From f3476576c50efd922593c82656efda7aec5ae97f Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Wed, 27 Nov 2013 10:05:17 +0100 Subject: MOA integration sign/verification (not finished yet ...) Lots of PDF-AS Web implementation --- .../at/gv/egiz/pdfas/web/helper/PDFASSession.java | 2 + .../at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 179 +++++++++++++++++++++ .../gv/egiz/pdfas/web/servlets/DataURLServlet.java | 67 ++++++-- .../at/gv/egiz/pdfas/web/servlets/SignServlet.java | 96 +++++++---- .../gv/egiz/pdfas/web/servlets/VerifyServlet.java | 2 +- 5 files changed, 301 insertions(+), 45 deletions(-) create mode 100644 pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java (limited to 'pdf-as-web/src/main/java/at/gv/egiz') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PDFASSession.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PDFASSession.java index 9207847d..dd914384 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PDFASSession.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PDFASSession.java @@ -3,6 +3,7 @@ package at.gv.egiz.pdfas.web.helper; import java.io.Serializable; import at.gv.egiz.pdfas.lib.api.Configuration; +import at.gv.egiz.pdfas.lib.api.PdfAs; import at.gv.egiz.pdfas.lib.api.StatusRequest; import at.gv.egiz.pdfas.lib.api.sign.SignParameter; @@ -13,6 +14,7 @@ public class PDFASSession implements Serializable { private StatusRequest statusRequest; private SignParameter signParameter; private Configuration config; + private PdfAs pdfAs; public PDFASSession(SignParameter parameter) { this.signParameter = parameter; diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java new file mode 100644 index 00000000..cec6caeb --- /dev/null +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -0,0 +1,179 @@ +package at.gv.egiz.pdfas.web.helper; + +import iaik.cms.ecc.IaikEccProvider; +import iaik.security.ecc.provider.ECCProvider; +import iaik.security.provider.IAIK; + +import java.io.File; +import java.io.IOException; +import java.util.Iterator; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.xml.bind.JAXBElement; + +import org.apache.commons.io.FileUtils; +import org.apache.commons.lang3.StringEscapeUtils; + +import at.gv.egiz.pdfas.lib.api.ByteArrayDataSource; +import at.gv.egiz.pdfas.lib.api.Configuration; +import at.gv.egiz.pdfas.lib.api.PdfAs; +import at.gv.egiz.pdfas.lib.api.PdfAsFactory; +import at.gv.egiz.pdfas.lib.api.StatusRequest; +import at.gv.egiz.pdfas.lib.api.sign.SignParameter; +import at.gv.egiz.pdfas.sigs.pades.PAdESSigner; +import at.gv.egiz.sl.CreateCMSSignatureRequestType; +import at.gv.egiz.sl.CreateCMSSignatureResponseType; +import at.gv.egiz.sl.InfoboxAssocArrayPairType; +import at.gv.egiz.sl.InfoboxReadRequestType; +import at.gv.egiz.sl.InfoboxReadResponseType; +import at.gv.egiz.sl.ObjectFactory; +import at.gv.egiz.sl.util.BKUSLConnector; +import at.gv.egiz.sl.util.SLMarschaller; + +public class PdfAsHelper { + + private static final String PDF_CONFIG = "PDF_CONFIG"; + private static final String PDF_STATUS = "PDF_STATUS"; + private static final String PDF_SL_CONNECTOR = "PDF_SL_CONNECTOR"; + + private static PdfAs pdfAs; + private static ObjectFactory of = new ObjectFactory(); + + static { + pdfAs = PdfAsFactory.createPdfAs(new File("/home/afitzek/.pdfas")); + IAIK.getInstance(); + ECCProvider.addAsProvider(); + } + + public static void startSignature(HttpServletRequest request, + HttpServletResponse response, byte[] pdfData) throws Exception { + + HttpSession session = request.getSession(); + + Configuration config = pdfAs.getConfiguration(); + session.setAttribute(PDF_CONFIG, config); + BKUSLConnector bkuSLConnector = new BKUSLConnector(config); + SignParameter signParameter = PdfAsFactory.createSignParameter(config, + new ByteArrayDataSource(pdfData)); + signParameter.setPlainSigner(new PAdESSigner(bkuSLConnector)); + + session.setAttribute(PDF_SL_CONNECTOR, bkuSLConnector); + + StatusRequest statusRequest = pdfAs.startSign(signParameter); + session.setAttribute(PDF_STATUS, statusRequest); + + PdfAsHelper.process(request, response); + } + + private static byte[] getCertificate( + InfoboxReadResponseType infoboxReadResponseType) { + byte[] data = null; + if (infoboxReadResponseType.getAssocArrayData() != null) { + List pairs = infoboxReadResponseType + .getAssocArrayData().getPair(); + Iterator pairIterator = pairs.iterator(); + while(pairIterator.hasNext()) { + InfoboxAssocArrayPairType pair = pairIterator.next(); + if(pair.getKey().equals("SecureSignatureKeypair")) { + return pair.getBase64Content(); + } + } + } + // SecureSignatureKeypair + + return data; + } + + public static void injectCertificate(HttpServletRequest request, + HttpServletResponse response, + InfoboxReadResponseType infoboxReadResponseType) throws Exception { + + HttpSession session = request.getSession(); + StatusRequest statusRequest = (StatusRequest)session.getAttribute(PDF_STATUS); + + statusRequest.setCertificate(getCertificate(infoboxReadResponseType)); + statusRequest = pdfAs.process(statusRequest); + session.setAttribute(PDF_STATUS, statusRequest); + + PdfAsHelper.process(request, response); + } + + public static void injectSignature(HttpServletRequest request, + HttpServletResponse response, + CreateCMSSignatureResponseType createCMSSignatureResponseType) + throws Exception { + + HttpSession session = request.getSession(); + StatusRequest statusRequest = (StatusRequest) session + .getAttribute(PDF_STATUS); + + statusRequest.setSigature(createCMSSignatureResponseType + .getCMSSignature()); + statusRequest = pdfAs.process(statusRequest); + session.setAttribute(PDF_STATUS, statusRequest); + + PdfAsHelper.process(request, response); + } + + public static void process(HttpServletRequest request, + HttpServletResponse response) throws Exception { + + HttpSession session = request.getSession(); + StatusRequest statusRequest = (StatusRequest) session + .getAttribute(PDF_STATUS); + BKUSLConnector bkuSLConnector = (BKUSLConnector) session + .getAttribute(PDF_SL_CONNECTOR); + Configuration config = (Configuration) session.getAttribute(PDF_CONFIG); + + if (statusRequest.needCertificate()) { + // build SL Request to read certificate + InfoboxReadRequestType readCertificateRequest = bkuSLConnector + .createInfoboxReadRequest(); + + JAXBElement readRequest = of + .createInfoboxReadRequest(readCertificateRequest); + + String url = request.getContextPath() + "/DataURL;jsessionid=" + + session.getId(); + String fullurl = request.getScheme() + "://" + + request.getServerName() + ":" + request.getServerPort() + + url; + String slRequest = SLMarschaller.marshalToString(readRequest); + String template = getTemplateSL(); + template = template.replace("##BKU##", + "http://127.0.0.1:3495/http-security-layer-request"); + template = template.replace("##XMLRequest##", + StringEscapeUtils.escapeHtml4(slRequest)); + template = template.replace("##DataURL##", fullurl); + response.getWriter().write(template); + response.getWriter().close(); + } else if (statusRequest.needSignature()) { + // build SL Request for cms signature + CreateCMSSignatureRequestType createCMSSignatureRequestType = + bkuSLConnector.createCMSRequest(statusRequest.getSignatureData(), + statusRequest.getSignatureDataByteRange()); + + String slRequest = SLMarschaller.marshalToString(of + .createCreateCMSSignatureRequest(createCMSSignatureRequestType)); + + response.setContentType("text/xml"); + response.getWriter().write(slRequest); + response.getWriter().close(); + + } else if (statusRequest.isReady()) { + // TODO: store pdf document redirect to Finish URL + } else { + // TODO: invalid state + } + } + + private static String getTemplateSL() throws IOException { + String xml = FileUtils.readFileToString(FileUtils + .toFile(PdfAsHelper.class.getResource("/template_sl.html"))); + return xml; + } + +} diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java index 93586c1a..a8dfb053 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java @@ -1,37 +1,76 @@ package at.gv.egiz.pdfas.web.servlets; import java.io.IOException; + import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.xml.bind.JAXBElement; + +import at.gv.egiz.pdfas.lib.api.StatusRequest; +import at.gv.egiz.pdfas.web.helper.PdfAsHelper; +import at.gv.egiz.sl.CreateCMSSignatureResponseType; +import at.gv.egiz.sl.ErrorResponseType; +import at.gv.egiz.sl.InfoboxReadResponseType; +import at.gv.egiz.sl.util.SLMarschaller; /** * Servlet implementation class DataURL */ public class DataURLServlet extends HttpServlet { private static final long serialVersionUID = 1L; - - /** - * @see HttpServlet#HttpServlet() - */ - public DataURLServlet() { - super(); - // TODO Auto-generated constructor stub - } /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) + * @see HttpServlet#HttpServlet() */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - // TODO Auto-generated method stub + public DataURLServlet() { + super(); + // TODO Auto-generated constructor stub } /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - // TODO Auto-generated method stub + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + this.process(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + this.process(request, response); + } + + protected void process(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + + String xmlResponse = request.getParameter("XMLResponse"); + + System.out.println(xmlResponse); + + JAXBElement jaxbObject = (JAXBElement) SLMarschaller.unmarshalFromString(xmlResponse); + if(jaxbObject.getValue() instanceof InfoboxReadResponseType) { + InfoboxReadResponseType infoboxReadResponseType = (InfoboxReadResponseType)jaxbObject.getValue(); + PdfAsHelper.injectCertificate(request, response, infoboxReadResponseType); + } else if(jaxbObject.getValue() instanceof CreateCMSSignatureResponseType) { + CreateCMSSignatureResponseType createCMSSignatureResponseType = (CreateCMSSignatureResponseType)jaxbObject.getValue(); + PdfAsHelper.injectSignature(request, response, createCMSSignatureResponseType); + } else