Fix Message digest is weak security bug

components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/transport/CommunicationUtils.java

@@ -43,7 +43,7 @@ public class CommunicationUtils {
     private static final Log log = LogFactory.getLog(TransportUtils.class);
 
     // The Signature Algorithm used.
-    private static final String SIGNATURE_ALG = "SHA1withRSA";
+    private static final String SHA_512 = "SHA-512";
     // The Encryption Algorithm and the Padding used.
     private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding";
 
@@ -108,7 +108,7 @@ public class CommunicationUtils {
         String signedEncodedString;
 
         try {
-            signature = Signature.getInstance(SIGNATURE_ALG);
+            signature = Signature.getInstance(SHA_512);
             signature.initSign(signatureKey);
             signature.update(Base64.decodeBase64(message));
 
@@ -117,11 +117,11 @@ public class CommunicationUtils {
 
         } catch (NoSuchAlgorithmException e) {
             String errorMsg =
-                    "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+                    "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (SignatureException e) {
-            String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (InvalidKeyException e) {
@@ -153,7 +153,7 @@ public class CommunicationUtils {
         boolean verified;
 
         try {
-            signature = Signature.getInstance(SIGNATURE_ALG);
+            signature = Signature.getInstance(SHA_512);
             signature.initVerify(verificationKey);
             signature.update(Base64.decodeBase64(data));
 
@@ -161,11 +161,11 @@ public class CommunicationUtils {
 
         } catch (NoSuchAlgorithmException e) {
             String errorMsg =
-                    "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+                    "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (SignatureException e) {
-            String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (InvalidKeyException e) {

components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/transport/CommunicationUtils.java

@@ -43,7 +43,7 @@ public class CommunicationUtils {
     private static final Log log = LogFactory.getLog(TransportUtils.class);
 
     // The Signature Algorithm used.
-    private static final String SIGNATURE_ALG = "SHA1withRSA";
+    private static final String SHA_512 = "SHA-512";
     // The Encryption Algorithm and the Padding used.
     private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding";
 
@@ -107,7 +107,7 @@ public class CommunicationUtils {
         String signedEncodedString;
 
         try {
-            signature = Signature.getInstance(SIGNATURE_ALG);
+            signature = Signature.getInstance(SHA_512);
             signature.initSign(signatureKey);
             signature.update(Base64.decodeBase64(message));
 
@@ -116,11 +116,11 @@ public class CommunicationUtils {
 
         } catch (NoSuchAlgorithmException e) {
             String errorMsg =
-                    "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+                    "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (SignatureException e) {
-            String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (InvalidKeyException e) {
@@ -152,7 +152,7 @@ public class CommunicationUtils {
         boolean verified;
 
         try {
-            signature = Signature.getInstance(SIGNATURE_ALG);
+            signature = Signature.getInstance(SHA_512);
             signature.initVerify(verificationKey);
             signature.update(Base64.decodeBase64(data));
 
@@ -160,11 +160,11 @@ public class CommunicationUtils {
 
         } catch (NoSuchAlgorithmException e) {
             String errorMsg =
-                    "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+                    "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (SignatureException e) {
-            String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (InvalidKeyException e) {

components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/VirtualFirealarmSecurityManager.java

@@ -51,7 +51,7 @@ public class VirtualFirealarmSecurityManager {
     private static final Log log = LogFactory.getLog(VirtualFirealarmSecurityManager.class);
 
     private static PrivateKey serverPrivateKey;
-    private static final String SIGNATURE_ALG = "SHA1withRSA";
+    private static final String SHA_512 = "SHA-512";
     private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding";
     private static CertificateKeystoreConfig certificateKeystoreConfig;
     private VirtualFirealarmSecurityManager() {
@@ -162,7 +162,7 @@ public class VirtualFirealarmSecurityManager {
         String signedEncodedString;
 
         try {
-            signature = Signature.getInstance(SIGNATURE_ALG);
+            signature = Signature.getInstance(SHA_512);
             signature.initSign(signatureKey);
             signature.update(Base64.decodeBase64(encryptedData));
 
@@ -170,11 +170,11 @@ public class VirtualFirealarmSecurityManager {
             signedEncodedString = Base64.encodeBase64String(signatureBytes);
 
         } catch (NoSuchAlgorithmException e) {
-            String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
         } catch (SignatureException e) {
-            String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
         } catch (InvalidKeyException e) {
@@ -193,18 +193,18 @@ public class VirtualFirealarmSecurityManager {
         boolean verified;
 
         try {
-            signature = Signature.getInstance(SIGNATURE_ALG);
+            signature = Signature.getInstance(SHA_512);
             signature.initVerify(verificationKey);
             signature.update(Base64.decodeBase64(data));
 
             verified = signature.verify(Base64.decodeBase64(signedData));
 
         } catch (NoSuchAlgorithmException e) {
-            String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
         } catch (SignatureException e) {
-            String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
         } catch (InvalidKeyException e) {