[OOM-CERT-SERVICE] Fix vulnerabilities for Kohn

[oom/platform/cert-service.git] / certService / src / main / java / org / onap / oom / certservice / cmpv2client / impl / CmpUtil.java

diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java
index 0d0d7f3..fac4150 100644 (file)
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java
@@ -22,11 +22,12 @@
 package org.onap.oom.certservice.cmpv2client.impl;
 
 import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1GeneralizedTime;
 import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1OutputStream;
 import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DEROutputStream;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers;
 import org.bouncycastle.asn1.cmp.InfoTypeAndValue;
@@ -116,7 +117,7 @@ public final class CmpUtil {
         vector.add(body);
         ASN1Encodable protectedPart = new DERSequence(vector);
         try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
-            DEROutputStream out = new DEROutputStream(baos);
+            ASN1OutputStream out = ASN1OutputStream.create(baos,ASN1Encoding.DER);
             out.writeObject(protectedPart);
             res = baos.toByteArray();
         } catch (IOException ioe) {