mirror of https://github.com/apache/nifi.git
NIFI-11696 Upgraded Bouncy Castle from 1.71 to 1.74
- Adjusted nifi-repository-encryption to remove dependency on Bouncy Castle Provider - Updated Google Cloud Provider dependencies to remove exclusions and dependencies on Bouncy Castle that no longer apply to current versions Signed-off-by: Matt Burgess <mattyb149@apache.org> This closes #7384
This commit is contained in:
parent
6a129be114
commit
6b19ab8eaa
|
@ -65,23 +65,7 @@
|
||||||
<groupId>commons-logging</groupId>
|
<groupId>commons-logging</groupId>
|
||||||
<artifactId>commons-logging</artifactId>
|
<artifactId>commons-logging</artifactId>
|
||||||
</exclusion>
|
</exclusion>
|
||||||
<exclusion>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcprov-jdk15on</artifactId>
|
|
||||||
</exclusion>
|
|
||||||
<exclusion>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcpkix-jdk15on</artifactId>
|
|
||||||
</exclusion>
|
|
||||||
</exclusions>
|
</exclusions>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcprov-jdk18on</artifactId>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcpkix-jdk18on</artifactId>
|
|
||||||
</dependency>
|
|
||||||
</dependencies>
|
</dependencies>
|
||||||
</project>
|
</project>
|
||||||
|
|
|
@ -38,8 +38,8 @@
|
||||||
<version>2.0.0-SNAPSHOT</version>
|
<version>2.0.0-SNAPSHOT</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.bouncycastle</groupId>
|
<groupId>commons-codec</groupId>
|
||||||
<artifactId>bcprov-jdk18on</artifactId>
|
<artifactId>commons-codec</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
</project>
|
</project>
|
||||||
|
|
|
@ -20,7 +20,6 @@ import org.apache.nifi.repository.encryption.configuration.EncryptionMetadataHea
|
||||||
import org.apache.nifi.repository.encryption.configuration.RepositoryEncryptionMethod;
|
import org.apache.nifi.repository.encryption.configuration.RepositoryEncryptionMethod;
|
||||||
import org.apache.nifi.repository.encryption.metadata.RecordMetadata;
|
import org.apache.nifi.repository.encryption.metadata.RecordMetadata;
|
||||||
import org.apache.nifi.security.kms.KeyProvider;
|
import org.apache.nifi.security.kms.KeyProvider;
|
||||||
import org.bouncycastle.util.Arrays;
|
|
||||||
|
|
||||||
import javax.crypto.Cipher;
|
import javax.crypto.Cipher;
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
|
@ -74,9 +73,17 @@ public class AesGcmByteArrayRepositoryEncryptor extends AesSecretKeyRepositoryEn
|
||||||
try {
|
try {
|
||||||
final byte[] encryptedRecord = cipher.doFinal(record);
|
final byte[] encryptedRecord = cipher.doFinal(record);
|
||||||
final byte[] serializedMetadata = getMetadata(keyId, cipher.getIV(), encryptedRecord.length);
|
final byte[] serializedMetadata = getMetadata(keyId, cipher.getIV(), encryptedRecord.length);
|
||||||
return Arrays.concatenate(serializedMetadata, encryptedRecord);
|
return concatenate(serializedMetadata, encryptedRecord);
|
||||||
} catch (final GeneralSecurityException e) {
|
} catch (final GeneralSecurityException e) {
|
||||||
throw new RepositoryEncryptionException(String.format("Encryption Failed for Record ID [%s]", recordId), e);
|
throw new RepositoryEncryptionException(String.format("Encryption Failed for Record ID [%s]", recordId), e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private byte[] concatenate(final byte[] serializedMetadata, final byte[] encryptedRecord) {
|
||||||
|
final int concatenatedLength = serializedMetadata.length + encryptedRecord.length;
|
||||||
|
final byte[] concatenated = new byte[concatenatedLength];
|
||||||
|
System.arraycopy(serializedMetadata, 0, concatenated, 0, serializedMetadata.length);
|
||||||
|
System.arraycopy(encryptedRecord, 0, concatenated, serializedMetadata.length, encryptedRecord.length);
