From 9acf3c2e8aca9016daf76785747d838cdc5b0330 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Mon, 9 Jul 2018 10:11:25 +0200
Subject: add SL20 connecter-backend in a first beta version (getCertificate
 looks good, create signature is untested)

---
 .../gv/egiz/pdfas/web/servlets/DataURLServlet.java |   4 +-
 .../egiz/pdfas/web/servlets/ExternSignServlet.java |   8 +-
 .../gv/egiz/pdfas/web/servlets/JSONAPIServlet.java |  11 +-
 .../egiz/pdfas/web/servlets/SLDataURLServlet.java  | 234 +++++++++++++++++++++
 .../pdfas/web/servlets/UIEntryPointServlet.java    |  11 +-
 5 files changed, 263 insertions(+), 5 deletions(-)
 create mode 100644 pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java

(limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets')

diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java
index 45861953..50c3b063 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java
@@ -93,11 +93,11 @@ public class DataURLServlet extends HttpServlet {
 			if(jaxbObject.getValue() instanceof InfoboxReadResponseType) {
 				InfoboxReadResponseType infoboxReadResponseType = (InfoboxReadResponseType)jaxbObject.getValue();
 				logger.info("Got InfoboxReadResponseType");
-				PdfAsHelper.injectCertificate(request, response, infoboxReadResponseType, getServletContext());
+				PdfAsHelper.injectCertificate(request, response, PdfAsHelper.getCertificate(infoboxReadResponseType), getServletContext());
 			} else if(jaxbObject.getValue() instanceof CreateCMSSignatureResponseType) {
 				CreateCMSSignatureResponseType createCMSSignatureResponseType = (CreateCMSSignatureResponseType)jaxbObject.getValue();
 				logger.info("Got CreateCMSSignatureResponseType");
-				PdfAsHelper.injectSignature(request, response, createCMSSignatureResponseType, getServletContext());
+				PdfAsHelper.injectSignature(request, response, createCMSSignatureResponseType.getCMSSignature(), getServletContext());
 			} else if(jaxbObject.getValue() instanceof ErrorResponseType) {
 				ErrorResponseType errorResponseType = (ErrorResponseType)jaxbObject.getValue();
 				logger.warn("SecurityLayer: " + errorResponseType.getErrorCode() + " " + errorResponseType.getInfo());
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
index 3cea5247..1d2ab14e 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
@@ -354,7 +354,8 @@ public class ExternSignServlet extends HttpServlet {
 		logger.debug("Starting signature creation with: " + connector);
 		
 		//IPlainSigner signer;
-		if (connector.equals("bku") || connector.equals("onlinebku") || connector.equals("mobilebku")) {
+		if (connector.equals("bku") || connector.equals("onlinebku") || connector.equals("mobilebku")
+				|| connector.equals("sl20")) {
 			// start asynchronous signature creation
 			
 			if(connector.equals("bku")) {
@@ -372,6 +373,11 @@ public class ExternSignServlet extends HttpServlet {
 					throw new PdfAsWebException("Invalid connector bku is not supported");
 				}
 			}
+			if (connector.equals("sl20")) {
+				if(WebConfiguration.getSecurityLayer20URL() == null) {
+					throw new PdfAsWebException("Invalid connector bku is not supported");
+				}
+			}
 
 			PdfAsHelper.setStatisticEvent(request, response, statisticEvent);
 			
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/JSONAPIServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/JSONAPIServlet.java
index 0cee185a..13d874e8 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/JSONAPIServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/JSONAPIServlet.java
@@ -119,7 +119,9 @@ public class JSONAPIServlet extends HttpServlet {
                 connectorEnum = PDFASSignParameters.Connector.MOBILEBKU;
             } else if(PDFASSignParameters.Connector.ONLINEBKU.equalsName(connector)) {
                 connectorEnum = PDFASSignParameters.Connector.ONLINEBKU;
-            }
+            } else if(PDFASSignParameters.Connector.SECLAYER20.equalsName(connector)) {
+                connectorEnum = PDFASSignParameters.Connector.SECLAYER20;
+            } 
 
             if(connectorEnum == null) {
                 throw new ServletException(
@@ -212,6 +214,13 @@ public class JSONAPIServlet extends HttpServlet {
                                     "Invalid connector mobilebku is not supported");
                         }
                     }
+                    
+                    if (PDFASSignParameters.Connector.SECLAYER20.equals(connectorEnum)) {
+                        if (WebConfiguration.getSecurityLayer20URL() == null) {
+                            throw new PdfAsWebException(
+                                    "Invalid connector mobilebku is not supported");
+                        }
+                    }
 
