From b38ebd5e730864f39b5cead7672cb870a9523cb1 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Wed, 16 Sep 2015 14:50:18 +0200 Subject: Allow BASE64 File upload --- .../egiz/pdfas/web/servlets/ExternSignServlet.java | 349 +++++++++++---------- 1 file changed, 178 insertions(+), 171 deletions(-) (limited to 'pdf-as-web/src/main/java/at/gv') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java index a06177e3..f8d6e245 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java @@ -33,6 +33,7 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.codec.binary.Base64; import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; @@ -63,44 +64,58 @@ public class ExternSignServlet extends HttpServlet { private static final long serialVersionUID = 1L; public static final String PDF_AS_WEB_CONF = "pdf-as-web.conf"; - + private static final String UPLOAD_PDF_DATA = "pdf-file"; + private static final String UPLOAD_PDF_DATA_BASE64 = "pdf-file-b64"; private static final String UPLOAD_DIRECTORY = "upload"; - private static final Logger logger = LoggerFactory - .getLogger(ExternSignServlet.class); - + private static final Logger logger = LoggerFactory.getLogger(ExternSignServlet.class); + /** * Default constructor. */ public ExternSignServlet() { String webconfig = System.getProperty(PDF_AS_WEB_CONF); - - if(webconfig == null) { + + if (webconfig == null) { logger.error("No web configuration provided! Please specify: " + PDF_AS_WEB_CONF); throw new RuntimeException("No web configuration provided! Please specify: " + PDF_AS_WEB_CONF); } - + WebConfiguration.configure(webconfig); PdfAsHelper.init(); } - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - //PdfAsHelper.regenerateSession(request); - + private byte[] getPDFBase64File(HttpServletRequest request) { + Object object = request.getAttribute(UPLOAD_PDF_DATA_BASE64); + if (object != null && object instanceof String) { + try { + synchronized (Base64.class) { + return Base64.decodeBase64((String) object); + } + } catch (Throwable e) { + logger.warn("Failed to decode base64 pdf file!", e); + } + } + return null; + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + // PdfAsHelper.regenerateSession(request); + logger.debug("Get signing request"); - + String errorUrl = PdfAsParameterExtractor.getInvokeErrorURL(request); PdfAsHelper.setErrorURL(request, response, errorUrl); - + StatisticEvent statisticEvent = new StatisticEvent(); statisticEvent.setStartNow(); statisticEvent.setSource(Source.WEB); statisticEvent.setOperation(Operation.SIGN); statisticEvent.setUserAgent(UserAgentFilter.getUserAgent()); - + try { // Mandatory Parameters on Get Request: String invokeUrl = PdfAsParameterExtractor.getInvokeURL(request); @@ -108,30 +123,28 @@ public class ExternSignServlet extends HttpServlet { String invokeTarget = PdfAsParameterExtractor.getInvokeTarget(request); PdfAsHelper.setInvokeTarget(request, response, invokeTarget); - + String pdfUrl = PdfAsParameterExtractor.getPdfUrl(request); if (pdfUrl == null) { - throw new PdfAsWebException( - "No PDF URL given! Use POST request to sign without PDF URL."); + throw new PdfAsWebException("No PDF URL given! Use POST request to sign without PDF URL."); } byte[] pdfData = RemotePDFFetcher.fetchPdfFile(pdfUrl); doSignature(request, response, pdfData, statisticEvent); } catch (Exception e) { - + statisticEvent.setStatus(Status.ERROR); statisticEvent.setException(e); - if(e instanceof PDFASError) { - statisticEvent.setErrorCode(((PDFASError)e).getCode()); + if (e instanceof PDFASError) { + statisticEvent.setErrorCode(((PDFASError) e).getCode()); } statisticEvent.setEndNow(); statisticEvent.setTimestampNow(); StatisticFrontend.getInstance().storeEvent(statisticEvent); statisticEvent.setLogged(true); - - PdfAsHelper.setSessionException(request, response, e.getMessage(), - e); + + PdfAsHelper.setSessionException(request, response, e.getMessage(), e); PdfAsHelper.gotoError(getServletContext(), request, response); } } @@ -140,247 +153,243 @@ public class ExternSignServlet extends HttpServlet { * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse * response) */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - //PdfAsHelper.regenerateSession(request); - + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + // PdfAsHelper.regenerateSession(request); + logger.debug("Post signing request"); - + String errorUrl = PdfAsParameterExtractor.getInvokeErrorURL(request); PdfAsHelper.setErrorURL(request, response, errorUrl); - + StatisticEvent statisticEvent = new StatisticEvent(); statisticEvent.setStartNow(); statisticEvent.setSource(Source.WEB); statisticEvent.setOperation(Operation.SIGN); statisticEvent.setUserAgent(UserAgentFilter.getUserAgent()); - - try { - byte[] filecontent = null; - // checks if the request actually contains upload file - if (!ServletFileUpload.isMultipartContent(request)) { - // No Uploaded data! - if (PdfAsParameterExtractor.getPdfUrl(request) != null) { - doGet(request, response); - return; - } else { - throw new PdfAsWebException("No Signature data defined!"); - } - } else { - // configures upload settings - DiskFileItemFactory factory = new DiskFileItemFactory(); - factory.setSizeThreshold(WebConfiguration.getFilesizeThreshold()); - factory.setRepository(new File(System - .getProperty("java.io.tmpdir"))); - - ServletFileUpload upload = new ServletFileUpload(factory); - upload.setFileSizeMax(WebConfiguration.getMaxFilesize()); - upload.setSizeMax(WebConfiguration.getMaxRequestsize()); - - // constructs the directory path to store upload file - String uploadPath = getServletContext().getRealPath("") - + File.separator + UPLOAD_DIRECTORY; - // creates the directory if it does not exist - File uploadDir = new File(uploadPath); - if (!uploadDir.exists()) { - uploadDir.mkdir(); - } + try { + byte[] filecontent = this.getPDFBase64File(request); - List formItems = upload.parseRequest(request); - logger.debug(formItems.size() + " Items in form data"); - if (formItems.size() < 1) { - // No Uploaded data! - // Try do get + if (filecontent == null) { + // checks if the request actually contains upload file + if (!ServletFileUpload.isMultipartContent(request)) { // No Uploaded data! if (PdfAsParameterExtractor.getPdfUrl(request) != null) { doGet(request, response); return; } else { - throw new PdfAsWebException( - "No Signature data defined!"); + throw new PdfAsWebException("No Signature data defined!"); } } else { - for(int i = 0; i < formItems.size(); i++) { - Object obj = formItems.get(i); - if(obj instanceof FileItem) { - FileItem item = (FileItem) obj; - if(item.getFieldName().equals(UPLOAD_PDF_DATA)) { - filecontent = item.get(); - try { - File f = new File(item.getName()); - String name = f.getName(); - logger.debug("Got upload: " + item.getName()); - if(name != null) { - if(!(name.endsWith(".pdf") || name.endsWith(".PDF"))) { - name += ".pdf"; + // configures upload settings + DiskFileItemFactory factory = new DiskFileItemFactory(); + factory.setSizeThreshold(WebConfiguration.getFilesizeThreshold()); + factory.setRepository(new File(System.getProperty("java.io.tmpdir"))); + + ServletFileUpload upload = new ServletFileUpload(factory); + upload.setFileSizeMax(WebConfiguration.getMaxFilesize()); + upload.setSizeMax(WebConfiguration.getMaxRequestsize()); + + // constructs the directory path to store upload file + String uploadPath = getServletContext().getRealPath("") + File.separator + UPLOAD_DIRECTORY; + // creates the directory if it does not exist + File uploadDir = new File(uploadPath); + if (!uploadDir.exists()) { + uploadDir.mkdir(); + } + + List formItems = upload.parseRequest(request); + logger.debug(formItems.size() + " Items in form data"); + if (formItems.size() < 1) { + // No Uploaded data! + // Try do get + // No Uploaded data! + if (PdfAsParameterExtractor.getPdfUrl(request) != null) { + doGet(request, response); + return; + } else { + throw new PdfAsWebException("No Signature data defined!"); + } + } else { + for (int i = 0; i < formItems.size(); i++) { + Object obj = formItems.get(i); + if (obj instanceof FileItem) { + FileItem item = (FileItem) obj; + if (item.getFieldName().equals(UPLOAD_PDF_DATA)) { + filecontent = item.get(); + try { + File f = new File(item.getName()); + String name = f.getName(); + logger.debug("Got upload: " + item.getName()); + if (name != null) { + if (!