From 19cbcf2dfcd2715df2436ce6fb0f261bea3bfa36 Mon Sep 17 00:00:00 2001
From: Ovidijus Narkevicius <ovidijus.narkevicius@nortal.com>
Date: Wed, 21 Feb 2024 08:58:19 +0200
Subject: [PATCH] fix: up bouncy castle version

Closes: XRDDEV-2597
---
 src/addons/messagelog/messagelog-addon/build.gradle        | 2 +-
 src/addons/messagelog/messagelog-db/build.gradle           | 2 +-
 .../ee/ria/xroad/common/asic/AsicContainerVerifier.java    | 3 +--
 .../src/main/java/ee/ria/xroad/common/asic/AsicUtils.java  | 2 +-
 src/build.gradle                                           | 6 ++++++
 .../admin-service/ui-system-test/build.gradle              | 2 +-
 src/common/common-int-test/build.gradle                    | 2 +-
 src/common/common-messagelog/build.gradle                  | 2 +-
 src/common/common-util/build.gradle                        | 2 +-
 .../main/java/ee/ria/xroad/common/ocsp/OcspVerifier.java   | 3 +--
 src/gradle.properties                                      | 7 ++++---
 .../restapi/service/InternalTlsCertificateServiceTest.java | 2 +-
 .../protocol/handler/GenerateSelfSignedCertReqHandler.java | 2 +-
 13 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/src/addons/messagelog/messagelog-addon/build.gradle b/src/addons/messagelog/messagelog-addon/build.gradle
index 64e05cc85e..397858cb2e 100644
--- a/src/addons/messagelog/messagelog-addon/build.gradle
+++ b/src/addons/messagelog/messagelog-addon/build.gradle
@@ -11,7 +11,7 @@ dependencies {
     testImplementation project(':common:common-test')
     testImplementation project(':addons:messagelog:messagelog-archiver')
     testImplementation "org.hsqldb:hsqldb:$hsqldbVersion"
-    testImplementation "org.bouncycastle:bcpg-jdk15on:${bouncyCastleVersion}"
+    testImplementation "org.bouncycastle:bcpg-jdk18on:${bouncyCastleVersion}"
 }
 
 jar {
diff --git a/src/addons/messagelog/messagelog-db/build.gradle b/src/addons/messagelog/messagelog-db/build.gradle
index f416d8e5b1..5935b40021 100644
--- a/src/addons/messagelog/messagelog-db/build.gradle
+++ b/src/addons/messagelog/messagelog-db/build.gradle
@@ -1,7 +1,7 @@
 dependencies {
     implementation(project(':common:common-db'))
     implementation(project(':common:common-messagelog'))
-    implementation "org.bouncycastle:bcpkix-jdk15on:${bouncyCastleVersion}"
+    implementation "org.bouncycastle:bcpkix-jdk18on:${bouncyCastleVersion}"
     implementation "org.slf4j:slf4j-api:${slf4jVersion}"
 }
 
diff --git a/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainerVerifier.java b/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainerVerifier.java
index f82151a981..c8dfc67fa0 100644
--- a/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainerVerifier.java
+++ b/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainerVerifier.java
@@ -237,8 +237,7 @@ private byte[] getTimestampedData() throws Exception {
     private TimeStampToken getTimeStampToken() throws Exception {
         String timestampDerBase64 = asic.getEntryAsString(ENTRY_TIMESTAMP);
         byte[] tsDerDecoded = decodeBase64(timestampDerBase64);
-        return new TimeStampToken(new ContentInfo(
-                (ASN1Sequence) ASN1Sequence.fromByteArray(tsDerDecoded)));
+        return new TimeStampToken(ContentInfo.getInstance(ASN1Sequence.fromByteArray(tsDerDecoded)));
     }
 
     private static ClientId getSigner(String messageXml) {
diff --git a/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicUtils.java b/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicUtils.java
index 855e6731dc..9318853a9c 100644
--- a/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicUtils.java
+++ b/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicUtils.java
@@ -49,7 +49,7 @@ private AsicUtils() {
     @SneakyThrows
     public static String escapeString(String str) {
         String urlEncoded =
-                URLEncoder.encode(str, StandardCharsets.UTF_8.name());
+                URLEncoder.encode(str, StandardCharsets.UTF_8);
         return urlEncoded.replace("/", "%2F");
     }
 
