From 9acf3c2e8aca9016daf76785747d838cdc5b0330 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 9 Jul 2018 10:11:25 +0200 Subject: add SL20 connecter-backend in a first beta version (getCertificate looks good, create signature is untested) --- .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 390 +++++++++++++++++---- 1 file changed, 326 insertions(+), 64 deletions(-) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 3aad831d..4b776cb3 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -30,12 +30,17 @@ import java.awt.image.RenderedImage; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.IOException; +import java.io.StringWriter; import java.io.UnsupportedEncodingException; +import java.net.URL; import java.net.URLEncoder; import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.UUID; import javax.imageio.ImageIO; import javax.servlet.RequestDispatcher; @@ -51,9 +56,12 @@ import org.apache.commons.codec.binary.Base64; import org.apache.commons.io.FileUtils; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringEscapeUtils; +import org.apache.http.entity.ContentType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.google.gson.JsonObject; + import at.gv.egiz.pdfas.api.ws.PDFASSignParameters; import at.gv.egiz.pdfas.api.ws.PDFASSignParameters.Connector; import at.gv.egiz.pdfas.api.ws.PDFASSignResponse; @@ -77,6 +85,8 @@ import at.gv.egiz.pdfas.sigs.pades.PAdESSignerKeystore; import at.gv.egiz.pdfas.web.config.WebConfiguration; import at.gv.egiz.pdfas.web.exception.PdfAsWebException; import at.gv.egiz.pdfas.web.servlets.UIEntryPointServlet; +import at.gv.egiz.pdfas.web.sl20.JsonSecurityUtils; +import at.gv.egiz.pdfas.web.sl20.SL20HttpBindingUtils; import at.gv.egiz.pdfas.web.stats.StatisticEvent; import at.gv.egiz.sl.schema.CreateCMSSignatureResponseType; import at.gv.egiz.sl.schema.InfoboxAssocArrayPairType; @@ -84,8 +94,16 @@ import at.gv.egiz.sl.schema.InfoboxReadRequestType; import at.gv.egiz.sl.schema.InfoboxReadResponseType; import at.gv.egiz.sl.schema.ObjectFactory; import at.gv.egiz.sl.util.BKUSLConnector; +import at.gv.egiz.sl.util.BaseSLConnector; import at.gv.egiz.sl.util.RequestPackage; import at.gv.egiz.sl.util.SLMarschaller; +import at.gv.egiz.sl20.SL20Connector; +import at.gv.egiz.sl20.data.VerificationResult; +import at.gv.egiz.sl20.exceptions.SL20Exception; +import at.gv.egiz.sl20.exceptions.SLCommandoParserException; +import at.gv.egiz.sl20.utils.SL20Constants; +import at.gv.egiz.sl20.utils.SL20JSONBuilderUtils; +import at.gv.egiz.sl20.utils.SL20JSONExtractorUtils; public class PdfAsHelper { @@ -105,6 +123,7 @@ public class PdfAsHelper { private static final String PDF_PROVIDE_PAGE = "/ProvidePDF"; private static final String PDF_PDFDATA_PAGE = "/PDFData"; private static final String PDF_DATAURL_PAGE = "/DataURL"; + private static final String PDF_SL20_DATAURL_PAGE = "/DataURLSL20"; private static final String PDF_USERENTRY_PAGE = "/userentry"; private static final String PDF_ERR_URL = "PDF_ERR_URL"; private static final String PDF_FILE_NAME = "PDF_FILE_NAME"; @@ -118,6 +137,7 @@ public class PdfAsHelper { private static final String SIGNATURE_ACTIVE = "SIGNATURE_ACTIVE"; private static final String VERIFICATION_RESULT = "VERIFICATION_RESULT"; private static final String QRCODE_CONTENT = "QR_CONT"; + public static final String PDF_SESSION_PREFIX = "PDF_SESSION_"; private static final Logger logger = LoggerFactory .getLogger(PdfAsHelper.class); @@ -707,6 +727,12 @@ public class PdfAsHelper { // conn.setBase64(true); signer = new PAdESSigner(conn); session.setAttribute(PDF_SL_CONNECTOR, conn); + + } else if (connector.equals("sl20")) { + SL20Connector conn = new SL20Connector(config); + signer = new PAdESSigner(conn); + session.setAttribute(PDF_SL_CONNECTOR, conn); + } else { throw new PdfAsWebException( "Invalid connector (bku | onlinebku | mobilebku | moa | jks)"); @@ -794,9 +820,15 @@ public class PdfAsHelper { // conn.setBase64(true); signer = new PAdESSigner(conn); session.setAttribute(PDF_SL_CONNECTOR, conn); + + } else