1 files changed, 147 insertions, 148 deletions

diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
index 43804a2..bc2c3b6 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
@@ -1,9 +1,5 @@
 package at.gv.egovernment.moa.spss.server.service;
 
-import iaik.server.modules.keys.KeyEntryID;
-import iaik.server.modules.keys.KeyModule;
-import iaik.server.modules.keys.KeyModuleFactory;
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.Principal;
@@ -26,155 +22,158 @@ import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionIDGenerator;
 import at.gv.egovernment.moaspss.logging.Logger;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
 
 /**
- * 
+ *
  * @author Andreas Fitzek
  * @version $Id$
  */
 public class CertificateProviderServlet extends HttpServlet {
 
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -6907582473072190122L;
-
-	/** The property name for accessing the X509 client certificate chain. */
-	private static final String X509_CERTIFICATE_PROPERTY = "javax.servlet.request.X509Certificate";
-
-	public static final String PARAM_KEYID = "id";
-	
-	/**
-	 * Build the set of <code>KeyEntryID</code>s available to the given
-	 * <code>keyGroupID</code>.
-	 * 
-	 * @param keyGroupID
-	 *            The keygroup ID for which the available keys should be
-	 *            returned.
-	 * @return The <code>Set</code> of <code>KeyEntryID</code>s identifying the
-	 *         available keys.
-	 * @throws ConfigurationException
-	 */
-	@SuppressWarnings({ "rawtypes", "unchecked" })
-	private Set buildKeySet(String keyGroupID, X509Certificate cert, KeyModule module)
-			throws ConfigurationException {
-		ConfigurationProvider config = ConfigurationProvider.getInstance();
-		Set keyGroupEntries;
-
-		// get the KeyGroup entries from the configuration
-		if (cert != null) {
-			Principal issuer = cert.getIssuerDN();
-			BigInteger serialNumber = cert.getSerialNumber();
-
-			keyGroupEntries = config.getKeyGroupEntries(issuer, serialNumber,
-					keyGroupID);
-		} else {
-			keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID);
-		}
-
-		// map the KeyGroup entries to a set of KeyEntryIDs
-		if (keyGroupEntries == null) {
-			return null;
-		} else if (keyGroupEntries.size() == 0) {
-			return Collections.EMPTY_SET;
-		} else {
-			
-			Set keyEntryIDs = module.getPrivateKeyEntryIDs();
-			Set keySet = new HashSet();
-			Iterator iter;
-			
-			// filter out the keys that do not exist in the IAIK configuration
-			// by walking through the key entries and checking if the exist in
-			// the
-			// keyGroupEntries
-			for (iter = keyEntryIDs.iterator(); iter.hasNext();) {
-				KeyEntryID entryID = (KeyEntryID) iter.next();
-				KeyGroupEntry entry = new KeyGroupEntry(entryID.getModuleID(),
-						entryID.getCertificateIssuer(),
-						entryID.getCertificateSerialNumber());
-				if (keyGroupEntries.contains(entry)) {
-					keySet.add(entryID);
-				}
-			}
-			return keySet;
-		}
-	}
-
-	private X509Certificate getClientCertificate(HttpServletRequest request) {
-		X509Certificate[] clientCert = (X509Certificate[]) request
-				.getAttribute(X509_CERTIFICATE_PROPERTY);
-		if(clientCert != null) {
-			return clientCert[0];
-		}
-		return null;
-	}
-
-	@SuppressWarnings("rawtypes")
-	public void doGet(HttpServletRequest request, HttpServletResponse response)
-			throws ServletException, IOException {
-		try {
-			X509Certificate cert = getClientCertificate(request);
-			String keyId = request.getParameter(PARAM_KEYID);
-			
-			if(keyId == null) {
-				Logger.warn(PARAM_KEYID + " not provided in Request. Returning: " + HttpServletResponse.SC_BAD_REQUEST);
-				response.sendError(HttpServletResponse.SC_BAD_REQUEST);
-				return;
-			}
-			
-			String transactionId = TransactionIDGenerator.nextID();
-			
-			KeyModule module = KeyModuleFactory.getInstance(new TransactionId(
-					transactionId));
-			
-			Set keySet = buildKeySet(keyId, cert, module);
-			
-			if(keySet == null || keySet.isEmpty()) {
-				Logger.warn("No keys available for Key Identifier " + keyId + " and given authentication.");
-				response.sendError(HttpServletResponse.SC_NOT_FOUND);
-				return;
-			}
-			
-			
-			if(keySet.size() != 1) {
-				Logger.warn("Too many keys available for Key Identifier " + keyId + " and given authentication.");
-				response.sendError(HttpServletResponse.SC_CONFLICT);
-				return;
-			}
-			
-			Iterator iter;
-
-			// filter out the keys that do not exist in the IAIK configuration
-			// by walking through the key entries and checking if the exist in
-			// the
-			// keyGroupEntries
-			for (iter = keySet.iterator(); iter.hasNext();) {
-				KeyEntryID entryID = (KeyEntryID) iter.next();
-				
-				List certChain = module.getPrivateKeyEntry(entryID).getCertificateChain();
-				
-				if(certChain != null && !certChain.isEmpty()) {
-					Logger.trace("Returning Certificate!");
-					Certificate keyCert = ((Certificate)certChain.get(0));
-					byte[] certData = keyCert.getEncoded();
-					response.setStatus(HttpServletResponse.SC_OK);
-					response.setContentType("application/pkix-cert");
-					response.setHeader("Content-disposition","attachment; filename=\"" + keyId + ".cer\"");
-					response.getOutputStream().write(certData);
-					response.getOutputStream().close();
-					return;
-				}
-				
-				break;
-			}
-			
-			// No Certificate could be found!
-			Logger.warn("Failed to find keys available for Key Identifier " + keyId + " and given authentication.");
-			response.sendError(HttpServletResponse.SC_NOT_FOUND);
-			return;
