From 1b8ce4da45034c35cc521605823885a526ba5297 Mon Sep 17 00:00:00 2001
From: Raul Metsma <raul@metsma.ee>
Date: Fri, 5 Jan 2024 09:24:36 +0200
Subject: [PATCH] All ID-Card certificates are expired in EstEID 2015

WE2-839

Signed-off-by: Raul Metsma <raul@metsma.ee>
---
 .../example/config/ValidationConfiguration.java  |  10 +++-------
 .../certs/dev/TEST_of_ESTEID-SK_2015.cer         | Bin 1671 -> 0 bytes
 src/main/resources/certs/prod/ESTEID-SK_2015.cer | Bin 1652 -> 0 bytes
 3 files changed, 3 insertions(+), 7 deletions(-)
 delete mode 100644 src/main/resources/certs/dev/TEST_of_ESTEID-SK_2015.cer
 delete mode 100644 src/main/resources/certs/prod/ESTEID-SK_2015.cer

diff --git a/src/main/java/eu/webeid/example/config/ValidationConfiguration.java b/src/main/java/eu/webeid/example/config/ValidationConfiguration.java
index 26c6e0e..f1f78f7 100644
--- a/src/main/java/eu/webeid/example/config/ValidationConfiguration.java
+++ b/src/main/java/eu/webeid/example/config/ValidationConfiguration.java
@@ -126,15 +126,11 @@ public X509Certificate[] loadTrustedCACertificatesFromTrustStore() {
     @Bean
     public AuthTokenValidator validator() {
         try {
-            AuthTokenValidatorBuilder validatorBuilder = new AuthTokenValidatorBuilder()
+            return new AuthTokenValidatorBuilder()
                     .withSiteOrigin(URI.create(yamlConfig().getLocalOrigin()))
                     .withTrustedCertificateAuthorities(loadTrustedCACertificatesFromCerFiles())
-                    .withTrustedCertificateAuthorities(loadTrustedCACertificatesFromTrustStore());
-            if (activeProfile.equals("dev")) {
-                // Enable support for ESTEID 2015 test certificates in development profile.
-                validatorBuilder = validatorBuilder.withNonceDisabledOcspUrls(URI.create("http://aia.demo.sk.ee/esteid2015"));
-            }
-            return validatorBuilder.build();
+                    .withTrustedCertificateAuthorities(loadTrustedCACertificatesFromTrustStore())
+                    .build();
         } catch (JceException e) {
             throw new RuntimeException("Error building the Web eID auth token validator.", e);