if (connector.equals("sl20")) { + SL20Connector conn = new SL20Connector(config); + signer = new PAdESSigner(conn); + session.setAttribute(PDF_SL_CONNECTOR, conn); + } else { throw new PdfAsWebException( - "Invalid connector (bku | onlinebku | mobilebku | moa | jks)"); + "Invalid connector (bku | onlinebku | mobilebku | moa | jks | sl20)"); } signParameter.setPreprocessorArguments(preProcessor); signParameter.setPlainSigner(signer); @@ -839,7 +871,7 @@ public class PdfAsHelper { PdfAsHelper.process(request, response, context); } - private static byte[] getCertificate( + public static byte[] getCertificate( InfoboxReadResponseType infoboxReadResponseType) { byte[] data = null; if (infoboxReadResponseType.getAssocArrayData() != null) { @@ -898,7 +930,7 @@ public class PdfAsHelper { public static void injectCertificate(HttpServletRequest request, HttpServletResponse response, - InfoboxReadResponseType infoboxReadResponseType, + byte[] certificate, ServletContext context) throws Exception { HttpSession session = request.getSession(); @@ -910,7 +942,7 @@ public class PdfAsHelper { + session.getId()); } - statusRequest.setCertificate(getCertificate(infoboxReadResponseType)); + statusRequest.setCertificate(certificate); statusRequest = pdfAs.process(statusRequest); session.setAttribute(PDF_STATUS, statusRequest); @@ -919,7 +951,7 @@ public class PdfAsHelper { public static void injectSignature(HttpServletRequest request, HttpServletResponse response, - CreateCMSSignatureResponseType createCMSSignatureResponseType, + byte[] cmsSginature, ServletContext context) throws Exception { logger.debug("Got CMS Signature Response"); @@ -933,8 +965,7 @@ public class PdfAsHelper { + session.getId()); } - statusRequest.setSigature(createCMSSignatureResponseType - .getCMSSignature()); + statusRequest.setSigature(cmsSginature); statusRequest = pdfAs.process(statusRequest); session.setAttribute(PDF_STATUS, statusRequest); @@ -996,21 +1027,35 @@ public class PdfAsHelper { String connector = (String) session.getAttribute(PDF_SL_INTERACTIVE); + //load connector + BaseSLConnector slConnector = null; if (connector.equals("bku") || connector.equals("onlinebku") - || connector.equals("mobilebku")) { - BKUSLConnector bkuSLConnector = (BKUSLConnector) session + || connector.equals("mobilebku")) + slConnector = (BKUSLConnector) session .getAttribute(PDF_SL_CONNECTOR); - - if (statusRequest.needCertificate()) { - logger.debug("Needing Certificate from BKU"); - // build SL Request to read certificate - InfoboxReadRequestType readCertificateRequest = bkuSLConnector - .createInfoboxReadRequest(statusRequest - .getSignParameter()); - + + else if (connector.equals("sl20")) + slConnector = (SL20Connector) session + .getAttribute(PDF_SL_CONNECTOR); + + else + throw new PdfAsWebException("Invalid connector: " + connector); + + JsonSecurityUtils joseTools = JsonSecurityUtils.getInstance(); + if (!joseTools.isInitialized()) + joseTools = null; + + if (statusRequest.needCertificate()) { + logger.debug("Needing Certificate from BKU"); + // build SL Request to read certificate + InfoboxReadRequestType readCertificateRequest = slConnector + .createInfoboxReadRequest(statusRequest + .getSignParameter()); + + if (slConnector instanceof BKUSLConnector) { JAXBElement readRequest = of .createInfoboxReadRequest(readCertificateRequest); - + String url = generateDataURL(request, response); String slRequest = SLMarschaller.marshalToString(readRequest); String template = getTemplateSL(); @@ -1021,7 +1066,7 @@ public class PdfAsHelper { StringEscapeUtils.escapeHtml4(slRequest)); template = template.replace("##DataURL##", url); template = template.replace("##LOCALE##", locale); - + if (statusRequest.getSignParameter().getTransactionId() != null) { template = template.replace( "##ADDITIONAL##", @@ -1034,70 +1079,220 @@ public class PdfAsHelper { } else { template = template.replace("##ADDITIONAL##", ""); } - + response.getWriter().write(template); // TODO: set content type of