From 9acf3c2e8aca9016daf76785747d838cdc5b0330 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 9 Jul 2018 10:11:25 +0200 Subject: add SL20 connecter-backend in a first beta version (getCertificate looks good, create signature is untested) --- .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 390 +++++++++++++++++---- 1 file changed, 326 insertions(+), 64 deletions(-) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 3aad831d..4b776cb3 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -30,12 +30,17 @@ import java.awt.image.RenderedImage; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.IOException; +import java.io.StringWriter; import java.io.UnsupportedEncodingException; +import java.net.URL; import java.net.URLEncoder; import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.UUID; import javax.imageio.ImageIO; import javax.servlet.RequestDispatcher; @@ -51,9 +56,12 @@ import org.apache.commons.codec.binary.Base64; import org.apache.commons.io.FileUtils; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringEscapeUtils; +import org.apache.http.entity.ContentType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.google.gson.JsonObject; + import at.gv.egiz.pdfas.api.ws.PDFASSignParameters; import at.gv.egiz.pdfas.api.ws.PDFASSignParameters.Connector; import at.gv.egiz.pdfas.api.ws.PDFASSignResponse; @@ -77,6 +85,8 @@ import at.gv.egiz.pdfas.sigs.pades.PAdESSignerKeystore; import at.gv.egiz.pdfas.web.config.WebConfiguration; import at.gv.egiz.pdfas.web.exception.PdfAsWebException; import at.gv.egiz.pdfas.web.servlets.UIEntryPointServlet; +import at.gv.egiz.pdfas.web.sl20.JsonSecurityUtils; +import at.gv.egiz.pdfas.web.sl20.SL20HttpBindingUtils; import at.gv.egiz.pdfas.web.stats.StatisticEvent; import at.gv.egiz.sl.schema.CreateCMSSignatureResponseType; import at.gv.egiz.sl.schema.InfoboxAssocArrayPairType; @@ -84,8 +94,16 @@ import at.gv.egiz.sl.schema.InfoboxReadRequestType; import at.gv.egiz.sl.schema.InfoboxReadResponseType; import at.gv.egiz.sl.schema.ObjectFactory; import at.gv.egiz.sl.util.BKUSLConnector; +import at.gv.egiz.sl.util.BaseSLConnector; import at.gv.egiz.sl.util.RequestPackage; import at.gv.egiz.sl.util.SLMarschaller; +import at.gv.egiz.sl20.SL20Connector; +import at.gv.egiz.sl20.data.VerificationResult; +import at.gv.egiz.sl20.exceptions.SL20Exception; +import at.gv.egiz.sl20.exceptions.SLCommandoParserException; +import at.gv.egiz.sl20.utils.SL20Constants; +import at.gv.egiz.sl20.utils.SL20JSONBuilderUtils; +import at.gv.egiz.sl20.utils.SL20JSONExtractorUtils; public class PdfAsHelper { @@ -105,6 +123,7 @@ public class PdfAsHelper { private static final String PDF_PROVIDE_PAGE = "/ProvidePDF"; private static final String PDF_PDFDATA_PAGE = "/PDFData"; private static final String PDF_DATAURL_PAGE = "/DataURL"; + private static final String PDF_SL20_DATAURL_PAGE = "/DataURLSL20"; private static final String PDF_USERENTRY_PAGE = "/userentry"; private static final String PDF_ERR_URL = "PDF_ERR_URL"; private static final String PDF_FILE_NAME = "PDF_FILE_NAME"; @@ -118,6 +137,7 @@ public class PdfAsHelper { private static final String SIGNATURE_ACTIVE = "SIGNATURE_ACTIVE"; private static final String VERIFICATION_RESULT = "VERIFICATION_RESULT"; private static final String QRCODE_CONTENT = "QR_CONT"; + public static final String PDF_SESSION_PREFIX = "PDF_SESSION_"; private static final Logger logger = LoggerFactory .getLogger(PdfAsHelper.class); @@ -707,6 +727,12 @@ public class PdfAsHelper { // conn.setBase64(true); signer = new PAdESSigner(conn); session.setAttribute(PDF_SL_CONNECTOR, conn); + + } else if (connector.equals("sl20")) { + SL20Connector conn = new SL20Connector(config); + signer = new PAdESSigner(conn); + session.setAttribute(PDF_SL_CONNECTOR, conn); + } else { throw new PdfAsWebException( "Invalid connector (bku | onlinebku | mobilebku | moa | jks)"); @@ -794,9 +820,15 @@ public class PdfAsHelper { // conn.setBase64(true); signer = new PAdESSigner(conn); session.setAttribute(PDF_SL_CONNECTOR, conn); + + } else if (connector.equals("sl20")) { + SL20Connector conn = new SL20Connector(config); + signer = new PAdESSigner(conn); + session.setAttribute(PDF_SL_CONNECTOR, conn); + } else { throw new PdfAsWebException( - "Invalid connector (bku | onlinebku | mobilebku | moa | jks)"); + "Invalid connector (bku | onlinebku | mobilebku | moa | jks | sl20)"); } signParameter.setPreprocessorArguments(preProcessor); signParameter.setPlainSigner(signer); @@ -839,7 +871,7 @@ public class PdfAsHelper { PdfAsHelper.process(request, response, context); } - private static byte[] getCertificate( + public static byte[] getCertificate( InfoboxReadResponseType infoboxReadResponseType) { byte[] data = null; if (infoboxReadResponseType.getAssocArrayData() != null) { @@ -898,7 +930,7 @@ public class PdfAsHelper { public static void injectCertificate(HttpServletRequest request, HttpServletResponse response, - InfoboxReadResponseType infoboxReadResponseType, + byte[] certificate, ServletContext context) throws Exception { HttpSession session = request.getSession(); @@ -910,7 +942,7 @@ public class PdfAsHelper { + session.getId()); } - statusRequest.setCertificate(getCertificate(infoboxReadResponseType)); + statusRequest.setCertificate(certificate); statusRequest = pdfAs.process(statusRequest); session.setAttribute(PDF_STATUS, statusRequest); @@ -919,7 +951,7 @@ public class PdfAsHelper { public static void injectSignature(HttpServletRequest request, HttpServletResponse