From b0003ddc4bebc411c5a3296bf5f172b80b443525 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Wed, 14 May 2014 11:39:11 +0200 Subject: Added Verification functionality, + some Log Level fixes --- pdf-as-web/build.gradle | 1 + .../pdfas/web/filter/ExceptionCatchFilter.java | 2 +- .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 36 ++++----- .../pdfas/web/helper/PdfAsParameterExtractor.java | 3 - .../egiz/pdfas/web/servlets/ExternSignServlet.java | 6 +- .../web/servlets/PDFSignatureCertificateData.java | 94 ++++++++++++++++++++++ .../egiz/pdfas/web/servlets/PDFSignatureData.java | 90 +++++++++++++++++++++ .../gv/egiz/pdfas/web/servlets/VerifyServlet.java | 87 +++++++++++++++++--- pdf-as-web/src/main/webapp/WEB-INF/web.xml | 22 ++++- pdf-as-web/src/main/webapp/verifystart.jsp | 2 +- 10 files changed, 301 insertions(+), 42 deletions(-) create mode 100644 pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFSignatureCertificateData.java create mode 100644 pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFSignatureData.java diff --git a/pdf-as-web/build.gradle b/pdf-as-web/build.gradle index d85fec38..2509abd6 100644 --- a/pdf-as-web/build.gradle +++ b/pdf-as-web/build.gradle @@ -23,6 +23,7 @@ dependencies { compile project (':signature-standards:sigs-pades') compile group: 'commons-fileupload', name: 'commons-fileupload', version: '1.2' compile group: 'commons-collections', name: 'commons-collections', version: '3.2' + compile group: 'org.apache.commons', name: 'commons-io', version: '1.3.2' compile group: 'org.slf4j', name: 'slf4j-log4j12', version: '1.7.5' compile group: 'opensymphony', name: 'sitemesh', version: '2.4.2' compile 'javax.xml.ws:jaxws-api:2.2.11' diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java index 085976f0..c7bb19a0 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java @@ -76,7 +76,7 @@ public class ExceptionCatchFilter implements Filter { String name = parameterNames.nextElement(); String value = httpRequest.getParameter(name); request.setAttribute(name, value); - logger.info("Setting attribute: " + name + " - " + value); + logger.debug("Setting attribute: " + name + " - " + value); } } diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 0f33056e..5a452188 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -56,6 +56,7 @@ import at.gv.egiz.pdfas.lib.api.sign.SignResult; import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter; import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; import at.gv.egiz.pdfas.sigs.pades.PAdESSigner; +import at.gv.egiz.pdfas.sigs.pades.PAdESSignerKeystore; import at.gv.egiz.pdfas.sigs.pkcs7detached.PKCS7DetachedSigner; import at.gv.egiz.pdfas.web.config.WebConfiguration; import at.gv.egiz.pdfas.web.exception.PdfAsWebException; @@ -98,14 +99,14 @@ public class PdfAsHelper { private static ObjectFactory of = new ObjectFactory(); static { - logger.debug("Creating PDF-AS"); + logger.info("Creating PDF-AS"); pdfAs = PdfAsFactory.createPdfAs(new File(WebConfiguration .getPdfASDir())); - logger.debug("Creating PDF-AS done"); + logger.info("Creating PDF-AS done"); } public static void init() { - logger.debug("PDF-AS Helper initialized"); + logger.info("PDF-AS Helper initialized"); } private static void validatePdfSize(HttpServletRequest request, @@ -247,7 +248,7 @@ public class PdfAsHelper { } } - logger.error("Verifing Signature index: " + signIdx); + logger.debug("Verifing Signature index: " + signIdx); Configuration config = pdfAs.getConfiguration(); @@ -298,7 +299,7 @@ public class PdfAsHelper { if (connector.equals("moa")) { signer = new PAdESSigner(new MOAConnector(config)); } else if(connector.equals("jks")) { - signer = new PKCS7DetachedSigner( + signer = new PAdESSignerKeystore( WebConfiguration.getKeystoreFile(), WebConfiguration.getKeystoreAlias(), WebConfiguration.getKeystorePass(), @@ -356,7 +357,7 @@ public class PdfAsHelper { if(!WebConfiguration.getKeystoreEnabled()) { throw new PdfAsWebException("JKS connector disabled."); } - signer = new PKCS7DetachedSigner( + signer = new PAdESSignerKeystore( WebConfiguration.getKeystoreFile(), WebConfiguration.getKeystoreAlias(), WebConfiguration.getKeystorePass(), @@ -488,7 +489,7 @@ public class PdfAsHelper { CreateCMSSignatureResponseType createCMSSignatureResponseType, ServletContext context) throws Exception { - logger.info("Got CMS Signature Response"); + logger.debug("Got CMS Signature Response"); HttpSession session = request.getSession(); StatusRequest statusRequest = (StatusRequest) session @@ -530,13 +531,8 @@ public class PdfAsHelper { BKUSLConnector bkuSLConnector = (BKUSLConnector) session .getAttribute(PDF_SL_CONNECTOR); - // TODO Handle logic for BKU interaction - -// Configuration config = (Configuration) session -// .getAttribute(PDF_CONFIG); - if (statusRequest.needCertificate()) { - logger.info("Needing Certificate from BKU"); + logger.debug("Needing Certificate from BKU"); // build SL Request to read certificate InfoboxReadRequestType readCertificateRequest = bkuSLConnector .createInfoboxReadRequest(); @@ -555,7 +551,7 @@ public class PdfAsHelper { response.getWriter().write(template); response.getWriter().close(); } else if (statusRequest.needSignature()) { - logger.info("Needing Signature from BKU"); + logger.debug("Needing Signature from BKU"); // build SL Request for cms signature RequestPackage pack = bkuSLConnector .createCMSRequest(statusRequest.getSignatureData(), @@ -571,7 +567,7 @@ public class PdfAsHelper { } else if (statusRequest.isReady()) { // TODO: store pdf document redirect to Finish URL - logger.info("Document ready!"); + logger.debug("Document ready!"); SignResult result = pdfAs.finishSign(statusRequest); DataSink output = result.getOutputDocument(); @@ -581,14 +577,14 @@ public class PdfAsHelper { byteDataSink.getData()); PdfAsHelper.gotoProvidePdf(context, request, response); } else { - // TODO: no signature data available! + throw new PdfAsWebException("No Signature data available"); } } else { - // TODO: invalid state + throw new PdfAsWebException("Invalid state!"); } } else { - // TODO Handle logic for + throw new PdfAsWebException("Invalid connector: " + connector); } } @@ -716,7 +712,7 @@ public class PdfAsHelper { HttpServletResponse response, String url) { HttpSession session = request.getSession(); session.setAttribute(PDF_INVOKE_URL, url); - logger.info("External Invoke URL: " + url); + logger.debug("External Invoke URL: " + url); } public static String getInvokeURL(HttpServletRequest request, @@ -747,7 +743,7 @@ public class PdfAsHelper { + session.getId(); } } - logger.info("Generated URL: " + dataURL); + logger.debug("Generated URL: " + dataURL); return dataURL; } diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java index c4acf5a8..730fe9ad 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java @@ -59,9 +59,6 @@ public class PdfAsParameterExtractor { public static String getInvokeErrorURL(HttpServletRequest request) { String url = (String)request.getAttribute(PARAM_INVOKE_URL_ERROR); - if(url != null) { - //TODO validation! - } return url; } diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java index ac22f6c8..153a69fe 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java @@ -84,8 +84,7 @@ public class ExternSignServlet extends HttpServlet { //PdfAsHelper.regenerateSession(request); - System.out.println("Get signing request"); - logger.info("Get signing request"); + logger.debug("Get signing request"); String errorUrl = PdfAsParameterExtractor.getInvokeErrorURL(request); PdfAsHelper.setErrorURL(request, response, errorUrl); @@ -119,8 +118,7 @@ public class ExternSignServlet extends HttpServlet { //PdfAsHelper.regenerateSession(request); - System.out.println("Post signing request"); - logger.info("Post signing request"); + logger.debug("Post signing request"); String errorUrl = PdfAsParameterExtractor.getInvokeErrorURL(request); PdfAsHelper.setErrorURL(request, response, errorUrl); diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFSignatureCertificateData.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFSignatureCertificateData.java new file mode 100644 index 00000000..69386478 --- /dev/null +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFSignatureCertificateData.java @@ -0,0 +1,94 @@ +package at.gv.egiz.pdfas.web.servlets; + +import java.io.IOException; +import java.io.OutputStream; +import java.security.cert.CertificateEncodingException; +import java.util.List; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.pdfas.common.exceptions.PdfAsException; +import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; +import at.gv.egiz.pdfas.web.helper.PdfAsHelper; + +public class PDFSignatureCertificateData extends HttpServlet { + + private static final long serialVersionUID = 1L; + + private static final Logger logger = LoggerFactory + .getLogger(PDFSignatureCertificateData.class); + + public static final String SIGN_ID = "SIGID"; + + /** + * @see HttpServlet#HttpServlet() + */ + public PDFSignatureCertificateData() { + super(); + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + this.process(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + this.process(request, response); + } + + protected void