From 2555da9a1a946920d7e42469874e94a71f40dc6d Mon Sep 17 00:00:00 2001
From: "puthuparambil.aditya" <aditya.puthuparambil@bell.ca>
Date: Wed, 10 Mar 2021 11:55:33 +0000
Subject: Fix for security hotspot related to wek cyptography

https://sonarcloud.io/project/security_hotspots?id=onap_cps&hotspots=AXfObcurA2pnU4Plp4-j

Issue-ID: CPS-286
Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
Change-Id: I31012f81797396682dbccae0e4992a33bac806c7
---
 .../java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java  | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'cps-ri/src/main/java')

diff --git a/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java b/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java
index b28beb42c..9a8ea6af4 100755
--- a/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java
+++ b/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java
@@ -28,6 +28,7 @@ import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;
 import javax.transaction.Transactional;
+import org.apache.commons.codec.digest.DigestUtils;
 import org.onap.cps.spi.CascadeDeleteAllowed;
 import org.onap.cps.spi.CpsAdminPersistenceService;
 import org.onap.cps.spi.CpsModulePersistenceService;
@@ -46,7 +47,7 @@ import org.onap.cps.spi.repository.YangResourceRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.dao.DataIntegrityViolationException;
 import org.springframework.stereotype.Component;
-import org.springframework.util.DigestUtils;
+
 
 @Component
 public class CpsModulePersistenceServiceImpl implements CpsModulePersistenceService {
@@ -90,7 +91,7 @@ public class CpsModulePersistenceServiceImpl implements CpsModulePersistenceServ
     private Set<YangResourceEntity> synchronizeYangResources(final Map<String, String> yangResourcesNameToContentMap) {
         final Map<String, YangResourceEntity> checksumToEntityMap = yangResourcesNameToContentMap.entrySet().stream()
             .map(entry -> {
-                final String checksum = DigestUtils.md5DigestAsHex(entry.getValue().getBytes(StandardCharsets.UTF_8));
+                final String checksum = DigestUtils.sha256Hex(entry.getValue().getBytes(StandardCharsets.UTF_8));
                 final YangResourceEntity yangResourceEntity = new YangResourceEntity();
                 yangResourceEntity.setName(entry.getKey());
                 yangResourceEntity.setContent(entry.getValue());
-- 
cgit 1.2.3-korg