diff --git a/nifi-commons/nifi-property-protection-gcp/pom.xml b/nifi-commons/nifi-property-protection-gcp/pom.xml
index 818518aaf9..3d4e529ab5 100644
--- a/nifi-commons/nifi-property-protection-gcp/pom.xml
+++ b/nifi-commons/nifi-property-protection-gcp/pom.xml
@@ -65,23 +65,7 @@
commons-logging
commons-logging
-
- org.bouncycastle
- bcprov-jdk15on
-
-
- org.bouncycastle
- bcpkix-jdk15on
-
-
- org.bouncycastle
- bcprov-jdk18on
-
-
- org.bouncycastle
- bcpkix-jdk18on
-
diff --git a/nifi-commons/nifi-repository-encryption/pom.xml b/nifi-commons/nifi-repository-encryption/pom.xml
index 53852d51fa..95d431ca97 100644
--- a/nifi-commons/nifi-repository-encryption/pom.xml
+++ b/nifi-commons/nifi-repository-encryption/pom.xml
@@ -38,8 +38,8 @@
2.0.0-SNAPSHOT
- org.bouncycastle
- bcprov-jdk18on
+ commons-codec
+ commons-codec
diff --git a/nifi-commons/nifi-repository-encryption/src/main/java/org/apache/nifi/repository/encryption/AesGcmByteArrayRepositoryEncryptor.java b/nifi-commons/nifi-repository-encryption/src/main/java/org/apache/nifi/repository/encryption/AesGcmByteArrayRepositoryEncryptor.java
index f12f3a657d..edd97fb1d3 100644
--- a/nifi-commons/nifi-repository-encryption/src/main/java/org/apache/nifi/repository/encryption/AesGcmByteArrayRepositoryEncryptor.java
+++ b/nifi-commons/nifi-repository-encryption/src/main/java/org/apache/nifi/repository/encryption/AesGcmByteArrayRepositoryEncryptor.java
@@ -20,7 +20,6 @@ import org.apache.nifi.repository.encryption.configuration.EncryptionMetadataHea
import org.apache.nifi.repository.encryption.configuration.RepositoryEncryptionMethod;
import org.apache.nifi.repository.encryption.metadata.RecordMetadata;
import org.apache.nifi.security.kms.KeyProvider;
-import org.bouncycastle.util.Arrays;
import javax.crypto.Cipher;
import java.io.ByteArrayInputStream;
@@ -74,9 +73,17 @@ public class AesGcmByteArrayRepositoryEncryptor extends AesSecretKeyRepositoryEn
try {
final byte[] encryptedRecord = cipher.doFinal(record);
final byte[] serializedMetadata = getMetadata(keyId, cipher.getIV(), encryptedRecord.length);
- return Arrays.concatenate(serializedMetadata, encryptedRecord);
+ return concatenate(serializedMetadata, encryptedRecord);
} catch (final GeneralSecurityException e) {
throw new RepositoryEncryptionException(String.format("Encryption Failed for Record ID [%s]", recordId), e);
}
}
+
+ private byte[] concatenate(final byte[] serializedMetadata, final byte[] encryptedRecord) {
+ final int concatenatedLength = serializedMetadata.length + encryptedRecord.length;
+ final byte[] concatenated = new byte[concatenatedLength];
+ System.arraycopy(serializedMetadata, 0, concatenated, 0, serializedMetadata.length);
+ System.arraycopy(encryptedRecord, 0, concatenated, serializedMetadata.length, encryptedRecord.length);
+ return concatenated;
+ }
}
diff --git a/nifi-commons/nifi-repository-encryption/src/main/java/org/apache/nifi/repository/encryption/configuration/kms/StandardRepositoryKeyProviderFactory.java b/nifi-commons/nifi-repository-encryption/src/main/java/org/apache/nifi/repository/encryption/configuration/kms/StandardRepositoryKeyProviderFactory.java
index 4e66894be1..a6775241bc 100644
--- a/nifi-commons/nifi-repository-encryption/src/main/java/org/apache/nifi/repository/encryption/configuration/kms/StandardRepositoryKeyProviderFactory.java
+++ b/nifi-commons/nifi-repository-encryption/src/main/java/org/apache/nifi/repository/encryption/configuration/kms/StandardRepositoryKeyProviderFactory.java
@@ -16,6 +16,8 @@
*/
package org.apache.nifi.repository.encryption.configuration.kms;