if(jaxbObject.getValue() instanceof ErrorResponseType) { + ErrorResponseType errorResponseType = (ErrorResponseType)jaxbObject.getValue(); + // TODO: store error and redirect user + System.out.println("ERROR: " + errorResponseType.getErrorCode() + " " + errorResponseType.getInfo()); + } + } catch (Exception e) { + e.printStackTrace(); + } } } diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java index 9ea6f354..5d3c2e34 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SignServlet.java @@ -1,26 +1,36 @@ package at.gv.egiz.pdfas.web.servlets; +import java.io.File; import java.io.IOException; +import java.io.PrintWriter; +import java.nio.file.attribute.DosFileAttributes; +import java.util.Iterator; +import java.util.List; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.pdfas.common.exceptions.PdfAsException; -import at.gv.egiz.pdfas.lib.api.ByteArrayDataSource; -import at.gv.egiz.pdfas.lib.api.Configuration; -import at.gv.egiz.pdfas.lib.api.PdfAs; -import at.gv.egiz.pdfas.lib.api.PdfAsFactory; -import at.gv.egiz.pdfas.lib.api.StatusRequest; -import at.gv.egiz.pdfas.lib.api.sign.SignParameter; +import org.apache.commons.fileupload.FileItem; +import org.apache.commons.fileupload.FileItemFactory; +import org.apache.commons.fileupload.disk.DiskFileItemFactory; +import org.apache.commons.fileupload.servlet.ServletFileUpload; + +import at.gv.egiz.pdfas.web.helper.PdfAsHelper; /** * Servlet implementation class Sign */ public class SignServlet extends HttpServlet { + private static final long serialVersionUID = 1L; + private static final String UPLOAD_DIRECTORY = "upload"; + private static final int THRESHOLD_SIZE = 1024 * 1024 * 3; // 3MB + private static final int MAX_FILE_SIZE = 1024 * 1024 * 40; // 40MB + private static final int MAX_REQUEST_SIZE = 1024 * 1024 * 50; // 50MB + /** * Default constructor. */ @@ -28,40 +38,66 @@ public class SignServlet extends HttpServlet { // TODO Auto-generated constructor stub } - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - response.getWriter() - .println( - "HelloBODY"); - } - /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse * response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - // TODO Auto-generated method stub + try { + doParameters(request, response); + } catch (Exception e) { + e.printStackTrace(); + } + } + + protected void doParameters(HttpServletRequest request, + HttpServletResponse response) throws Exception { + // checks if the request actually contains upload file + if (!ServletFileUpload.isMultipartContent(request)) { + PrintWriter writer = response.getWriter(); + writer.println("Request does not contain upload data"); + writer.flush(); + return; + } + + // configures upload settings + DiskFileItemFactory factory = new DiskFileItemFactory(); + factory.setSizeThreshold(THRESHOLD_SIZE); + factory.setRepository(new File(System.getProperty("java.io.tmpdir"))); + + ServletFileUpload upload = new ServletFileUpload(factory); + upload.setFileSizeMax(MAX_FILE_SIZE); + upload.setSizeMax(MAX_REQUEST_SIZE); + + // constructs the directory path to store upload file + String uploadPath = getServletContext().getRealPath("") + + File.separator + UPLOAD_DIRECTORY; + // creates the directory if it does not exist + File uploadDir = new File(uploadPath); + if (!uploadDir.exists()) { + uploadDir.mkdir(); + } + + List formItems = upload.parseRequest(request); + byte[] filecontent = null; + if(formItems.size() != 1) { + // TODO: no file uploaded! + } else { + FileItem item = (FileItem) formItems.get(0); + filecontent = item.get(); + } + + doSignature(request, response, filecontent); } protected void doSignature(HttpServletRequest request, HttpServletResponse response, byte[] pdfData) { try { - PdfAs pdfAs = PdfAsFactory.createPdfAs(null); - // TODO: Build configuration and Sign Parameters - Configuration config = pdfAs.getConfiguration(); - SignParameter signParameter = PdfAsFactory.createSignParameter( - config, new ByteArrayDataSource(pdfData)); - - - - StatusRequest statusRequest = pdfAs.startSign(signParameter); - - } catch (PdfAsException e) { + // TODO: read Parameters ... + PdfAsHelper.startSignature(request, response, pdfData); + } catch (Exception e) { + // TODO Auto-generated catch block e.printStackTrace(); } } diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/VerifyServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/VerifyServlet.java index d4303a5f..119bd2cb 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/VerifyServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/VerifyServlet.java @@ -50,7 +50,7 @@ public class VerifyServlet extends HttpServlet { VerifyParameter parameter = PdfAsFactory.createVerifyParameter(conf, new ByteArrayDataSource(pdfData)); parameter.setWhichSignature(whichSignature); - List results = pdfAs.verify(parameter); + //List results = pdfAs.verify(parameter); // Create HTML Snippet for each Verification Result // Put these results into the web page -- cgit v1.2.3