(name.endsWith(".pdf") || name.endsWith(".PDF"))) { + name += ".pdf"; + } + + logger.debug("Setting Filename in session: " + name); + PdfAsHelper.setPDFFileName(request, name); } - - logger.debug("Setting Filename in session: " + name); - PdfAsHelper.setPDFFileName(request, name); + } catch (Throwable e) { + logger.warn("In resolving filename", e); + } + if (filecontent.length < 10) { + filecontent = null; + } else { + logger.debug("Found pdf Data! Size: " + filecontent.length); } - } - catch(Throwable e) { - logger.warn("In resolving filename", e); - } - if(filecontent.length < 10) { - filecontent = null; } else { - logger.debug("Found pdf Data! Size: " + filecontent.length); + request.setAttribute(item.getFieldName(), item.getString()); + logger.debug("Setting " + item.getFieldName() + " = " + item.getString()); } } else { - request.setAttribute(item.getFieldName(), item.getString()); - logger.debug("Setting " + item.getFieldName() + " = " + item.getString()); + logger.debug(obj.getClass().getName() + " - " + obj.toString()); } - } else { - logger.debug(obj.getClass().getName() + " - " + obj.toString()); } } } } - - if(filecontent == null) { + + if (filecontent == null) { if (PdfAsParameterExtractor.getPdfUrl(request) != null) { filecontent = RemotePDFFetcher.fetchPdfFile(PdfAsParameterExtractor.getPdfUrl(request)); } } - if(filecontent == null) { + if (filecontent == null) { Object sourceObj = request.getAttribute("source"); - if(sourceObj != null) { + if (sourceObj != null) { String source = sourceObj.toString(); - if(source.equals("internal")) { + if (source.equals("internal")) { request.setAttribute("FILEERR", true); request.getRequestDispatcher("index.jsp").forward(request, response); - + statisticEvent.setStatus(Status.ERROR); statisticEvent.setException(new Exception("No file uploaded")); statisticEvent.setEndNow(); statisticEvent.setTimestampNow(); StatisticFrontend.getInstance().storeEvent(statisticEvent); statisticEvent.setLogged(true); - + return; } } throw new PdfAsException("No Signature data available"); } - + doSignature(request, response, filecontent, statisticEvent); } catch (Exception e) { - + statisticEvent.setStatus(Status.ERROR); statisticEvent.setException(e); - if(e instanceof PDFASError) { - statisticEvent.setErrorCode(((PDFASError)e).getCode()); + if (e instanceof PDFASError) { + statisticEvent.setErrorCode(((PDFASError) e).getCode()); } statisticEvent.setEndNow(); statisticEvent.setTimestampNow(); StatisticFrontend.getInstance().storeEvent(statisticEvent); statisticEvent.setLogged(true); - - PdfAsHelper.setSessionException(request, response, e.getMessage(), - e); + + PdfAsHelper.setSessionException(request, response, e.getMessage(), e); PdfAsHelper.gotoError(getServletContext(), request, response); } } - protected void doSignature(HttpServletRequest request, - HttpServletResponse response, byte[] pdfData, StatisticEvent statisticEvent) throws Exception { + protected void doSignature(HttpServletRequest request, HttpServletResponse response, byte[] pdfData, + StatisticEvent statisticEvent) throws Exception { // Get Connector String connector = PdfAsParameterExtractor.getConnector(request); PdfAsHelper.setConnector(request, connector); - + String transactionId = PdfAsParameterExtractor.getTransactionId(request); PdfAsHelper.setTransactionid(request, transactionId); - + statisticEvent.setFilesize(pdfData.length); statisticEvent.setProfileId(null); statisticEvent.setDevice(connector); String invokeUrl = PdfAsParameterExtractor.getInvokeURL(request); PdfAsHelper.setInvokeURL(request, response, invokeUrl); - + SignatureVerificationLevel lvl = PdfAsParameterExtractor.getVerificationLevel(request); PdfAsHelper.setVerificationLevel(request, lvl); - + String qrcodeContent = PdfAsParameterExtractor.getQRCodeContent(request); PdfAsHelper.setQRCodeContent(request, qrcodeContent); - + String invokeTarget = PdfAsParameterExtractor.getInvokeTarget(request); PdfAsHelper.setInvokeTarget(request, response, invokeTarget); - + String errorUrl = PdfAsParameterExtractor.getInvokeErrorURL(request); PdfAsHelper.setErrorURL(request, response, errorUrl); - + String locale = PdfAsParameterExtractor.getLocale(request); PdfAsHelper.setLocale(request, response, locale); - + String filename = PdfAsParameterExtractor.getFilename(request); - if(filename != null) { + if (filename != null) { logger.debug("Setting Filename in session: " + filename); PdfAsHelper.setPDFFileName(request, filename); } - - if(pdfData == null) { + + if (pdfData == null) { throw new PdfAsException("No Signature data available"); } - + String pdfDataHash = DigestHelper.getHexEncodedHash(pdfData); - + PdfAsHelper.setSignatureDataHash(request, pdfDataHash); logger.debug("Storing signatures data hash: " + pdfDataHash); - + boolean manualPositioning = PdfAsParameterExtractor.isUserPositioning(request); - + logger.debug("Starting