From 0dc3dfacb8c8f5bbe4dff667a62dcfc879e06367 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Fri, 20 Mar 2015 14:23:49 +0100 Subject: Allow external configuration overwrite in PDF-AS-WEB --- .../gv/egiz/pdfas/api/ws/PDFASSignParameters.java | 12 +- .../src/main/configuration/pdf-as-web.properties | 3 + .../gv/egiz/pdfas/web/config/WebConfiguration.java | 11 ++ .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 178 +++++++++++++-------- .../pdfas/web/helper/PdfAsParameterExtractor.java | 17 ++ .../egiz/pdfas/web/servlets/ExternSignServlet.java | 3 +- .../pdfas/web/servlets/UIEntryPointServlet.java | 9 +- 7 files changed, 162 insertions(+), 71 deletions(-) diff --git a/pdf-as-common/src/main/java/at/gv/egiz/pdfas/api/ws/PDFASSignParameters.java b/pdf-as-common/src/main/java/at/gv/egiz/pdfas/api/ws/PDFASSignParameters.java index 32f10aa9..650e34d6 100644 --- a/pdf-as-common/src/main/java/at/gv/egiz/pdfas/api/ws/PDFASSignParameters.java +++ b/pdf-as-common/src/main/java/at/gv/egiz/pdfas/api/ws/PDFASSignParameters.java @@ -24,8 +24,6 @@ package at.gv.egiz.pdfas.api.ws; import java.io.Serializable; -import java.util.HashMap; -import java.util.Map; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlEnumValue; @@ -81,6 +79,7 @@ public class PDFASSignParameters implements Serializable { String qrCodeContent; String profile; PDFASPropertyMap preprocessor; + PDFASPropertyMap overrides; @XmlElement(required = true, nillable = false, name="connector") public Connector getConnector() { @@ -164,5 +163,12 @@ public class PDFASSignParameters implements Serializable { this.preprocessor = preprocessor; } - + @XmlElement(required = false, nillable = true, name="configurationOverrides") + public PDFASPropertyMap getOverrides() { + return overrides; + } + + public void setOverrides(PDFASPropertyMap overrides) { + this.overrides = overrides; + } } diff --git a/pdf-as-web/src/main/configuration/pdf-as-web.properties b/pdf-as-web/src/main/configuration/pdf-as-web.properties index f6b7ddd8..4f6b0661 100644 --- a/pdf-as-web/src/main/configuration/pdf-as-web.properties +++ b/pdf-as-web/src/main/configuration/pdf-as-web.properties @@ -9,6 +9,9 @@ bku.local.url=http://127.0.0.1:3495/http-security-layer-request bku.mobile.url=https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx +# Allow full configuration overwrite from external sources +allow.ext.overwrite=true + ks.enabled=false ks.file=test.p12 ks.type=PKCS12 diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java index 0e6f2c67..5860b740 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java @@ -48,6 +48,7 @@ public class WebConfiguration implements IConfigurationConstants { public static final String ERROR_DETAILS = "error.showdetails"; public static final String PDF_AS_WORK_DIR = "pdfas.dir"; public static final String STATISTIC_BACKEND_LIST = "statistic.backends"; + public static final String ALLOW_EXT_OVERWRITE = "allow.ext.overwrite"; public static final String MOA_SS_ENABLED = "moa.enabled"; public static final String SOAP_SIGN_ENABLED = "soap.sign.enabled"; @@ -238,6 +239,16 @@ public class WebConfiguration implements IConfigurationConstants { return properties.getProperty(KEYSTORE_DEFAULT_KEY_PASS); } + public static boolean isAllowExtOverwrite() { + String value = properties.getProperty(ALLOW_EXT_OVERWRITE); + if (value != null) { + if (value.equals("true")) { + return true; + } + } + return false; + } + public static boolean isMoaEnabled(String keyIdentifier) { String value = properties.getProperty(MOA_LIST + "." + keyIdentifier + ".enabled"); if (value != null) { diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index b1dd3831..53cf5783 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -36,6 +36,7 @@ import java.security.cert.CertificateException; import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import javax.imageio.ImageIO; import javax.servlet.RequestDispatcher; @@ -360,6 +361,17 @@ public class PdfAsHelper { validatePdfSize(request, response, pdfData); Configuration config = pdfAs.getConfiguration(); + + if (WebConfiguration.isAllowExtOverwrite()) { + Map configOverwrite = PdfAsParameterExtractor.getOverwriteMap(request); + if(configOverwrite != null) { + Iterator> entryIt = configOverwrite.entrySet().iterator(); + while (entryIt.hasNext()) { + Entry entry = entryIt.next(); + config.setValue(entry.getKey(), entry.getValue()); + } + } + } ByteArrayOutputStream