response, - CreateCMSSignatureResponseType createCMSSignatureResponseType, + byte[] cmsSginature, ServletContext context) throws Exception { logger.debug("Got CMS Signature Response"); @@ -933,8 +965,7 @@ public class PdfAsHelper { + session.getId()); } - statusRequest.setSigature(createCMSSignatureResponseType - .getCMSSignature()); + statusRequest.setSigature(cmsSginature); statusRequest = pdfAs.process(statusRequest); session.setAttribute(PDF_STATUS, statusRequest); @@ -996,21 +1027,35 @@ public class PdfAsHelper { String connector = (String) session.getAttribute(PDF_SL_INTERACTIVE); + //load connector + BaseSLConnector slConnector = null; if (connector.equals("bku") || connector.equals("onlinebku") - || connector.equals("mobilebku")) { - BKUSLConnector bkuSLConnector = (BKUSLConnector) session + || connector.equals("mobilebku")) + slConnector = (BKUSLConnector) session .getAttribute(PDF_SL_CONNECTOR); - - if (statusRequest.needCertificate()) { - logger.debug("Needing Certificate from BKU"); - // build SL Request to read certificate - InfoboxReadRequestType readCertificateRequest = bkuSLConnector - .createInfoboxReadRequest(statusRequest - .getSignParameter()); - + + else if (connector.equals("sl20")) + slConnector = (SL20Connector) session + .getAttribute(PDF_SL_CONNECTOR); + + else + throw new PdfAsWebException("Invalid connector: " + connector); + + JsonSecurityUtils joseTools = JsonSecurityUtils.getInstance(); + if (!joseTools.isInitialized()) + joseTools = null; + + if (statusRequest.needCertificate()) { + logger.debug("Needing Certificate from BKU"); + // build SL Request to read certificate + InfoboxReadRequestType readCertificateRequest = slConnector + .createInfoboxReadRequest(statusRequest + .getSignParameter()); + + if (slConnector instanceof BKUSLConnector) { JAXBElement readRequest = of .createInfoboxReadRequest(readCertificateRequest); - + String url = generateDataURL(request, response); String slRequest = SLMarschaller.marshalToString(readRequest); String template = getTemplateSL(); @@ -1021,7 +1066,7 @@ public class PdfAsHelper { StringEscapeUtils.escapeHtml4(slRequest)); template = template.replace("##DataURL##", url); template = template.replace("##LOCALE##", locale); - + if (statusRequest.getSignParameter().getTransactionId() != null) { template = template.replace( "##ADDITIONAL##", @@ -1034,70 +1079,220 @@ public class PdfAsHelper { } else { template = template.replace("##ADDITIONAL##", ""); } - + response.getWriter().write(template); // TODO: set content type of response!! response.setContentType("text/html"); response.getWriter().close(); - } else if (statusRequest.needSignature()) { - logger.debug("Needing Signature from BKU"); - // build SL Request for cms signature - RequestPackage pack = bkuSLConnector.createCMSRequest( - statusRequest.getSignatureData(), - statusRequest.getSignatureDataByteRange(), - statusRequest.getSignParameter()); - + + } else if (slConnector instanceof SL20Connector) { + //generate request for getCertificate command + SL20Connector sl20Connector = (SL20Connector)slConnector; + + //use 'SecureSigningKeypair' per default + String keyId = SL20Connector.SecureSignatureKeypair; + + java.security.cert.X509Certificate x5cEnc = null; + if (WebConfiguration.isSL20EncryptionEnabled() && joseTools != null) + x5cEnc = joseTools.getEncryptionCertificate(); + JsonObject getCertParams = + SL20JSONBuilderUtils.createGetCertificateCommandParameters( + keyId, generateDataURLSL20(request, response), x5cEnc); + + JsonObject sl20Req = null; + String reqId = UUID.randomUUID().toString(); + if (WebConfiguration.isSL20SigningEnabled()) { + String signedCertCommand = SL20JSONBuilderUtils.createSignedCommand( + SL20Constants.SL20_COMMAND_IDENTIFIER_GETCERTIFICATE, getCertParams, joseTools); + sl20Req = SL20JSONBuilderUtils.createGenericRequest(reqId, null, null, signedCertCommand); + + } else { + JsonObject getCertCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_GETCERTIFICATE, getCertParams); + sl20Req = SL20JSONBuilderUtils.createGenericRequest(reqId, null, getCertCommand, null); + + } + + //send SL20 request via Backend connection + JsonObject sl20Resp = sl20Connector.sendSL20Request(sl20Req, null, generateBKUURL(connector)); + if (sl20Resp == null) { + logger.info("Receive NO responce from SL2.0 connection. Process stops ... "); + throw new SLCommandoParserException(); + + } + + VerificationResult respPayloadContainer = SL20JSONExtractorUtils.extractSL20PayLoad( + sl20Resp, joseTools, WebConfiguration.isSL20SigningRequired()); + + if (respPayloadContainer.isValidSigned() == null) + logger.debug("Receive unsigned payLoad from VDA"); + + JsonObject respPayload = respPayloadContainer.getPayload(); + if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString() + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT)) { + logger.debug("Find 'redirect' command in VDA response ... "); + JsonObject params = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, true); + String redirectURL = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, true); + JsonObject command = SL20JSONExtractorUtils.getJSONObjectValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, false); + String signedCommand = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false); + + //create forward SL2.0 command + JsonObject sl20Forward = sl20Resp.deepCopy().getAsJsonObject(); + SL20JSONBuilderUtils.addOnlyOnceOfTwo(sl20Forward, + SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, + command, signedCommand); + + //store