdESSigner(new MOAConnector(config));
 		} else if (connector.equals("jks")) {
-			signer = new PAdESSignerKeystore(
-					WebConfiguration.getKeystoreFile(),
-					WebConfiguration.getKeystoreAlias(),
-					WebConfiguration.getKeystorePass(),
-					WebConfiguration.getKeystoreKeyPass(),
-					WebConfiguration.getKeystoreType());
+			
+			String keyIdentifier = PdfAsParameterExtractor.getKeyIdentifier(request);
+
+			boolean ksEnabled = false;
+			String ksFile = null;
+			String ksAlias = null;
+			String ksPass = null;
+			String ksKeyPass = null;
+			String ksType = null;
+
+			if (keyIdentifier != null) {
+				ksEnabled = WebConfiguration.getKeystoreEnabled(keyIdentifier);
+				ksFile = WebConfiguration.getKeystoreFile(keyIdentifier);
+				ksAlias = WebConfiguration.getKeystoreAlias(keyIdentifier);
+				ksPass = WebConfiguration.getKeystorePass(keyIdentifier);
+				ksKeyPass = WebConfiguration.getKeystoreKeyPass(keyIdentifier);
+				ksType = WebConfiguration.getKeystoreType(keyIdentifier);
+			} else {
+				ksEnabled = WebConfiguration.getKeystoreDefaultEnabled();
+				ksFile = WebConfiguration.getKeystoreDefaultFile();
+				ksAlias = WebConfiguration.getKeystoreDefaultAlias();
+				ksPass = WebConfiguration.getKeystoreDefaultPass();
+				ksKeyPass = WebConfiguration.getKeystoreDefaultKeyPass();
+				ksType = WebConfiguration.getKeystoreDefaultType();
+			}
+
+			if (!ksEnabled) {
+				if(keyIdentifier != null) {
+					throw new PdfAsWebException("JKS connector [" + keyIdentifier + "] disabled or not existing.");
+				} else {
+					throw new PdfAsWebException("DEFAULT JKS connector disabled.");
+				}
+			}
+
+			if (ksFile == null || ksAlias == null || ksPass == null
+					|| ksKeyPass == null || ksType == null) {
+				if(keyIdentifier != null) {
+					throw new PdfAsWebException("JKS connector [" + keyIdentifier + "] not correctly configured.");
+				} else {
+					throw new PdfAsWebException("DEFAULT JKS connector not correctly configured.");
+				}
+			}
+
+			signer = new PAdESSignerKeystore(ksFile, ksAlias, ksPass,
+					ksKeyPass, ksType);
 		} else {
 			throw new PdfAsWebException("Invalid connector (moa | jks)");
 		}
@@ -427,17 +465,53 @@ public class PdfAsHelper {
 			if (!WebConfiguration.getMOASSEnabled()) {
 				throw new PdfAsWebException("MOA connector disabled.");
 			}
+
 			signer = new PAdESSigner(new MOAConnector(config));
 		} else if (params.getConnector().equals(Connector.JKS)) {
-			if (!WebConfiguration.getKeystoreEnabled()) {
-				throw new PdfAsWebException("JKS connector disabled.");
+			String keyIdentifier = params.getKeyIdentifier();
+
+			boolean ksEnabled = false;
+			String ksFile = null;
+			String ksAlias = null;
+			String ksPass = null;
+			String ksKeyPass = null;
+			String ksType = null;
+
+			if (keyIdentifier != null) {
+				ksEnabled = WebConfiguration.getKeystoreEnabled(keyIdentifier);
+				ksFile = WebConfiguration.getKeystoreFile(keyIdentifier);
+				ksAlias = WebConfiguration.getKeystoreAlias(keyIdentifier);
+				ksPass = WebConfiguration.getKeystorePass(keyIdentifier);
+				ksKeyPass = WebConfiguration.getKeystoreKeyPass(keyIdentifier);
+				ksType = WebConfiguration.getKeystoreType(keyIdentifier);
+			} else {
+				ksEnabled = WebConfiguration.getKeystoreDefaultEnabled();
+				ksFile = WebConfiguration.getKeystoreDefaultFile();
+				ksAlias = WebConfiguration.getKeystoreDefaultAlias();
+				ksPass = WebConfiguration.getKeystoreDefaultPass();
+				ksKeyPass = WebConfiguration.getKeystoreDefaultKeyPass();
+				ksType = WebConfiguration.getKeystoreDefaultType();
 			}
-			signer = new PAdESSignerKeystore(
-					WebConfiguration.getKeystoreFile(),
-					WebConfiguration.getKeystoreAlias(),
-					WebConfiguration.getKeystorePass(),
-					WebConfiguration.getKeystoreKeyPass(),
-					WebConfiguration.getKeystoreType());
+
+			if (!ksEnabled) {
+				if(keyIdentifier != null) {
+					throw new PdfAsWebException("JKS connector [" + keyIdentifier + "] disabled or not existing.");
+				} else {
+					throw new PdfAsWebException("DEFAULT JKS connector disabled.");
+				}
+			}
+
+			if (ksFile == null || ksAlias == null || ksPass == null
+					|| ksKeyPass == null || ksType == null) {
+				if(keyIdentifier != null) {
+					throw new PdfAsWebException("JKS connector [" + keyIdentifier + "] not correctly configured.");
+				} else {
+					throw new PdfAsWebException("DEFAULT JKS connector not correctly configured.");
+				}
+			}
+
+			signer = new PAdESSignerKeystore(ksFile, ksAlias, ksPass,
+					ksKeyPass, ksType);
 		} else {
 			throw new PdfAsWebException("Invalid connector (moa | jks)");
 		}
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java
index 5981b99b..1737a2d1 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java
@@ -40,6 +40,7 @@ public class PdfAsParameterExtractor {
 	public static final String PARAM_FORMAT = "format";
 	public static final String PARAM_HTML = "html";
 	public static final String PARAM_JSON = "json";
+	public static final String PARAM_KEYIDENTIFIER = "keyId";
 	
