From e210f9d25fb530a2650059390f12a7e8ecec48b3 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Tue, 28 Jan 2014 13:49:33 +0100 Subject: PDF-AS cleanups --- .../egiz/pdfas/web/servlets/ExternSignServlet.java | 14 +++++++++---- .../at/gv/egiz/pdfas/web/servlets/PDFData.java | 24 ++++++++++++++++++++++ 2 files changed, 34 insertions(+), 4 deletions(-) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java index c96225bd..3a6bc971 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java @@ -2,7 +2,6 @@ package at.gv.egiz.pdfas.web.servlets; import java.io.File; import java.io.IOException; -import java.io.PrintWriter; import java.util.List; import javax.servlet.ServletException; @@ -18,14 +17,12 @@ import org.slf4j.LoggerFactory; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner; -import at.gv.egiz.pdfas.sigs.pades.PAdESSigner; import at.gv.egiz.pdfas.web.config.WebConfiguration; import at.gv.egiz.pdfas.web.exception.PdfAsWebException; +import at.gv.egiz.pdfas.web.helper.DigestHelper; import at.gv.egiz.pdfas.web.helper.PdfAsHelper; import at.gv.egiz.pdfas.web.helper.PdfAsParameterExtractor; import at.gv.egiz.pdfas.web.helper.RemotePDFFetcher; -import at.gv.egiz.sl.util.BKUSLConnector; -import at.gv.egiz.sl.util.MOAConnector; /** * Servlet implementation class Sign @@ -209,6 +206,15 @@ public class ExternSignServlet extends HttpServlet { String errorUrl = PdfAsParameterExtractor.getInvokeErrorURL(request); PdfAsHelper.setErrorURL(request, response, errorUrl); + if(pdfData == null) { + throw new PdfAsException("No Signature data available"); + } + + String pdfDataHash = DigestHelper.getHexEncodedHash(pdfData); + + PdfAsHelper.setSignatureDataHash(request, pdfDataHash); + logger.debug("Storing signatures data hash: " + pdfDataHash); + logger.debug("Starting signature creation with: " + connector); IPlainSigner signer; diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java index 6ce0e1c9..9bf66fe9 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java @@ -8,14 +8,23 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import at.gv.egiz.pdfas.web.helper.PdfAsHelper; /** * Servlet implementation class PDFData */ public class PDFData extends HttpServlet { + private static final long serialVersionUID = 1L; + private static final Logger logger = LoggerFactory + .getLogger(PDFData.class); + + private static String ORIGINAL_DIGEST = "origdigest"; + /** * @see HttpServlet#HttpServlet() */ @@ -45,7 +54,22 @@ public class PDFData extends HttpServlet { HttpServletResponse response) throws ServletException, IOException { byte[] signedData = PdfAsHelper.getSignedPdf(request, response); + String plainPDFDigest = request.getParameter(ORIGINAL_DIGEST); + if (signedData != null) { + if(plainPDFDigest != null) { + String signatureDataHash = PdfAsHelper.getSignatureDataHash(request); + if(!plainPDFDigest.equalsIgnoreCase(signatureDataHash)) { + logger.error("Digest Hash mismatch!"); + logger.error("Requested digest: " + plainPDFDigest); + logger.error("Saved digest: " + signatureDataHash); + + PdfAsHelper.setSessionException(request, response, + "Signature Data digest do not match!", null); + PdfAsHelper.gotoError(getServletContext(), request, response); + return; + } + } response.setContentType("application/pdf"); OutputStream os = response.getOutputStream(); os.write(signedData); -- cgit v1.2.3