diff --git a/src/build.gradle b/src/build.gradle
index 1bc4c0bfee..a321b33b99 100644
--- a/src/build.gradle
+++ b/src/build.gradle
@@ -157,6 +157,12 @@ configure(subprojects.findAll { !["shared-ui", "ui"].contains(it.name) }) {
                     require("$woodstoxVersion")
                 }
             }
+            add('implementation', 'io.micrometer:micrometer-tracing-bridge-brave') {
+                because("Vulnerability fix regarding CVE-2022-47932")
+                version {
+                    require("1.23.0")
+                }
+            }
         }
 
         testImplementation("org.junit.jupiter:junit-jupiter-engine:$junitJupiterVersion")
diff --git a/src/central-server/admin-service/ui-system-test/build.gradle b/src/central-server/admin-service/ui-system-test/build.gradle
index 4f6e6fe3f3..74e4eeb2d8 100644
--- a/src/central-server/admin-service/ui-system-test/build.gradle
+++ b/src/central-server/admin-service/ui-system-test/build.gradle
@@ -9,7 +9,7 @@ dependencies {
     intTestImplementation("com.nortal.test:test-automation-allure:${testAutomationFrameworkVersion}")
     intTestImplementation("com.nortal.test:test-automation-containers:${testAutomationFrameworkVersion}")
     intTestImplementation("com.nortal.test:test-automation-feign:$testAutomationFrameworkVersion")
-    intTestImplementation("org.bouncycastle:bcpkix-jdk15on:${bouncyCastleVersion}")
+    intTestImplementation("org.bouncycastle:bcpkix-jdk18on:${bouncyCastleVersion}")
     intTestImplementation("org.awaitility:awaitility:${awaitilityVersion}")
 }
 
diff --git a/src/common/common-int-test/build.gradle b/src/common/common-int-test/build.gradle
index c8ed031233..e0f11656ff 100644
--- a/src/common/common-int-test/build.gradle
+++ b/src/common/common-int-test/build.gradle
@@ -14,7 +14,7 @@ dependencies {
     api("com.nortal.test:test-automation-selenide:${testAutomationFrameworkVersion}") {
         exclude group: "org.slf4j", module: "*"
     }
-    api("org.bouncycastle:bcpkix-jdk15on:${bouncyCastleVersion}")
+    api("org.bouncycastle:bcpkix-jdk18on:${bouncyCastleVersion}")
     api("org.awaitility:awaitility:${awaitilityVersion}")
 }
 
diff --git a/src/common/common-messagelog/build.gradle b/src/common/common-messagelog/build.gradle
index d7448023d8..88e00bba04 100644
--- a/src/common/common-messagelog/build.gradle
+++ b/src/common/common-messagelog/build.gradle
@@ -4,7 +4,7 @@ dependencies {
     implementation project(':asic-util')
 
     testImplementation project(':common:common-test')
-    testImplementation "org.bouncycastle:bcpg-jdk15on:${bouncyCastleVersion}"
+    testImplementation "org.bouncycastle:bcpg-jdk18on:${bouncyCastleVersion}"
     testImplementation "org.mockito:mockito-core:$mockitoVersion"
 }
 