requestId + + request.getSession(false).setAttribute(PDF_SESSION_PREFIX + SL20Constants.SL20_REQID, reqId); + + //forward SL2.0 command + SL20HttpBindingUtils.writeIntoResponse(request, response, sl20Forward, redirectURL); + + } else if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString() + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) { + JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, false); + if (result == null) + result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false); + + String errorCode = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true); + String errorMsg = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true); + + logger.info("Receive SL2.0 error. Code:" + errorCode + " Msg:" + errorMsg); + throw new SL20Exception("sl20.08"); + + } else { + logger.warn("Received an unrecognized command: " + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()); + throw new SLCommandoParserException(); + + } + + } else + throw new PdfAsWebException("Invalid connector: " + slConnector.getClass().getName()); + + } else if (statusRequest.needSignature()) { + logger.debug("Needing Signature from BKU"); + // build SL Request for cms signature + RequestPackage pack = slConnector.createCMSRequest( + statusRequest.getSignatureData(), + statusRequest.getSignatureDataByteRange(), + statusRequest.getSignParameter()); + + if (slConnector instanceof BKUSLConnector) { String slRequest = SLMarschaller .marshalToString(of .createCreateCMSSignatureRequest(pack .getRequestType())); logger.trace("SL Request: " + slRequest); - + response.setContentType("text/xml"); response.getWriter().write(slRequest); response.getWriter().close(); + + } else if (slConnector instanceof SL20Connector) { + //convert byte range + List byteRanges = new ArrayList(); + for (int el : statusRequest.getSignatureDataByteRange()) + byteRanges.add(String.valueOf(el)); + + java.security.cert.X509Certificate x5cEnc = null; + if (WebConfiguration.isSL20EncryptionEnabled() && joseTools != null) + x5cEnc = joseTools.getEncryptionCertificate(); + + //set 'true' as default + boolean padesCompatibel = true; + if (pack.getRequestType().getPAdESFlag() != null) + padesCompatibel = pack.getRequestType().getPAdESFlag(); + + JsonObject createCAdESSigParams = + SL20JSONBuilderUtils.createCreateCAdESCommandParameters( + pack.getRequestType().getKeyboxIdentifier(), + statusRequest.getSignatureData(), + pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), + padesCompatibel , + byteRanges, + SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_BASIC, + generateDataURLSL20(request, response), + x5cEnc) ; + + JsonObject sl20CreateCAdES = null; + String reqId = UUID.randomUUID().toString(); + if (WebConfiguration.isSL20SigningEnabled()) { + String signedCertCommand = SL20JSONBuilderUtils.createSignedCommand( + SL20Constants.SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES, createCAdESSigParams, joseTools); + sl20CreateCAdES = SL20JSONBuilderUtils.createGenericRequest(reqId, null, null, signedCertCommand); + + } else { + JsonObject getCertCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES, createCAdESSigParams); + sl20CreateCAdES = SL20JSONBuilderUtils.createGenericRequest(UUID.randomUUID().toString(), null, getCertCommand, null); + + } + + request.getSession(false).setAttribute(PDF_SESSION_PREFIX + SL20Constants.SL20_REQID, reqId); + + //forward SL2.0 command + logger.trace("Write 'createCAdES' command to VDA: " + sl20CreateCAdES.toString()); + StringWriter writer = new StringWriter(); + writer.write(sl20CreateCAdES.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + } else + throw new PdfAsWebException("Invalid connector: " + slConnector.getClass().getName()); + + + + } else if (statusRequest.isReady()) { + // TODO: store pdf document redirect to Finish URL + logger.debug("Document ready!"); + + SignResult result = pdfAs.finishSign(statusRequest); + + ByteArrayOutputStream baos = (ByteArrayOutputStream) session + .getAttribute(PDF_OUTPUT); + baos.close(); + + PDFASVerificationResponse verResponse = new PDFASVerificationResponse(); + List verResults = PdfAsHelper.synchornousVerify( + baos.toByteArray(), -2, + PdfAsHelper.getVerificationLevel(request), null); + + if (verResults.size() != 1) { + throw new WebServiceException( + "Document verification failed!"); + } + VerifyResult verifyResult = verResults.get(0); - } else if (statusRequest.isReady()) { - // TODO: store pdf document redirect to Finish URL - logger.debug("Document ready!"); - - SignResult result = pdfAs.finishSign(statusRequest); - - ByteArrayOutputStream baos = (ByteArrayOutputStream) session - .getAttribute(PDF_OUTPUT); - baos.close(); - - PDFASVerificationResponse verResponse = new PDFASVerificationResponse(); - List verResults = PdfAsHelper.synchornousVerify( - baos.toByteArray(), -2, - PdfAsHelper.getVerificationLevel(request), null); + verResponse.setCertificateCode(verifyResult + .getCertificateCheck().getCode()); + verResponse.setValueCode(verifyResult.getValueCheckCode() + .getCode()); - if (verResults.size() != 1) { - throw new WebServiceException( - "Document verification failed!"); - } - VerifyResult verifyResult = verResults.get(0); + PdfAsHelper.setPDFASVerificationResponse(request, verResponse); + PdfAsHelper.setSignedPdf(request, response, baos.toByteArray()); - verResponse.setCertificateCode(verifyResult - .getCertificateCheck().getCode()); - verResponse.setValueCode(verifyResult.getValueCheckCode() - .getCode()); + String signerCert = Base64.encodeBase64String(result + .getSignerCertificate().getEncoded()); - PdfAsHelper.setPDFASVerificationResponse(request, verResponse); - PdfAsHelper.setSignedPdf(request, response, baos.toByteArray()); + PdfAsHelper.setSignerCertificate(request, signerCert); + + if (slConnector instanceof BKUSLConnector) { PdfAsHelper.gotoProvidePdf(context, request, response); - - String signerCert = Base64.encodeBase64String(result - .getSignerCertificate().getEncoded()); - - PdfAsHelper.setSignerCertificate(request, signerCert); - - } else { - throw new PdfAsWebException("Invalid state!"); - } + + } else if (slConnector instanceof SL20Connector) { + //TODO: add code to send SL20 redirect command to redirect the user from DataURL connection to App Front-End connection + String callUrl = generateProvideURL(request, response); + String transactionId = (String) request.getAttribute(PdfAsHelper.PDF_SESSION_PREFIX + SL20Constants.SL20_TRANSACTIONID); + buildSL20RedirectResponse(request, response, transactionId, callUrl); + + } else + throw new PdfAsWebException("Invalid connector: " + slConnector.getClass().getName()); + } else { - throw new PdfAsWebException("Invalid connector: " + connector); + throw new PdfAsWebException("Invalid state!"); } } @@ -1338,6 +1533,11 @@ public class PdfAsHelper { request.getSession(true); } + public static String generateDataURLSL20(HttpServletRequest request, + HttpServletResponse response) { + return generateURL(request, response, PDF_SL20_DATAURL_PAGE); + } + public static String generateDataURL(HttpServletRequest request, HttpServletResponse response) { return generateURL(request, response, PDF_DATAURL_PAGE); @@ -1385,6 +1585,8 @@ public class PdfAsHelper { return WebConfiguration.getOnlineBKUURL(); } else if (connector.equals("mobilebku")) { return WebConfiguration.getHandyBKUURL(); + } else if (connector.equals("sl20")) { + return WebConfiguration.getSecurityLayer20URL(); } return WebConfiguration.getLocalBKUURL(); } @@ -1542,4 +1744,64 @@ public class PdfAsHelper { public static String getSCMRevision() { return PdfAsFactory.getSCMRevision(); } + + public static void buildSL20RedirectResponse(HttpServletRequest request, HttpServletResponse response, String transactionId, String callURL) throws IOException, SL20Exception { + //create response + Map reqParameters = UrlParameterExtractor.splitQuery(new URL(callURL)); + + //extract URL without parameters + String url; + int paramIndex = callURL.indexOf("?"); + if (paramIndex == -1) + url = callURL; + else + url = callURL.substring(0, paramIndex); + + JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( + url, + SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, + false, + reqParameters); + JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); + + //build first redirect command for app + JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + null, + callCommand, null, true); + JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); + + //build second redirect command for IDP + JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + callURL, + redirectOneCommand, null, false); + JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); + + //build generic SL2.0 response container + JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest( + UUID.randomUUID().toString(), + transactionId, + redirectTwoCommand, + null); + + //workaround for A-Trust + if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && + request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE) + || true) { + logger.debug("Client request containts 'native client' header ... "); + logger.trace("SL20 response to VDA: " + respContainer); + StringWriter writer = new StringWriter(); + writer.write(respContainer.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + + } else { + logger.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); + throw new SL20Exception("sl20.06"); + + } + } } -- cgit v1.2.3 From 55d708efe16aa409665537dfc3647e9fe4bb669e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 23 Jul 2018 08:42:08 +0200 Subject: fix a small bug in session handling --- .../src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 4b776cb3..6eb80650 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -1141,8 +1141,7 @@ public class PdfAsHelper { SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, command, signedCommand); - //store requestId - + //store requestId request.getSession(false).setAttribute(PDF_SESSION_PREFIX + SL20Constants.SL20_REQID, reqId); //forward SL2.0 command @@ -1224,7 +1223,7 @@ public class PdfAsHelper { } else { JsonObject getCertCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES, createCAdESSigParams); - sl20CreateCAdES = SL20JSONBuilderUtils.createGenericRequest(UUID.randomUUID().toString(), null, getCertCommand, null); + sl20CreateCAdES = SL20JSONBuilderUtils.createGenericRequest(reqId, null, getCertCommand, null); } -- cgit v1.2.3 From e5f2601e931594572f88bb402343e39023dab939 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 25 Jul 2018 08:06:36 +0200 Subject: update to SL2.0 v0.61 fix a bug in SL2.0 impl for createCAdES --- .../java/at/gv/egiz/sl20/utils/SL20Constants.java | 5 ++- .../gv/egiz/sl20/utils/SL20JSONBuilderUtils.java | 44 +++++++++++++++++++--- .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 31 +++++++++++++-- 3 files changed, 69 insertions(+), 11 deletions(-) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java') diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20Constants.