From 2dd5ce89fc3113aa5c11c37191af876777e8f60a Mon Sep 17 00:00:00 2001 From: HeshanSudarshana Date: Sat, 6 Apr 2024 20:51:13 +0530 Subject: [PATCH] Bump the bouncycastle version to 1.77.0 --- modules/commons/pom.xml | 2 +- modules/transports/core/nhttp/pom.xml | 2 +- .../certificatevalidation/crl/CRLVerifier.java | 17 +++++++++++++---- .../ocsp/OCSPVerifier.java | 4 ++-- pom.xml | 4 ++-- 5 files changed, 19 insertions(+), 10 deletions(-) diff --git a/modules/commons/pom.xml b/modules/commons/pom.xml index 21502ad218..7aa7479070 100644 --- a/modules/commons/pom.xml +++ b/modules/commons/pom.xml @@ -204,7 +204,7 @@ org.wso2.orbit.org.bouncycastle - bcpkix-jdk15on + bcpkix-jdk18on org.jacoco diff --git a/modules/transports/core/nhttp/pom.xml b/modules/transports/core/nhttp/pom.xml index 1e30ffa52b..4a89666eef 100644 --- a/modules/transports/core/nhttp/pom.xml +++ b/modules/transports/core/nhttp/pom.xml @@ -192,7 +192,7 @@ org.wso2.orbit.org.bouncycastle - bcpkix-jdk15on + bcpkix-jdk18on org.wso2.caching diff --git a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/crl/CRLVerifier.java b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/crl/CRLVerifier.java index 3220bd14ef..7a68ddef7e 100644 --- a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/crl/CRLVerifier.java +++ b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/crl/CRLVerifier.java @@ -20,10 +20,19 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.bouncycastle.asn1.*; -import org.bouncycastle.asn1.x509.*; -import org.apache.synapse.transport.certificatevalidation.*; +import org.apache.synapse.transport.certificatevalidation.CertificateVerificationException; +import org.apache.synapse.transport.certificatevalidation.RevocationVerifier; +import org.apache.synapse.transport.certificatevalidation.RevocationStatus; +import org.bouncycastle.asn1.ASN1IA5String; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.x509.CRLDistPoint; +import org.bouncycastle.asn1.x509.DistributionPoint; +import org.bouncycastle.asn1.x509.DistributionPointName; import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.GeneralNames; import java.io.IOException; import java.io.InputStream; @@ -164,7 +173,7 @@ private List getCrlDistributionPoints(X509Certificate cert) if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) { //DERIA5String contains an ascii string. //A IA5String is a restricted character string type in the ASN.1 notation - String url = DERIA5String.getInstance(genName.getName()).getString().trim(); + String url = ASN1IA5String.getInstance(genName.getName()).getString().trim(); crlUrls.add(url); } } diff --git a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/ocsp/OCSPVerifier.java b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/ocsp/OCSPVerifier.java index 4ba283f9e3..87980a668b 100644 --- a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/ocsp/OCSPVerifier.java +++ b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/ocsp/OCSPVerifier.java @@ -31,8 +31,8 @@ import org.apache.synapse.transport.certificatevalidation.Constants; import org.apache.synapse.transport.certificatevalidation.RevocationStatus; import org.apache.synapse.transport.certificatevalidation.RevocationVerifier; +import org.bouncycastle.asn1.ASN1IA5String; import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.DERIA5String; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; import org.bouncycastle.asn1.ocsp.OCSPResponseStatus; @@ -276,7 +276,7 @@ private List getAIALocations(X509Certificate cert) throws CertificateVer GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { - DERIA5String str = DERIA5String.getInstance(gn.getName()); + ASN1IA5String str = ASN1IA5String.getInstance(gn.getName()); String accessLocation = str.getString(); ocspUrlList.add(accessLocation); } diff --git a/pom.xml b/pom.xml index f04b73daa2..7683399eb3 100644 --- a/pom.xml +++ b/pom.xml @@ -658,7 +658,7 @@ org.wso2.orbit.org.bouncycastle - bcpkix-jdk15on + bcpkix-jdk18on ${org.bouncycastle.version} @@ -1471,7 +1471,7 @@ 2.9.0.wso2v1 1.5.3 2.3.1 - 1.69.0.wso2v1 + 1.77.0.wso2v2 [1.52.0,2.0.0) 4.4.16 ${httpcore.version}.wso2v1