Skip to content

Commit

Permalink
Merge pull request #135 from veraPDF/sha1
Browse files Browse the repository at this point in the history 
Update sha1 checking
  • Loading branch information
@MaximPlusov
MaximPlusov authored Oct 12, 2023
2 parents 5a8f99e + d7c404c commit a20c36d
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 38 deletions.
2 changes: 1 addition & 1 deletion src/main/java/org/verapdf/rest/resources/ProfileResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ public static Set<RuleId> getProfileRules(@Parameter(description = "the String i
@Schema(implementation = ReleaseDetails.class)
)})})
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
public static Set<Rule> getRulesForClause(@Parameter(description = "the string id of the validation profile " +
public static Set<Rule> getRulesForClause(@Parameter(description = "the String id of the Validation profile " +
"(1b, 1a, 2b, 2a, 2u, 3b, 3a, 3u, 4, 4e, 4f or ua1)")
@PathParam("profileId") String profileId,
@Parameter(description = "a string identifying the profile clause to return the rules for")
Expand Down
73 changes: 36 additions & 37 deletions src/main/java/org/verapdf/rest/resources/ValidateResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,9 @@

import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import java.io.*;
import java.net.URL;
import java.security.DigestInputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

Expand Down Expand Up @@ -108,7 +107,7 @@ public static ComponentDetails getDetails() {
)})})
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces({MediaType.APPLICATION_XML})
public static InputStream validateXml(@Parameter(description = "the String id of the Validation profile" +
public static InputStream validateXml(@Parameter(description = "the String id of the Validation profile " +
"(auto, 1b, 1a, 2b, 2a, 2u, 3b, 3a, 3u, 4, 4e, 4f or ua1)")
@PathParam("profileId") String profileId,
@Parameter(name = "file", schema = @Schema(implementation = File.class),
Expand All @@ -117,7 +116,7 @@ public static InputStream validateXml(@Parameter(description = "the String id of
@Parameter(hidden = true) @FormDataParam("file") final FormDataContentDisposition contentDispositionHeader)
throws VeraPDFException {

return validate(uploadedInputStream, contentDispositionHeader.getFileName(), profileId, FormatOption.XML);
return validate(uploadedInputStream, contentDispositionHeader.getFileName(), profileId, null, FormatOption.XML);
}

/**
Expand Down Expand Up @@ -150,7 +149,7 @@ public static InputStream validateXml(@Parameter(description = "the String id of
)})})
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces({MediaType.APPLICATION_XML})
public static InputStream validateXml(@Parameter(description = "the String id of the Validation profile" +
public static InputStream validateXml(@Parameter(description = "the String id of the Validation profile " +
"(auto, 1b, 1a, 2b, 2a, 2u, 3b, 3a, 3u, 4, 4e, 4f or ua1)")
@PathParam("profileId") String profileId,
@Parameter(description = "the hex String representation of the file's SHA-1 hash")
Expand All @@ -160,8 +159,7 @@ public static InputStream validateXml(@Parameter(description = "the String id of
@FormDataParam("file") InputStream uploadedInputStream,
@Parameter(hidden = true) @FormDataParam("file") final FormDataContentDisposition contentDispositionHeader)
throws VeraPDFException {
checkSha1Hex(sha1Hex);
return validate(uploadedInputStream, contentDispositionHeader.getFileName(), profileId, FormatOption.XML);
return validate(uploadedInputStream, contentDispositionHeader.getFileName(), profileId, sha1Hex, FormatOption.XML);
}

@POST
Expand All @@ -178,14 +176,14 @@ public static InputStream validateXml(@Parameter(description = "the String id of
)})})
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces({MediaType.APPLICATION_XML})
public static InputStream validateXml(@Parameter(description = "the String id of the Validation profile" +
public static InputStream validateXml(@Parameter(description = "the String id of the Validation profile " +
"(auto, 1b, 1a, 2b, 2a, 2u, 3b, 3a, 3u, 4, 4e, 4f or ua1)")
@PathParam("profileId") String profileId,
@Parameter(description = "a URL of PDF to be validated")
@FormDataParam("url") String urlLink) throws VeraPDFException {
InputStream uploadedInputStream = getInputStreamByUrlLink(urlLink);

return validate(uploadedInputStream, urlLink, profileId, FormatOption.XML);
return validate(uploadedInputStream, urlLink, profileId, null, FormatOption.XML);
}