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20Constants.java index 59c3079d..fdefa1d9 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20Constants.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20Constants.java @@ -160,6 +160,8 @@ public class SL20Constants { //createCAdES Signture public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID = "keyId"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT = "content"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTURL = "contentUrl"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE = "contentMode"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE = "mimeType"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY = "padesComatibility"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE = "excludedByteRange"; @@ -176,7 +178,8 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_XL = "cAdES-X-L"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_A = "cAdES-A"; - + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_DETACHED = "detached"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_ENVELOPING = "enveloping"; //create binding key command public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID = "kontoID"; diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java index 40edb74b..7cbb7800 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java @@ -2,13 +2,10 @@ package at.gv.egiz.sl20.utils; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; -import java.util.Arrays; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import org.apache.commons.codec.binary.Base64; -import org.bouncycastle.util.encoders.Base64Encoder; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -182,14 +179,37 @@ public class SL20JSONBuilderUtils { } public static JsonObject createCreateCAdESCommandParameters(String keyId, - byte[] content, String mimeType, boolean padesCompatiblem, List byteRanges, String cadesLevel, + byte[] content, String contentUrl, String contentMode, String mimeType, boolean padesCompatiblem, List byteRanges, String cadesLevel, String dataUrl, X509Certificate x5cEnc) throws CertificateEncodingException, SLCommandoBuildException { JsonObject params = new JsonObject(); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID, keyId, true); - addSingleByteElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT, content, true); + + if (content != null && contentUrl != null) { + log.warn(SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT + " and " + + SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTURL + " can not SET TWICE"); + throw new SLCommandoBuildException(); + + } + + if (content != null) + addSingleByteElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT, content, true); + + else if (contentUrl != null ) + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTURL, contentUrl, true); + + else { + log.warn(SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT + " and " + + SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTURL + " is NULL"); + throw new SLCommandoBuildException(); + + } + + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE, contentMode, true); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE, mimeType, true); addSingleBooleanElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY, padesCompatiblem, false); - addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE, byteRanges); + + //addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE, byteRanges); + addArrayOfElements(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE, byteRanges); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL, cadesLevel, false); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL, dataUrl, true); addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_GETCERTIFICATE_X5CENC, x5cEnc, false); @@ -452,6 +472,18 @@ public class SL20JSONBuilderUtils { } } + private static void addArrayOfElements(JsonObject parent, String keyId, List values) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + if (values != null) { + JsonArray callReqParamsArray = new JsonArray(); + parent.add(keyId, callReqParamsArray ); + for(JsonElement el : values) + callReqParamsArray.add(el); + + } + + } + private static void addArrayOfStrings(JsonObject parent, String keyId, List values) throws SLCommandoBuildException { validateParentAndKey(parent, keyId); if (values != null) { diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 6eb80650..75249e78 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -60,6 +60,8 @@ import org.apache.http.entity.ContentType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.google.gson.JsonArray; +import com.google.gson.JsonElement; import com.google.gson.JsonObject; import at.gv.egiz.pdfas.api.ws.PDFASSignParameters; @@ -67,6 +69,7 @@ import at.gv.egiz.pdfas.api.ws.PDFASSignParameters.Connector; import at.gv.egiz.pdfas.api.ws.PDFASSignResponse; import at.gv.egiz.pdfas.api.ws.PDFASVerificationResponse; import at.gv.egiz.pdfas.common.exceptions.PDFASError; +import at.gv.egiz.pdfas.common.utils.PDFUtils; import at.gv.egiz.pdfas.lib.api.ByteArrayDataSource; import at.gv.egiz.pdfas.lib.api.Configuration; import at.gv.egiz.pdfas.lib.api.IConfigurationConstants; @@ -1190,9 +1193,24 @@ public class PdfAsHelper { } else if (slConnector instanceof SL20Connector) { //convert byte range - List byteRanges = new ArrayList(); - for (int el : statusRequest.getSignatureDataByteRange()) - byteRanges.add(String.valueOf(el)); + + int[] exclude_range = PDFUtils.buildExcludeRange(statusRequest.getSignatureDataByteRange()); + logger.info("Exclude