From 69149b00bb9223ff6967d5ef251db01b3afeb332 Mon Sep 17 00:00:00 2001
From: Hannes Rantzsch <hannes.rantzsch@checkmk.com>
Date: Thu, 15 Aug 2024 15:58:12 +0200
Subject: [PATCH] remove unused "is_unsupported_legacy_hash"

Change-Id: I2598f8c35e327535e4b07b4c7f8737e59faaad19
---
 .../cmk-crypto/cmk/crypto/password_hashing.py | 15 ------------
 .../cmk-crypto/tests/test_password_hashing.py | 23 -------------------
 2 files changed, 38 deletions(-)

diff --git a/packages/cmk-crypto/cmk/crypto/password_hashing.py b/packages/cmk-crypto/cmk/crypto/password_hashing.py
index 0db8178d4b2..ee5e2a0c167 100644
--- a/packages/cmk-crypto/cmk/crypto/password_hashing.py
+++ b/packages/cmk-crypto/cmk/crypto/password_hashing.py
@@ -13,7 +13,6 @@
 """
 
 import logging
-import re
 from typing import NewType
 
 import bcrypt
@@ -92,17 +91,3 @@ def matches(password: Password, password_hash: PasswordHash) -> bool:
         raise ValueError("Null character identified in password hash.")
 
     return bcrypt.checkpw(password.raw_bytes, password_hash.encode("utf-8"))
-
-
-def is_unsupported_legacy_hash(password_hash: PasswordHash) -> bool:
-    """Was the hash algorithm used for this hash once supported but isn't anymore?"""
-    regex_list = [
-        r"^\$5\$(rounds=[0-9]+\$)?[a-zA-Z0-9\/.]{0,16}\$[a-zA-Z0-9\/.]{43}$",  # SHA256 crypt
-        r"^\$1\$[a-zA-Z0-9\/.]{0,8}\$[a-zA-Z0-9\/.]{22}",  # MD5 crypt
-        r"^\$apr1\$[a-zA-Z0-9\/.]{0,8}\$[a-zA-Z0-9\/.]{22}$",  # Apache MD5
-        r"^[a-zA-Z0-9\/.]{13}$",  # DES crypt
-    ]
-    for regex in regex_list:
-        if re.match(regex, password_hash):
-            return True
-    return False
diff --git a/packages/cmk-crypto/tests/test_password_hashing.py b/packages/cmk-crypto/tests/test_password_hashing.py
index 129d72bc1b3..75a508897d9 100644
--- a/packages/cmk-crypto/tests/test_password_hashing.py
+++ b/packages/cmk-crypto/tests/test_password_hashing.py
@@ -121,26 +121,3 @@ def test_verify_null_bytes(password: str, password_hash: str) -> None:
 def test_verify_invalid_rounds(password: str, pw_hash: str) -> None:
     with pytest.raises(ValueError, match="Invalid salt"):
         ph.verify(Password(password), ph.PasswordHash(pw_hash))
-
-
-@pytest.mark.parametrize(
-    "unsupported,pw_hash",
-    [
-        (True, "$1$49rn5.0y$XoUJMucpN.aQUEOquaj5C/"),
-        (True, "$apr1$EpPwa/X9$TB2UcQxmrSTJWQQcwHzJM/"),
-        (True, "WsbFVbJdvDcpY"),
-        (True, "48c/R8JAv757A"),  # Des crypt
-        (True, "$1$28772684$iEwNOgGugqO9.bIz5sk8k/"),  # MD5 Crypt
-        (
-            True,
-            "$5$rounds=5000$GX7BopJZJxPc/KEK$le16UF8I2Anb.rOrn22AUPWvzUETDGefUmAV8AZkGcD",
-        ),  # Sha256 crypt
-        (True, "$5$rounds=1000$.J4mcfJGFGgWJA7R$bDhUCLMe2v1.L3oWclfsVYMyOhsS/6RmyzqFRyCgDi/"),
-        (False, "foobar"),  # ignore unrecognized algorithms
-        (False, ""),
-        (False, "$2b$04$5LiM0CX3wUoO55cGCwrkDeZIU5zyBqPDZfV9zU4Q2WH/Lkkn2lypa"),
-        (False, "$2y$04$5LiM0CX3wUoO55cGCwrkDeZIU5zyBqPDZfV9zU4Q2WH/Lkkn2lypa"),
-    ],
-)
-def test_is_unsupported_legacy_hash(unsupported: bool, pw_hash: str) -> None:
-    assert ph.is_unsupported_legacy_hash(ph.PasswordHash(pw_hash)) == unsupported