response!! response.setContentType("text/html"); response.getWriter().close(); - } else if (statusRequest.needSignature()) { - logger.debug("Needing Signature from BKU"); - // build SL Request for cms signature - RequestPackage pack = bkuSLConnector.createCMSRequest( - statusRequest.getSignatureData(), - statusRequest.getSignatureDataByteRange(), - statusRequest.getSignParameter()); - + + } else if (slConnector instanceof SL20Connector) { + //generate request for getCertificate command + SL20Connector sl20Connector = (SL20Connector)slConnector; + + //use 'SecureSigningKeypair' per default + String keyId = SL20Connector.SecureSignatureKeypair; + + java.security.cert.X509Certificate x5cEnc = null; + if (WebConfiguration.isSL20EncryptionEnabled() && joseTools != null) + x5cEnc = joseTools.getEncryptionCertificate(); + JsonObject getCertParams = + SL20JSONBuilderUtils.createGetCertificateCommandParameters( + keyId, generateDataURLSL20(request, response), x5cEnc); + + JsonObject sl20Req = null; + String reqId = UUID.randomUUID().toString(); + if (WebConfiguration.isSL20SigningEnabled()) { + String signedCertCommand = SL20JSONBuilderUtils.createSignedCommand( + SL20Constants.SL20_COMMAND_IDENTIFIER_GETCERTIFICATE, getCertParams, joseTools); + sl20Req = SL20JSONBuilderUtils.createGenericRequest(reqId, null, null, signedCertCommand); + + } else { + JsonObject getCertCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_GETCERTIFICATE, getCertParams); + sl20Req = SL20JSONBuilderUtils.createGenericRequest(reqId, null, getCertCommand, null); + + } + + //send SL20 request via Backend connection + JsonObject sl20Resp = sl20Connector.sendSL20Request(sl20Req, null, generateBKUURL(connector)); + if (sl20Resp == null) { + logger.info("Receive NO responce from SL2.0 connection. Process stops ... "); + throw new SLCommandoParserException(); + + } + + VerificationResult respPayloadContainer = SL20JSONExtractorUtils.extractSL20PayLoad( + sl20Resp, joseTools, WebConfiguration.isSL20SigningRequired()); + + if (respPayloadContainer.isValidSigned() == null) + logger.debug("Receive unsigned payLoad from VDA"); + + JsonObject respPayload = respPayloadContainer.getPayload(); + if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString() + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT)) { + logger.debug("Find 'redirect' command in VDA response ... "); + JsonObject params = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, true); + String redirectURL = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, true); + JsonObject command = SL20JSONExtractorUtils.getJSONObjectValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, false); + String signedCommand = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false); + + //create forward SL2.0 command + JsonObject sl20Forward = sl20Resp.deepCopy().getAsJsonObject(); + SL20JSONBuilderUtils.addOnlyOnceOfTwo(sl20Forward, + SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, + command, signedCommand); + + //store requestId + + request.getSession(false).setAttribute(PDF_SESSION_PREFIX + SL20Constants.SL20_REQID, reqId); + + //forward SL2.0 command + SL20HttpBindingUtils.writeIntoResponse(request, response, sl20Forward, redirectURL); + + } else if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString() + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) { + JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, false); + if (result == null) + result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false); + + String errorCode = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true); + String errorMsg = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true); + + logger.info("Receive SL2.0 error. Code:" + errorCode + " Msg:" + errorMsg); + throw new SL20Exception("sl20.08"); + + } else { + logger.warn("Received an unrecognized command: " + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()); + throw new SLCommandoParserException(); + + } + + } else + throw new PdfAsWebException("Invalid connector: " + slConnector.getClass().getName()); + + } else