 
                     PdfAsHelper.startSignatureJson(request, response, getServletContext(),
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java
new file mode 100644
index 00000000..7ddf0a55
--- /dev/null
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java
@@ -0,0 +1,234 @@
+package at.gv.egiz.pdfas.web.servlets;
+
+import java.io.IOException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.MultipartConfig;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.jose4j.base64url.Base64Url;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import com.google.gson.JsonSyntaxException;
+
+import at.gv.egiz.pdfas.lib.util.StreamUtils;
+import at.gv.egiz.pdfas.web.config.WebConfiguration;
+import at.gv.egiz.pdfas.web.helper.PdfAsHelper;
+import at.gv.egiz.pdfas.web.sl20.JsonSecurityUtils;
+import at.gv.egiz.pdfas.web.sl20.X509Utils;
+import at.gv.egiz.sl20.data.VerificationResult;
+import at.gv.egiz.sl20.exceptions.SL20Exception;
+import at.gv.egiz.sl20.exceptions.SL20SecurityException;
+import at.gv.egiz.sl20.exceptions.SLCommandoParserException;
+import at.gv.egiz.sl20.utils.SL20Constants;
+import at.gv.egiz.sl20.utils.SL20JSONExtractorUtils;
+
+@MultipartConfig
+public class SLDataURLServlet extends HttpServlet {
+
+	private static final Logger logger = LoggerFactory
+			.getLogger(SLDataURLServlet.class);
+	
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * @see HttpServlet#HttpServlet()
+	 */
+	public SLDataURLServlet() {
+		super();
+	}
+
+	/**
+	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+	 *      response)
+	 */
+	protected void doGet(HttpServletRequest request,
+			HttpServletResponse response) throws ServletException, IOException {
+		this.process(request, response);
+	}
+
+	/**
+	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+	 *      response)
+	 */
+	protected void doPost(HttpServletRequest request,
+			HttpServletResponse response) throws ServletException, IOException {
+		this.process(request, response);
+	}
+
+	protected void process(HttpServletRequest request,
+			HttpServletResponse response) throws ServletException, IOException {
+		
+		JsonObject sl20ReqObj = null;	
+		try {
+			if(!PdfAsHelper.checkDataUrlAccess(request)) {
+				throw new Exception("No valid dataURL access");
+			}
+			
+			PdfAsHelper.setFromDataUrl(request);
+						
+			String sl20Result = request.getParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM);
+			if (StringUtils.isEmpty(sl20Result)) {
+				//Workaround for SIC Handy-Signature, because it sends result in InputStream
+				String isReqInput = StreamUtils.readStream(request.getInputStream(), "UTF-8");					
+				if (StringUtils.isNotEmpty(isReqInput)) {
+					logger.info("Use SIC Handy-Signature work-around!");
+					sl20Result = isReqInput.substring("slcommand=".length());
+					
+				} else {					
+					logger.info("NO SL2.0 commando or result FOUND.");
+					throw new SL20Exception("sl20.04", null);
+				}
+				
+			}
+
+			logger.trace("Received SL2.0 result: " + sl20Result);		
+			
+			//parse SL2.0 command/result into JSON				
+			try {
+				JsonParser jsonParser = new JsonParser();
+				JsonElement sl20Req = jsonParser.parse(Base64Url.decodeToUtf8String(sl20Result));
+				sl20ReqObj = sl20Req.getAsJsonObject();
+				
+			} catch (JsonSyntaxException e) {
+				logger.warn("SL2.0 command or result is NOT valid JSON.", e);
+				logger.debug("SL2.0 msg: " + sl20Result);
+				throw new SL20Exception("sl20.02", e);
+				
+			}
+			
+			//extract transactionId
+			String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false);
+			if (StringUtils.isNotEmpty(transactionId))
+					request.setAttribute(PdfAsHelper.PDF_SESSION_PREFIX + SL20Constants.SL20_TRANSACTIONID, transactionId);
+			
+			
+			//validate reqId with inResponseTo 
+			String sl20ReqId = (String) request.getSession(false).getAttribute(PdfAsHelper.PDF_SESSION_PREFIX + SL20Constants.SL20_REQID);
+			String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true);
+			if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) {
+				logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
+				throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
+			}
+			
+			JsonSecurityUtils joseTools = JsonSecurityUtils.getInstance();
+			if (!joseTools.isInitialized())
+				joseTools = null;
+			
+			//validate signature
+			VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, 
+					WebConfiguration.isSL20SigningRequired());
+			
+			if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) {
+				if (WebConfiguration.isSL20SigningRequired()) {
+					logger.info("SL20 result from VDA was not valid signed");
+					throw new SL20SecurityException("Signature on SL20 result NOT valid.");
+					
