Revert "betaversion for a workaround to solve problem with Java8 >= 141 and SHA1 certificates in certificate chain"

This reverts commit c4fe089610dba3d6e8929f6e163538dfae0d18da.

1 files changed, 0 insertions, 226 deletions

diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASSLAlgorithmChecker.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASSLAlgorithmChecker.java
deleted file mode 100644
index 990b5d3b1..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASSLAlgorithmChecker.java
+++ /dev/null
@@ -1,226 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.commons.validation;
-
-import java.math.BigInteger;
-import java.security.AlgorithmConstraints;
-import java.security.AlgorithmParameters;
-import java.security.CryptoPrimitive;
-import java.security.GeneralSecurityException;
-import java.security.KeyFactory;
-import java.security.PublicKey;
-import java.security.cert.CertPathValidatorException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.PKIXCertPathChecker;
-import java.security.cert.PKIXReason;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.DSAParams;
-import java.security.interfaces.DSAPublicKey;
-import java.security.spec.DSAPublicKeySpec;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.EnumSet;
-import java.util.Set;
-
-import sun.security.util.DisabledAlgorithmConstraints;
-import sun.security.x509.X509CertImpl;
-
-/**
- * @author tlenz
- *
- */
-public class MOASSLAlgorithmChecker extends PKIXCertPathChecker {
-
-	private final AlgorithmConstraints constraints;
-	private final PublicKey trustedPubKey;
-	private PublicKey prevPubKey;
-	private static final Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET = Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));	 
-	private static final Set<CryptoPrimitive> KU_PRIMITIVE_SET = Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE, CryptoPrimitive.KEY_ENCAPSULATION, CryptoPrimitive.PUBLIC_KEY_ENCRYPTION, CryptoPrimitive.KEY_AGREEMENT));
-	
-	private static final DisabledAlgorithmConstraints certPathDefaultConstraints = new DisabledAlgorithmConstraints("jdk.certpath.disabledAlgorithms");
-
-	/**
-	 * 
-	 */
-	public MOASSLAlgorithmChecker() {
-		this.prevPubKey = null;
-		this.trustedPubKey = null;
-		this.constraints = certPathDefaultConstraints;
-		
-	}
-	
-	public MOASSLAlgorithmChecker(AlgorithmConstraints paramAlgorithmConstraints) {
-		this.prevPubKey = null;
-		this.trustedPubKey = null;
-		this.constraints = paramAlgorithmConstraints;
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see java.security.cert.PKIXCertPathChecker#init(boolean)
-	 */
-	@Override
-	public void init(boolean forward) throws CertPathValidatorException {
-		if (!(forward)) {
-			if (this.trustedPubKey != null)
-				this.prevPubKey = this.trustedPubKey;
-			
-			else
-				this.prevPubKey = null;
-			
-		} else 
-			throw new CertPathValidatorException("forward checking not supported");
-
-	}
-
-	/* (non-Javadoc)
-	 * @see java.security.cert.PKIXCertPathChecker#isForwardCheckingSupported()
-	 */
-	@Override
-	public boolean isForwardCheckingSupported() {
-		return false;
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see java.security.cert.PKIXCertPathChecker#getSupportedExtensions()
-	 */
-	@Override
-	public Set<String> getSupportedExtensions() {
-		return null;
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see java.security.cert.PKIXCertPathChecker#check(java.security.cert.Certificate, java.util.Collection)
-	 */
-	@Override
-	public void check(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException {
-		if ((!(cert instanceof X509Certificate)) || (this.constraints == null)) {
-			return;	
-		
-		}
- 
-		X509CertImpl localX509CertImpl = null;
-		try {
-			localX509CertImpl = sun.security.x509.X509CertImpl.toImpl((X509Certificate)cert);
-			