if (statusRequest.needSignature()) { + logger.debug("Needing Signature from BKU"); + // build SL Request for cms signature + RequestPackage pack = slConnector.createCMSRequest( + statusRequest.getSignatureData(), + statusRequest.getSignatureDataByteRange(), + statusRequest.getSignParameter()); + + if (slConnector instanceof BKUSLConnector) { String slRequest = SLMarschaller .marshalToString(of .createCreateCMSSignatureRequest(pack .getRequestType())); logger.trace("SL Request: " + slRequest); - + response.setContentType("text/xml"); response.getWriter().write(slRequest); response.getWriter().close(); + + } else if (slConnector instanceof SL20Connector) { + //convert byte range + List byteRanges = new ArrayList(); + for (int el : statusRequest.getSignatureDataByteRange()) + byteRanges.add(String.valueOf(el)); + + java.security.cert.X509Certificate x5cEnc = null; + if (WebConfiguration.isSL20EncryptionEnabled() && joseTools != null) + x5cEnc = joseTools.getEncryptionCertificate(); + + //set 'true' as default + boolean padesCompatibel = true; + if (pack.getRequestType().getPAdESFlag() != null) + padesCompatibel = pack.getRequestType().getPAdESFlag(); + + JsonObject createCAdESSigParams = + SL20JSONBuilderUtils.createCreateCAdESCommandParameters( + pack.getRequestType().getKeyboxIdentifier(), + statusRequest.getSignatureData(), + pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), + padesCompatibel , + byteRanges, + SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_BASIC, + generateDataURLSL20(request, response), + x5cEnc) ; + + JsonObject sl20CreateCAdES = null; + String reqId = UUID.randomUUID().toString(); + if (WebConfiguration.isSL20SigningEnabled()) { + String signedCertCommand = SL20JSONBuilderUtils.createSignedCommand( + SL20Constants.SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES, createCAdESSigParams, joseTools); + sl20CreateCAdES = SL20JSONBuilderUtils.createGenericRequest(reqId, null, null, signedCertCommand); + + } else { + JsonObject getCertCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES, createCAdESSigParams); + sl20CreateCAdES = SL20JSONBuilderUtils.createGenericRequest(UUID.randomUUID().toString(), null, getCertCommand, null); + + } + + request.getSession(false).setAttribute(PDF_SESSION_PREFIX + SL20Constants.SL20_REQID, reqId); + + //forward SL2.0 command + logger.trace("Write 'createCAdES' command to VDA: " + sl20CreateCAdES.toString()); + StringWriter writer = new StringWriter(); + writer.write(sl20CreateCAdES.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + } else + throw new PdfAsWebException("Invalid connector: " + slConnector.getClass().getName()); + + + + } else if (statusRequest.isReady()) { + // TODO: store pdf document redirect to Finish URL + logger.debug("Document ready!"); + + SignResult result = pdfAs.finishSign(statusRequest); + + ByteArrayOutputStream baos = (ByteArrayOutputStream) session + .getAttribute(PDF_OUTPUT); + baos.close(); + + PDFASVerificationResponse verResponse = new PDFASVerificationResponse(); + List verResults = PdfAsHelper.synchornousVerify( + baos.toByteArray(), -2, + PdfAsHelper.getVerificationLevel(request), null); + + if (verResults.size() != 1) { + throw new WebServiceException( + "Document verification failed!"); + } + VerifyResult verifyResult = verResults.get(0); - } else if (statusRequest.isReady()) { - // TODO: store pdf document redirect to Finish URL - logger.debug("Document ready!"); - - SignResult result = pdfAs.finishSign(statusRequest); - - ByteArrayOutputStream baos = (ByteArrayOutputStream) session - .getAttribute(PDF_OUTPUT); - baos.close(); - - PDFASVerificationResponse verResponse = new PDFASVerificationResponse(); - List verResults = PdfAsHelper.synchornousVerify( - baos.toByteArray(), -2, - PdfAsHelper.getVerificationLevel(request), null); + verResponse.setCertificateCode(verifyResult + .getCertificateCheck().getCode()); + verResponse.setValueCode(verifyResult.getValueCheckCode() + .getCode()); - if (verResults.size() != 1) { - throw new