From 1be82e61c0acf4d7380dcee3e3fcaaa8a8386f1b Mon Sep 17 00:00:00 2001
From: Alexander Marsalek <amarsalek@iaik.tugraz.at>
Date: Wed, 14 Apr 2021 19:05:02 +0200
Subject: added sbp check

---
 pdf-as-lib/build.gradle                            |  7 +++
 .../pdfas/lib/api/IConfigurationConstants.java     |  3 ++
 .../at/gv/egiz/pdfas/lib/api/PdfAsParameter.java   |  4 +-
 .../gv/egiz/pdfas/lib/impl/PdfAsParameterImpl.java | 16 ++++++-
 .../CertificateAndRequestParameterResolver.java    |  1 -
 .../test/mains/SignatureBlockParameterTest.java    | 51 ++++++++++++++++++++++
 6 files changed, 78 insertions(+), 4 deletions(-)
 create mode 100644 pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/mains/SignatureBlockParameterTest.java

(limited to 'pdf-as-lib')

diff --git a/pdf-as-lib/build.gradle b/pdf-as-lib/build.gradle
index c7506a26..634d7df4 100644
--- a/pdf-as-lib/build.gradle
+++ b/pdf-as-lib/build.gradle
@@ -14,6 +14,7 @@ buildscript {
 		mavenCentral()
 	}
 	dependencies { classpath("commons-io:commons-io:2.8.0") }
+
 }
 
 sourceSets {
@@ -22,6 +23,11 @@ sourceSets {
 			srcDirs = [ 'src/main/java', 'src/generated/java' ]
 		}
 	}
+	test {
+		java {
+			srcDirs = ["src/test/java"]
+		}
+	}
 }
 
 configurations { 
@@ -78,6 +84,7 @@ dependencies {
 	api group: 'com.google.zxing', name: 'core', version: '3.4.1'
 	api group: 'com.google.zxing', name: 'javase', version: '3.4.1'
 	testImplementation group: 'junit', name: 'junit', version: '4.+'
+	testCompile "junit:junit:4.11"
 	ws group: 'org.apache.cxf', name: 'cxf-tools', version: cxfVersion
 	ws group: 'org.apache.cxf', name: 'cxf-tools-wsdlto-databinding-jaxb', version: cxfVersion
 	ws group: 'org.apache.cxf', name: 'cxf-tools-wsdlto-frontend-jaxws', version: cxfVersion
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/IConfigurationConstants.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/IConfigurationConstants.java
index 610f5eba..4d6cef47 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/IConfigurationConstants.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/IConfigurationConstants.java
@@ -113,6 +113,9 @@ public interface IConfigurationConstants {
 	public static final String BG_COLOR_DETECTION = "sigblock.placement.bgcolor.detection.enabled";
 	public static final String SIG_PLACEMENT_DEBUG_OUTPUT = "sigblock.placement.debug.file";
 
+	public static final String SIG_BLOCK_PARAMETER_KEY_REGEX = "sigblockparameter.key.regex";
+	public static final String SIG_BLOCK_PARAMETER_VALUE_REGEX = "sigblockparameter.value.regex";
+
 	/**
 	 * PADES Constants
 	 */
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/PdfAsParameter.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/PdfAsParameter.java
index 6303c0a0..5a646505 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/PdfAsParameter.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/api/PdfAsParameter.java
@@ -23,6 +23,8 @@
  ******************************************************************************/
 package at.gv.egiz.pdfas.lib.api;
 
+import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
+
 import java.util.Map;
 
 import javax.activation.DataSource;
@@ -86,7 +88,7 @@ public interface PdfAsParameter {
 	 *
 	 * @param map the map
 	 */
-	public void setDynamicSignatureBlockArguments(Map<String, String> map);
+	public void setDynamicSignatureBlockArguments(Map<String, String> map) throws PdfAsException;
 
 	/**
 	 * Gets the dynamic signature-block values.
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsParameterImpl.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsParameterImpl.java
index d6161f2c..19111342 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsParameterImpl.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsParameterImpl.java
@@ -23,11 +23,15 @@
  ******************************************************************************/
 package at.gv.egiz.pdfas.lib.impl;
 
+import java.util.Collections;
 import java.util.Map;
 
 import javax.activation.DataSource;
 
+import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
+import at.gv.egiz.pdfas.common.utils.CheckSignatureBlockParameters;
 import at.gv.egiz.pdfas.lib.api.Configuration;
+import at.gv.egiz.pdfas.lib.api.IConfigurationConstants;
 import at.gv.egiz.pdfas.lib.api.PdfAsParameter;
 
 public class PdfAsParameterImpl implements PdfAsParameter {
@@ -79,8 +83,16 @@ protected Configuration configuration;
 	}
 