+				} else {
+					logger.warn("SL20 result from VDA is NOT valid signed, but signatures-verification is DISABLED by configuration!");
+					
+				}				
+			}
+						
+			//extract payloaf
+			JsonObject payLoad = payLoadContainer.getPayload();
+			
+			//check response type
+			if (SL20JSONExtractorUtils.getStringValue(
+					payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true)
+						.equals(SL20Constants.SL20_COMMAND_IDENTIFIER_GETCERTIFICATE)) {
+				logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_GETCERTIFICATE + " result .... ");
+								
+				JsonElement getCertificateResult = SL20JSONExtractorUtils.extractSL20Result(
+						payLoad, joseTools, 
+						WebConfiguration.isSL20EncryptionRequired());
+
+				//extract certificates												
+				List<String> certsB64 = SL20JSONExtractorUtils.getListOfStringElements(getCertificateResult.getAsJsonObject(), 
+						SL20Constants.SL20_COMMAND_PARAM_GETCERTIFICATE_RESULT_CERTIFICATE, 
+						true);
+				
+				if (certsB64.isEmpty()) {
+					logger.warn("SL20 'getCertificate' result contains NO certificate");
+					throw new SLCommandoParserException();
+					
+				} else if (certsB64.size() == 1) {
+					logger.debug("SL20 'getCertificate' result contains only one certificate");
+					PdfAsHelper.injectCertificate(request, response, Base64.getDecoder().decode(certsB64.get(0)), getServletContext());	
+					
+				} else {
+					logger.debug("SL20 'getCertificate' result contains more than one certificate. Certificates must be sorted ... ");
+					List<X509Certificate> certs = new ArrayList<X509Certificate>();
+					for (String certB64 : certsB64)
+						certs.add(new iaik.x509.X509Certificate(Base64.getDecoder().decode(certB64)));
+												
+					List<X509Certificate> sortedCerts = X509Utils.sortCertificates(certs);
+					logger.debug("Sorting of certificate completed. Select end-user certificate ... ");
+					PdfAsHelper.injectCertificate(request, response, Base64.getDecoder().decode(sortedCerts.get(0).getEncoded()), getServletContext());
+					
+				}
+				
+			} else if (SL20JSONExtractorUtils.getStringValue(
+					payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true)
+					.equals(SL20Constants.SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES)) {
+				logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES + " result .... ");
+				
+				JsonElement getCertificateResult = SL20JSONExtractorUtils.extractSL20Result(
+						payLoad, joseTools, 
+						WebConfiguration.isSL20EncryptionRequired());
+
+				//extract CAdES signature
+				String cadesSigB64 = SL20JSONExtractorUtils.getStringValue(
+						getCertificateResult.getAsJsonObject(), 
+						SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_RESULT_SIGNATURE, 
+						true);
+				
+				if (StringUtils.isEmpty(cadesSigB64)) {
+					logger.warn("SL20 'createCAdES' result contains NO signature");
+					throw new SLCommandoParserException();
+				}
+				
+				PdfAsHelper.injectSignature(request, response, Base64.getDecoder().decode(cadesSigB64), getServletContext());
+				
+			} else {
+				logger.info("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result");
+				throw new SLCommandoParserException();
+				
+			}	
+			
+		} catch (Exception e) {
+			logger.warn("Error in DataURL Servlet. " , e);
+			PdfAsHelper.setSessionException(request, response, e.getMessage(),
+					e);
+			
+			if (PdfAsHelper.getFromDataUrl(request)) {
+				String errorUrl = PdfAsHelper.generateErrorURL(request, response);
+				try {
+					String transactionId = null;
+					if (sl20ReqObj != null)
+						transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false);
+					
+					PdfAsHelper.buildSL20RedirectResponse(request, response, transactionId, errorUrl);
+					
+				} catch (SL20Exception e1) {
+					logger.error("SL20 error-handling FAILED", e);
+					response.sendError(500, "Internal Server Error.");
+					
+				}
+				
+			} else			
+				PdfAsHelper.gotoError(getServletContext(), request, response);
+		}
+	}
+}
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/UIEntryPointServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/UIEntryPointServlet.java
index e8ac3658..73f8299c 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/UIEntryPointServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/UIEntryPointServlet.java
@@ -131,7 +131,8 @@ public class UIEntryPointServlet extends HttpServlet {
 			// IPlainSigner signer;
 			if (connector.equals(Connector.BKU)
 					|| connector.equals(Connector.ONLINEBKU)
-					|| connector.equals(Connector.MOBILEBKU)) {
+					|| connector.equals(Connector.MOBILEBKU)
+					|| connector.equals(Connector.SECLAYER20)) {
 				// start asynchronous signature creation
 
