aboutsummaryrefslogtreecommitdiffstats
path: root/certService
diff options
context:
space:
mode:
authorBorislav Glozman <borislav.glozman@amdocs.com>2022-09-20 09:19:10 +0000
committerGerrit Code Review <gerrit@onap.org>2022-09-20 09:19:10 +0000
commit12594ee752b79605c61ff019fdeb471bf7ca4058 (patch)
treea36dbb075301d9776a7d8ff825450cc970d020a4 /certService
parenta239249475c128781d6c3d68de22c00f67203eaf (diff)
parent0587da741a0edad6e5eefedbc1d200f0e2c81f2b (diff)
Merge "[OOM-CERT-SERVICE] Fix vulnerabilities for Kohn"2.6.0
Diffstat (limited to 'certService')
-rw-r--r--certService/pom.xml4
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java5
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java5
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpResponseValidationHelper.java3
4 files changed, 10 insertions, 7 deletions
diff --git a/certService/pom.xml b/certService/pom.xml
index 13fed005..973da643 100644
--- a/certService/pom.xml
+++ b/certService/pom.xml
@@ -18,10 +18,10 @@
<parent>
<groupId>org.onap.oom.platform.cert-service</groupId>
<artifactId>oom-certservice</artifactId>
- <version>2.5.0-SNAPSHOT</version>
+ <version>2.6.0-SNAPSHOT</version>
</parent>
<artifactId>oom-certservice-api</artifactId>
- <version>2.5.0-SNAPSHOT</version>
+ <version>2.6.0-SNAPSHOT</version>
<name>oom-certservice-api</name>
<description>OOM Certification Service Api</description>
<packaging>jar</packaging>
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
index 463451bd..3fac6656 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
@@ -31,10 +31,11 @@ import java.security.Signature;
import java.security.SignatureException;
import java.util.Date;
+import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.crmf.CertRequest;
@@ -127,7 +128,7 @@ public final class CmpMessageHelper {
final CertRequest certRequest, final KeyPair keypair) throws CmpClientException {
ProofOfPossession proofOfPossession;
try (ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream()) {
- final DEROutputStream derOutputStream = new DEROutputStream(byteArrayOutputStream);
+ final ASN1OutputStream derOutputStream = ASN1OutputStream.create(byteArrayOutputStream,ASN1Encoding.DER);
derOutputStream.writeObject(certRequest);
byte[] popoProtectionBytes = byteArrayOutputStream.toByteArray();
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java
index 0d0d7f34..fac4150a 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java
@@ -22,11 +22,12 @@
package org.onap.oom.certservice.cmpv2client.impl;
import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers;
import org.bouncycastle.asn1.cmp.InfoTypeAndValue;
@@ -116,7 +117,7 @@ public final class CmpUtil {
vector.add(body);
ASN1Encodable protectedPart = new DERSequence(vector);
try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
- DEROutputStream out = new DEROutputStream(baos);
+ ASN1OutputStream out = ASN1OutputStream.create(baos,ASN1Encoding.DER);
out.writeObject(protectedPart);
res = baos.toByteArray();
} catch (IOException ioe) {
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpResponseValidationHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpResponseValidationHelper.java
index 90044b66..f3da0f32 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpResponseValidationHelper.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpResponseValidationHelper.java
@@ -36,6 +36,7 @@ import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.ASN1BitString;
import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers;
import org.bouncycastle.asn1.cmp.InfoTypeAndValue;
import org.bouncycastle.asn1.cmp.PBMParameter;
@@ -66,7 +67,7 @@ public final class CmpResponseValidationHelper {
static void verifySignature(PKIMessage respPkiMessage, PublicKey pk)
throws CmpClientException {
final byte[] protBytes = getProtectedBytes(respPkiMessage);
- final DERBitString derBitString = respPkiMessage.getProtection();
+ final DERBitString derBitString = (DERBitString) respPkiMessage.getProtection();
try {
final Signature signature =
Signature.getInstance(