use of com.mercedesbenz.sechub.pds.PDSBadRequestException in project sechub by mercedes-benz.
the class PDSFileUploadJobService method startUpload.
private void startUpload(UUID jobUUID, HttpServletRequest request, String fileName) throws FileUploadException, IOException, UnsupportedEncodingException {
/* prepare */
LOG.debug("Start upload file: {} for PDS job: {}", fileName, jobUUID);
String checksumFromUser = null;
String checksumCalculated = null;
boolean fileDefinedByUser = false;
boolean checkSumDefinedByUser = false;
JobStorage jobStorage = storageService.getJobStorage(jobUUID);
ServletFileUpload upload = new ServletFileUpload();
long maxUploadSize = configuration.getMaxUploadSizeInBytes();
// we accept 600 bytes more for header, checksum etc.
upload.setSizeMax(maxUploadSize + 600);
upload.setFileSizeMax(maxUploadSize);
/*
* Important: this next call of "upload.getItemIterator(..)" looks very simple,
* but it creates a new <code>FileItemIteratorImpl</code> instances which
* internally does some heavy things on creation: It does create a new input
* stream, checks for max size handling and much more. We want to avoid creating
* the iterator multiple times!
*
* Also any access to the origin request to access the parameter/field names
* does always trigger a multipart resolving which uses again the underlying
* standard Servlet mechanism and the configured max sizes there!
*
* So we could only check parameters with another item iterator when we want to
* handle this specialized, but the item iterator should be created only one
* time (see explained reason before).
*
* This is the reason, why we do not check the user input at the beginning but
* only at the end. This is maybe inconvenient for the user when forgetting to
* define a field, but this normally happens only one time and the benefit of
* avoiding side effects. In addition, the performance (speed) does matter here.
*
* ------------------------- So please do NOT change! -------------------------
*/
FileItemIterator iterStream = upload.getItemIterator(request);
while (iterStream.hasNext()) {
FileItemStream item = iterStream.next();
String fieldName = item.getFieldName();
switch(fieldName) {
case MULTIPART_CHECKSUM:
try (InputStream checkSumInputStream = item.openStream()) {
checksumFromUser = Streams.asString(checkSumInputStream);
checksumSHA256Service.assertValidSha256Checksum(checksumFromUser);
jobStorage.store(fileName + DOT_CHECKSUM, new StringInputStream(checksumFromUser));
LOG.info("uploaded user defined checksum as file for file: {} in PDS job: {}", fileName, jobUUID);
}
checkSumDefinedByUser = true;
break;
case MULTIPART_FILE:
try (InputStream fileInputstream = item.openStream()) {
MessageDigest digest = checksumSHA256Service.createSHA256MessageDigest();
MessageDigestCalculatingInputStream messageDigestInputStream = new MessageDigestCalculatingInputStream(fileInputstream, digest);
jobStorage.store(fileName, messageDigestInputStream);
LOG.info("uploaded file:{} for job:{}", fileName, jobUUID);
checksumCalculated = checksumSHA256Service.convertMessageDigestToHex(digest);
}
fileDefinedByUser = true;
break;
default:
LOG.warn("Given field '{}' is not supported while uploading job data to project {}, {}", logSanitizer.sanitize(fieldName, 30), jobUUID);
}
}
if (!fileDefinedByUser) {
throw new PDSBadRequestException("No file defined by user for job data upload!");
}
if (!checkSumDefinedByUser) {
throw new PDSBadRequestException("No checksum defined by user for job data upload!");
}
if (checksumFromUser == null) {
throw new PDSBadRequestException("No user checksum available for job data upload!");
}
if (checksumCalculated == null) {
throw new PDSBadRequestException("Upload of binaries was not possible!");
}
assertCheckSumCorrect(checksumFromUser, checksumCalculated);
}
Aggregations