From 8353954b16c2bc70cc4575e4e19ac697e4dcf669 Mon Sep 17 00:00:00 2001 From: warunalakshitha Date: Tue, 17 Jan 2017 16:05:42 +0530 Subject: [PATCH] Fix Message digest is weak security bug --- .../agent/transport/CommunicationUtils.java | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/transport/CommunicationUtils.java b/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/transport/CommunicationUtils.java index bb445a3d9..46a43a0ba 100644 --- a/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/transport/CommunicationUtils.java +++ b/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/transport/CommunicationUtils.java @@ -43,7 +43,7 @@ public class CommunicationUtils { private static final Log log = LogFactory.getLog(TransportUtils.class); // The Signature Algorithm used. - private static final String SIGNATURE_ALG = "SHA1withRSA"; + private static final String SHA_512 = "SHA-512"; // The Encryption Algorithm and the Padding used. private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding"; @@ -107,7 +107,7 @@ public class CommunicationUtils { String signedEncodedString; try { - signature = Signature.getInstance(SIGNATURE_ALG); + signature = Signature.getInstance(SHA_512); signature.initSign(signatureKey); signature.update(Base64.decodeBase64(message)); @@ -116,11 +116,11 @@ public class CommunicationUtils { } catch (NoSuchAlgorithmException e) { String errorMsg = - "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new TransportHandlerException(errorMsg, e); } catch (SignatureException e) { - String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new TransportHandlerException(errorMsg, e); } catch (InvalidKeyException e) { @@ -152,7 +152,7 @@ public class CommunicationUtils { boolean verified; try { - signature = Signature.getInstance(SIGNATURE_ALG); + signature = Signature.getInstance(SHA_512); signature.initVerify(verificationKey); signature.update(Base64.decodeBase64(data)); @@ -160,11 +160,11 @@ public class CommunicationUtils { } catch (NoSuchAlgorithmException e) { String errorMsg = - "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new TransportHandlerException(errorMsg, e); } catch (SignatureException e) { - String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new TransportHandlerException(errorMsg, e); } catch (InvalidKeyException e) {