         }
diff --git a/src/main/resources/certs/dev/TEST_of_ESTEID-SK_2015.cer b/src/main/resources/certs/dev/TEST_of_ESTEID-SK_2015.cer
deleted file mode 100644
index 7749286c895084bf2d7bacb98b742a01cd684122..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1671
zcmb7EX;4#F6wZ5ji4YT@LXe$^l>i-*`vL)3WD$Z;z=c%<B|v!8$dWXPA__%=1T2V%
zXi<csC{T6Uf{5)@DcGo~EV9Xz3JRi9s;z*wC@Azrh3a(rqxa7}-<fmo`OcYhKA<3H
z0|hCmk_baEtf%Mna+h`d&{Tx1-i8}uS_f!kZ9ApEa*75)R1yJXqKknxnHY|c^<f?l
zwE_$cpiqsyLm8o%R4z&s$z>QO6{Uz|Nti5Ys|*EzrHLU@nPI%pFormh!Q(M}UdIaK
z<RWn@j#A}Pj1eLh%Nai2s1Yz+$f^w)YD<ztUa}+>h5^P>8p=gE=t|&>IygG=jdVG{
z0pJd2jsw?)>%s>~|DWJeK-UnAqw1^;3*qtXQQ++83{VHu5}3bcZn(faG>jMEYabfO
z-~f~h6tLCX4T4Anq5{?>;C>3MfFXkFHX*9@YOKZPhws_e%qlnO<cJk=|5Ha+Q}{Pd
zYhznxbdm9K&$W48*iADxMNUk9T<Q3OjG?m5ph&4~KjqTC^1iRz%wH<|rLom$(U@`m
zj=&pN`?Dt=pETi&pI~%fHBY6li%px(zwn1O_(fLG-ZxnuPHG-=d)~snJ+-c1El7Xx
z;@Fj*z(%HdmCJW(Mw`=Oq>xqQNRwIF&n`~1KE|CGi>^}+HLlswpy~$=6&4-s8xoQu
zPWZNaI-1?K_1m)=i%?y>INNxazUcC3=NFXg{Lh`Ad45@PS*LrIYTEetNUfHrv#Vuz
z!^?qN&#WMG!<^jJDzbBy1YKXU#6!Pztk|T2UvZ`;T2i5xe=9g>AlSFJ&0{qDxBce}
zGxzCtI8=KbySVY7swKF3L{S$NR&#0?itslb-bPA?nh!_1G3$MPD2FPu$I{g%r!&R2
z7Wd~~5Wl%Zb&m2WF~aUx^f0H!IT=uI@RRV8ox@z?+~Vy|8D@qT+J=qy&-q8w#2zEW
z2o9}C(Yo!lu)kE2_u_8K=yLn6HR<Y!3@ADL#9)tV$ge<MFqwL|K9E#L72Qwr>I5`n
zsa6&<RK(r-tJ=fvFugXUu6V-x$e*Hzdba3sY_QL>tfKJg0aY#En=1H<22%?{K4E76
z{^(l5NYEX2cK46HW>pDOFcBg^RSKAfPlPtG#D~dzIf763E`#%ql=4$-y(^>3bedFk
z*cwyfw%J$HX0C%6A_f7?lfEw4%`!hX+RE7Mx;}dwWi`;zyw`=GIRwF%l?)O!n1Kku
zM*t;LJ|IH~)L}`4Ag~-PBWvN9L|OzxhV;#HxkTp5W~Zg4v0kka+h=_!puY74eg_fX
zK?qo)$)m5ys|CpTg%39H*7z(CSFrN96F~4iumY4^Ey9}vta2Ii_J7@gsrh0B!T=WY
zWQp1f7QA2~VE5j606|D5*a=q5V*n|QHPzw8C15GyH`NK_1Y)5~0zwwTV5Q%iuzz|W
z#1%-!)-1L_oG9S&1n)=^jx>@a&`6TN$D5UaNm)Xv9QbHRTO#fNue{Q!(oxCzcXy?j
zL@X1@#nN=PP?{`b%Q2Z;fMG(RR2YYUlKi%0;F?NQKoFtDWzSej1FN!l*U`=!Cn?sn
zJBhYMN6%(Y5V8znN<+$f>|Emwh@a_k>IXiqZaCYfpj)CtH)li_+}E{7H<1W@=XS#^
zk5pEZ4tXR;>CsZo?QFTW^+PAsUsa#xxl6cvJp#_n^fag0JjuBf6Th2TRy19ex5>-q
zfckldT}3N)JvnlfKYgd2=Q$TXbg#><v~R{E-t_x+VK;ZTe_KzaNsfI+ZCugz0~^EV
zS_U2tPFIL%L+74M>X!ff?V+wV{=G&xpz=_SnV;64Ak!`EPhIYw8ESfeZIIag<Yb|1