 				if (connector.equals(Connector.BKU)) {
@@ -154,6 +155,14 @@ public class UIEntryPointServlet extends HttpServlet {
 								"Invalid connector mobilebku is not supported");
 					}
 				}
+				
+				if (connector.equals(Connector.SECLAYER20)) {
+					if (WebConfiguration.getSecurityLayer20URL() == null) {
+						throw new PdfAsWebException(
+								"Invalid connector mobilebku is not supported");
+					}
+				}
+				
 				Map<String, String> map = null;
 				if (pdfAsRequest.getParameters().getPreprocessor() != null) {
 					map = pdfAsRequest.getParameters().getPreprocessor()
-- 
cgit v1.2.3


From 21c932574c86031da3bed44b94bf3f54a930070d Mon Sep 17 00:00:00 2001
From: emusic <emina.music@egiz.gv.at>
Date: Tue, 10 Jul 2018 11:07:08 +0200
Subject: changes in pdf-as-web config

---
 .../Gradle__com_google_code_gson_gson_2_8_5.xml    | 11 ++++++++++
 .../Gradle__org_bitbucket_b_c_jose4j_0_6_3.xml     | 11 ++++++++++
 .../Gradle__org_slf4j_slf4j_api_1_7_21.xml         | 11 ++++++++++
 .../src/main/configuration/pdf-as-web.properties   | 15 +++++++++++++
 .../at/gv/egiz/pdfas/web/servlets/PDFData.java     | 25 ----------------------
 5 files changed, 48 insertions(+), 25 deletions(-)
 create mode 100644 .idea/libraries/Gradle__com_google_code_gson_gson_2_8_5.xml
 create mode 100644 .idea/libraries/Gradle__org_bitbucket_b_c_jose4j_0_6_3.xml
 create mode 100644 .idea/libraries/Gradle__org_slf4j_slf4j_api_1_7_21.xml

(limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets')

diff --git a/.idea/libraries/Gradle__com_google_code_gson_gson_2_8_5.xml b/.idea/libraries/Gradle__com_google_code_gson_gson_2_8_5.xml
new file mode 100644
index 00000000..c3e23cab
--- /dev/null
+++ b/.idea/libraries/Gradle__com_google_code_gson_gson_2_8_5.xml
@@ -0,0 +1,11 @@
+<component name="libraryTable">
+  <library name="Gradle: com.google.code.gson:gson:2.8.5">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.gradle/caches/modules-2/files-2.1/com.google.code.gson/gson/2.8.5/f645ed69d595b24d4cf8b3fbb64cc505bede8829/gson-2.8.5.jar!/" />
+    </CLASSES>
+    <JAVADOC />
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.gradle/caches/modules-2/files-2.1/com.google.code.gson/gson/2.8.5/c5b4c491aecb72e7c32a78da0b5c6b9cda8dee0f/gson-2.8.5-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/.idea/libraries/Gradle__org_bitbucket_b_c_jose4j_0_6_3.xml b/.idea/libraries/Gradle__org_bitbucket_b_c_jose4j_0_6_3.xml
new file mode 100644
index 00000000..9da71daf
--- /dev/null
+++ b/.idea/libraries/Gradle__org_bitbucket_b_c_jose4j_0_6_3.xml
@@ -0,0 +1,11 @@
+<component name="libraryTable">
+  <library name="Gradle: org.bitbucket.b_c:jose4j:0.6.3">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.gradle/caches/modules-2/files-2.1/org.bitbucket.b_c/jose4j/0.6.3/5bf092aa7be6fe8894d11f8d2040a2b3b401a14/jose4j-0.6.3.jar!/" />
+    </CLASSES>
+    <JAVADOC />
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.gradle/caches/modules-2/files-2.1/org.bitbucket.b_c/jose4j/0.6.3/2ed192025755ff7d79193325ca1793ba22dc10b0/jose4j-0.6.3-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/.idea/libraries/Gradle__org_slf4j_slf4j_api_1_7_21.xml b/.idea/libraries/Gradle__org_slf4j_slf4j_api_1_7_21.xml
new file mode 100644
index 00000000..12bea8a3
--- /dev/null
+++ b/.idea/libraries/Gradle__org_slf4j_slf4j_api_1_7_21.xml
@@ -0,0 +1,11 @@
+<component name="libraryTable">
+  <library name="Gradle: org.slf4j:slf4j-api:1.7.21">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.gradle/caches/modules-2/files-2.1/org.slf4j/slf4j-api/1.7.21/139535a69a4239db087de9bab0bee568bf8e0b70/slf4j-api-1.7.21.jar!/" />
+    </CLASSES>
+    <JAVADOC />
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.gradle/caches/modules-2/files-2.1/org.slf4j/slf4j-api/1.7.21/f285ac123f201fb4b028bac556928d7cf527ef48/slf4j-api-1.7.21-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/pdf-as-web/src/main/configuration/pdf-as-web.properties b/pdf-as-web/src/main/configuration/pdf-as-web.properties
index 10ef26a1..59d76607 100644
--- a/pdf-as-web/src/main/configuration/pdf-as-web.properties
+++ b/pdf-as-web/src/main/configuration/pdf-as-web.properties
@@ -70,3 +70,18 @@ request.store=at.gv.egiz.pdfas.web.store.InMemoryRequestStore
 #hibernate.props.hibernate.show_sql=true
 #hibernate.props.hibernate.hbm2ddl.auto=update
 