WebServiceException( - "Document verification failed!"); - } - VerifyResult verifyResult = verResults.get(0); + PdfAsHelper.setPDFASVerificationResponse(request, verResponse); + PdfAsHelper.setSignedPdf(request, response, baos.toByteArray()); - verResponse.setCertificateCode(verifyResult - .getCertificateCheck().getCode()); - verResponse.setValueCode(verifyResult.getValueCheckCode() - .getCode()); + String signerCert = Base64.encodeBase64String(result + .getSignerCertificate().getEncoded()); - PdfAsHelper.setPDFASVerificationResponse(request, verResponse); - PdfAsHelper.setSignedPdf(request, response, baos.toByteArray()); + PdfAsHelper.setSignerCertificate(request, signerCert); + + if (slConnector instanceof BKUSLConnector) { PdfAsHelper.gotoProvidePdf(context, request, response); - - String signerCert = Base64.encodeBase64String(result - .getSignerCertificate().getEncoded()); - - PdfAsHelper.setSignerCertificate(request, signerCert); - - } else { - throw new PdfAsWebException("Invalid state!"); - } + + } else if (slConnector instanceof SL20Connector) { + //TODO: add code to send SL20 redirect command to redirect the user from DataURL connection to App Front-End connection + String callUrl = generateProvideURL(request, response); + String transactionId = (String) request.getAttribute(PdfAsHelper.PDF_SESSION_PREFIX + SL20Constants.SL20_TRANSACTIONID); + buildSL20RedirectResponse(request, response, transactionId, callUrl); + + } else + throw new PdfAsWebException("Invalid connector: " + slConnector.getClass().getName()); + } else { - throw new PdfAsWebException("Invalid connector: " + connector); + throw new PdfAsWebException("Invalid state!"); } } @@ -1338,6 +1533,11 @@ public class PdfAsHelper { request.getSession(true); } + public static String generateDataURLSL20(HttpServletRequest request, + HttpServletResponse response) { + return generateURL(request, response, PDF_SL20_DATAURL_PAGE); + } + public static String generateDataURL(HttpServletRequest request, HttpServletResponse response) { return generateURL(request, response, PDF_DATAURL_PAGE); @@ -1385,6 +1585,8 @@ public class PdfAsHelper { return WebConfiguration.getOnlineBKUURL(); } else if (connector.equals("mobilebku")) { return WebConfiguration.getHandyBKUURL(); + } else if (connector.equals("sl20")) { + return WebConfiguration.getSecurityLayer20URL(); } return WebConfiguration.getLocalBKUURL(); } @@ -1542,4 +1744,64 @@ public class PdfAsHelper { public static String getSCMRevision() { return PdfAsFactory.getSCMRevision(); } + + public static void buildSL20RedirectResponse(HttpServletRequest request, HttpServletResponse response, String transactionId, String callURL) throws IOException, SL20Exception { + //create response + Map reqParameters = UrlParameterExtractor.splitQuery(new URL(callURL)); + + //extract URL without parameters + String url; + int paramIndex = callURL.indexOf("?"); + if (paramIndex == -1) + url = callURL; + else + url = callURL.substring(0, paramIndex); + + JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( + url, + SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, + false, + reqParameters); + JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); + + //build first redirect command for app + JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + null, + callCommand, null, true); + JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); + + //build second redirect command for IDP + JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + callURL, + redirectOneCommand, null, false); + JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); + + //build generic SL2.0 response container + JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest( + UUID.randomUUID().toString(), + transactionId, + redirectTwoCommand, + null); + + //workaround for A-Trust + if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && + request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE) + || true) { + logger.debug("Client request containts 'native client' header ... "); + logger.trace("SL20 response to VDA: " + respContainer); + StringWriter writer = new StringWriter(); + writer.write(respContainer.