+import org.apache.commons.codec.DecoderException;
+import org.apache.commons.codec.binary.Hex;
import org.apache.nifi.repository.encryption.configuration.EncryptedRepositoryType;
import org.apache.nifi.security.kms.KeyProvider;
import org.apache.nifi.security.kms.KeyProviderFactory;
@@ -29,8 +31,6 @@ import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.util.NiFiBootstrapUtils;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.util.StringUtils;
-import org.bouncycastle.util.encoders.DecoderException;
-import org.bouncycastle.util.encoders.Hex;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
@@ -140,7 +140,7 @@ public class StandardRepositoryKeyProviderFactory implements RepositoryKeyProvid
private static SecretKey getRootKey() {
try {
String rootKeyHex = NiFiBootstrapUtils.extractKeyFromBootstrapFile();
- return new SecretKeySpec(Hex.decode(rootKeyHex), ROOT_KEY_ALGORITHM);
+ return new SecretKeySpec(Hex.decodeHex(rootKeyHex), ROOT_KEY_ALGORITHM);
} catch (final IOException | DecoderException e) {
throw new EncryptedConfigurationException("Read Root Key from Bootstrap Failed", e);
}
diff --git a/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-parameter-providers/pom.xml b/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-parameter-providers/pom.xml
index 65aafb4b4d..288d331e72 100644
--- a/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-parameter-providers/pom.xml
+++ b/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-parameter-providers/pom.xml
@@ -51,24 +51,8 @@
commons-logging
commons-logging
-
- org.bouncycastle
- bcprov-jdk15on
-
-
- org.bouncycastle
- bcpkix-jdk15on
-
-
- org.bouncycastle
- bcprov-jdk18on
-
-
- org.bouncycastle
- bcpkix-jdk18on
-
com.google.auth
google-auth-library-oauth2-http
diff --git a/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-processors/pom.xml b/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-processors/pom.xml
index db90bec215..ae624dba29 100644
--- a/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-processors/pom.xml
@@ -125,24 +125,8 @@
commons-logging
commons-logging
-
- org.bouncycastle
- bcprov-jdk15on
-
-
- org.bouncycastle
- bcpkix-jdk15on
-
-
- org.bouncycastle
- bcprov-jdk18on
-
-
- org.bouncycastle
- bcpkix-jdk18on
-
com.google.cloud
google-cloud-pubsublite
@@ -151,14 +135,6 @@
commons-logging
commons-logging
-
- org.bouncycastle
- bcprov-jdk15on
-
-
- org.bouncycastle
- bcpkix-jdk15on
-
@@ -208,14 +184,6 @@
commons-logging
commons-logging
-
- org.bouncycastle
- bcprov-jdk15on
-
-
- org.bouncycastle
- bcpkix-jdk15on
-
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-properties/pom.xml b/nifi-registry/nifi-registry-core/nifi-registry-properties/pom.xml
index a54d2950a0..71278c1a61 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-properties/pom.xml
+++ b/nifi-registry/nifi-registry-core/nifi-registry-properties/pom.xml
@@ -35,7 +35,6 @@
org.bouncycastle
bcprov-jdk18on
- ${org.bouncycastle.version}
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-security-utils/pom.xml b/nifi-registry/nifi-registry-core/nifi-registry-security-utils/pom.xml
index 10b7932ccf..80a54899ef 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-security-utils/pom.xml
+++ b/nifi-registry/nifi-registry-core/nifi-registry-security-utils/pom.xml
@@ -26,12 +26,10 @@
org.bouncycastle
bcprov-jdk18on
- ${org.bouncycastle.version}
org.bouncycastle
bcpkix-jdk18on
- ${org.bouncycastle.version}
org.apache.commons
diff --git a/pom.xml b/pom.xml
index b346a6c28a..97f69ee29f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -116,7 +116,7 @@
1.10.0
4.5.14
4.4.16
- 1.71
+ 1.74
1.18.3
2.0.7
2.4.0