|
||||||
|
return concatenated;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,6 +16,8 @@
|
||||||
*/
|
*/
|
||||||
package org.apache.nifi.repository.encryption.configuration.kms;
|
package org.apache.nifi.repository.encryption.configuration.kms;
|
||||||
|
|
||||||
|
import org.apache.commons.codec.DecoderException;
|
||||||
|
import org.apache.commons.codec.binary.Hex;
|
||||||
import org.apache.nifi.repository.encryption.configuration.EncryptedRepositoryType;
|
import org.apache.nifi.repository.encryption.configuration.EncryptedRepositoryType;
|
||||||
import org.apache.nifi.security.kms.KeyProvider;
|
import org.apache.nifi.security.kms.KeyProvider;
|
||||||
import org.apache.nifi.security.kms.KeyProviderFactory;
|
import org.apache.nifi.security.kms.KeyProviderFactory;
|
||||||
|
@ -29,8 +31,6 @@ import org.apache.nifi.security.util.TlsException;
|
||||||
import org.apache.nifi.util.NiFiBootstrapUtils;
|
import org.apache.nifi.util.NiFiBootstrapUtils;
|
||||||
import org.apache.nifi.util.NiFiProperties;
|
import org.apache.nifi.util.NiFiProperties;
|
||||||
import org.apache.nifi.util.StringUtils;
|
import org.apache.nifi.util.StringUtils;
|
||||||
import org.bouncycastle.util.encoders.DecoderException;
|
|
||||||
import org.bouncycastle.util.encoders.Hex;
|
|
||||||
|
|
||||||
import javax.crypto.SecretKey;
|
import javax.crypto.SecretKey;
|
||||||
import javax.crypto.spec.SecretKeySpec;
|
import javax.crypto.spec.SecretKeySpec;
|
||||||
|
@ -140,7 +140,7 @@ public class StandardRepositoryKeyProviderFactory implements RepositoryKeyProvid
|
||||||
private static SecretKey getRootKey() {
|
private static SecretKey getRootKey() {
|
||||||
try {
|
try {
|
||||||
String rootKeyHex = NiFiBootstrapUtils.extractKeyFromBootstrapFile();
|
String rootKeyHex = NiFiBootstrapUtils.extractKeyFromBootstrapFile();
|
||||||
return new SecretKeySpec(Hex.decode(rootKeyHex), ROOT_KEY_ALGORITHM);
|
return new SecretKeySpec(Hex.decodeHex(rootKeyHex), ROOT_KEY_ALGORITHM);
|
||||||
} catch (final IOException | DecoderException e) {
|
} catch (final IOException | DecoderException e) {
|
||||||
throw new EncryptedConfigurationException("Read Root Key from Bootstrap Failed", e);
|
throw new EncryptedConfigurationException("Read Root Key from Bootstrap Failed", e);
|
||||||
}
|
}
|
||||||
|
|
|
@ -51,24 +51,8 @@
|
||||||
<groupId>commons-logging</groupId>
|
<groupId>commons-logging</groupId>
|
||||||
<artifactId>commons-logging</artifactId>
|
<artifactId>commons-logging</artifactId>
|
||||||
</exclusion>
|
</exclusion>
|
||||||
<exclusion>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcprov-jdk15on</artifactId>
|
|
||||||
</exclusion>
|
|
||||||
<exclusion>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcpkix-jdk15on</artifactId>
|
|
||||||
</exclusion>
|
|
||||||
</exclusions>
|
</exclusions>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcprov-jdk18on</artifactId>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcpkix-jdk18on</artifactId>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>com.google.auth</groupId>
|
<groupId>com.google.auth</groupId>
|
||||||
<artifactId>google-auth-library-oauth2-http</artifactId>
|
<artifactId>google-auth-library-oauth2-http</artifactId>
|
||||||
|
|
|
@ -125,24 +125,8 @@
|
||||||
<groupId>commons-logging</groupId>
|
<groupId>commons-logging</groupId>
|
||||||
<artifactId>commons-logging</artifactId>
|
<artifactId>commons-logging</artifactId>
|
||||||
</exclusion>
|
</exclusion>
|
||||||
<exclusion>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcprov-jdk15on</artifactId>
|
|
||||||
</exclusion>
|
|
||||||
<exclusion>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcpkix-jdk15on</artifactId>
|
|
||||||
