summaryrefslogtreecommitdiffstats
path: root/certService/src/main/java
diff options
context:
space:
mode:
authorPawel Baniewski <pawel.baniewski@nokia.com>2020-12-22 11:45:13 +0000
committerGerrit Code Review <gerrit@onap.org>2020-12-22 11:45:13 +0000
commit5e78fb3b88eda2dd8d1a29173399328c2256ac09 (patch)
treeec0215f497bab034b54d33614209e11f1f083ad8 /certService/src/main/java
parentfb53a57db1b771f62cb637e2e7d05c9fad23cd52 (diff)
parentee8b5cb717a4b7e37ef84e3e585be832d7d1794b (diff)
Merge "[OOM-CERT-SERVICE] Align implementation with RFC4210"2.3.2
Diffstat (limited to 'certService/src/main/java')
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java2
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java10
2 files changed, 10 insertions, 2 deletions
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
index 5c61aa9f..2a77873e 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
@@ -72,7 +72,7 @@ public final class CmpMessageHelper {
private static final AlgorithmIdentifier OWF_ALGORITHM =
new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26"));
private static final AlgorithmIdentifier MAC_ALGORITHM =
- new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.2.9"));
+ new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.6.1.5.5.8.1.2"));
private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC =
new ASN1ObjectIdentifier("1.2.840.113533.7.66.13");
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
index 8d82b85b..d277a204 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
@@ -27,6 +27,7 @@ import static org.onap.oom.certservice.cmpv2client.impl.CmpUtil.generatePkiHeade
import java.security.KeyPair;
import java.util.Date;
+import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
@@ -36,8 +37,10 @@ import org.bouncycastle.asn1.crmf.CertRequest;
import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
import org.bouncycastle.asn1.crmf.ProofOfPossession;
import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
/**
@@ -55,9 +58,11 @@ class CreateCertRequest {
private String initAuthPassword;
private String senderKid;
- private static final int ITERATIONS = createRandomInt(5000);
+ private static final int ITERATIONS = createRandomInt(1000);
private static final byte[] SALT = createRandomBytes();
private final int certReqId = createRandomInt(Integer.MAX_VALUE);
+ private final AlgorithmIdentifier signingAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder()
+ .find("SHA256withRSA");
public void setIssuerDn(X500Name issuerDn) {
this.issuerDn = issuerDn;
@@ -104,6 +109,9 @@ class CreateCertRequest {
.setSubject(subjectDn)
.setExtensions(CmpMessageHelper.generateExtension(sansArray))
.setValidity(CmpMessageHelper.generateOptionalValidity(notBefore, notAfter))
+ .setVersion(2)
+ .setSerialNumber(new ASN1Integer(0L))
+ .setSigningAlg(signingAlgorithm)
.setPublicKey(
SubjectPublicKeyInfo.getInstance(subjectKeyPair.getPublic().getEncoded()));