diff --git a/src/common/common-util/build.gradle b/src/common/common-util/build.gradle
index 6687cf51df..0cffc3a17b 100644
--- a/src/common/common-util/build.gradle
+++ b/src/common/common-util/build.gradle
@@ -21,7 +21,7 @@ sourceSets {
 dependencies {
     //FIXME review dependencies
     api 'org.apache.santuario:xmlsec:2.2.6'
-    api "org.bouncycastle:bcpkix-jdk15on:$bouncyCastleVersion"
+    api "org.bouncycastle:bcpkix-jdk18on:$bouncyCastleVersion"
     api 'org.apache.commons:commons-lang3:3.12.0'
     api 'commons-io:commons-io:2.13.0'
     api "org.slf4j:jcl-over-slf4j:$slf4jVersion"
diff --git a/src/common/common-verifier/src/main/java/ee/ria/xroad/common/ocsp/OcspVerifier.java b/src/common/common-verifier/src/main/java/ee/ria/xroad/common/ocsp/OcspVerifier.java
index b17457fd39..b5c51ee710 100644
--- a/src/common/common-verifier/src/main/java/ee/ria/xroad/common/ocsp/OcspVerifier.java
+++ b/src/common/common-verifier/src/main/java/ee/ria/xroad/common/ocsp/OcspVerifier.java
@@ -34,7 +34,6 @@
 import com.google.common.util.concurrent.UncheckedExecutionException;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
-import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.ocsp.ResponderID;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.ocsp.BasicOCSPResp;
@@ -351,7 +350,7 @@ public static X509Certificate getOcspCert(BasicOCSPResp response)
             for (X509Certificate cert : knownCerts) {
                 X509CertificateHolder certHolder =
                         new X509CertificateHolder(cert.getEncoded());
-                DERBitString keyData =
+                var keyData =
                         certHolder.getSubjectPublicKeyInfo().getPublicKeyData();
                 byte[] d = calculateDigest(dc, keyData.getBytes());
                 if (MessageDigestAlgorithm.isEqual(respId.getKeyHash(), d)) {
diff --git a/src/gradle.properties b/src/gradle.properties
index f7032bab11..a80a0de108 100644
--- a/src/gradle.properties
+++ b/src/gradle.properties
@@ -36,6 +36,7 @@ springBootVersion=3.2.2
 springDependenciesVersion=1.1.4
 nettyVersion=4.1.105.Final
 netty.version=${nettyVersion}
+micrometerTracingVersion=1.2.3
 springCloudVersion=2023.0.0
 openFeignVersion=12.3
 junitJupiterVersion=5.10.2
@@ -45,7 +46,7 @@ systemRulesVersion=1.19.0
 guavaVersion=33.0.0-jre
 guava.version=${guavaVersion}
 vavrVersion=0.10.4
-bouncyCastleVersion=1.69
+bouncyCastleVersion=1.77
 tomcatVersion=10.1.18
 tomcat.version=${tomcatVersion}
 slf4jVersion=2.0.11
@@ -58,7 +59,7 @@ liquibaseVersion=4.25.0
 liquibase.version=${liquibaseVersion}
 lombokMapstructBinding=0.2.0
 openApiGeneratorVersion=7.1.0
-swaggerParserVersion=2.1.18
+swaggerParserVersion=2.1.20
 hsqldbVersion=2.7.1:jdk8
 hsqldb.version=${hsqldbVersion}
 commonsTextVersion=1.10.0
@@ -72,7 +73,7 @@ assertj.version=${assertjVersion}
 swaggerAnnotationsVersion=2.2.17
 protocVersion=3.24.3
 protobufGradleVersion=0.9.4
-grpcVersion=1.58.0
+grpcVersion=1.61.1
 libpam4jVersion=1.11
 jakartaValidationApiVersion=3.0.2
 jakartaServletApiVersion=6.0.0
diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/InternalTlsCertificateServiceTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/InternalTlsCertificateServiceTest.java
index a84393401d..a8461093c7 100644
--- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/InternalTlsCertificateServiceTest.java
+++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/InternalTlsCertificateServiceTest.java
@@ -85,7 +85,7 @@ public class InternalTlsCertificateServiceTest {
             new ExternalProcessRunner() {
                 @Override
                 public ProcessResult execute(String command, String... args) throws ProcessNotExecutableException,
-                        ProcessFailedException {
+                                                                                    ProcessFailedException {
                     if (command.equals(MOCK_SUCCESS_SCRIPT)) {
                         return new ProcessResult(command, 0, Collections.singletonList(SUCCESS));
                     }
diff --git a/src/signer/src/main/java/ee/ria/xroad/signer/protocol/handler/GenerateSelfSignedCertReqHandler.java b/src/signer/src/main/java/ee/ria/xroad/signer/protocol/handler/GenerateSelfSignedCertReqHandler.java
index 6572edb24c..456d0caaad 100644
--- a/src/signer/src/main/java/ee/ria/xroad/signer/protocol/handler/GenerateSelfSignedCertReqHandler.java
+++ b/src/signer/src/main/java/ee/ria/xroad/signer/protocol/handler/GenerateSelfSignedCertReqHandler.java
@@ -117,7 +117,7 @@ class DummyCertBuilder {
 
         X509Certificate build(TokenAndKey tokenAndKey, GenerateSelfSignedCertReq message, PublicKey publicKey,
                               String signAlgoId) throws Exception {
-            X500Name subject = new X500Name("CN=" + message.getCommonName());
+            X500Name subject = new X500Name(message.getCommonName());
 
             JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(subject, BigInteger.ONE,
                     fromUnixTimestamp(message.getDateNotBefore()),