+#Security layer 2.0 config
+
+#sl20.sign.enabled=true
+#sl20.mobile.url=http://localhost:7080/vda/services/getCertificate
+sl20.keystore.file=
+sl20.keystore.pass=
+sl20.keystore.sign.key.alias=
+sl20.keystore.sign.key.pass=
+sl20.keystore.enc.key.alias=
+sl20.keystore.enc.key.pass=
+sl20.debug.validation.disable=true
+sl20.debug.signed.result.enabled=false
+sl20.debug.signed.result.required=false
+sl20.debug.encryption.enabled=false
+sl20.debug.encryption.required=false
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java
index 4d3d1872..bc773ec8 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java
@@ -95,31 +95,6 @@ public class PDFData extends HttpServlet {
 
 		if (signedData != null) {
 
-			/*if (WebConfiguration.isPdfProtected()) {
-				File tempFile = new File(System.getProperty("java.io.tmpdir"),"protect.pdf");
-				FileUtils.writeByteArrayToFile(tempFile, signedData);
-				Path tempPath = tempFile.toPath();
-				SecureRandom random = new SecureRandom();
-				byte seed[] = random.generateSeed(50);
-				String ownerPassword = new String(seed, StandardCharsets.UTF_8);
-				PDDocument document = PDDocument.load(tempFile);
-				AccessPermission accessPermission = new AccessPermission();
-				accessPermission.setCanExtractContent(false);
-				accessPermission.setCanExtractForAccessibility(true);
-				StandardProtectionPolicy spp = new StandardProtectionPolicy(ownerPassword, "", accessPermission);
-				spp.setEncryptionKeyLength(128);
-				spp.setPermissions(accessPermission);
-				document.protect(spp);
-				document.save(tempFile);
-				document.close();
-				//accessPermission.setCanModify(false);
-				signedData = Files.readAllBytes(tempPath);
-				logger.info("Added Protection Parameters");
-				if (tempFile.exists()) {
-					tempFile.delete();
-				}
-			}*/
-
 			if(WebConfiguration.isKeepSignedDocument()) {
 				if(PdfAsHelper.isSignedDataExpired(request, response)) {
 					logger.info("Destroying expired signed data in session");
-- 
cgit v1.2.3


From a5541ab96512cb78d493516ecf0dfb94a6544f52 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Thu, 26 Jul 2018 11:23:47 +0200
Subject: add logger on trace level for request/response debugging

---
 pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java         | 4 +++-
 .../src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java      | 2 ++
 .../main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java   | 6 ++++--
 .../main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java   | 1 +
 4 files changed, 10 insertions(+), 3 deletions(-)

(limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets')

diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java
index a82771bd..3088a564 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java
@@ -62,7 +62,9 @@ public class SL20Connector extends BaseSLConnector {
 			HttpResponse httpResp = httpClient.execute(httpReq);			
 			log.debug("Response from VDA received ");
 			
-			return SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp);
+			JsonObject sl20Resp = SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp);
+			log.trace("SL20 command: " + sl20Resp.toString());
+			return sl20Resp;
 						
 		} catch (URISyntaxException | IOException e) {
 			log.warn("Can NOT build SL20 http requst. Reason:" + e.getMessage(), e);
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
index 75249e78..1cef0796 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
@@ -1805,6 +1805,8 @@ public class PdfAsHelper {
 				redirectTwoCommand, 
 				null); 
 		
+		logger.trace("SL2.0 command: " + respContainer.toString());
+		
 		//workaround for A-Trust
 		if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && 
 				request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java
index 7ddf0a55..31f5a2ef 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java
@@ -93,7 +93,7 @@ public class SLDataURLServlet extends HttpServlet {
 				
 			}
 
-			logger.trace("Received SL2.0 result: " + sl20Result);		
+			logger.trace("Received SL2.0 command: " + sl20Result);		
 			
 			//parse SL2.0 command/result into JSON				
 			try {
@@ -144,6 +144,8 @@ public class SLDataURLServlet extends HttpServlet {
 			//extract payloaf
 			JsonObject payLoad = payLoadContainer.getPayload();
 			
