diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-07-25 16:11:25 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-07-25 16:11:25 +0200 |
commit | 040e51d335d3af127c3894bd5558a484ddd9b9ea (patch) | |
tree | 6a7f0935a36318a38b87e4acd725b0776924c75a /id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation | |
parent | c4fe089610dba3d6e8929f6e163538dfae0d18da (diff) | |
download | moa-id-spss-040e51d335d3af127c3894bd5558a484ddd9b9ea.tar.gz moa-id-spss-040e51d335d3af127c3894bd5558a484ddd9b9ea.tar.bz2 moa-id-spss-040e51d335d3af127c3894bd5558a484ddd9b9ea.zip |
Revert "betaversion for a workaround to solve problem with Java8 >= 141 and SHA1 certificates in certificate chain"
This reverts commit c4fe089610dba3d6e8929f6e163538dfae0d18da.
Diffstat (limited to 'id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation')
-rw-r--r-- | id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASSLAlgorithmChecker.java | 226 |
1 files changed, 0 insertions, 226 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASSLAlgorithmChecker.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASSLAlgorithmChecker.java deleted file mode 100644 index 990b5d3b1..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASSLAlgorithmChecker.java +++ /dev/null @@ -1,226 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.commons.validation; - -import java.math.BigInteger; -import java.security.AlgorithmConstraints; -import java.security.AlgorithmParameters; -import java.security.CryptoPrimitive; -import java.security.GeneralSecurityException; -import java.security.KeyFactory; -import java.security.PublicKey; -import java.security.cert.CertPathValidatorException; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.CertificateParsingException; -import java.security.cert.PKIXCertPathChecker; -import java.security.cert.PKIXReason; -import java.security.cert.X509Certificate; -import java.security.interfaces.DSAParams; -import java.security.interfaces.DSAPublicKey; -import java.security.spec.DSAPublicKeySpec; -import java.util.Collection; -import java.util.Collections; -import java.util.EnumSet; -import java.util.Set; - -import sun.security.util.DisabledAlgorithmConstraints; -import sun.security.x509.X509CertImpl; - -/** - * @author tlenz - * - */ -public class MOASSLAlgorithmChecker extends PKIXCertPathChecker { - - private final AlgorithmConstraints constraints; - private final PublicKey trustedPubKey; - private PublicKey prevPubKey; - private static final Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET = Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE)); - private static final Set<CryptoPrimitive> KU_PRIMITIVE_SET = Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE, CryptoPrimitive.KEY_ENCAPSULATION, CryptoPrimitive.PUBLIC_KEY_ENCRYPTION, CryptoPrimitive.KEY_AGREEMENT)); - - private static final DisabledAlgorithmConstraints certPathDefaultConstraints = new DisabledAlgorithmConstraints("jdk.certpath.disabledAlgorithms"); - - /** - * - */ - public MOASSLAlgorithmChecker() { - this.prevPubKey = null; - this.trustedPubKey = null; - this.constraints = certPathDefaultConstraints; - - } - - public MOASSLAlgorithmChecker(AlgorithmConstraints paramAlgorithmConstraints) { - this.prevPubKey = null; - this.trustedPubKey = null; - this.constraints = paramAlgorithmConstraints; - } - - - /* (non-Javadoc) - * @see java.security.cert.PKIXCertPathChecker#init(boolean) - */ - @Override - public void init(boolean forward) throws CertPathValidatorException { - if (!(forward)) { - if (this.trustedPubKey != null) - this.prevPubKey = this.trustedPubKey; - - else - this.prevPubKey = null; - - } else - throw new CertPathValidatorException("forward checking not supported"); - - } - - /* (non-Javadoc) - * @see java.security.cert.PKIXCertPathChecker#isForwardCheckingSupported() - */ - @Override - public boolean isForwardCheckingSupported() { - return false; - - } - - /* (non-Javadoc) - * @see java.security.cert.PKIXCertPathChecker#getSupportedExtensions() - */ - @Override - public Set<String> getSupportedExtensions() { - return null; - - } - - /* (non-Javadoc) - * @see java.security.cert.PKIXCertPathChecker#check(java.security.cert.Certificate, java.util.Collection) - */ - @Override - public void check(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException { - if ((!