From 5654206fb9290727f3f1eeb413f19de7b8195a93 Mon Sep 17 00:00:00 2001
From: Nikita Kovaliov <nikita.kovaliov@itextpdf.com>
Date: Fri, 11 Feb 2022 02:54:04 +0300
Subject: [PATCH] Upgrade BouncyCastle to 1.67

DEV-2005
---
 itext/pom.xml                                                | 4 ++--
 .../com/itextpdf/text/pdf/PdfPublicKeySecurityHandler.java   | 5 +++--
 .../main/java/com/itextpdf/text/pdf/security/PdfPKCS7.java   | 4 ++--
 .../com/itextpdf/text/pdf/security/SignaturePolicyInfo.java  | 3 +--
 pdfa/pom.xml                                                 | 2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/itext/pom.xml b/itext/pom.xml
index daeefeee5..1665f6860 100644
--- a/itext/pom.xml
+++ b/itext/pom.xml
@@ -75,13 +75,13 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk15to18</artifactId>
-      <version>1.66</version>
+      <version>1.67</version>
       <optional>true</optional>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcpkix-jdk15on</artifactId>
-      <version>1.66</version>
+      <version>1.67</version>
       <optional>true</optional>
     </dependency>
     <dependency>
diff --git a/itext/src/main/java/com/itextpdf/text/pdf/PdfPublicKeySecurityHandler.java b/itext/src/main/java/com/itextpdf/text/pdf/PdfPublicKeySecurityHandler.java
index bb614ec45..c445e7c0b 100644
--- a/itext/src/main/java/com/itextpdf/text/pdf/PdfPublicKeySecurityHandler.java
+++ b/itext/src/main/java/com/itextpdf/text/pdf/PdfPublicKeySecurityHandler.java
@@ -101,12 +101,13 @@
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 
+import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1OutputStream;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DEROutputStream;
 import org.bouncycastle.asn1.DERSet;
 import org.bouncycastle.asn1.cms.ContentInfo;
 import org.bouncycastle.asn1.cms.EncryptedContentInfo;
@@ -194,7 +195,7 @@ public byte[] getEncodedRecipient(int index) throws IOException, GeneralSecurity
 
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
 
-        DEROutputStream k = new DEROutputStream(baos);
+        ASN1OutputStream k = ASN1OutputStream.create(baos, ASN1Encoding.DER);
 
         k.writeObject(obj);
 
diff --git a/itext/src/main/java/com/itextpdf/text/pdf/security/PdfPKCS7.java b/itext/src/main/java/com/itextpdf/text/pdf/security/PdfPKCS7.java
index b067863b1..1a4a4e4e8 100644
--- a/itext/src/main/java/com/itextpdf/text/pdf/security/PdfPKCS7.java
+++ b/itext/src/main/java/com/itextpdf/text/pdf/security/PdfPKCS7.java
@@ -806,7 +806,7 @@ else if (externalRSAdata != null && RSAdata != null) {
             // Add the digestAlgorithm
             v = new ASN1EncodableVector();
             v.add(new ASN1ObjectIdentifier(digestAlgorithmOid));
-            v.add(new DERNull());
+            v.add(DERNull.INSTANCE);
             signerinfo.add(new DERSequence(v));
 
             // add the authenticated attribute if present
@@ -816,7 +816,7 @@ else if (externalRSAdata != null && RSAdata != null) {
             // Add the digestEncryptionAlgorithm
             v = new ASN1EncodableVector();
             v.add(new ASN1ObjectIdentifier(digestEncryptionAlgorithmOid));
-            v.add(new DERNull());
+            v.add(DERNull.INSTANCE);
             signerinfo.add(new DERSequence(v));
 
             // Add the digest
diff --git a/itext/src/main/java/com/itextpdf/text/pdf/security/SignaturePolicyInfo.java b/itext/src/main/java/com/itextpdf/text/pdf/security/SignaturePolicyInfo.java
index 753dfc15b..06bda43dc 100644
--- a/itext/src/main/java/com/itextpdf/text/pdf/security/SignaturePolicyInfo.java
+++ b/itext/src/main/java/com/itextpdf/text/pdf/security/SignaturePolicyInfo.java
@@ -45,7 +45,6 @@ This file is part of the iText (R) project.
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import com.itextpdf.text.pdf.codec.Base64;
 import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.esf.*;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -118,7 +117,7 @@ SignaturePolicyIdentifier toSignaturePolicyIdentifier() {
         }
         SigPolicyQualifiers qualifiers = new SigPolicyQualifiers(new SigPolicyQualifierInfo[] {spqi});
 
-        signaturePolicyIdentifier = new SignaturePolicyIdentifier(new SignaturePolicyId(DERObjectIdentifier.getInstance(new DERObjectIdentifier(this.policyIdentifier.replace("urn:oid:", ""))),
+        signaturePolicyIdentifier = new SignaturePolicyIdentifier(new SignaturePolicyId(ASN1ObjectIdentifier.getInstance(new ASN1ObjectIdentifier(this.policyIdentifier.replace("urn:oid:", ""))),
                 new OtherHashAlgAndValue(new AlgorithmIdentifier(new ASN1ObjectIdentifier(algId)), new DEROctetString(this.policyHash)), qualifiers));
 
         return signaturePolicyIdentifier;
diff --git a/pdfa/pom.xml b/pdfa/pom.xml
index 0473858fe..9d022c604 100644
--- a/pdfa/pom.xml
+++ b/pdfa/pom.xml
@@ -80,7 +80,7 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk15to18</artifactId>
-      <version>1.66</version>
+      <version>1.67</version>
       <optional>true</optional>
     </dependency>
     <dependency>