signature creation with: " + connector); - - String sigType = PdfAsParameterExtractor - .getSigType(request); + + String sigType = PdfAsParameterExtractor.getSigType(request); PdfAsHelper.setSignatureType(request, sigType); - + Map preProcessorMap = PdfAsParameterExtractor.getPreProcessorMap(request); PdfAsHelper.setPreProcessorMap(request, preProcessorMap); - + Map overwriteMap = PdfAsParameterExtractor.getOverwriteMap(request); PdfAsHelper.setOverwriteMap(request, overwriteMap); - + String keyIdentifier = PdfAsParameterExtractor.getKeyIdentifier(request); PdfAsHelper.setKeyIdentifier(request, keyIdentifier); - + PdfAsHelper.setStatisticEvent(request, response, statisticEvent); - - //IPlainSigner signer; + + // IPlainSigner signer; if (connector.equals("bku") || connector.equals("onlinebku") || connector.equals("mobilebku")) { // start asynchronous signature creation - - if(connector.equals("bku")) { - if(WebConfiguration.getLocalBKUURL() == null) { + + if (connector.equals("bku")) { + if (WebConfiguration.getLocalBKUURL() == null) { throw new PdfAsWebException("Invalid connector bku is not supported"); } } - - if(connector.equals("onlinebku")) { - if(WebConfiguration.getLocalBKUURL() == null) { + + if (connector.equals("onlinebku")) { + if (WebConfiguration.getLocalBKUURL() == null) { throw new PdfAsWebException("Invalid connector onlinebku is not supported"); } } - - if(connector.equals("mobilebku")) { - if(WebConfiguration.getLocalBKUURL() == null) { + + if (connector.equals("mobilebku")) { + if (WebConfiguration.getLocalBKUURL() == null) { throw new PdfAsWebException("Invalid connector mobilebku is not supported"); } - } - - if(manualPositioning) { + } + + if (manualPositioning) { // store pdf data // redirect to viewer html String token = PdfAsHelper.storePdfData(pdfData, request); - + String pdfDataUrl = PdfAsHelper.generatePositioningURL(token, request, response); - - if(pdfDataUrl != null) { + + if (pdfDataUrl != null) { response.sendRedirect(response.encodeRedirectURL(pdfDataUrl)); return; } else { @@ -388,16 +397,15 @@ public class ExternSignServlet extends HttpServlet { PdfAsHelper.getPdfData(token, request); } } - - PdfAsHelper.startSignature(request, response, getServletContext(), pdfData, connector, - PdfAsHelper.buildPosString(request, response), transactionId, sigType, - preProcessorMap, + + PdfAsHelper.startSignature(request, response, getServletContext(), pdfData, connector, + PdfAsHelper.buildPosString(request, response), transactionId, sigType, preProcessorMap, overwriteMap); return; } else if (connector.equals("jks") || connector.equals("moa")) { // start synchronous siganture creation - - if(connector.equals("jks")) { + + if (connector.equals("jks")) { boolean ksEnabled = false; @@ -408,28 +416,28 @@ public class ExternSignServlet extends HttpServlet { } if (!ksEnabled) { - if(keyIdentifier != null) { + if (keyIdentifier != null) { throw new PdfAsWebException("JKS connector [" + keyIdentifier + "] disabled or not existing."); } else { throw new PdfAsWebException("DEFAULT JKS connector disabled."); } } } - - if(connector.equals("moa")) { - if(!WebConfiguration.getMOASSEnabled()) { + + if (connector.equals("moa")) { + if (!WebConfiguration.getMOASSEnabled()) { throw new PdfAsWebException("Invalid connector moa is not supported"); } } - - if(manualPositioning) { + + if (manualPositioning) { // store pdf data // redirect to viewer html String token = PdfAsHelper.storePdfData(pdfData, request); - + String pdfDataUrl = PdfAsHelper.generatePositioningURL(token, request, response); - - if(pdfDataUrl != null) { + + if (pdfDataUrl != null) { response.sendRedirect(response.encodeRedirectURL(pdfDataUrl)); return; } else { @@ -437,17 +445,16 @@ public class ExternSignServlet extends HttpServlet { PdfAsHelper.getPdfData(token, request); } } - - byte[] pdfSignedData = PdfAsHelper.synchornousSignature(request, - response, pdfData); + + byte[] pdfSignedData = PdfAsHelper.synchornousSignature(request, response, pdfData); PdfAsHelper.setSignedPdf(request, response, pdfSignedData); - + statisticEvent.setStatus(Status.OK); statisticEvent.setEndNow(); statisticEvent.setTimestampNow(); StatisticFrontend.getInstance().storeEvent(statisticEvent); statisticEvent.setLogged(true); - + PdfAsHelper.gotoProvidePdf(getServletContext(), request, response); return; } else { -- cgit v1.2.3