+			logger.trace("SL2.0 payLoad on DataURL: " + payLoad.toString());
+			
 			//check response type
 			if (SL20JSONExtractorUtils.getStringValue(
 					payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true)
@@ -175,7 +177,7 @@ public class SLDataURLServlet extends HttpServlet {
 												
 					List<X509Certificate> sortedCerts = X509Utils.sortCertificates(certs);
 					logger.debug("Sorting of certificate completed. Select end-user certificate ... ");
-					PdfAsHelper.injectCertificate(request, response, Base64.getDecoder().decode(sortedCerts.get(0).getEncoded()), getServletContext());
+					PdfAsHelper.injectCertificate(request, response, sortedCerts.get(0).getEncoded(), getServletContext());
 					
 				}
 				
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java
index f5d6ff55..e43ebfcf 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java
@@ -21,6 +21,7 @@ public class SL20HttpBindingUtils {
 	
 	public static void writeIntoResponse(HttpServletRequest request, HttpServletResponse response, JsonObject sl20Forward, String redirectURL) throws IOException, URISyntaxException {
 		//forward SL2.0 command
+		log.trace("SL20 command: " + sl20Forward.toString());
 		if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && 
 				request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {
 			log.debug("Client request containts 'native client' header ... ");												
-- 
cgit v1.2.3


From 236cd00a49b04523a325e06fdc8839be9049f892 Mon Sep 17 00:00:00 2001
From: emusic <emina.music@egiz.gv.at>
Date: Fri, 27 Jul 2018 12:28:01 +0200
Subject: adding additional data transfer type

---
 .../gv/egiz/sl20/utils/SL20JSONBuilderUtils.java   |  4 +-
 .../gv/egiz/sl20/utils/SL20JSONExtractorUtils.java | 10 +--
 .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java   | 10 ++-
 .../at/gv/egiz/pdfas/web/servlets/PDFURLData.java  | 86 ++++++++++++++++++++++
 4 files changed, 99 insertions(+), 11 deletions(-)
 create mode 100644 pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java

(limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets')

diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java
index 40edb74b..efbc2890 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java
@@ -182,11 +182,11 @@ public class SL20JSONBuilderUtils {
 	}
 		
 	public static JsonObject createCreateCAdESCommandParameters(String keyId,
-			byte[] content, String mimeType, boolean padesCompatiblem, List<String> byteRanges, String cadesLevel,			
+			String pdfUrl, String mimeType, boolean padesCompatiblem, List<String> byteRanges, String cadesLevel,
 			String dataUrl, X509Certificate x5cEnc) throws CertificateEncodingException, SLCommandoBuildException {		
 		JsonObject params = new JsonObject();
 		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID, keyId, true);		
-		addSingleByteElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT, content, true);			
+		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT, pdfUrl, true);
 		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE, mimeType, true);		
 		addSingleBooleanElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY, padesCompatiblem, false);		
 		addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE, byteRanges);		
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONExtractorUtils.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONExtractorUtils.java
index 5a438e16..5fbce83b 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONExtractorUtils.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONExtractorUtils.java
@@ -206,8 +206,7 @@ public class SL20JSONExtractorUtils {
 		}
 		
 	}
-	
-	
+
 	public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception {
 		JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT);
 		JsonElement encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT);
@@ -242,20 +241,15 @@ public class SL20JSONExtractorUtils {
 					}
 					
 				} else
-					throw e;	
-				
+					throw e;
 			}
-
 		} else if (result != null) {
 				return result;
 
 		} else {
 			log.error("Internal build error");
 			throw new SLCommandoParserException();
-			
 		}
-		
-		
 	}
 		
 	/**
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
index 4b776cb3..bd904aae 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
@@ -122,6 +122,7 @@ public class PdfAsHelper {
 	private static final String PDF_ERROR_PAGE = "/ErrorPage";
 	private static final String PDF_PROVIDE_PAGE = "/ProvidePDF";
 	private static final String PDF_PDFDATA_PAGE = "/PDFData";
+	private static final String PDF_PDFDATAURL_PAGE = "/PDFURLData";
 	private static final String PDF_DATAURL_PAGE = "/DataURL";
 	private static final String PDF_SL20_DATAURL_PAGE = "/DataURLSL20";
 	private static final String PDF_USERENTRY_PAGE = "/userentry";
@@ -1207,7 +1208,8 @@ public class PdfAsHelper {
 				JsonObject createCAdESSigParams = 
 						SL20JSONBuilderUtils.createCreateCAdESCommandParameters(
 								pack.getRequestType().getKeyboxIdentifier(), 
-								statusRequest.getSignatureData(), 
+								//statusRequest.getSignatureData(),
+								generateNSPdfURL(request,response),
 								pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), 
 								padesCompatibel , 
 								byteRanges, 
@@ -1558,6 +1560,12 @@ public class PdfAsHelper {
 		return generateURL(request, response, PDF_PDFDATA_PAGE);
 	}
 
