summaryrefslogtreecommitdiffstats
path: root/certService
diff options
context:
space:
mode:
authorPiotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>2020-12-17 16:03:07 +0100
committerPiotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>2021-01-04 10:44:06 +0000
commit7d9906432263c37bbea44d74d15e9eaea19e310d (patch)
tree18616f924ab32ea2350ce18e8a37ec87a516f5d6 /certService
parent4f922581cabd32996b880b0f5ff9a5ae7cbc2c57 (diff)
[OOM-CERT-SERVICE] Align implementation with RFC42102.1.1
- change MAC algorithm - limit iterations to random value from 1000-2000 range - correct caName validation to allow URL safe characters Issue-ID: OOM-2656 (cherry picked from commit ee8b5cb717a4b7e37ef84e3e585be832d7d1794b) Change-Id: I031382d208caa5eb659bb51f9d165344ca2e83b9 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Diffstat (limited to 'certService')
-rw-r--r--certService/pom.xml4
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java2
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java10
-rw-r--r--certService/version.properties6
4 files changed, 15 insertions, 7 deletions
diff --git a/certService/pom.xml b/certService/pom.xml
index f1f27988..9cff262b 100644
--- a/certService/pom.xml
+++ b/certService/pom.xml
@@ -18,10 +18,10 @@
<parent>
<groupId>org.onap.oom.platform.cert-service</groupId>
<artifactId>oom-certservice</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
</parent>
<artifactId>oom-certservice-api</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<name>oom-certservice-api</name>
<description>OOM Certification Service Api</description>
<packaging>jar</packaging>
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
index 844f85be..89dd7453 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
@@ -74,7 +74,7 @@ public final class CmpMessageHelper {
private static final AlgorithmIdentifier OWF_ALGORITHM =
new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26"));
private static final AlgorithmIdentifier MAC_ALGORITHM =
- new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.2.9"));
+ new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.6.1.5.5.8.1.2"));
private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC =
new ASN1ObjectIdentifier("1.2.840.113533.7.66.13");
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
index a0ba13d6..29ebac0f 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
@@ -28,6 +28,7 @@ import java.security.KeyPair;
import java.util.Date;
import java.util.List;
+import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
@@ -37,7 +38,9 @@ import org.bouncycastle.asn1.crmf.CertRequest;
import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
import org.bouncycastle.asn1.crmf.ProofOfPossession;
import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
/**
@@ -55,9 +58,11 @@ class CreateCertRequest {
private String initAuthPassword;
private String senderKid;
- private static final int ITERATIONS = createRandomInt(5000);
+ private static final int ITERATIONS = createRandomInt(1000);
private static final byte[] SALT = createRandomBytes();
private final int certReqId = createRandomInt(Integer.MAX_VALUE);
+ private final AlgorithmIdentifier signingAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder()
+ .find("SHA256withRSA");
public void setIssuerDn(X500Name issuerDn) {
this.issuerDn = issuerDn;
@@ -104,6 +109,9 @@ class CreateCertRequest {
.setSubject(subjectDn)
.setExtensions(CmpMessageHelper.generateExtension(sansList))
.setValidity(CmpMessageHelper.generateOptionalValidity(notBefore, notAfter))
+ .setVersion(2)
+ .setSerialNumber(new ASN1Integer(0L))
+ .setSigningAlg(signingAlgorithm)
.setPublicKey(
SubjectPublicKeyInfo.getInstance(subjectKeyPair.getPublic().getEncoded()));
diff --git a/certService/version.properties b/certService/version.properties
index 00ef5645..3c5fba7f 100644
--- a/certService/version.properties
+++ b/certService/version.properties
@@ -1,6 +1,6 @@
-major=1
-minor=2
-patch=0
+major=2
+minor=1
+patch=1
base_version=${major}.${minor}.${patch}
release_version=${base_version}
snapshot_version=${base_version}-SNAPSHOT