</exclusion>
|
|
||||||
</exclusions>
|
</exclusions>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcprov-jdk18on</artifactId>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcpkix-jdk18on</artifactId>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>com.google.cloud</groupId>
|
<groupId>com.google.cloud</groupId>
|
||||||
<artifactId>google-cloud-pubsublite</artifactId>
|
<artifactId>google-cloud-pubsublite</artifactId>
|
||||||
|
@ -151,14 +135,6 @@
|
||||||
<groupId>commons-logging</groupId>
|
<groupId>commons-logging</groupId>
|
||||||
<artifactId>commons-logging</artifactId>
|
<artifactId>commons-logging</artifactId>
|
||||||
</exclusion>
|
</exclusion>
|
||||||
<exclusion>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcprov-jdk15on</artifactId>
|
|
||||||
</exclusion>
|
|
||||||
<exclusion>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcpkix-jdk15on</artifactId>
|
|
||||||
</exclusion>
|
|
||||||
</exclusions>
|
</exclusions>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
|
@ -208,14 +184,6 @@
|
||||||
<groupId>commons-logging</groupId>
|
<groupId>commons-logging</groupId>
|
||||||
<artifactId>commons-logging</artifactId>
|
<artifactId>commons-logging</artifactId>
|
||||||
</exclusion>
|
</exclusion>
|
||||||
<exclusion>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcprov-jdk15on</artifactId>
|
|
||||||
</exclusion>
|
|
||||||
<exclusion>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcpkix-jdk15on</artifactId>
|
|
||||||
</exclusion>
|
|
||||||
</exclusions>
|
</exclusions>
|
||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
|
@ -35,7 +35,6 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.bouncycastle</groupId>
|
<groupId>org.bouncycastle</groupId>
|
||||||
<artifactId>bcprov-jdk18on</artifactId>
|
<artifactId>bcprov-jdk18on</artifactId>
|
||||||
<version>${org.bouncycastle.version}</version>
|
|
||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
</project>
|
</project>
|
||||||
|
|
|
@ -26,12 +26,10 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.bouncycastle</groupId>
|
<groupId>org.bouncycastle</groupId>
|
||||||
<artifactId>bcprov-jdk18on</artifactId>
|
<artifactId>bcprov-jdk18on</artifactId>
|
||||||
<version>${org.bouncycastle.version}</version>
|
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.bouncycastle</groupId>
|
<groupId>org.bouncycastle</groupId>
|
||||||
<artifactId>bcpkix-jdk18on</artifactId>
|
<artifactId>bcpkix-jdk18on</artifactId>
|
||||||
<version>${org.bouncycastle.version}</version>
|
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.commons</groupId>
|
<groupId>org.apache.commons</groupId>
|
||||||
|
|
2
pom.xml
2
pom.xml
|
@ -116,7 +116,7 @@
|
||||||
<org.apache.commons.text.version>1.10.0</org.apache.commons.text.version>
|
<org.apache.commons.text.version>1.10.0</org.apache.commons.text.version>
|
||||||
<org.apache.httpcomponents.httpclient.version>4.5.14</org.apache.httpcomponents.httpclient.version>
|
<org.apache.httpcomponents.httpclient.version>4.5.14</org.apache.httpcomponents.httpclient.version>
|
||||||
<org.apache.httpcomponents.httpcore.version>4.4.16</org.apache.httpcomponents.httpcore.version>
|
<org.apache.httpcomponents.httpcore.version>4.4.16</org.apache.httpcomponents.httpcore.version>
|
||||||
<org.bouncycastle.version>1.71</org.bouncycastle.version>
|
<org.bouncycastle.version>1.74</org.bouncycastle.version>
|
||||||
<testcontainers.version>1.18.3</testcontainers.version>
|
<testcontainers.version>1.18.3</testcontainers.version>
|
||||||
<org.slf4j.version>2.0.7</org.slf4j.version>
|
<org.slf4j.version>2.0.7</org.slf4j.version>
|
||||||
<ranger.version>2.4.0</ranger.version>
|
<ranger.version>2.4.0</ranger.version>
|
||||||
|
|
Loading…
Reference in New Issue