-		} catch(Throwable e) {
-			Logger.error("Unhandled Exception when providing certificate", e);
-			response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-		}
-	}
+  /**
+   * 
+   */
+  private static final long serialVersionUID = -6907582473072190122L;
+
+  /** The property name for accessing the X509 client certificate chain. */
+  private static final String X509_CERTIFICATE_PROPERTY = "javax.servlet.request.X509Certificate";
+
+  public static final String PARAM_KEYID = "id";
+
+  /**
+   * Build the set of <code>KeyEntryID</code>s available to the given
+   * <code>keyGroupID</code>.
+   * 
+   * @param keyGroupID The keygroup ID for which the available keys should be
+   *                   returned.
+   * @return The <code>Set</code> of <code>KeyEntryID</code>s identifying the
+   *         available keys.
+   * @throws ConfigurationException
+   */
+  @SuppressWarnings({ "rawtypes", "unchecked" })
+  private Set buildKeySet(String keyGroupID, X509Certificate cert, KeyModule module)
+      throws ConfigurationException {
+    final ConfigurationProvider config = ConfigurationProvider.getInstance();
+    Set keyGroupEntries;
+
+    // get the KeyGroup entries from the configuration
+    if (cert != null) {
+      final Principal issuer = cert.getIssuerDN();
+      final BigInteger serialNumber = cert.getSerialNumber();
+
+      keyGroupEntries = config.getKeyGroupEntries(issuer, serialNumber,
+          keyGroupID);
+    } else {
+      keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID);
+    }
+
+    // map the KeyGroup entries to a set of KeyEntryIDs
+    if (keyGroupEntries == null) {
+      return null;
+    } else if (keyGroupEntries.size() == 0) {
+      return Collections.EMPTY_SET;
+    } else {
+
+      final Set keyEntryIDs = module.getPrivateKeyEntryIDs();
+      final Set keySet = new HashSet();
+      Iterator iter;
+
+      // filter out the keys that do not exist in the IAIK configuration
+      // by walking through the key entries and checking if the exist in
+      // the
+      // keyGroupEntries
+      for (iter = keyEntryIDs.iterator(); iter.hasNext();) {
+        final KeyEntryID entryID = (KeyEntryID) iter.next();
+        final KeyGroupEntry entry = new KeyGroupEntry(entryID.getModuleID(),
+            entryID.getCertificateIssuer(),
+            entryID.getCertificateSerialNumber());
+        if (keyGroupEntries.contains(entry)) {
+          keySet.add(entryID);
+        }
+      }
+      return keySet;
+    }
+  }
+
+  private X509Certificate getClientCertificate(HttpServletRequest request) {
+    final X509Certificate[] clientCert = (X509Certificate[]) request
+        .getAttribute(X509_CERTIFICATE_PROPERTY);
+    if (clientCert != null) {
+      return clientCert[0];
+    }
+    return null;
+  }
+
+  @Override
+  @SuppressWarnings("rawtypes")
+  public void doGet(HttpServletRequest request, HttpServletResponse response)
+      throws ServletException, IOException {
+    try {
+      final X509Certificate cert = getClientCertificate(request);
+      final String keyId = request.getParameter(PARAM_KEYID);
+
+      if (keyId == null) {
+        Logger.warn(PARAM_KEYID + " not provided in Request. Returning: "
+            + HttpServletResponse.SC_BAD_REQUEST);
+        response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+        return;
+      }
+
+      final String transactionId = TransactionIDGenerator.nextID();
+
+      final KeyModule module = KeyModuleFactory.getInstance(new TransactionId(
+          transactionId));
+
+      final Set keySet = buildKeySet(keyId, cert, module);
+
+      if (keySet == null || keySet.isEmpty()) {
+        Logger.warn("No keys available for Key Identifier " + keyId + " and given authentication.");
+        response.sendError(HttpServletResponse.SC_NOT_FOUND);
+        return;
+      }
+
+      if (keySet.size() != 1) {
+        Logger.warn("Too many keys available for Key Identifier " + keyId + " and given authentication.");
+        response.sendError(HttpServletResponse.SC_CONFLICT);
+        return;
+      }
+
+      Iterator iter;
+
+      // filter out the keys that do not exist in the IAIK configuration
+      // by walking through the key entries and checking if the exist in
+      // the
+      // keyGroupEntries
+      for (iter = keySet.iterator(); iter.hasNext();) {
+        final KeyEntryID entryID = (KeyEntryID) iter.next();
+
+        final List certChain = module.getPrivateKeyEntry(entryID).getCertificateChain();
+
+        if (certChain != null && !certChain.isEmpty()) {
+          Logger.trace("Returning Certificate!");
+          final Certificate keyCert = (Certificate) certChain.get(0);
+          final byte[] certData = keyCert.getEncoded();
+          response.setStatus(HttpServletResponse.SC_OK);
+          response.setContentType("application/pkix-cert");
+          response.setHeader("Content-disposition", "attachment; filename=\"" + keyId + ".cer\"");
+          response.getOutputStream().write(certData);
+          response.getOutputStream().close();
+          return;
+        }
+
+        break;
+      }
+
+      // No Certificate could be found!
+      Logger.warn("Failed to find keys available for Key Identifier " + keyId + " and given authentication.");
+      response.sendError(HttpServletResponse.SC_NOT_FOUND);
+      return;
+    } catch (final Throwable e) {
+      Logger.error("Unhandled Exception when providing certificate", e);
+      response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+    }
+  }
 }