baos = new ByteArrayOutputStream(); @@ -376,31 +388,36 @@ public class PdfAsHelper { IPlainSigner signer; if (connector.equals("moa")) { - - String keyIdentifier = PdfAsParameterExtractor.getKeyIdentifier(request); + + String keyIdentifier = PdfAsParameterExtractor + .getKeyIdentifier(request); if (keyIdentifier != null) { - if(!WebConfiguration.isMoaEnabled(keyIdentifier)) { - throw new PdfAsWebException("MOA connector [" + keyIdentifier + "] disabled or not existing."); + if (!WebConfiguration.isMoaEnabled(keyIdentifier)) { + throw new PdfAsWebException("MOA connector [" + + keyIdentifier + "] disabled or not existing."); } - + String url = WebConfiguration.getMoaURL(keyIdentifier); String keyId = WebConfiguration.getMoaKeyID(keyIdentifier); - String certificate = WebConfiguration.getMoaCertificate(keyIdentifier); - + String certificate = WebConfiguration + .getMoaCertificate(keyIdentifier); + config.setValue(IConfigurationConstants.MOA_SIGN_URL, url); config.setValue(IConfigurationConstants.MOA_SIGN_KEY_ID, keyId); - config.setValue(IConfigurationConstants.MOA_SIGN_CERTIFICATE, certificate); + config.setValue(IConfigurationConstants.MOA_SIGN_CERTIFICATE, + certificate); } else { if (!WebConfiguration.getMOASSEnabled()) { throw new PdfAsWebException("MOA connector disabled."); } } - + signer = new PAdESSigner(new MOAConnector(config)); } else if (connector.equals("jks")) { - - String keyIdentifier = PdfAsParameterExtractor.getKeyIdentifier(request); + + String keyIdentifier = PdfAsParameterExtractor + .getKeyIdentifier(request); boolean ksEnabled = false; String ksFile = null; @@ -426,19 +443,23 @@ public class PdfAsHelper { } if (!ksEnabled) { - if(keyIdentifier != null) { - throw new PdfAsWebException("JKS connector [" + keyIdentifier + "] disabled or not existing."); + if (keyIdentifier != null) { + throw new PdfAsWebException("JKS connector [" + + keyIdentifier + "] disabled or not existing."); } else { - throw new PdfAsWebException("DEFAULT JKS connector disabled."); + throw new PdfAsWebException( + "DEFAULT JKS connector disabled."); } } if (ksFile == null || ksAlias == null || ksPass == null || ksKeyPass == null || ksType == null) { - if(keyIdentifier != null) { - throw new PdfAsWebException("JKS connector [" + keyIdentifier + "] not correctly configured."); + if (keyIdentifier != null) { + throw new PdfAsWebException("JKS connector [" + + keyIdentifier + "] not correctly configured."); } else { - throw new PdfAsWebException("DEFAULT JKS connector not correctly configured."); + throw new PdfAsWebException( + "DEFAULT JKS connector not correctly configured."); } } @@ -450,21 +471,20 @@ public class PdfAsHelper { signParameter.setPlainSigner(signer); - String profileId = PdfAsParameterExtractor - .getSigType(request); + String profileId = PdfAsParameterExtractor.getSigType(request); String qrCodeContent = PdfAsHelper.getQRCodeContent(request); - - if(qrCodeContent != null) { - if(profileId == null) { - // get default Profile + + if (qrCodeContent != null) { + if (profileId == null) { + // get default Profile profileId = config.getValue("sig_obj.type.default"); - } - - if(profileId == null) { + } + + if (profileId == null) { logger.warn("Failed to determine default profile! Using hard coded!"); profileId = "SIGNATURBLOCK_SMALL_DE"; } - + ByteArrayOutputStream qrbaos = new ByteArrayOutputStream(); try { String key = "sig_obj." + profileId + ".value.SIG_LABEL"; @@ -475,7 +495,7 @@ public class PdfAsHelper { IOUtils.closeQuietly(qrbaos); } } - + // set Signature Profile (null use default ...) signParameter.setSignatureProfileId(profileId); @@ -503,6 +523,17 @@ public class PdfAsHelper { PDFASSignParameters params) throws Exception { Configuration config = pdfAs.getConfiguration(); + if (WebConfiguration.isAllowExtOverwrite()) { + if (params.getOverrides() != null) { + Iterator> entryIt = params.getOverrides() + .getMap().entrySet().iterator(); + while (entryIt.hasNext()) { + Entry entry = entryIt.next(); + config.setValue(entry.getKey(), entry.getValue()); + } + } + } + ByteArrayOutputStream baos = new ByteArrayOutputStream(); // Generate Sign Parameter @@ -516,23 +547,26 @@ public class PdfAsHelper { String keyIdentifier = params.getKeyIdentifier(); if (keyIdentifier != null) { - if(!WebConfiguration.isMoaEnabled(keyIdentifier)) { - throw new