From 122de0a09f42fcc7e2fa0a429df5da37820fd730 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 25 Jul 2017 16:12:28 +0200
Subject: workAround to solve problem with IAIK-JCE and SSL algorithm parameter
 validation

---
 .../config/ConfigurationProvider.java              | 20 ++++++++++++++++++++
 .../moa/id/auth/MOAIDAuthInitializer.java          | 22 ++++++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index 05ce3344b..c5ae5065f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -63,6 +63,7 @@ import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUse
 import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.asn1.structures.AlgorithmID;
 import iaik.x509.X509Certificate;
 
 
@@ -150,6 +151,8 @@ public class ConfigurationProvider {
 
 			UserRequestCleaner.start();
 			
+			fixJava8_141ProblemWithSSLAlgorithms();
+			
 			log.info("MOA-ID-Configuration initialization completed");
 			
 							
@@ -168,6 +171,23 @@ public class ConfigurationProvider {
 			
 	}
 	
+    private static void fixJava8_141ProblemWithSSLAlgorithms() {
+    	log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ...");
+        //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA",  }, null, true);
+        new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", 
+        		new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true);
+        new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", 
+        		new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true);
+        new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", 
+        		new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA",  }, null, true);
+        new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", 
+        		new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA",  }, null, true);
+        new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", 
+        		new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true);
+        
+        log.info("Change AlgorithmIDs finished");
+    }
+	
 	@Autowired(required = true)
 	public void setMOAIDConfigurationModul(MOAIDConfigurationModul module) {
 		this.configModule  = module;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 5769d99df..65ea2fd90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -44,6 +44,7 @@ import at.gv.egovernment.moa.spss.api.Configurator;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
+import iaik.asn1.structures.AlgorithmID;
 import iaik.pki.PKIException;
 import iaik.security.ec.provider.ECCelerate;
 import iaik.security.provider.IAIK;
@@ -160,6 +161,8 @@ public class MOAIDAuthInitializer {
         	
         Security.addProvider(new ECCelerate());
         
+        fixJava8_141ProblemWithSSLAlgorithms();
+        
         if (Logger.isDebugEnabled()) {
         	Logger.debug("Loaded Security Provider:");
         	Provider[] providerList = Security.getProviders();
@@ -167,5 +170,24 @@ public class MOAIDAuthInitializer {
         		Logger.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion());        		
         	
         }
+      
     }
+    
+    private static void fixJava8_141ProblemWithSSLAlgorithms() {
+    	Logger.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ...");
+        //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA",  }, null, true);
+        new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", 
+        		new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true);
+        new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", 
+        		new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true);
+        new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", 
+        		new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA",  }, null, true);
+        new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", 
+        		new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA",  }, null, true);
+        new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", 
+        		new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true);
+        
+        Logger.info("Change AlgorithmIDs finished");
+    }
+    
 }
-- 
cgit v1.2.3