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + + } else { + logger.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); + throw new SL20Exception("sl20.06"); + + } + } } -- cgit v1.2.3 From 55d708efe16aa409665537dfc3647e9fe4bb669e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 23 Jul 2018 08:42:08 +0200 Subject: fix a small bug in session handling --- .../src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 4b776cb3..6eb80650 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -1141,8 +1141,7 @@ public class PdfAsHelper { SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, command, signedCommand); - //store requestId - + //store requestId request.getSession(false).setAttribute(PDF_SESSION_PREFIX + SL20Constants.SL20_REQID, reqId); //forward SL2.0 command @@ -1224,7 +1223,7 @@ public class PdfAsHelper { } else { JsonObject getCertCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES, createCAdESSigParams); - sl20CreateCAdES = SL20JSONBuilderUtils.createGenericRequest(UUID.randomUUID().toString(), null, getCertCommand, null); + sl20CreateCAdES = SL20JSONBuilderUtils.createGenericRequest(reqId, null, getCertCommand, null); } -- cgit v1.2.3 From e5f2601e931594572f88bb402343e39023dab939 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 25 Jul 2018 08:06:36 +0200 Subject: update to SL2.0 v0.61 fix a bug in SL2.0 impl for createCAdES --- .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 31 +++++++++++++++++++--- 1 file changed, 27 insertions(+), 4 deletions(-) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 6eb80650..75249e78 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -60,6 +60,8 @@ import org.apache.http.entity.ContentType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.google.gson.JsonArray; +import com.google.gson.JsonElement; import com.google.gson.JsonObject; import at.gv.egiz.pdfas.api.ws.PDFASSignParameters; @@ -67,6 +69,7 @@ import at.gv.egiz.pdfas.api.ws.PDFASSignParameters.Connector; import at.gv.egiz.pdfas.api.ws.PDFASSignResponse; import at.gv.egiz.pdfas.api.ws.PDFASVerificationResponse; import at.gv.egiz.pdfas.common.exceptions.PDFASError; +import at.gv.egiz.pdfas.common.utils.PDFUtils; import at.gv.egiz.pdfas.lib.api.ByteArrayDataSource; import at.gv.egiz.pdfas.lib.api.Configuration; import at.gv.egiz.pdfas.lib.api.IConfigurationConstants; @@ -1190,9 +1193,24 @@ public class PdfAsHelper { } else if (slConnector instanceof SL20Connector) { //convert byte range - List byteRanges = new ArrayList(); - for (int el : statusRequest.getSignatureDataByteRange()) - byteRanges.add(String.valueOf(el)); + + int[] exclude_range = PDFUtils.buildExcludeRange(statusRequest.getSignatureDataByteRange()); + logger.info("Exclude Byte Range: " + exclude_range[0] + " " + exclude_range[1]); + + List byteRanges = new ArrayList(); + if (statusRequest.getSignatureDataByteRange().length % 2 != 0) { + logger.warn("ByteRange is not a set of pairs. Something is maybe suspect"); + + } + + for (int i=0; i Date: Thu, 26 Jul 2018 11:23:47 +0200 Subject: add logger on trace level for request/response debugging --- pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 2 ++ 1 file changed, 2 insertions(+) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 75249e78..1cef0796 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -1805,6 +1805,8 @@ public class PdfAsHelper { redirectTwoCommand, null); + logger.trace("SL2.0 command: " + respContainer.toString()); + //workaround for A-Trust if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE) -- cgit v1.2.3 From 236cd00a49b04523a325e06fdc8839be9049f892 Mon Sep 17 00:00:00 2001 From: emusic Date: Fri, 27 Jul 2018 12:28:01 +0200 Subject: adding additional data transfer type --- .../src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 4b776cb3..bd904aae 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -122,6 +122,7 @@ public class PdfAsHelper { private static final