From d0c59a890be350ff1c39901e7fa94bf68c048065 Mon Sep 17 00:00:00 2001
From: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>
Date: Tue, 28 Jan 2014 16:05:21 +0100
Subject: URL Whitelist + Basic Design

---
 .../gv/egiz/pdfas/web/helper/RemotePDFFetcher.java | 26 +++++++++++++++-------
 1 file changed, 18 insertions(+), 8 deletions(-)

(limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java')

diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java
index 9532e074..cb404b66 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java
@@ -5,6 +5,7 @@ import java.net.MalformedURLException;
 import java.net.URL;
 
 import at.gv.egiz.pdfas.common.utils.StreamUtils;
+import at.gv.egiz.pdfas.web.config.WebConfiguration;
 import at.gv.egiz.pdfas.web.exception.PdfAsWebException;
 
 public class RemotePDFFetcher {
@@ -16,16 +17,25 @@ public class RemotePDFFetcher {
 		} catch (MalformedURLException e) {
 			throw new PdfAsWebException("Not a valid URL!", e);
 		}
-		if(url.getProtocol().equals("http") || url.getProtocol().equals("https")) {
-			
-			try {
-				InputStream is = url.openStream();
-				return StreamUtils.inputStreamToByteArray(is);
-			} catch (Exception e) {
-				throw new PdfAsWebException("Failed to fetch pdf document!", e);
+		if (WebConfiguration.isProvidePdfURLinWhitelist(url.toExternalForm())) {
+			if (url.getProtocol().equals("http")
+					|| url.getProtocol().equals("https")) {
+
+				try {
+					InputStream is = url.openStream();
+					return StreamUtils.inputStreamToByteArray(is);
+				} catch (Exception e) {
+					throw new PdfAsWebException(
+							"Failed to fetch pdf document!", e);
+				}
+			} else {
+				throw new PdfAsWebException(
+						"Failed to fetch pdf document protocol "
+								+ url.getProtocol() + " is not supported");
 			}
 		} else {
-			throw new PdfAsWebException("Failed to fetch pdf document protocol " + url.getProtocol() + " is not supported");
+			throw new PdfAsWebException(
+					"Failed to fetch pdf document " + url.toExternalForm() + " is not allowed");
 		}
 	}
 }
-- 
cgit v1.2.3