diff options
author | Borislav Glozman <borislav.glozman@amdocs.com> | 2022-09-20 09:19:10 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2022-09-20 09:19:10 +0000 |
commit | 12594ee752b79605c61ff019fdeb471bf7ca4058 (patch) | |
tree | a36dbb075301d9776a7d8ff825450cc970d020a4 /certService | |
parent | a239249475c128781d6c3d68de22c00f67203eaf (diff) | |
parent | 0587da741a0edad6e5eefedbc1d200f0e2c81f2b (diff) |
Merge "[OOM-CERT-SERVICE] Fix vulnerabilities for Kohn"2.6.0
Diffstat (limited to 'certService')
4 files changed, 10 insertions, 7 deletions
diff --git a/certService/pom.xml b/certService/pom.xml index 13fed005..973da643 100644 --- a/certService/pom.xml +++ b/certService/pom.xml @@ -18,10 +18,10 @@ <parent> <groupId>org.onap.oom.platform.cert-service</groupId> <artifactId>oom-certservice</artifactId> - <version>2.5.0-SNAPSHOT</version> + <version>2.6.0-SNAPSHOT</version> </parent> <artifactId>oom-certservice-api</artifactId> - <version>2.5.0-SNAPSHOT</version> + <version>2.6.0-SNAPSHOT</version> <name>oom-certservice-api</name> <description>OOM Certification Service Api</description> <packaging>jar</packaging> diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java index 463451bd..3fac6656 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java @@ -31,10 +31,11 @@ import java.security.Signature; import java.security.SignatureException; import java.util.Date; +import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEROutputStream; +import org.bouncycastle.asn1.ASN1OutputStream; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.crmf.CertRequest; @@ -127,7 +128,7 @@ public final class CmpMessageHelper { final CertRequest certRequest, final KeyPair keypair) throws CmpClientException { ProofOfPossession proofOfPossession; try (ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream()) { - final DEROutputStream derOutputStream = new DEROutputStream(byteArrayOutputStream); + final ASN1OutputStream derOutputStream = ASN1OutputStream.create(byteArrayOutputStream,ASN1Encoding.DER); derOutputStream.writeObject(certRequest); byte[] popoProtectionBytes = byteArrayOutputStream.toByteArray(); diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java index 0d0d7f34..fac4150a 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java @@ -22,11 +22,12 @@ package org.onap.oom.certservice.cmpv2client.impl; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1GeneralizedTime; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1OutputStream; import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DEROutputStream; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers; import org.bouncycastle.asn1.cmp.InfoTypeAndValue; @@ -116,7 +117,7 @@ public final class CmpUtil { vector.add(body); ASN1Encodable protectedPart = new DERSequence(vector); try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) { - DEROutputStream out = new DEROutputStream(baos); + ASN1OutputStream out = ASN1OutputStream.create(baos,ASN1Encoding.DER); out.writeObject(protectedPart); res = baos.toByteArray(); } catch (IOException ioe) { diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpResponseValidationHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpResponseValidationHelper.java index 90044b66..f3da0f32 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpResponseValidationHelper.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpResponseValidationHelper.java @@ -36,6 +36,7 @@ import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.ASN1BitString; import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers; import org.bouncycastle.asn1.cmp.InfoTypeAndValue; import org.bouncycastle.asn1.cmp.PBMParameter; @@ -66,7 +67,7 @@ public final class CmpResponseValidationHelper { static void verifySignature(PKIMessage respPkiMessage, PublicKey pk) throws CmpClientException { final byte[] protBytes = getProtectedBytes(respPkiMessage); - final DERBitString derBitString = respPkiMessage.getProtection(); + final DERBitString derBitString = (DERBitString) respPkiMessage.getProtection(); try { final Signature signature = Signature.getInstance( |