PdfAsWebException("MOA connector [" + keyIdentifier + "] disabled or not existing."); + if (!WebConfiguration.isMoaEnabled(keyIdentifier)) { + throw new PdfAsWebException("MOA connector [" + + keyIdentifier + "] disabled or not existing."); } - + String url = WebConfiguration.getMoaURL(keyIdentifier); String keyId = WebConfiguration.getMoaKeyID(keyIdentifier); - String certificate = WebConfiguration.getMoaCertificate(keyIdentifier); - + String certificate = WebConfiguration + .getMoaCertificate(keyIdentifier); + config.setValue(IConfigurationConstants.MOA_SIGN_URL, url); config.setValue(IConfigurationConstants.MOA_SIGN_KEY_ID, keyId); - config.setValue(IConfigurationConstants.MOA_SIGN_CERTIFICATE, certificate); + config.setValue(IConfigurationConstants.MOA_SIGN_CERTIFICATE, + certificate); } else { if (!WebConfiguration.getMOASSEnabled()) { throw new PdfAsWebException("MOA connector disabled."); } } - + signer = new PAdESSigner(new MOAConnector(config)); } else if (params.getConnector().equals(Connector.JKS)) { String keyIdentifier = params.getKeyIdentifier(); @@ -561,19 +595,23 @@ public class PdfAsHelper { } if (!ksEnabled) { - if(keyIdentifier != null) { - throw new PdfAsWebException("JKS connector [" + keyIdentifier + "] disabled or not existing."); + if (keyIdentifier != null) { + throw new PdfAsWebException("JKS connector [" + + keyIdentifier + "] disabled or not existing."); } else { - throw new PdfAsWebException("DEFAULT JKS connector disabled."); + throw new PdfAsWebException( + "DEFAULT JKS connector disabled."); } } if (ksFile == null || ksAlias == null || ksPass == null || ksKeyPass == null || ksType == null) { - if(keyIdentifier != null) { - throw new PdfAsWebException("JKS connector [" + keyIdentifier + "] not correctly configured."); + if (keyIdentifier != null) { + throw new PdfAsWebException("JKS connector [" + + keyIdentifier + "] not correctly configured."); } else { - throw new PdfAsWebException("DEFAULT JKS connector not correctly configured."); + throw new PdfAsWebException( + "DEFAULT JKS connector not correctly configured."); } } @@ -586,22 +624,22 @@ public class PdfAsHelper { signParameter.setPlainSigner(signer); String profile = params.getProfile(); - - //PdfAsHelper.getQRCodeContent(request); + + // PdfAsHelper.getQRCodeContent(request); // Get QR Code Content form param String qrCodeContent = params.getQRCodeContent(); - - if(qrCodeContent != null) { - if(profile == null) { - // get default Profile + + if (qrCodeContent != null) { + if (profile == null) { + // get default Profile profile = config.getValue("sig_obj.type.default"); - } - - if(profile == null) { + } + + if (profile == null) { logger.warn("Failed to determine default profile! Using hard coded!"); profile = "SIGNATURBLOCK_SMALL_DE"; } - + ByteArrayOutputStream qrbaos = new ByteArrayOutputStream(); try { String key = "sig_obj." + profile + ".value.SIG_LABEL"; @@ -612,7 +650,7 @@ public class PdfAsHelper { IOUtils.closeQuietly(qrbaos); } } - + // set Signature Profile (null use default ...) signParameter.setSignatureProfileId(profile); @@ -644,7 +682,7 @@ public class PdfAsHelper { HttpServletResponse response, ServletContext context, byte[] pdfData, String connector, String position, String transactionId, String profile, - Map preProcessor) throws Exception { + Map preProcessor, Map overwrite) throws Exception { // TODO: Protect session so that only one PDF can be signed during one // session @@ -664,6 +702,14 @@ public class PdfAsHelper { Configuration config = pdfAs.getConfiguration(); session.setAttribute(PDF_CONFIG, config); + if (WebConfiguration.isAllowExtOverwrite() && overwrite != null) { + Iterator> entryIt = overwrite.entrySet().iterator(); + while (entryIt.hasNext()) { + Entry entry = entryIt.next(); + config.setValue(entry.getKey(), entry.getValue()); + } + } + ByteArrayOutputStream baos = new ByteArrayOutputStream(); session.setAttribute(PDF_OUTPUT, baos); @@ -692,18 +738,18 @@ public class PdfAsHelper { session.setAttribute(PDF_SL_INTERACTIVE, connector); String qrCodeContent = PdfAsHelper.getQRCodeContent(request); - - if(qrCodeContent != null) { - if(profile == null) { - // get default Profile + + if (qrCodeContent != null) { + if (profile == null) { + // get default Profile profile = config.getValue("sig_obj.type.default"); - } - - if(profile == null) { + } + + if (profile == null) { logger.warn("Failed