Byte Range: " + exclude_range[0] + " " + exclude_range[1]); + + List byteRanges = new ArrayList(); + if (statusRequest.getSignatureDataByteRange().length % 2 != 0) { + logger.warn("ByteRange is not a set of pairs. Something is maybe suspect"); + + } + + for (int i=0; i Date: Thu, 26 Jul 2018 11:23:47 +0200 Subject: add logger on trace level for request/response debugging --- pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java | 4 +++- .../src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 2 ++ .../main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java | 6 ++++-- .../main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java | 1 + 4 files changed, 10 insertions(+), 3 deletions(-) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java') diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java index a82771bd..3088a564 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java @@ -62,7 +62,9 @@ public class SL20Connector extends BaseSLConnector { HttpResponse httpResp = httpClient.execute(httpReq); log.debug("Response from VDA received "); - return SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp); + JsonObject sl20Resp = SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp); + log.trace("SL20 command: " + sl20Resp.toString()); + return sl20Resp; } catch (URISyntaxException | IOException e) { log.warn("Can NOT build SL20 http requst. Reason:" + e.getMessage(), e); diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 75249e78..1cef0796 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -1805,6 +1805,8 @@ public class PdfAsHelper { redirectTwoCommand, null); + logger.trace("SL2.0 command: " + respContainer.toString()); + //workaround for A-Trust if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE) diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java index 7ddf0a55..31f5a2ef 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java @@ -93,7 +93,7 @@ public class SLDataURLServlet extends HttpServlet { } - logger.trace("Received SL2.0 result: " + sl20Result); + logger.trace("Received SL2.0 command: " + sl20Result); //parse SL2.0 command/result into JSON try { @@ -144,6 +144,8 @@ public class SLDataURLServlet extends HttpServlet { //extract payloaf JsonObject payLoad = payLoadContainer.getPayload(); + logger.trace("SL2.0 payLoad on DataURL: " + payLoad.toString()); + //check response type if (SL20JSONExtractorUtils.getStringValue( payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true) @@ -175,7 +177,7 @@ public class SLDataURLServlet extends HttpServlet { List sortedCerts = X509Utils.sortCertificates(certs); logger.debug("Sorting of certificate completed. Select end-user certificate ... "); - PdfAsHelper.injectCertificate(request, response, Base64.getDecoder().decode(sortedCerts.get(0).getEncoded()), getServletContext()); + PdfAsHelper.injectCertificate(request, response, sortedCerts.get(0).getEncoded(), getServletContext()); } diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java index f5d6ff55..e43ebfcf 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java @@ -21,6 +21,7 @@ public class SL20HttpBindingUtils { public static void writeIntoResponse(HttpServletRequest request, HttpServletResponse response, JsonObject sl20Forward, String redirectURL) throws IOException, URISyntaxException { //forward SL2.0 command + log.trace("SL20 command: " + sl20Forward.toString()); if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { log.debug("Client request containts 'native client' header ... "); -- cgit v1.2.3 From 236cd00a49b04523a325e06fdc8839be9049f892 Mon Sep 17 00:00:00 2001 From: emusic Date: Fri, 27 Jul 2018 12:28:01 +0200 Subject: adding additional data transfer type --- .../gv/egiz/sl20/utils/SL20JSONBuilderUtils.java | 4 +- .../gv/egiz/sl20/utils/SL20JSONExtractorUtils.java | 10 +-- .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 10 ++- .../at/gv/egiz/pdfas/web/servlets/PDFURLData.java | 86 ++++++++++++++++++++++ 4 files changed, 99 insertions(+), 11 deletions(-) create mode 100644 pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java') diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java index 40edb74b..efbc2890 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java @@ -182,11 +182,11 @@ public class SL20JSONBuilderUtils { } public static JsonObject createCreateCAdESCommandParameters(String keyId, - byte[] content, String mimeType, boolean padesCompatiblem, List byteRanges, String cadesLevel, + String pdfUrl, String mimeType, boolean padesCompatiblem, List byteRanges, String cadesLevel, String dataUrl, X509Certificate x5cEnc) throws CertificateEncodingException, SLCommandoBuildException { JsonObject params = new JsonObject(); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID, keyId, true); - addSingleByteElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT, content, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT, pdfUrl, true); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE, mimeType, true); addSingleBooleanElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY, padesCompatiblem, false); addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE, byteRanges); diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONExtractorUtils.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONExtractorUtils.java index 5a438e16..5fbce83b 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONExtractorUtils.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONExtractorUtils.java @@ -206,8 +206,7 @@ public class SL20JSONExtractorUtils { } } - - + public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception { JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); JsonElement encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); @@ -242,20 +241,15 @@ public class SL20JSONExtractorUtils { } } else - throw e; - + throw e; } - } else if (result != null) { return result; } else { log.error("Internal build error"); throw new SLCommandoParserException(); - } - - } /** diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 4b776cb3..bd904aae 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -122,6 +122,7 @@ public class PdfAsHelper { private static final String PDF_ERROR_PAGE = "/ErrorPage"; private static final String PDF_PROVIDE_PAGE = "/ProvidePDF"; private static final String PDF_PDFDATA_PAGE = "/PDFData"; + private static final String PDF_PDFDATAURL_PAGE = "/PDFURLData"; private static final String PDF_DATAURL_PAGE = "/DataURL"; private static final String PDF_SL20_DATAURL_PAGE = "/DataURLSL20"; private static final String PDF_USERENTRY_PAGE = "/userentry"; @@ -1207,7 +1208,8 @@ public class PdfAsHelper { JsonObject createCAdESSigParams = SL20JSONBuilderUtils.createCreateCAdESCommandParameters( pack.getRequestType().getKeyboxIdentifier(), - statusRequest.getSignatureData(), + //statusRequest.getSignatureData(), + generateNSPdfURL(request,response), pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), padesCompatibel , byteRanges, @@ -1558,6 +1560,12 @@ public class PdfAsHelper { return generateURL(request, response, PDF_PDFDATA_PAGE); } + public static String generateNSPdfURL(HttpServletRequest request, + HttpServletResponse response) { + return generateURL(request, response, PDF_PDFDATAURL_PAGE); + } + + public static String generateUserEntryURL(String storeId) { String publicURL = WebConfiguration.getPublicURL(); if (publicURL == null) { diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java new file mode 100644 index 00000000..9dfa0d16 --- /dev/null +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java @@ -0,0 +1,86 @@ +package at.gv.egiz.pdfas.web.servlets; + +import at.gv.egiz.pdfas.api.ws.PDFASVerificationResponse; +import at.gv.egiz.pdfas.common.exceptions.PDFIOException; +import at.gv.egiz.pdfas.common.utils.PDFUtils; +import at.gv.egiz.pdfas.lib.api.StatusRequest; +import at.gv.egiz.pdfas.web.config.WebConfiguration; +import at.gv.egiz.pdfas.web.helper.PdfAsHelper; +import at.gv.egiz.pdfas.web.helper.PdfAsParameterExtractor; +import at.gv.egiz.pdfas.web.stats.StatisticEvent; +import at.gv.egiz.pdfas.web.stats.StatisticFrontend; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.IOException; +import java.io.OutputStream; + +public class PDFURLData extends HttpServlet { + + private static final long serialVersionUID = 1L; + private static final String PDF_STATUS = "PDF_STATUS"; + + + private static final Logger logger = LoggerFactory.getLogger(PDFData.class); + + /** + * @see HttpServlet#HttpServlet() + */ + public PDFURLData() { + super(); + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + this.process(request, response); + } catch (PDFIOException e) { + response.sendError(500, "file cannot be transfered"); + } + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + this.process(request, response); + } + + protected void process(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException, PDFIOException { + + HttpSession session = request.getSession(); + StatusRequest statusRequest = (StatusRequest) session + .getAttribute(PDF_STATUS); + + byte[] nonSignedData = statusRequest.getSignatureData(); + + if (nonSignedData != null) { + + byte[] blackoutnonSignedData = PDFUtils.blackOutSignature(nonSignedData, statusRequest.getSignatureDataByteRange()); + + + response.setContentType("application/pdf"); + OutputStream os = response.getOutputStream(); + os.write(blackoutnonSignedData); + os.close(); + + } else { + PdfAsHelper.setSessionException(request, response, + "todo", null); + PdfAsHelper.gotoError(getServletContext(), request, response); + response.sendError(500, ''); + } + } +} \ No newline at end of file -- cgit v1.2.3 From 091b70d41a2a544277612d9f41b0d321f057b0f9 Mon Sep 17 00:00:00 2001 From: emusic Date: Fri, 27 Jul 2018 12:58:16 +0200 Subject: adding transfer of pdf file via pdfurl --- ...org_apache_commons_commons_collections4_4_2.xml | 11 ++++++++++ .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 2 +- .../at/gv/egiz/pdfas/web/servlets/PDFURLData.java | 25 +++++++++++----------- 3 files changed, 25 insertions(+), 13 deletions(-) create mode 100644 .idea/libraries/Gradle__org_apache_commons_commons_collections4_4_2.xml (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java') diff --git a/.idea/libraries/Gradle__org_apache_commons_commons_collections4_4_2.xml b/.idea/libraries/Gradle__org_apache_commons_commons_collections4_4_2.xml new file mode 100644 index 00000000..1351c542 --- /dev/null +++ b/.idea/libraries/Gradle__org_apache_commons_commons_collections4_4_2.xml @@ -0,0 +1,11 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 4b69e5a8..23e16ec3 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -1228,7 +1228,7 @@ public class PdfAsHelper { JsonObject createCAdESSigParams = SL20JSONBuilderUtils.createCreateCAdESCommandParameters( pack.getRequestType().getKeyboxIdentifier(), - //statusRequest.getSignatureData(), + null, generateNSPdfURL(request,response), SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_DETACHED, pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java