 	public static final String[] AVAILABLE_FORMATS = new String[] {
 		PARAM_HTML, PARAM_JSON
@@ -82,6 +83,11 @@ public class PdfAsParameterExtractor {
 		return transactionId;
 	}
 	
+	public static String getKeyIdentifier(HttpServletRequest request) {
+		String keyIdentifier = (String)request.getAttribute(PARAM_KEYIDENTIFIER);
+		return keyIdentifier;
+	}
+	
 	public static String getFilename(HttpServletRequest request) {
 		String filename = (String)request.getAttribute(PARAM_FILENAME);
 		return filename;
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
index 0982c98c..120b9811 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
@@ -308,8 +308,23 @@ public class ExternSignServlet extends HttpServlet {
 			// start synchronous siganture creation
 			
 			if(connector.equals("jks")) {
-				if(!WebConfiguration.getKeystoreEnabled()) {
-					throw new PdfAsWebException("Invalid connector jks is not supported");
+				
+				String keyIdentifier = PdfAsParameterExtractor.getKeyIdentifier(request);
+
+				boolean ksEnabled = false;
+
+				if (keyIdentifier != null) {
+					ksEnabled = WebConfiguration.getKeystoreEnabled(keyIdentifier);
+				} else {
+					ksEnabled = WebConfiguration.getKeystoreDefaultEnabled();
+				}
+
+				if (!ksEnabled) {
+					if(keyIdentifier != null) {
+						throw new PdfAsWebException("JKS connector [" + keyIdentifier + "] disabled or not existing.");
+					} else {
+						throw new PdfAsWebException("DEFAULT JKS connector disabled.");
+					}
 				}
 			}
 			
-- 
cgit v1.2.3