String PDF_ERROR_PAGE = "/ErrorPage"; private static final String PDF_PROVIDE_PAGE = "/ProvidePDF"; private static final String PDF_PDFDATA_PAGE = "/PDFData"; + private static final String PDF_PDFDATAURL_PAGE = "/PDFURLData"; private static final String PDF_DATAURL_PAGE = "/DataURL"; private static final String PDF_SL20_DATAURL_PAGE = "/DataURLSL20"; private static final String PDF_USERENTRY_PAGE = "/userentry"; @@ -1207,7 +1208,8 @@ public class PdfAsHelper { JsonObject createCAdESSigParams = SL20JSONBuilderUtils.createCreateCAdESCommandParameters( pack.getRequestType().getKeyboxIdentifier(), - statusRequest.getSignatureData(), + //statusRequest.getSignatureData(), + generateNSPdfURL(request,response), pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), padesCompatibel , byteRanges, @@ -1558,6 +1560,12 @@ public class PdfAsHelper { return generateURL(request, response, PDF_PDFDATA_PAGE); } + public static String generateNSPdfURL(HttpServletRequest request, + HttpServletResponse response) { + return generateURL(request, response, PDF_PDFDATAURL_PAGE); + } + + public static String generateUserEntryURL(String storeId) { String publicURL = WebConfiguration.getPublicURL(); if (publicURL == null) { -- cgit v1.2.3 From 091b70d41a2a544277612d9f41b0d321f057b0f9 Mon Sep 17 00:00:00 2001 From: emusic Date: Fri, 27 Jul 2018 12:58:16 +0200 Subject: adding transfer of pdf file via pdfurl --- pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 4b69e5a8..23e16ec3 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -1228,7 +1228,7 @@ public class PdfAsHelper { JsonObject createCAdESSigParams = SL20JSONBuilderUtils.createCreateCAdESCommandParameters( pack.getRequestType().getKeyboxIdentifier(), - //statusRequest.getSignatureData(), + null, generateNSPdfURL(request,response), SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_DETACHED, pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), -- cgit v1.2.3 From be27da36e9b1e319bf8910228cdbcdd502afbc9d Mon Sep 17 00:00:00 2001 From: emusic Date: Tue, 18 Sep 2018 10:16:56 +0200 Subject: changes in pdfurl --- .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 42 +++++++++++++++------- 1 file changed, 29 insertions(+), 13 deletions(-) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 23e16ec3..8aeda417 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -1224,19 +1224,35 @@ public class PdfAsHelper { byte[] data = PDFUtils.blackOutSignature(statusRequest.getSignatureData(), statusRequest.getSignatureDataByteRange()); - - JsonObject createCAdESSigParams = - SL20JSONBuilderUtils.createCreateCAdESCommandParameters( - pack.getRequestType().getKeyboxIdentifier(), - null, - generateNSPdfURL(request,response), - SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_DETACHED, - pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), - padesCompatibel , - byteRanges, - SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_BASIC, - generateDataURLSL20(request, response), - x5cEnc) ; + JsonObject createCAdESSigParams; + if(data.length>20000000) { + createCAdESSigParams = + SL20JSONBuilderUtils.createCreateCAdESCommandParameters( + pack.getRequestType().getKeyboxIdentifier(), + null, + generateNSPdfURL(request, response), + SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_DETACHED, + pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), + padesCompatibel, + byteRanges, + SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_BASIC, + generateDataURLSL20(request, response), + x5cEnc); + } else + { + createCAdESSigParams = + SL20JSONBuilderUtils.createCreateCAdESCommandParameters( + pack.getRequestType().getKeyboxIdentifier(), + data, + null, + SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_DETACHED, + pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), + padesCompatibel, + byteRanges, + SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_BASIC, + generateDataURLSL20(request, response), + x5cEnc); + } JsonObject sl20CreateCAdES = null; String reqId = UUID.randomUUID().toString(); -- cgit v1.2.3