npsl+1pr516$c_AHe8)6XZ5sGEagHA48gu0*>&l~psrr8d>b^~V

diff --git a/src/main/resources/certs/prod/ESTEID-SK_2015.cer b/src/main/resources/certs/prod/ESTEID-SK_2015.cer
deleted file mode 100644
index b16695560fd7f7498f20dedd8ac67098f6eeee57..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1652
zcmXqLVk<CcVvSh9%*4pVB;e}7$=yEZy<%9=n#=ccq@xXZ**LY@JlekVGBWb8G8mK^
zavN~6F^96S2{XC68Y&qmfH+({l8(U&!Kp<hnQ56N#i^-9nYo$8*{Q|ZrNxFC25KNR
z%sle0t_sc&HOYx3nfZA@US3I2szOkHeu;v!qoIU>7~D2aMlsHU>`aH^Y`xS}0|jwj
zLsLT|LvuqTV+#}GC<%Te17ib_fRVAOrKx3<K{DwM6E_eAIV_Qf&o3m%)m7Kfz}&>#
zz|hzbD#6Ud=NcU1>gl2z?5$vAU}$R4#H55AAdIXG%uP)E3_x)%rY0svhD(jVu3Y$-
zdv)*Rlc$-Z+A{VrzWXzG;oX))^Dp^`Io@Z~RhZCS=H;?cUo-Y&lG_^QuoG;OyZ1TY
z&s`VxQ>X7!_pTEYrSzX%f6IEM*H+bX4M&76M}F!Q1#6Zl*>x_bA4KU)e5SWd!23qP
zUT&sj9i88z`6i*7+Fow_>y%EOnrrkR^<U|#yPw{r%_?A%6%~t4dsLDAKV*yhm5XY#
zS_9IKt#9u7V<VT#=ietD^w@(b;Eo#i_Vdo&C*<GM`DmJD<gdGPis8JI_R`Q*-8{$s
z{mHI+e4fceydq#;;=lPZyV=gSF4}j@HE%}Qk`qVt-mRH-(=qk~+ue`rA6M624SiIs
zbMfz!pJfN?&P0n{J9zbXaIf9|Rp%H!a@5Y5^=d`R^%F|#XYXqJUcoO{{q&{EqJZ^p
zv!r$|Y~py&ByK%>xyWPr3-vOBNkXD#Lh-*2P4$x$Xx&sBFWoh{-1IZgvIBe5mKc1o
zY3y7Ttz-CNoqCgT7GrdSOPh(Q>?3uxOCrJ_G$&MgZk60RkF{HF#Sb6H`f7&&@0dwf
zPp34UYA}8ywRHub`R|7^otx`Uh?~ykHcRW;Q{?ZX?RMyhv0RXg$oZvl4p~)SI{Tb<
z8$4b$`Ml@aQm!+eJD<d8cW2eb+U4$fFyDRVszph9i(f3dlb)OsRB%D`HDg#X%k1aJ
zvoj{Xiaa3NR`Sx3iJ6gsaWOD808<2;fjlsE$ttq|Q+0!g(5EQ7S79>y&$6xg_)+!b
zO7ANoGYw=x3iw#WSVT6j?$|T)YSNNcEsnEWWQ(kui`)YZ_(0P9jEw(TSb&+6&7d5_
zS70eH$TQ$zV`E|HuVQ2ZW=3`vhVC~GK&Am3r#2fS3*$L?Mn(f=14T9tAeWVuorzIQ
zG^3=Xpx8=Zzr4I$51gg+odbdmxDh&-kU7lA92Ns1kj26vhj19M0V!ZgH*f@r$+1`&
zSS&O%U;$<fB?GQ@4hASNP-<6zv2oD`>L4RjSriQ9U@m3mgtM67EEa<r7@Lt1?0W?m
z-+-}A1mrWI$MTbl3t&ETH1L9}U~032sz7)>8CVDv>$|$fqm)KK9;h^m2bD(g&W?I1
zsYQCpMI{EdAZN<6m>HND7%ebZpx35@VPH{eL4I*&Nq$kKesWPxv3_c5a&l2}B2aq{
za(MwPK$)8u85v5#c#_QReYI~LUOw&9aV`Hi;jMq~KKb|XU2x?R9jl3!XIVo0ZYv(S
z&p2Op@<RUXCf%CVj}78-=U>V?mgOcP?e^&Swgg`8Lk9Lwc8aMT*f_WD$n`_=Ts!uy
z^C+wf{uaFH+$!mv8#xO1CVihh;a)`luN!XPYX3c|U8ml7TE^l~-|g$S%5Hpp!sL4X
zx$eIe>(5o)ubH-n<NHp|HkEDX1tZ-2=f-Z^Jge1xUe67!Y{^Vj{e{iG^6|M#^$zOZ
zR_MO8GVcp_{+ta8r}pl;`!7HB{kio<=Mv9|T{@w@Kz?_`$z==v+z@3DJ^kp}k97OP
a*7^5-xW|ieyh<?TzRuIX?f)?k)29Gp97B)*