process(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + if(request.getParameter(SIGN_ID) == null) { + throw new PdfAsException("Missing Parameter"); + } + + String sigID = request.getParameter(SIGN_ID); + + int id = Integer.parseInt(sigID); + + List vResult = PdfAsHelper + .getVerificationResult(request); + + if (id < vResult.size()) { + VerifyResult res = vResult.get(id); + + response.setHeader( + "Content-Disposition", + "inline;filename=cert_" + id + ".cer"); + response.setContentType("application/pkix-cert"); + OutputStream os = response.getOutputStream(); + os.write(res.getSignerCertificate().getEncoded()); + os.close(); + } else { + logger.error("Verification CERT not found! for id " + request.getParameter(SIGN_ID) + " in session " + request.getSession().getId()); + response.sendError(HttpServletResponse.SC_NOT_FOUND); + } + } catch (NumberFormatException e) { + logger.error("Verification CERT not found! for id " + request.getParameter(SIGN_ID) + " in session " + request.getSession().getId()); + response.sendError(HttpServletResponse.SC_NOT_FOUND); + } catch (PdfAsException e) { + logger.error("Verification CERT not found:", e); + response.sendError(HttpServletResponse.SC_NOT_FOUND); + } catch (CertificateEncodingException e) { + logger.error("Verification CERT invalid:", e); + response.sendError(HttpServletResponse.SC_NOT_FOUND); + } + } + +} diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFSignatureData.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFSignatureData.java new file mode 100644 index 00000000..a4cee36f --- /dev/null +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFSignatureData.java @@ -0,0 +1,90 @@ +package at.gv.egiz.pdfas.web.servlets; + +import java.io.IOException; +import java.io.OutputStream; +import java.util.List; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.pdfas.common.exceptions.PdfAsException; +import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; +import at.gv.egiz.pdfas.web.helper.PdfAsHelper; + +public class PDFSignatureData extends HttpServlet { + + private static final long serialVersionUID = 1L; + + private static final Logger logger = LoggerFactory + .getLogger(PDFSignatureData.class); + + public static final String SIGN_ID = "SIGID"; + + /** + * @see HttpServlet#HttpServlet() + */ + public PDFSignatureData() { + super(); + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + this.process(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + this.process(request, response); + } + + protected void process(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + if(request.getParameter(SIGN_ID) == null) { + throw new PdfAsException("Missing Parameter"); + } + + String sigID = request.getParameter(SIGN_ID); + + int id = Integer.parseInt(sigID); + + List vResult = PdfAsHelper + .getVerificationResult(request); + + if (id < vResult.size()) { + VerifyResult res = vResult.get(id); + + response.setHeader( + "Content-Disposition", + "inline;filename=signed_data_" + id + ".pdf"); + response.setContentType("application/pdf"); + OutputStream os = response.getOutputStream(); + os.write(res.getSignatureData()); + os.close(); + } else { + logger.error("Verification DATA not found! for id " + request.getParameter(SIGN_ID) + " in session " + request.getSession().getId()); + response.sendError(HttpServletResponse.SC_NOT_FOUND); + } + } catch (NumberFormatException e) { + logger.error("Verification DATA not found! for id " + request.getParameter(SIGN_ID) + " in session " + request.getSession().getId()); + response.sendError(HttpServletResponse.SC_NOT_FOUND); + } catch (PdfAsException e) { + logger.error("Verification DATA not found:", e); + response.sendError(HttpServletResponse.SC_NOT_FOUND); + } + } + +} diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/VerifyServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/VerifyServlet.java index 42a5175a..912e6efc 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/VerifyServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/VerifyServlet.java @@ -23,8 +23,11 @@ ******************************************************************************/ package at.gv.egiz.pdfas.web.servlets; +import iaik.x509.X509Certificate; + import java.io.File; import java.io.IOException; +import java.io.OutputStream; import java.util.List; import javax.servlet.ServletException; @@ -39,6 +42,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; +import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; import at.gv.egiz.pdfas.web.exception.PdfAsWebException; import at.gv.egiz.pdfas.web.helper.PdfAsHelper; import at.gv.egiz.pdfas.web.helper.PdfAsParameterExtractor; @@ -51,7 +55,7 @@ public class VerifyServlet extends HttpServlet { private static final long serialVersionUID = 1L; private static final Logger logger = LoggerFactory - .getLogger(ExternSignServlet.class); + .getLogger(VerifyServlet.class); private static final String UPLOAD_PDF_DATA = "pdf-file"; private static final String UPLOAD_DIRECTORY = "upload"; @@ -72,7 +76,7 @@ public class VerifyServlet extends HttpServlet { */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - System.out.println("Get verify request"); + logger.info("Get verify request"); String errorUrl = PdfAsParameterExtractor.getInvokeErrorURL(request); @@ -91,7 +95,8 @@ public class VerifyServlet extends HttpServlet { byte[] pdfData = RemotePDFFetcher.fetchPdfFile(pdfUrl); doVerify(request, response, pdfData); - } catch (Exception e) { + } catch (Throwable e) { + logger.error("Generic Error: ", e); PdfAsHelper.setSessionException(request, response, e.getMessage(), e); PdfAsHelper.gotoError(getServletContext(), request, response); @@ -105,8 +110,7 @@ public class VerifyServlet extends HttpServlet { protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - System.out.println("Post signing request"); - logger.info("Post signing request"); + logger.info("Post verify request"); String errorUrl = PdfAsParameterExtractor.getInvokeErrorURL(request); PdfAsHelper.setErrorURL(request, response, errorUrl); @@ -225,7 +229,8 @@ public class VerifyServlet extends HttpServlet { } doVerify(request, response, filecontent); - } catch (Exception e) { + } catch (Throwable e) { + logger.error("Generic Error: ", e); PdfAsHelper.setSessionException(request, response, e.getMessage(), e); PdfAsHelper.gotoError(getServletContext(), request, response); @@ -234,9 +239,11 @@ public class VerifyServlet extends HttpServlet { protected void doVerify(HttpServletRequest request, HttpServletResponse response, byte[] pdfData) throws Exception { - throw new Exception(""); - /*List results = PdfAsHelper.synchornousVerify(request, + logger.debug("doVerify"); + logger.info("Starting verification of pdf dokument"); + + List results = PdfAsHelper.synchornousVerify(request, response, pdfData); PdfAsHelper.setVerificationResult(request, results); @@ -245,11 +252,36 @@ public class VerifyServlet extends HttpServlet { // Put these results into the web page // Or create a JSON response with the verification results for automated // processing + + StringBuilder sb = new StringBuilder(); + + sb.append(""); + sb.append("

Verification Results for: " + PdfAsHelper.getPDFFileName(request) + "

"); + sb.append(""); + + sb.append(""); + + sb.append(""); + sb.append(""); + sb.append(""); + sb.append(""); + sb.append(""); + sb.append(""); + sb.append(""); + sb.append(""); + sb.append(""); + sb.append(""); + + sb.append(""); + for (int i = 0; i < results.size(); i++) { VerifyResult result = results.get(i); - + sb.append(""); + + sb.append(""); + if (result.isVerificationDone()) { - + sb.append(""); int certCode = result.getCertificateCheck().getCode(); String certMessage = result.getCertificateCheck().getMessage(); @@ -259,11 +291,42 @@ public class VerifyServlet extends HttpServlet { Exception e = result.getVerificationException(); X509Certificate cert = result.getSignerCertificate(); - byte[] data = result.getSignatureData(); + sb.append(""); + sb.append(""); + sb.append(""); + sb.append(""); + sb.append(""); + if(e != null) { + sb.append(""); + } else { + sb.append(""); + } + sb.append(""); + sb.append(""); + } else { + sb.append(""); + sb.append(""); + sb.append(""); + sb.append(""); + sb.append(""); + sb.append(""); + sb.append(""); + sb.append(""); + sb.append(""); } - }*/ + + + sb.append(""); + } + sb.append("
SignatureProcessedSigned ByCert CodeCert MessageValue CodeValue MessageErrorCertificateSigned Data
" + i + "YES" + cert.getSubjectDN().getName() + "" + certCode + "" + certMessage + "" + valueCode + "" + valueMessage + "" + e.getMessage() + "-herehereNO--------
"); + sb.append(""); + + response.setContentType("text/html"); + OutputStream os = response.getOutputStream(); + os.write(sb.toString().getBytes()); + os.close(); } } diff --git a/pdf-as-web/src/main/webapp/WEB-INF/web.xml b/pdf-as-web/src/main/webapp/WEB-INF/web.xml index 800c4505..85811ff0 100644 --- a/pdf-as-web/src/main/webapp/WEB-INF/web.xml +++ b/pdf-as-web/src/main/webapp/WEB-INF/web.xml @@ -76,6 +76,18 @@ at.gv.egiz.pdfas.web.servlets.ErrorPage + + PDFVerifyData + PDFVerifyData + + at.gv.egiz.pdfas.web.servlets.PDFSignatureData + + + PDFVerifyCert + PDFVerifyCert + + at.gv.egiz.pdfas.web.servlets.PDFSignatureCertificateData +