index 9dfa0d16..d4112cad 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java @@ -1,14 +1,8 @@ package at.gv.egiz.pdfas.web.servlets; -import at.gv.egiz.pdfas.api.ws.PDFASVerificationResponse; import at.gv.egiz.pdfas.common.exceptions.PDFIOException; import at.gv.egiz.pdfas.common.utils.PDFUtils; import at.gv.egiz.pdfas.lib.api.StatusRequest; -import at.gv.egiz.pdfas.web.config.WebConfiguration; -import at.gv.egiz.pdfas.web.helper.PdfAsHelper; -import at.gv.egiz.pdfas.web.helper.PdfAsParameterExtractor; -import at.gv.egiz.pdfas.web.stats.StatisticEvent; -import at.gv.egiz.pdfas.web.stats.StatisticFrontend; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -54,7 +48,10 @@ public class PDFURLData extends HttpServlet { */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - this.process(request, response); + try { + this.process(request, response); + } catch (PDFIOException e) { + response.sendError(500, "internal server error"); } } protected void process(HttpServletRequest request, @@ -64,23 +61,27 @@ public class PDFURLData extends HttpServlet { StatusRequest statusRequest = (StatusRequest) session .getAttribute(PDF_STATUS); + if(statusRequest!=null) + { byte[] nonSignedData = statusRequest.getSignatureData(); if (nonSignedData != null) { byte[] blackoutnonSignedData = PDFUtils.blackOutSignature(nonSignedData, statusRequest.getSignatureDataByteRange()); - response.setContentType("application/pdf"); OutputStream os = response.getOutputStream(); os.write(blackoutnonSignedData); os.close(); + logger.debug("pdf file transfer finished"); } else { - PdfAsHelper.setSessionException(request, response, - "todo", null); - PdfAsHelper.gotoError(getServletContext(), request, response); - response.sendError(500, ''); + logger.info("no pdf document is found"); + response.sendError(500, "no signed data found"); + } + } else { + logger.info("no session found"); + response.sendError(500, "no signed data found"); } } } \ No newline at end of file -- cgit v1.2.3 From be27da36e9b1e319bf8910228cdbcdd502afbc9d Mon Sep 17 00:00:00 2001 From: emusic Date: Tue, 18 Sep 2018 10:16:56 +0200 Subject: changes in pdfurl --- .../configuration/cfg/advancedconfig.properties | 6 ---- .../src/main/configuration/pdf-as-web.properties | 1 + .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 42 +++++++++++++++------- 3 files changed, 30 insertions(+), 19 deletions(-) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java') diff --git a/pdf-as-lib/src/configuration/cfg/advancedconfig.properties b/pdf-as-lib/src/configuration/cfg/advancedconfig.properties index 858b652f..e2d39c1c 100644 --- a/pdf-as-lib/src/configuration/cfg/advancedconfig.properties +++ b/pdf-as-lib/src/configuration/cfg/advancedconfig.properties @@ -105,9 +105,3 @@ default.verifier.01=at.gv.egiz.pdfas.sigs.pades.PAdESVerifier #sigblock.placement.bgcolor.detection.enabled=true #sigblock.placement.debug.file=/home/user/temp/debugImg.png #runtime.backend=PDFBOX_2_BACKEND - -################## -# Protect PDF files from copying and extractiong content -# Set values to be true|false|unchanged - -default.protectPDF = true diff --git a/pdf-as-web/src/main/configuration/pdf-as-web.properties b/pdf-as-web/src/main/configuration/pdf-as-web.properties index 59d76607..4cc59a47 100644 --- a/pdf-as-web/src/main/configuration/pdf-as-web.properties +++ b/pdf-as-web/src/main/configuration/pdf-as-web.properties @@ -85,3 +85,4 @@ sl20.debug.signed.result.enabled=false sl20.debug.signed.result.required=false sl20.debug.encryption.enabled=false sl20.debug.encryption.required=false +sl20.transfermode.filesize=20000000 \ No newline at end of file diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 23e16ec3..8aeda417 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -1224,19 +1224,35 @@ public class PdfAsHelper { byte[] data = PDFUtils.blackOutSignature(statusRequest.getSignatureData(), statusRequest.getSignatureDataByteRange()); - - JsonObject createCAdESSigParams = - SL20JSONBuilderUtils.createCreateCAdESCommandParameters( - pack.getRequestType().getKeyboxIdentifier(), - null, - generateNSPdfURL(request,response), - SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_DETACHED, - pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), - padesCompatibel , - byteRanges, - SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_BASIC, - generateDataURLSL20(request, response), - x5cEnc) ; + JsonObject createCAdESSigParams; + if(data.length>20000000) { + createCAdESSigParams = + SL20JSONBuilderUtils.createCreateCAdESCommandParameters( + pack.getRequestType().getKeyboxIdentifier(), + null, + generateNSPdfURL(request, response), + SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_DETACHED, + pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), + padesCompatibel, + byteRanges, + SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_BASIC, + generateDataURLSL20(request, response), + x5cEnc); + } else + { + createCAdESSigParams = + SL20JSONBuilderUtils.createCreateCAdESCommandParameters( + pack.getRequestType().getKeyboxIdentifier(), + data, + null, + SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_DETACHED, + pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), + padesCompatibel, + byteRanges, + SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_BASIC, + generateDataURLSL20(request, response), + x5cEnc); + } JsonObject sl20CreateCAdES = null; String reqId = UUID.randomUUID().toString(); -- cgit v1.2.3