From 835e2a678b6899231ca81e4f0354e6a4f17a277c Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Thu, 3 Mar 2016 11:40:32 +0100 Subject: allow basic authenticaiton url formate --- .../gv/egiz/pdfas/web/helper/RemotePDFFetcher.java | 85 ++++++++++++++++++---- 1 file changed, 72 insertions(+), 13 deletions(-) (limited to 'pdf-as-web') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java index 462c1bc8..696a3dc1 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java @@ -23,50 +23,109 @@ ******************************************************************************/ package at.gv.egiz.pdfas.web.helper; +import java.io.IOException; import java.io.InputStream; import java.net.MalformedURLException; import java.net.URL; +import java.net.URLConnection; +import org.apache.commons.io.IOUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.pdfas.common.utils.StreamUtils; import at.gv.egiz.pdfas.web.config.WebConfiguration; import at.gv.egiz.pdfas.web.exception.PdfAsWebException; +import iaik.utils.URLDecoder; public class RemotePDFFetcher { - private static final Logger logger = LoggerFactory - .getLogger(RemotePDFFetcher.class); + private static final Logger logger = LoggerFactory.getLogger(RemotePDFFetcher.class); + + public static String[] extractSensitiveInformationFromURL(String pdfURL) throws IOException { + if (pdfURL.contains("@")) { + String lowerURL = pdfURL.toLowerCase(); + int startIndex = 0; + int atIndex = pdfURL.indexOf("@"); + + startIndex = lowerURL.indexOf("https://"); + + if (startIndex >= 0) { + startIndex = startIndex + "https://".length(); + } else { + startIndex = lowerURL.indexOf("http://"); + if (startIndex >= 0) { + startIndex = startIndex + "http://".length(); + } + } + + if (startIndex < 0) { + throw new MalformedURLException("Username/Password Part found, but no scheme found"); + } + + if (atIndex < 0) { + throw new MalformedURLException("@ Part found, but index not found"); + } + + String usernamePasswordPart = pdfURL.substring(startIndex, atIndex); + + pdfURL = pdfURL.substring(0, startIndex) + pdfURL.substring(atIndex + 1); + + logger.debug("Modified URL: {}", pdfURL); + + String[] usernamePassword = usernamePasswordPart.split(":"); + + if(usernamePassword.length == 2) { + return new String[] { pdfURL, URLDecoder.decode(usernamePassword[0]), + URLDecoder.decode(usernamePassword[1]) }; + } else { + throw new MalformedURLException("Wrong or empty username/password part"); + } + } else { + return new String[] { pdfURL }; + } + } public static byte[] fetchPdfFile(String pdfURL) throws PdfAsWebException { URL url; + String[] fetchInfos; try { - url = new URL(pdfURL); + fetchInfos = extractSensitiveInformationFromURL(pdfURL); + url = new URL(fetchInfos[0]); } catch (MalformedURLException e) { logger.warn("Not a valid URL!", e); throw new PdfAsWebException("Not a valid URL!", e); + } catch (IOException e) { + logger.warn("Not a valid URL!", e); + throw new PdfAsWebException("Not a valid URL!", e); } if (WebConfiguration.isProvidePdfURLinWhitelist(url.toExternalForm())) { - if (url.getProtocol().equals("http") - || url.getProtocol().equals("https")) { - + if (url.getProtocol().equals("http") || url.getProtocol().equals("https")) { + URLConnection uc = null; + InputStream is = null; try { - InputStream is = url.openStream(); + uc = url.openConnection(); + + if(fetchInfos.length == 3) { + String userpass = fetchInfos[1] + ":" + fetchInfos[2]; + String basicAuth = "Basic " + javax.xml.bind.DatatypeConverter.printBase64Binary(userpass.getBytes("UTF-8")); + uc.setRequestProperty("Authorization", basicAuth); + } + + is = uc.getInputStream(); return StreamUtils.inputStreamToByteArray(is); } catch (Exception e) { logger.warn("Failed to fetch pdf document!", e); - throw new PdfAsWebException( - "Failed to fetch pdf document!", e); + throw new PdfAsWebException("Failed to fetch pdf document!", e); + } finally { + IOUtils.closeQuietly(is); } } else { throw new PdfAsWebException( - "Failed to fetch pdf document protocol " - + url.getProtocol() + " is not supported"); + "Failed to fetch pdf document protocol " + url.getProtocol() + " is not supported"); } } else { - throw new PdfAsWebException( - "Failed to fetch pdf document " + url.toExternalForm() + " is not allowed"); + throw new PdfAsWebException("Failed to fetch pdf document " + url.toExternalForm() + " is not allowed"); } } } -- cgit v1.2.3