to determine default profile! Using hard coded!"); profile = "SIGNATURBLOCK_SMALL_DE"; } - + ByteArrayOutputStream qrbaos = new ByteArrayOutputStream(); try { String key = "sig_obj." + profile + ".value.SIG_LABEL"; @@ -714,7 +760,7 @@ public class PdfAsHelper { IOUtils.closeQuietly(qrbaos); } } - + // set Signature Profile (null use default ...) signParameter.setSignatureProfileId(profile); @@ -995,17 +1041,17 @@ public class PdfAsHelper { HttpSession session = request.getSession(); session.setAttribute(PDF_SIGNED_DATA, signedData); } - + public static void setStatisticEvent(HttpServletRequest request, HttpServletResponse response, StatisticEvent event) { HttpSession session = request.getSession(); session.setAttribute(PDF_STATISTICS, event); } - + public static StatisticEvent getStatisticEvent(HttpServletRequest request, HttpServletResponse response) { HttpSession session = request.getSession(); - return (StatisticEvent)session.getAttribute(PDF_STATISTICS); + return (StatisticEvent) session.getAttribute(PDF_STATISTICS); } public static void setLocale(HttpServletRequest request, @@ -1226,7 +1272,7 @@ public class PdfAsHelper { } return ""; } - + public static void setQRCodeContent(HttpServletRequest request, String value) { HttpSession session = request.getSession(); session.setAttribute(QRCODE_CONTENT, value); diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java index 3c7da05a..3115e4cd 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java @@ -69,6 +69,7 @@ public class PdfAsParameterExtractor { public static final String PARAM_FILENAME = "filename"; public static final String PARAM_ORIGINAL_DIGEST = "origdigest"; public static final String PARAM_PREPROCESSOR_PREFIX = "pp:"; + public static final String PARAM_OVERWRITE_PREFIX = "pp:"; public static final String PARAM_QRCODE_CONTENT = "qrcontent"; @@ -120,6 +121,22 @@ public class PdfAsParameterExtractor { return map; } + public static Map getOverwriteMap(HttpServletRequest request) { + Map map = new HashMap(); + + Enumeration parameterNames = request.getAttributeNames(); + while(parameterNames.hasMoreElements()) { + String parameterName = parameterNames.nextElement(); + if(parameterName.startsWith(PARAM_OVERWRITE_PREFIX)) { + String key = parameterName.substring(PARAM_OVERWRITE_PREFIX.length()); + String value = (String)request.getAttribute(parameterName); + map.put(key, value); + } + } + + return map; + } + public static SignatureVerificationLevel getVerificationLevel(HttpServletRequest request) { String value = (String)request.getAttribute(PARAM_VERIFY_LEVEL); if(value != null) { diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java index 32a60093..969aee24 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java @@ -360,7 +360,8 @@ public class ExternSignServlet extends HttpServlet { PdfAsHelper.startSignature(request, response, getServletContext(), pdfData, connector, PdfAsHelper.buildPosString(request, response), transactionId, PdfAsParameterExtractor - .getSigType(request), PdfAsParameterExtractor.getPreProcessorMap(request)); + .getSigType(request), PdfAsParameterExtractor.getPreProcessorMap(request), + PdfAsParameterExtractor.getOverwriteMap(request)); return; } else if (connector.equals("jks") || connector.equals("moa")) { // start synchronous siganture creation diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/UIEntryPointServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/UIEntryPointServlet.java index 7100af3b..89cb3039 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/UIEntryPointServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/UIEntryPointServlet.java @@ -159,12 +159,19 @@ public class UIEntryPointServlet extends HttpServlet { map = pdfAsRequest.getParameters().getPreprocessor() .getMap(); } + + Map overwrite = null; + if (pdfAsRequest.getParameters().getOverrides() != null) { + overwrite = pdfAsRequest.getParameters().getOverrides() + .getMap(); + } PdfAsHelper.startSignature(req, resp, getServletContext(), pdfAsRequest.getInputData(), connector.toString(), pdfAsRequest.getParameters().getPosition(), pdfAsRequest.getParameters().getTransactionId(), - pdfAsRequest.getParameters().getProfile(), map); + pdfAsRequest.getParameters().getProfile(), map, + overwrite); } else { throw new PdfAsWebException("Invalid connector (" + Connector.BKU + " | " + Connector.ONLINEBKU + " | " -- cgit v1.2.3