-		} catch (CertificateException localCertificateException1) {
-			throw new CertPathValidatorException(localCertificateException1);
-		
-		}
-		
-		PublicKey localPublicKey = localX509CertImpl.getPublicKey();
-		String str = localX509CertImpl.getSigAlgName();
-		 
-
-		//check algorithms
-		AlgorithmParameters localAlgorithmParameters = null;
-		try {
-			sun.security.x509.AlgorithmId localAlgorithmId = null;
-			localAlgorithmId = (sun.security.x509.AlgorithmId)localX509CertImpl.get("x509.algorithm");
-			localAlgorithmParameters = localAlgorithmId.getParameters();
-				
-			if (!(this.constraints.permits(SIGNATURE_PRIMITIVE_SET, str, localAlgorithmParameters))) {
-				throw new CertPathValidatorException("Algorithm constraints check failed: " + str, null, null, -1, CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED);
-			
-			}
-			
-		} catch (CertificateParsingException localCertificateException2) {
-			throw new CertPathValidatorException(localCertificateException2);
-			
-		}
- 
-
-		//check key usage
-		boolean[] arrayOfBoolean = localX509CertImpl.getKeyUsage();
-		if ((arrayOfBoolean != null) && (arrayOfBoolean.length < 9))
-			throw new CertPathValidatorException("incorrect KeyUsage extension", null, null, -1, PKIXReason.INVALID_KEY_USAGE);
-		
-		if (arrayOfBoolean != null) {
-			Set<CryptoPrimitive> cryptoPrimitives = EnumSet.noneOf(CryptoPrimitive.class);
-			if ((arrayOfBoolean[0] == true) || (arrayOfBoolean[1] == true) || (arrayOfBoolean[5] == true) || (arrayOfBoolean[6] == true)) {
-				cryptoPrimitives.add(CryptoPrimitive.SIGNATURE);
-			
-			}
- 						
-			if (arrayOfBoolean[2] == true) {
-				cryptoPrimitives.add(CryptoPrimitive.KEY_ENCAPSULATION);
-				
-			}
- 
-			if (arrayOfBoolean[3] == true) {
-				cryptoPrimitives.add(CryptoPrimitive.PUBLIC_KEY_ENCRYPTION);
-			
-			}
-			
-			if (arrayOfBoolean[4] == true) {
-				cryptoPrimitives.add(CryptoPrimitive.KEY_AGREEMENT);	
-			
-			}
-			
-			if ((!(cryptoPrimitives.isEmpty())) &&  (!(this.constraints.permits(cryptoPrimitives, localPublicKey)))) {	
-				throw new CertPathValidatorException("algorithm constraints check failed", null, null, -1, CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED);
-				
-			}
-		}
- 
-		//check pubKeys
-		if (this.prevPubKey != null) {
-			if ((str != null) && (!(this.constraints.permits(SIGNATURE_PRIMITIVE_SET, str, this.prevPubKey, localAlgorithmParameters)))) {
-				throw new CertPathValidatorException("Algorithm constraints check failed: " + str, null, null, -1, CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED);
-				
-			}
-			
-			if ((localPublicKey instanceof DSAPublicKey) && (((DSAPublicKey)localPublicKey).getParams() == null)) {
-				if (!(this.prevPubKey instanceof DSAPublicKey)) {
-					throw new CertPathValidatorException("Input key is not of a appropriate type for inheriting parameters");
-					
-				}
- 
-				DSAParams localObject = ((DSAPublicKey)this.prevPubKey).getParams();
-				if (localObject == null) {
-					throw new CertPathValidatorException("Key parameters missing");	
-					
-				}
-
-				try {
-					BigInteger localBigInteger = ((DSAPublicKey)localPublicKey).getY();
-					KeyFactory localKeyFactory = KeyFactory.getInstance("DSA");
-					DSAPublicKeySpec localDSAPublicKeySpec = new DSAPublicKeySpec(localBigInteger, ((DSAParams)localObject).getP(), ((DSAParams)localObject).getQ(), ((DSAParams)localObject).getG());
-					localPublicKey = localKeyFactory.generatePublic(localDSAPublicKeySpec);
-					
-				} catch (GeneralSecurityException localGeneralSecurityException) {	
-					throw new CertPathValidatorException("Unable to generate key with inherited parameters: " + localGeneralSecurityException.getMessage(), localGeneralSecurityException);
-
-				}
-			}
-		}
-		
-		this.prevPubKey = localPublicKey;
-	}
-
-
-}