/**
Expand All @@ -205,7 +203,7 @@ public static InputStream validateXml(@Parameter(description = "the String id of
@Path("/{profileId}")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces({MediaType.APPLICATION_JSON})
public static InputStream validateJson(@Parameter(description = "the String id of the Validation profile" +
public static InputStream validateJson(@Parameter(description = "the String id of the Validation profile " +
"(auto, 1b, 1a, 2b, 2a, 2u, 3b, 3a, 3u, 4, 4e, 4f or ua1)")
@PathParam("profileId") String profileId,
@Parameter(name = "file", schema = @Schema(implementation = File.class),
Expand All @@ -214,7 +212,7 @@ public static InputStream validateJson(@Parameter(description = "the String id o
@Parameter(hidden = true) @FormDataParam("file") final FormDataContentDisposition contentDispositionHeader)
throws VeraPDFException {

return validate(uploadedInputStream, contentDispositionHeader.getFileName(), profileId, FormatOption.JSON);
return validate(uploadedInputStream, contentDispositionHeader.getFileName(), profileId, null, FormatOption.JSON);
}

/**
Expand All @@ -237,7 +235,7 @@ public static InputStream validateJson(@Parameter(description = "the String id o
@Path("/sha/{profileId}")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces({MediaType.APPLICATION_JSON})
public static InputStream validateJson(@Parameter(description = "the String id of the Validation profile" +
public static InputStream validateJson(@Parameter(description = "the String id of the Validation profile " +
"(auto, 1b, 1a, 2b, 2a, 2u, 3b, 3a, 3u, 4, 4e, 4f or ua1)")
@PathParam("profileId") String profileId,
@Parameter(description = "the hex String representation of the file's SHA-1 hash")
Expand All @@ -247,22 +245,21 @@ public static InputStream validateJson(@Parameter(description = "the String id o
@FormDataParam("file") InputStream uploadedInputStream,
@Parameter(hidden = true) @FormDataParam("file") final FormDataContentDisposition contentDispositionHeader)
throws VeraPDFException {
checkSha1Hex(sha1Hex);
return validate(uploadedInputStream, contentDispositionHeader.getFileName(), profileId, FormatOption.JSON);
return validate(uploadedInputStream, contentDispositionHeader.getFileName(), profileId, sha1Hex, FormatOption.JSON);
}

@POST
@Path("/url/{profileId}")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces({MediaType.APPLICATION_JSON})
public static InputStream validateJson(@Parameter(description = "the String id of the Validation profile" +
public static InputStream validateJson(@Parameter(description = "the String id of the Validation profile " +
"(auto, 1b, 1a, 2b, 2a, 2u, 3b, 3a, 3u, 4, 4e, 4f or ua1)")
@PathParam("profileId") String profileId,
@Parameter(description = "a URL of PDF to be validated")
@FormDataParam("url") String urlLink) throws VeraPDFException {
InputStream uploadedInputStream = getInputStreamByUrlLink(urlLink);

return validate(uploadedInputStream, urlLink, profileId, FormatOption.JSON);
return validate(uploadedInputStream, urlLink, profileId, null, FormatOption.JSON);
}

/**
Expand All @@ -287,7 +284,7 @@ public static InputStream validateHtml(@PathParam("profileId") String profileId,
@FormDataParam("file") InputStream uploadedInputStream,
@Parameter(hidden = true) @FormDataParam("file") final FormDataContentDisposition contentDispositionHeader)
throws VeraPDFException {
return validate(uploadedInputStream, contentDispositionHeader.getFileName(), profileId, FormatOption.HTML);
return validate(uploadedInputStream, contentDispositionHeader.getFileName(), profileId, null, FormatOption.HTML);
}

