[OOM-CERT-SERVICE] Fix vulnerabilities for Kohn

[oom/platform/cert-service.git] / certService / src / main / java / org / onap / oom / certservice / cmpv2client / impl / CmpMessageHelper.java

diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
index 463451b..3fac665 100644 (file)
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
@@ -31,10 +31,11 @@ import java.security.Signature;
 import java.security.SignatureException;
 import java.util.Date;
 
+import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.ASN1OutputStream;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.crmf.CertRequest;
@@ -127,7 +128,7 @@ public final class CmpMessageHelper {
             final CertRequest certRequest, final KeyPair keypair) throws CmpClientException {
         ProofOfPossession proofOfPossession;
         try (ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream()) {
-            final DEROutputStream derOutputStream = new DEROutputStream(byteArrayOutputStream);
+            final ASN1OutputStream derOutputStream = ASN1OutputStream.create(byteArrayOutputStream,ASN1Encoding.DER);
             derOutputStream.writeObject(certRequest);
 
             byte[] popoProtectionBytes = byteArrayOutputStream.toByteArray();