 	@Override
-	public void setDynamicSignatureBlockArguments(Map<String, String> map) {
-		this.dynamicSignatureBlockArgumentsMap = map;
+	public void setDynamicSignatureBlockArguments(Map<String, String> map) throws PdfAsException {
+		Map<String, String> tmpMap = Collections.unmodifiableMap(map);
+		String keyRegex = configuration.getValue(IConfigurationConstants.SIG_BLOCK_PARAMETER_KEY_REGEX);
+		String valueRegex = configuration.getValue(IConfigurationConstants.SIG_BLOCK_PARAMETER_VALUE_REGEX);
+		if( CheckSignatureBlockParameters.checkSignatureBlockParameterMapIsValid(tmpMap, keyRegex, valueRegex) == true) {
+			this.dynamicSignatureBlockArgumentsMap = tmpMap;
+		}else{
+			throw new PdfAsException("Invalid signature block parameters");
+		}
+
 	}
 
 	@Override
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/CertificateAndRequestParameterResolver.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/CertificateAndRequestParameterResolver.java
index ab2e5729..024f377f 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/CertificateAndRequestParameterResolver.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/stamping/CertificateAndRequestParameterResolver.java
@@ -63,7 +63,6 @@ public class CertificateAndRequestParameterResolver implements IResolver {
 
         this.ctx = new OgnlContext(null, null, memberAccess);
         this.ctx.put(IProfileConstants.SIGNATURE_BLOCK_PARAMETER, operationStatus.getSignParamter().getDynamicSignatureBlockArguments());
-//        this.ctx.put(IProfileConstants.DYNAMIC_REQUEST_PARAMETERS, operationStatus.getRequestParameters());
 
         this.ctx.put("sn", this.certificate.getSerialNumber().toString());
         
diff --git a/pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/mains/SignatureBlockParameterTest.java b/pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/mains/SignatureBlockParameterTest.java
new file mode 100644
index 00000000..3c76ce11
--- /dev/null
+++ b/pdf-as-lib/src/test/java/at/gv/egiz/pdfas/lib/test/mains/SignatureBlockParameterTest.java
@@ -0,0 +1,51 @@
+package at.gv.egiz.pdfas.lib.test.mains;
+
+import at.gv.egiz.pdfas.common.utils.CheckSignatureBlockParameters;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class SignatureBlockParameterTest {
+
+
+  @Test
+  public void testKeyInvalid() {
+    if(checkValid( "aaaaaaaaaaaaaaaaaaaaa" , "^([A-za-z]){1,20}$") == true){assert(false);}
+    if(checkValid( "" , "^([A-za-z]){1,20}$") == true){assert(false);}
+    if(checkValid( "a9" , "^([A-za-z]){1,20}$") == true){assert(false);}
+  }
+  @Test
+  public void testKeyValid() {
+    if(checkValid( "aaa" +"aa", "^([A-za-z]){1,20}$") == false){assert(false);}
+    if(checkValid( "aaa" , "^([A-za-z]){1,20}$") == false){assert(false);}
+    if(checkValid( "aaaaaaaaaaaaaaaaaaaa", "^([A-za-z]){1,20}$") == false){assert(false);}
+    if(checkValid( "AA", "^([A-za-z]){1,20}$") == false){assert(false);}
+  }
+  @Test
+  public void testValueValid() {
+    if(checkValid( "aaa" +"aa", "^([\\p{Print}]){1,100}$") == false){assert(false);}
+    if(checkValid( "aaa" , "^([\\p{Print}]){1,100}$") == false){assert(false);}
+    if(checkValid( "a!\"$%&/()[]=?aa" , "^([\\p{Print}]){1,100}$") == false){assert(false);}
+    if(checkValid( "a!\"$%&/()[]=?aa-_,;.:[]|{}" , "^([\\p{Print}]){1,100}$") == false){assert(false);}
+//    if(checkValid( "a!\"§$%&/()=?aa" , "^([\\p{Print}]){1,100}$") == false){assert(false);}
+    if(checkValid( "aa!%&/()=?a" , "^([\\p{Print}]){1,100}$") == false){assert(false);}
+    if(checkValid( "a{\"a!%&/()=?a" , "^([\\p{Print}]){1,100}$") == false){assert(false);}
+    if(checkValid( "BB" , "^([\\p{Print}]){1,100}$") == false){assert(false);}
+    if(checkValid( "BB " , "^([\\p{Print}]){1,100}$") == false){assert(false);}
+  }
+  @Test
+  public void testValueInvalid() {
+    if(checkValid((char) 13 +"aaa" +"aa", "^([\\p{Print}]){1,100}$") == true){assert(false);}
+    if(checkValid((char) 13 +"", "^([\\p{Print}]){1,100}$") == true){assert(false);}
+    if(checkValid( "aaa" +(char) 13, "^([\\p{Print}]){1,100}$") == true){assert(false);}
+    if(checkValid("", "^([\\p{Print}]){1,100}$") == true){assert(false);}
+    if(checkValid("a", "^([\\p{Print}]){2,100}$") == true){assert(false);}
+    if(checkValid("aaa"+(char) 13 +"aa", "^([\\p{Print}]){1,100}$") == true){assert(false);}
+
+  }
+
+  public boolean checkValid(String s, String regex) {
+    return CheckSignatureBlockParameters.isValid(s, regex);
+  }
+}
-- 
cgit v1.2.3