Upgrade fastJson to version 1.2.83 to avoid security vulnerabilities

Author: gaopei28

pom.xml

@@ -29,7 +29,7 @@
 		<dependency>
 			<groupId>com.alibaba</groupId>
 			<artifactId>fastjson</artifactId>
-			<version>1.2.47</version>
+			<version>1.2.83</version>
 		</dependency>
 		<dependency>
 			<groupId>org.bouncycastle</groupId>

src/main/java/com/reddate/did/sdk/constant/ErrorMessage.java

@@ -20,17 +20,17 @@ public enum ErrorMessage {
 
 	DID_NOT_EXIST(1041, "DID does not exist"),
 
-	CPT_AND_ISSUER_CANNOT_MATCH(1062, "Issuer and publisherDid in the CPT do not match"),
+	CPT_AND_ISSUER_CANNOT_MATCH(1062, "privateKey does not match issuerDid"),
 
 	QUERY_GRANT_ENCPY_KEY_FAILED(1501, "Failed to query the encryption key of the granted resource"),
 
 //	DECRPTY_GRANT_KEY_FAILED(1502, "Failed to decrypt the key of the granted resource"),
 
 	RESOURCE_NOT_EISTS(1418, "Resource does not exist"),
 
-	RECOVERY_KEY_INCORRECT(1504, "The recovery key pair is incorrect, cannot reset DID authentication"),
+	RECOVERY_KEY_INCORRECT(1504, " mismatch"),
 
-	PRK_PUK_NOT_MATCH(1306, " Public key format is invalid"),
+	PRK_PUK_NOT_MATCH(1306, " format is invalid"),
 
 	INVALID_DID(1043, "Invalid DID"),
 

src/main/java/com/reddate/did/sdk/param/req/Operation.java

@@ -21,5 +21,9 @@ public enum Operation {
 	/**
 	 * Delete permission
 	 */
-	DELETE
+	DELETE,
+	/**
+	 * Transfer permission
+	 */
+	TRANSFER
 }

src/main/java/com/reddate/did/sdk/protocol/response/ResultData.java

@@ -60,7 +60,7 @@ public void setData(T data) {
 	public static <T> ResultData<T> success(T data) {
 		ResultData<T> result = new ResultData<>();
 		result.setCode(0);
-		result.setMsg("success");
+		result.setMsg("Success");
 		result.setData(data);
 		return result;
 	}

src/main/java/com/reddate/did/sdk/service/AuthIssuerService.java

@@ -207,7 +207,7 @@ public CptBaseInfo registerCpt(RegisterCpt registerCpt) {
 	 * Query all registered CPT templates under the issuer according to the DID
 	 * identifier of the issuer.
 	 * 
-	 * @param query Page information and authority issuer
+	 * @param queryCpt Page information and authority issuer
 	 * @return Return the CPT template list
 	 */
 	public Pages<CptInfo> queryCptListByDid(QueryCpt queryCpt) {

src/main/java/com/reddate/did/sdk/service/DidService.java

@@ -346,16 +346,16 @@ public ResultData<KeyPair> resetDidAuth(ResetDidAuth resetDidAuth) throws Except
 			throw new DidException(queryDidDocument.getCode(), queryDidDocument.getMsg());
 		}
 
+		if(!isPublickKeyValid(resetDidAuth.getRecoveryKey().getPublicKey())){
+			throw new DidException(ErrorMessage.PRK_PUK_NOT_MATCH.getCode(),
+					"recoveryKey.publicKey" + ErrorMessage.PRK_PUK_NOT_MATCH.getMessage());
+		}
 		String recoveryPublicKey = ECDSAUtils.getPublicKey(resetDidAuth.getRecoveryKey().getPrivateKey());
 		if (recoveryPublicKey == null
-				|| !recoveryPublicKey.equals(queryDidDocument.getData().getRecovery().getPublicKey())) {
+				|| !recoveryPublicKey.equals(queryDidDocument.getData().getRecovery().getPublicKey())
+				|| !recoveryPublicKey.equals(resetDidAuth.getRecoveryKey().getPublicKey())) {
 			throw new DidException(ErrorMessage.RECOVERY_KEY_INCORRECT.getCode(),
-					ErrorMessage.RECOVERY_KEY_INCORRECT.getMessage());
-		}
-
-		if(!isPublickKeyValid(resetDidAuth.getRecoveryKey().getPublicKey())){
-			throw new DidException(ErrorMessage.PRK_PUK_NOT_MATCH.getCode(),
-					ErrorMessage.PRK_PUK_NOT_MATCH.getMessage());
+					"recoveryKey.privateKey and recoveryKey.publicKey" + ErrorMessage.RECOVERY_KEY_INCORRECT.getMessage());
 		}
 
 		DidDocument didDoc = queryDidDocument.getData();
@@ -368,10 +368,14 @@ public ResultData<KeyPair> resetDidAuth(ResetDidAuth resetDidAuth) throws Except
 				|| resetDidAuth.getPrimaryKeyPair().getType().trim().isEmpty()) {
 			keyPair = ECDSAUtils.createKey();
 		} else {
+			if(!isPublickKeyValid(resetDidAuth.getPrimaryKeyPair().getPublicKey())){
+				throw new DidException(ErrorMessage.PRK_PUK_NOT_MATCH.getCode(),
+						"primaryKeyPair.publicKey" + ErrorMessage.PRK_PUK_NOT_MATCH.getMessage());
+			}
 			String publicKey = ECDSAUtils.getPublicKey(resetDidAuth.getPrimaryKeyPair().getPrivateKey());
 			if (publicKey == null || !publicKey.equals(resetDidAuth.getPrimaryKeyPair().getPublicKey())) {
-				throw new DidException(ErrorMessage.PRK_PUK_NOT_MATCH.getCode(),
-						ErrorMessage.PRK_PUK_NOT_MATCH.getMessage());
+				throw new DidException(ErrorMessage.RECOVERY_KEY_INCORRECT.getCode(),
+						"primaryKeyPair.privateKey and primaryKeyPair.publicKey" + ErrorMessage.RECOVERY_KEY_INCORRECT.getMessage());
 			}
 		}
 

src/main/java/com/reddate/did/sdk/util/ECDSAUtils.java

@@ -73,6 +73,12 @@ public static String sign(String message, String privateKey){
 			throw new DidException(ErrorMessage.SIGNATURE_FAILED.getCode(), ErrorMessage.SIGNATURE_FAILED.getMessage());
 		}
     }
+
+    public static void main(String[] args) {
+
+        String sign = sign("did:bsn:BNs5BgsEU7PjWdAKE8ZLifsZ2cE", "16780098087725241378027720583043134163962766226428001721995781676508526587610");
+        System.out.println("------------------- 1 ---- sign = " + sign);
+    }
 
     public static SignatureData secp256k1SignToSignature(String rawData, BigInteger privateKey) {
         ECKeyPair keyPair = GenCredential.createKeyPair(privateKey.toString(16));

src/main/java/com/reddate/did/sdk/util/Secp256Util.java

@@ -90,6 +90,10 @@ public static String getPublicKey(CryptoType cryptoType, String privateKey) {
 		return ecKeyPair.getPublicKey().toString();
 	}
 
+	public static void main(String[] args) {
+		System.out.println(getPublicKey(CryptoType.ECDSA, "177511339483322497155015102112935098674666504693652987703930042787508877099585"));
+	}
+
 	/**
 	 * Get the address form private key
 	 *