+	public static String generateNSPdfURL(HttpServletRequest request,
+										HttpServletResponse response) {
+		return generateURL(request, response, PDF_PDFDATAURL_PAGE);
+	}
+
+
 	public static String generateUserEntryURL(String storeId) {
 		String publicURL = WebConfiguration.getPublicURL();
 		if (publicURL == null) {
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java
new file mode 100644
index 00000000..9dfa0d16
--- /dev/null
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java
@@ -0,0 +1,86 @@
+package at.gv.egiz.pdfas.web.servlets;
+
+import at.gv.egiz.pdfas.api.ws.PDFASVerificationResponse;
+import at.gv.egiz.pdfas.common.exceptions.PDFIOException;
+import at.gv.egiz.pdfas.common.utils.PDFUtils;
+import at.gv.egiz.pdfas.lib.api.StatusRequest;
+import at.gv.egiz.pdfas.web.config.WebConfiguration;
+import at.gv.egiz.pdfas.web.helper.PdfAsHelper;
+import at.gv.egiz.pdfas.web.helper.PdfAsParameterExtractor;
+import at.gv.egiz.pdfas.web.stats.StatisticEvent;
+import at.gv.egiz.pdfas.web.stats.StatisticFrontend;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+import java.io.OutputStream;
+
+public class PDFURLData extends HttpServlet {
+
+    private static final long serialVersionUID = 1L;
+    private static final String PDF_STATUS = "PDF_STATUS";
+
+
+    private static final Logger logger = LoggerFactory.getLogger(PDFData.class);
+
+    /**
+     * @see HttpServlet#HttpServlet()
+     */
+    public PDFURLData() {
+        super();
+    }
+
+    /**
+     * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+     *      response)
+     */
+    protected void doGet(HttpServletRequest request,
+                         HttpServletResponse response) throws ServletException, IOException {
+        try {
+            this.process(request, response);
+        } catch (PDFIOException e) {
+            response.sendError(500, "file cannot be transfered");
+        }
+    }
+
+    /**
+     * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+     *      response)
+     */
+    protected void doPost(HttpServletRequest request,
+                          HttpServletResponse response) throws ServletException, IOException {
+        this.process(request, response);
+    }
+
+    protected void process(HttpServletRequest request,
+                           HttpServletResponse response) throws ServletException, IOException, PDFIOException {
+
+        HttpSession session = request.getSession();
+        StatusRequest statusRequest = (StatusRequest) session
+                .getAttribute(PDF_STATUS);
+
+        byte[] nonSignedData = statusRequest.getSignatureData();
+
+        if (nonSignedData != null) {
+
+            byte[] blackoutnonSignedData = PDFUtils.blackOutSignature(nonSignedData, statusRequest.getSignatureDataByteRange());
+
+
+            response.setContentType("application/pdf");
+            OutputStream os = response.getOutputStream();
+            os.write(blackoutnonSignedData);
+            os.close();
+
+        } else {
+            PdfAsHelper.setSessionException(request, response,
+                    "todo", null);
+            PdfAsHelper.gotoError(getServletContext(), request, response);
+            response.sendError(500, '');
+        }
+    }
+}
\ No newline at end of file
-- 
cgit v1.2.3


From 091b70d41a2a544277612d9f41b0d321f057b0f9 Mon Sep 17 00:00:00 2001
From: emusic <emina.music@egiz.gv.at>
Date: Fri, 27 Jul 2018 12:58:16 +0200
Subject: adding transfer of pdf file via pdfurl

---
 ...org_apache_commons_commons_collections4_4_2.xml | 11 ++++++++++
 .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java   |  2 +-
 .../at/gv/egiz/pdfas/web/servlets/PDFURLData.java  | 25 +++++++++++-----------
 3 files changed, 25 insertions(+), 13 deletions(-)
 create mode 100644 .idea/libraries/Gradle__org_apache_commons_commons_collections4_4_2.xml

(limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets')

diff --git a/.idea/libraries/Gradle__org_apache_commons_commons_collections4_4_2.xml b/.idea/libraries/Gradle__org_apache_commons_commons_collections4_4_2.xml
new file mode 100644
index 00000000..1351c542
--- /dev/null
+++ b/.idea/libraries/Gradle__org_apache_commons_commons_collections4_4_2.xml
@@ -0,0 +1,11 @@
+<component name="libraryTable">
+  <library name="Gradle: org.apache.commons:commons-collections4:4.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-collections4/4.2/54ebea0a5b653d3c680131e73fe807bb8f78c4ed/commons-collections4-4.2.jar!/" />
+    </CLASSES>
+    <JAVADOC />
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-collections4/4.2/e8dd003d43b1f7dba173fb7e63f5c0b823f5e5c6/commons-collections4-4.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
index 4b69e5a8..23e16ec3 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
@@ -1228,7 +1228,7 @@ public class PdfAsHelper {
 				JsonObject createCAdESSigParams = 
 						SL20JSONBuilderUtils.createCreateCAdESCommandParameters(
 								pack.getRequestType().getKeyboxIdentifier(), 
-								//statusRequest.getSignatureData(),
+								null,
 								generateNSPdfURL(request,response),
 								SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_DETACHED,
 								pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), 
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java
index 9dfa0d16..d4112cad 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFURLData.java
@@ -1,14 +1,8 @@
 package at.gv.egiz.pdfas.web.servlets;
 
-import at.gv.egiz.pdfas.api.ws.PDFASVerificationResponse;
 import at.gv.egiz.pdfas.common.exceptions.PDFIOException;
 import at.gv.egiz.pdfas.common.utils.PDFUtils;
 import at.gv.egiz.pdfas.lib.api.StatusRequest;
-import at.gv.egiz.pdfas.web.config.WebConfiguration;
-import at.gv.egiz.pdfas.web.helper.PdfAsHelper;
-import at.gv.egiz.pdfas.web.helper.PdfAsParameterExtractor;
-import at.gv.egiz.pdfas.web.stats.StatisticEvent;
-import at.gv.egiz.pdfas.web.stats.StatisticFrontend;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -54,7 +48,10 @@ public class PDFURLData extends HttpServlet {
      */
     protected void doPost(HttpServletRequest request,
                           HttpServletResponse response) throws ServletException, IOException {
-        this.process(request, response);
+        try {
+            this.process(request, response);
+        } catch (PDFIOException e) {
+            response.sendError(500, "internal server error");        }
     }
 
     protected void process(HttpServletRequest request,
@@ -64,23 +61,27 @@ public class PDFURLData extends HttpServlet {
         StatusRequest statusRequest = (StatusRequest) session
                 .getAttribute(PDF_STATUS);
 
+        if(statusRequest!=null)
+        {
         byte[] nonSignedData = statusRequest.getSignatureData();
 
         if (nonSignedData != null) {
 
             byte[] blackoutnonSignedData = PDFUtils.blackOutSignature(nonSignedData, statusRequest.getSignatureDataByteRange());
 
-
             response.setContentType("application/pdf");
             OutputStream os = response.getOutputStream();
             os.write(blackoutnonSignedData);
             os.close();
+            logger.debug("pdf file transfer finished");
 
         } else {
-            PdfAsHelper.setSessionException(request, response,
-                    "todo", null);
-            PdfAsHelper.gotoError(getServletContext(), request, response);
-            response.sendError(500, '');
+            logger.info("no pdf document is found");
+            response.sendError(500, "no signed data found");
+        }
+        } else {
+            logger.info("no session found");
+            response.sendError(500, "no signed data found");
         }
     }
 }
\ No newline at end of file
-- 
cgit v1.2.3


From e82984cb37027349aa009d0809a706f2f3ec7bf9 Mon Sep 17 00:00:00 2001
From: emusic <emina.music@egiz.gv.at>
Date: Mon, 3 Sep 2018 16:02:01 +0200
Subject: "deleting unused code"

---
 .gitignore                                                       | 4 +++-
 .../src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java     | 9 ---------
 2 files changed, 3 insertions(+), 10 deletions(-)

(limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets')

diff --git a/.gitignore b/.gitignore
index d61b2cb5..8b0de7ae 100644
--- a/.gitignore
+++ b/.gitignore
@@ -47,4 +47,6 @@ local.properties
 
 # PDT-specific
 .buildpath
-/PDF-AS/.nb-gradle/
\ No newline at end of file
+/PDF-AS/.nb-gradle/        
+
+.idea/*
\ No newline at end of file
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java
index bc773ec8..a8d3b1a2 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java
@@ -24,10 +24,6 @@
 package at.gv.egiz.pdfas.web.servlets;
 
 import java.io.*;
-import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.security.SecureRandom;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
@@ -35,11 +31,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import at.gv.egiz.pdfas.web.config.WebConfiguration;
-import org.apache.commons.io.FileUtils;
-import org.apache.commons.io.IOUtils;
-import org.apache.pdfbox.pdmodel.PDDocument;
-import org.apache.pdfbox.pdmodel.encryption.AccessPermission;
-import org.apache.pdfbox.pdmodel.encryption.StandardProtectionPolicy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-- 
cgit v1.2.3