diff options
| author |   Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> | 2020-12-17 16:03:07 +0100 |
|---|---|---|
| committer | Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> | 2020-12-18 10:32:49 +0000 |
| commit | ee8b5cb717a4b7e37ef84e3e585be832d7d1794b (patch) | |
| tree | 2c487cf05d86fe4073ca41533abaef971bb2ae56 /certService/src | |
| parent | b60a5b93db07a50c0df21dc23878d4fcf00cfa78 (diff) | |
[OOM-CERT-SERVICE] Align implementation with RFC4210
- change MAC algorithm
- limit iterations to random value from 1000-2000 range
- correct caName validation to allow URL safe characters
Issue-ID: OOM-2656
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I2c320607e7a02996cd249f45ac224e3f3a8aa3c9
Diffstat (limited to 'certService/src')
2 files changed, 10 insertions, 2 deletions
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java index 5c61aa9f..2a77873e 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java @@ -72,7 +72,7 @@ public final class CmpMessageHelper { private static final AlgorithmIdentifier OWF_ALGORITHM = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26")); private static final AlgorithmIdentifier MAC_ALGORITHM = - new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.2.9")); + new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.6.1.5.5.8.1.2")); private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC = new ASN1ObjectIdentifier("1.2.840.113533.7.66.13"); diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java index 8d82b85b..d277a204 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java @@ -27,6 +27,7 @@ import static org.onap.oom.certservice.cmpv2client.impl.CmpUtil.generatePkiHeade import java.security.KeyPair; import java.util.Date; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.cmp.PKIBody; import org.bouncycastle.asn1.cmp.PKIHeader; import org.bouncycastle.asn1.cmp.PKIMessage; @@ -36,8 +37,10 @@ import org.bouncycastle.asn1.crmf.CertRequest; import org.bouncycastle.asn1.crmf.CertTemplateBuilder; import org.bouncycastle.asn1.crmf.ProofOfPossession; import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; /** @@ -55,9 +58,11 @@ class CreateCertRequest { private String initAuthPassword; private String senderKid; - private static final int ITERATIONS = createRandomInt(5000); + private static final int ITERATIONS = createRandomInt(1000); private static final byte[] SALT = createRandomBytes(); private final int certReqId = createRandomInt(Integer.MAX_VALUE); + private final AlgorithmIdentifier signingAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder() + .find("SHA256withRSA"); public void setIssuerDn(X500Name issuerDn) { this.issuerDn = issuerDn; @@ -104,6 +109,9 @@ class CreateCertRequest { .setSubject(subjectDn) .setExtensions(CmpMessageHelper.generateExtension(sansArray)) .setValidity(CmpMessageHelper.generateOptionalValidity(notBefore, notAfter)) + .setVersion(2) + .setSerialNumber(new ASN1Integer(0L)) + .setSigningAlg(signingAlgorithm) .setPublicKey( SubjectPublicKeyInfo.getInstance(subjectKeyPair.getPublic().getEncoded())); |