/**
Expand Down Expand Up @@ -317,37 +314,30 @@ public static InputStream validateHtml(@PathParam("profileId") String profileId,
@FormDataParam("file") InputStream uploadedInputStream,
@Parameter(hidden = true) @FormDataParam("file") final FormDataContentDisposition contentDispositionHeader)
throws VeraPDFException {
checkSha1Hex(sha1Hex);
return validate(uploadedInputStream, contentDispositionHeader.getFileName(), profileId, FormatOption.HTML);
return validate(uploadedInputStream, contentDispositionHeader.getFileName(), profileId, sha1Hex, FormatOption.HTML);
}

@POST
@Path("/url/{profileId}")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces({MediaType.TEXT_HTML})
public static InputStream validateHtml(@Parameter(description = "the String id of the Validation profile" +
public static InputStream validateHtml(@Parameter(description = "the String id of the Validation profile " +
"(auto, 1b, 1a, 2b, 2a, 2u, 3b, 3a, 3u, 4, 4e, 4f or ua1)")
@PathParam("profileId") String profileId,
@Parameter(description = "a URL of PDF to be validated")
@FormDataParam("url") String urlLink) throws VeraPDFException {
InputStream uploadedInputStream = getInputStreamByUrlLink(urlLink);

return validate(uploadedInputStream, urlLink, profileId, FormatOption.HTML);
return validate(uploadedInputStream, urlLink, profileId, null, FormatOption.HTML);
}

public static void setMaxFileSize(Integer maxFileSize) {
ValidateResource.maxFileSize = maxFileSize;
}

private static InputStream validate(InputStream uploadedInputStream, String fileName, String profileId, FormatOption formatOption) throws VeraPDFException {
SeekableInputStream seekableInputStream;
try {
seekableInputStream = SeekableInputStream.getSeekableStream(uploadedInputStream, 1000000 * maxFileSize);
} catch (VeraPDFParserException e) {
throw new VeraPDFException("Maximum allowed file size exceeded: " + maxFileSize + " MB");
} catch (IOException e) {
throw new VeraPDFException(e.getMessage());
}
private static InputStream validate(InputStream uploadedInputStream, String fileName, String profileId,
String sha1Hex, FormatOption formatOption) throws VeraPDFException {
SeekableInputStream seekableInputStream = createInputStream(uploadedInputStream, sha1Hex);
PDFAFlavour flavour = PDFAFlavour.byFlavourId(profileId);
ValidatorConfig validatorConfig = configManager.getValidatorConfig();
validatorConfig.setFlavour(flavour);
Expand All @@ -363,13 +353,22 @@ private static InputStream validate(InputStream uploadedInputStream, String file
return new ByteArrayInputStream(outputBytes);
}

private static void checkSha1Hex(String sha1Hex) {
MessageDigest sha1 = getDigest();
if (sha1Hex != null && sha1Hex.equalsIgnoreCase(Hex.encodeHexString(sha1.digest()))) {
throw new NotSupportedException(Response.status(Status.UNSUPPORTED_MEDIA_TYPE)
.type(MediaType.TEXT_PLAIN).entity("File does not appear " +
"to be a PDF.") //$NON-NLS-1$
.build());
private static SeekableInputStream createInputStream(InputStream uploadedInputStream, String sha1Hex) throws VeraPDFException {
InputStream inputStream = uploadedInputStream;
if (sha1Hex != null) {
MessageDigest sha1 = getDigest();
inputStream = new DigestInputStream(uploadedInputStream, sha1);
}
try {
SeekableInputStream seekableInputStream = SeekableInputStream.getSeekableStream(inputStream, 1000000 * maxFileSize);
if (sha1Hex != null && !sha1Hex.equalsIgnoreCase(Hex.encodeHexString(((DigestInputStream)inputStream).getMessageDigest().digest()))) {
throw new VeraPDFException("Incorrect sha1 value");
}
return seekableInputStream;
} catch (VeraPDFParserException e) {
throw new VeraPDFException("Maximum allowed file size exceeded: " + maxFileSize + " MB");
} catch (IOException e) {
throw new VeraPDFException(e.getMessage());
}
}

Expand Down

0 comments on commit a20c36d

Please sign in to comment.