From e210f9d25fb530a2650059390f12a7e8ecec48b3 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Tue, 28 Jan 2014 13:49:33 +0100 Subject: PDF-AS cleanups --- .../at/gv/egiz/pdfas/web/helper/DigestHelper.java | 27 ++++++++++++++ .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 43 +++++++++++++++++++--- .../pdfas/web/helper/PdfAsParameterExtractor.java | 12 ------ .../gv/egiz/pdfas/web/helper/RemotePDFFetcher.java | 1 + 4 files changed, 65 insertions(+), 18 deletions(-) create mode 100644 pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/DigestHelper.java (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/DigestHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/DigestHelper.java new file mode 100644 index 00000000..af002da4 --- /dev/null +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/DigestHelper.java @@ -0,0 +1,27 @@ +package at.gv.egiz.pdfas.web.helper; + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +import org.apache.commons.codec.binary.Hex; + +public class DigestHelper { + + public static final String SHA1 = "SHA-1"; + public static final String SHA224 = "SHA-224"; + public static final String SHA256 = "SHA-256"; + public static final String SHA384 = "SHA-384"; + public static final String SHA512 = "SHA-512"; + + public static String DefaulAlgorithm = SHA256; + + public static String getHexEncodedHash(byte[] data) throws NoSuchAlgorithmException { + return getHexEncodedHash(data, DefaulAlgorithm); + } + + public static String getHexEncodedHash(byte[] data, String algorithm) throws NoSuchAlgorithmException { + MessageDigest md = MessageDigest.getInstance(algorithm); + byte[] hash = md.digest(data); + return Hex.encodeHexString(hash); + } +} diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index e61a113a..2f62269b 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -20,6 +20,7 @@ import org.slf4j.LoggerFactory; import com.lowagie.text.html.WebColors; +import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.lib.api.ByteArrayDataSink; import at.gv.egiz.pdfas.lib.api.ByteArrayDataSource; import at.gv.egiz.pdfas.lib.api.Configuration; @@ -65,6 +66,8 @@ public class PdfAsHelper { private static final String PDF_ERR_URL = "PDF_ERR_URL"; private static final String PDF_INVOKE_URL = "PDF_INVOKE_URL"; private static final String REQUEST_FROM_DU = "REQ_DATA_URL"; + private static final String SIGNATURE_DATA_HASH = "SIGNATURE_DATA_HASH"; + private static final String SIGNATURE_ACTIVE = "SIGNATURE_ACTIVE"; private static final Logger logger = LoggerFactory .getLogger(PdfAsHelper.class); @@ -110,7 +113,7 @@ public class PdfAsHelper { } } } - + private static String buildPosString(HttpServletRequest request, HttpServletResponse response) throws PdfAsWebException { String posP = PdfAsParameterExtractor.getSigPosP(request); @@ -177,11 +180,6 @@ public class PdfAsHelper { return sb.toString(); } - public static void doSignature(HttpServletRequest request, - HttpServletResponse response, byte[] pdfData) throws Exception { - - } - /** * Create synchronous PDF Signature * @@ -242,6 +240,13 @@ public class PdfAsHelper { HttpServletResponse response, ServletContext context, byte[] pdfData) throws Exception { + // TODO: Protect session so that only one PDF can be signed during one session + /*if(PdfAsHelper.isSignatureActive(request)) { + throw new PdfAsException("Signature is active in this session"); + } + + PdfAsHelper.setSignatureActive(request, true);*/ + validatePdfSize(request, response, pdfData); HttpSession session = request.getSession(); @@ -609,4 +614,30 @@ public class PdfAsHelper { } return false; } + + public static void setSignatureDataHash(HttpServletRequest request, String value) { + request.setAttribute(SIGNATURE_DATA_HASH, value); + } + + public static String getSignatureDataHash(HttpServletRequest request) { + Object obj = request.getAttribute(SIGNATURE_DATA_HASH); + if (obj != null) { + return obj.toString(); + } + return ""; + } + + public static void setSignatureActive(HttpServletRequest request, boolean value) { + request.setAttribute(SIGNATURE_ACTIVE, new Boolean(value)); + } + + public static boolean isSignatureActive(HttpServletRequest request) { + Object obj = request.getAttribute(SIGNATURE_ACTIVE); + if (obj != null) { + if (obj instanceof Boolean) { + return ((Boolean) obj).booleanValue(); + } + } + return false; + } } diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java index 5a79bb4a..4d6ad1fe 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java @@ -70,16 +70,4 @@ public class PdfAsParameterExtractor { public static String getSigPosW(HttpServletRequest request) { return (String)request.getAttribute(PARAM_SIG_POS_W); } - - // legacy Parameter - public static final String PARAM_PDF_ID = "pdf-id"; - public static final String PARAM_SESSION_ID = "session-id"; - - public static String getPdfId(HttpServletRequest request) { - return (String)request.getAttribute(PARAM_PDF_ID); - } - - public static String getSessionId(HttpServletRequest request) { - return (String)request.getAttribute(PARAM_SESSION_ID); - } } diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java index 7c90dbc8..9532e074 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java @@ -17,6 +17,7 @@ public class RemotePDFFetcher { throw new PdfAsWebException("Not a valid URL!", e); } if(url.getProtocol().equals("http") || url.getProtocol().equals("https")) { + try { InputStream is = url.openStream(); return StreamUtils.inputStreamToByteArray(is); -- cgit v1.2.3