(cert instanceof X509Certificate)) || (this.constraints == null)) { - return; - - } - - X509CertImpl localX509CertImpl = null; - try { - localX509CertImpl = sun.security.x509.X509CertImpl.toImpl((X509Certificate)cert); - - } catch (CertificateException localCertificateException1) { - throw new CertPathValidatorException(localCertificateException1); - - } - - PublicKey localPublicKey = localX509CertImpl.getPublicKey(); - String str = localX509CertImpl.getSigAlgName(); - - - //check algorithms - AlgorithmParameters localAlgorithmParameters = null; - try { - sun.security.x509.AlgorithmId localAlgorithmId = null; - localAlgorithmId = (sun.security.x509.AlgorithmId)localX509CertImpl.get("x509.algorithm"); - localAlgorithmParameters = localAlgorithmId.getParameters(); - - if (!(this.constraints.permits(SIGNATURE_PRIMITIVE_SET, str, localAlgorithmParameters))) { - throw new CertPathValidatorException("Algorithm constraints check failed: " + str, null, null, -1, CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED); - - } - - } catch (CertificateParsingException localCertificateException2) { - throw new CertPathValidatorException(localCertificateException2); - - } - - - //check key usage - boolean[] arrayOfBoolean = localX509CertImpl.getKeyUsage(); - if ((arrayOfBoolean != null) && (arrayOfBoolean.length < 9)) - throw new CertPathValidatorException("incorrect KeyUsage extension", null, null, -1, PKIXReason.INVALID_KEY_USAGE); - - if (arrayOfBoolean != null) { - Set<CryptoPrimitive> cryptoPrimitives = EnumSet.noneOf(CryptoPrimitive.class); - if ((arrayOfBoolean[0] == true) || (arrayOfBoolean[1] == true) || (arrayOfBoolean[5] == true) || (arrayOfBoolean[6] == true)) { - cryptoPrimitives.add(CryptoPrimitive.SIGNATURE); - - } - - if (arrayOfBoolean[2] == true) { - cryptoPrimitives.add(CryptoPrimitive.KEY_ENCAPSULATION); - - } - - if (arrayOfBoolean[3] == true) { - cryptoPrimitives.add(CryptoPrimitive.PUBLIC_KEY_ENCRYPTION); - - } - - if (arrayOfBoolean[4] == true) { - cryptoPrimitives.add(CryptoPrimitive.KEY_AGREEMENT); - - } - - if ((!(cryptoPrimitives.isEmpty())) && (!(this.constraints.permits(cryptoPrimitives, localPublicKey)))) { - throw new CertPathValidatorException("algorithm constraints check failed", null, null, -1, CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED); - - } - } - - //check pubKeys - if (this.prevPubKey != null) { - if ((str != null) && (!(this.constraints.permits(SIGNATURE_PRIMITIVE_SET, str, this.prevPubKey, localAlgorithmParameters)))) { - throw new CertPathValidatorException("Algorithm constraints check failed: " + str, null, null, -1, CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED); - - } - - if ((localPublicKey instanceof DSAPublicKey) && (((DSAPublicKey)localPublicKey).getParams() == null)) { - if (!(this.prevPubKey instanceof DSAPublicKey)) { - throw new CertPathValidatorException("Input key is not of a appropriate type for inheriting parameters"); - - } - - DSAParams localObject = ((DSAPublicKey)this.prevPubKey).getParams(); - if (localObject == null) { - throw new CertPathValidatorException("Key parameters missing"); - - } - - try { - BigInteger localBigInteger = ((DSAPublicKey)localPublicKey).getY(); - KeyFactory localKeyFactory = KeyFactory.getInstance("DSA"); - DSAPublicKeySpec localDSAPublicKeySpec = new DSAPublicKeySpec(localBigInteger, ((DSAParams)localObject).getP(), ((DSAParams)localObject).getQ(), ((DSAParams)localObject).getG()); - localPublicKey = localKeyFactory.generatePublic(localDSAPublicKeySpec); - - } catch (GeneralSecurityException localGeneralSecurityException) { - throw new CertPathValidatorException("Unable to generate key with inherited parameters: " + localGeneralSecurityException.getMessage(), localGeneralSecurityException); - - } - } - } - - this.prevPubKey = localPublicKey; - } - - -} |