diff --git a/minifi/minifi-nar-bundles/minifi-framework-bundle/minifi-framework/minifi-framework-core/pom.xml b/minifi/minifi-nar-bundles/minifi-framework-bundle/minifi-framework/minifi-framework-core/pom.xml
index 6d11578431..602c15a1d9 100644
--- a/minifi/minifi-nar-bundles/minifi-framework-bundle/minifi-framework/minifi-framework-core/pom.xml
+++ b/minifi/minifi-nar-bundles/minifi-framework-bundle/minifi-framework/minifi-framework-core/pom.xml
@@ -106,7 +106,7 @@ limitations under the License.
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
compile
diff --git a/nifi-commons/nifi-property-encryptor/pom.xml b/nifi-commons/nifi-property-encryptor/pom.xml
index dd938f56e3..c11ca02626 100644
--- a/nifi-commons/nifi-property-encryptor/pom.xml
+++ b/nifi-commons/nifi-property-encryptor/pom.xml
@@ -29,7 +29,7 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
org.apache.commons
diff --git a/nifi-commons/nifi-property-protection-gcp/pom.xml b/nifi-commons/nifi-property-protection-gcp/pom.xml
index 48c8be5246..0cd1c466de 100644
--- a/nifi-commons/nifi-property-protection-gcp/pom.xml
+++ b/nifi-commons/nifi-property-protection-gcp/pom.xml
@@ -58,7 +58,23 @@
commons-logging
commons-logging
+
+ org.bouncycastle
+ bcprov-jdk15on
+
+
+ org.bouncycastle
+ bcpkix-jdk15on
+
+
+ org.bouncycastle
+ bcprov-jdk18on
+
+
+ org.bouncycastle
+ bcpkix-jdk18on
+
diff --git a/nifi-commons/nifi-repository-encryption/pom.xml b/nifi-commons/nifi-repository-encryption/pom.xml
index c324fd4caf..43ca06fef3 100644
--- a/nifi-commons/nifi-repository-encryption/pom.xml
+++ b/nifi-commons/nifi-repository-encryption/pom.xml
@@ -39,7 +39,7 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
diff --git a/nifi-commons/nifi-security-kerberos/pom.xml b/nifi-commons/nifi-security-kerberos/pom.xml
index 1b6ee2cf32..8a62d16a20 100644
--- a/nifi-commons/nifi-security-kerberos/pom.xml
+++ b/nifi-commons/nifi-security-kerberos/pom.xml
@@ -54,7 +54,15 @@
org.slf4j
slf4j-reload4j
+
+ org.bouncycastle
+ bcprov-jdk15on
+
+
+ org.bouncycastle
+ bcprov-jdk18on
+
diff --git a/nifi-commons/nifi-security-utils/pom.xml b/nifi-commons/nifi-security-utils/pom.xml
index b535fe3401..8664aa09fe 100644
--- a/nifi-commons/nifi-security-utils/pom.xml
+++ b/nifi-commons/nifi-security-utils/pom.xml
@@ -57,11 +57,11 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
org.apache.nifi
diff --git a/nifi-nar-bundles/nifi-box-bundle/nifi-box-services-api/pom.xml b/nifi-nar-bundles/nifi-box-bundle/nifi-box-services-api/pom.xml
index fc361895e2..22a6b4a692 100644
--- a/nifi-nar-bundles/nifi-box-bundle/nifi-box-services-api/pom.xml
+++ b/nifi-nar-bundles/nifi-box-bundle/nifi-box-services-api/pom.xml
@@ -30,6 +30,24 @@
com.box
box-java-sdk
3.6.0
+
+
+ org.bouncycastle
+ bcprov-jdk15on
+
+
+ org.bouncycastle
+ bcpkix-jdk15on
+
+
+
+
+ org.bouncycastle
+ bcprov-jdk18on
+
+
+ org.bouncycastle
+ bcpkix-jdk18on
org.apache.nifi
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-flowfile-repo-serialization/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-flowfile-repo-serialization/pom.xml
index 08d56dcae2..fce2769d71 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-flowfile-repo-serialization/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-flowfile-repo-serialization/pom.xml
@@ -68,7 +68,7 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
test
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml
index 67bcf1cd8b..27bfc2981e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml
@@ -127,7 +127,7 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
org.glassfish.jersey.core
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml
index 00429c7fad..f2554bb62b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml
@@ -170,11 +170,11 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
org.springframework
@@ -214,6 +214,10 @@
org.apache.velocity
velocity
+
+ org.bouncycastle
+ bcprov-jdk15on
+
diff --git a/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-parameter-providers/pom.xml b/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-parameter-providers/pom.xml
index 8791937b2b..370ccb12bd 100644
--- a/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-parameter-providers/pom.xml
+++ b/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-parameter-providers/pom.xml
@@ -52,8 +52,24 @@
commons-logging
commons-logging
+
+ org.bouncycastle
+ bcprov-jdk15on
+
+
+ org.bouncycastle
+ bcpkix-jdk15on
+
+
+ org.bouncycastle
+ bcprov-jdk18on
+
+
+ org.bouncycastle
+ bcpkix-jdk18on
+
com.google.auth
google-auth-library-oauth2-http
diff --git a/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-processors/pom.xml b/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-processors/pom.xml
index 3970bf1e21..71131b9cec 100644
--- a/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-processors/pom.xml
@@ -116,8 +116,24 @@
commons-logging
commons-logging
+
+ org.bouncycastle
+ bcprov-jdk15on
+
+
+ org.bouncycastle
+ bcpkix-jdk15on
+
+
+ org.bouncycastle
+ bcprov-jdk18on
+
+
+ org.bouncycastle
+ bcpkix-jdk18on
+
com.google.cloud
google-cloud-pubsublite
@@ -126,6 +142,14 @@
commons-logging
commons-logging
+
+ org.bouncycastle
+ bcprov-jdk15on
+
+
+ org.bouncycastle
+ bcpkix-jdk15on
+
diff --git a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml
index c42e7bba7c..26363b6473 100644
--- a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml
@@ -246,8 +246,24 @@
commons-logging
commons-logging
+
+ org.bouncycastle
+ bcprov-jdk15on
+
+
+ org.bouncycastle
+ bcpkix-jdk15on
+
+
+ org.bouncycastle
+ bcprov-jdk18on
+
+
+ org.bouncycastle
+ bcpkix-jdk18on
+
org.apache.hadoop
hadoop-mapreduce-client-core
diff --git a/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml b/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml
index 9c40340143..f24be5a078 100644
--- a/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml
@@ -145,8 +145,16 @@
org.apache.hadoop
hadoop-yarn-common
+
+ org.bouncycastle
+ bcprov-jdk15on
+
+
+ org.bouncycastle
+ bcprov-jdk18on
+
diff --git a/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml b/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml
index 85834d8e63..8ceb147728 100644
--- a/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml
@@ -73,8 +73,40 @@
commons-logging
commons-logging
+
+ org.bouncycastle
+ bcprov-jdk15on
+
+
+ org.bouncycastle
+ bcpkix-jdk15on
+
+
+ org.bouncycastle
+ bcmail-jdk15on
+
+
+ org.bouncycastle
+ bcutil-jdk15on
+
+
+ org.bouncycastle
+ bcprov-jdk18on
+
+
+ org.bouncycastle
+ bcpkix-jdk18on
+
+
+ org.bouncycastle
+ bcmail-jdk18on
+
+
+ org.bouncycastle
+ bcutil-jdk18on
+
org.slf4j
jcl-over-slf4j
diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/pom.xml b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/pom.xml
index 8946a1eb14..1759cc9c03 100644
--- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/pom.xml
@@ -28,7 +28,7 @@
org.bouncycastle
- bcpg-jdk15on
+ bcpg-jdk18on
provided
diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service-api/pom.xml b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service-api/pom.xml
index 5c5af916cd..330c359222 100644
--- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service-api/pom.xml
+++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service-api/pom.xml
@@ -28,7 +28,7 @@
org.bouncycastle
- bcpg-jdk15on
+ bcpg-jdk18on
org.apache.nifi
diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service/pom.xml b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service/pom.xml
index 63f0c4e7cc..335fee0352 100644
--- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service/pom.xml
+++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service/pom.xml
@@ -34,7 +34,7 @@
org.bouncycastle
- bcpg-jdk15on
+ bcpg-jdk18on
provided
diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/pom.xml b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/pom.xml
index d0dfd22dd4..2400811e94 100644
--- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/pom.xml
+++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/pom.xml
@@ -28,7 +28,7 @@
org.bouncycastle
- bcpg-jdk15on
+ bcpg-jdk18on
diff --git a/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/pom.xml b/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/pom.xml
index e0ebbe4516..d207290174 100644
--- a/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/pom.xml
+++ b/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/pom.xml
@@ -102,7 +102,7 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
test
diff --git a/nifi-nar-bundles/nifi-smb-bundle/pom.xml b/nifi-nar-bundles/nifi-smb-bundle/pom.xml
index 20b6a7e54d..2f9e13e602 100644
--- a/nifi-nar-bundles/nifi-smb-bundle/pom.xml
+++ b/nifi-nar-bundles/nifi-smb-bundle/pom.xml
@@ -40,6 +40,16 @@
com.hierynomus
smbj
0.11.5
+
+
+ org.bouncycastle
+ bcprov-jdk15on
+
+
+
+
+ org.bouncycastle
+ bcprov-jdk18on
net.engio
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
index ec34cc4c3b..7101acd05e 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
@@ -147,15 +147,15 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
org.bouncycastle
- bcpg-jdk15on
+ bcpg-jdk18on
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
commons-codec
@@ -175,6 +175,32 @@
com.hierynomus
sshj
+
+
+ org.bouncycastle
+ bcprov-jdk15on
+
+
+ org.bouncycastle
+ bcpkix-jdk15on
+
+
+ org.bouncycastle
+ bcutil-jdk15on
+
+
+
+
+ org.bouncycastle
+ bcprov-jdk18on
+
+
+ org.bouncycastle
+ bcpkix-jdk18on
+
+
+ org.bouncycastle
+ bcutil-jdk18on
com.exceptionfactory.socketbroker
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/pom.xml
index 7da2104334..7494e92f9f 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/pom.xml
@@ -39,7 +39,7 @@
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
org.apache.nifi
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-framework/pom.xml b/nifi-registry/nifi-registry-core/nifi-registry-framework/pom.xml
index 89dcd7052e..77dcc7e5a4 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-framework/pom.xml
+++ b/nifi-registry/nifi-registry-core/nifi-registry-framework/pom.xml
@@ -258,17 +258,6 @@
-
- org.bouncycastle
- bcprov-jdk15on
- ${org.bouncycastle.version}
-
-
-
- org.bouncycastle
- bcpg-jdk15on
- ${org.bouncycastle.version}
-
commons-io
commons-io
@@ -336,6 +325,40 @@
org.eclipse.jgit
org.eclipse.jgit.gpg.bc
${jgit.version}
+
+
+ org.bouncycastle
+ bcprov-jdk15on
+
+
+ org.bouncycastle
+ bcpkix-jdk15on
+
+
+ org.bouncycastle
+ bcpg-jdk15on
+
+
+ org.bouncycastle
+ bcutil-jdk15on
+
+
+
+
+ org.bouncycastle
+ bcprov-jdk18on
+
+
+ org.bouncycastle
+ bcpkix-jdk18on
+
+
+ org.bouncycastle
+ bcpg-jdk18on
+
+
+ org.bouncycastle
+ bcutil-jdk18on
org.eclipse.jgit
@@ -349,7 +372,7 @@
com.jcraft
jsch
- 0.1.54
+ 0.1.55
com.fasterxml.jackson.core
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-properties/pom.xml b/nifi-registry/nifi-registry-core/nifi-registry-properties/pom.xml
index 3934cef622..29f61e006c 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-properties/pom.xml
+++ b/nifi-registry/nifi-registry-core/nifi-registry-properties/pom.xml
@@ -52,7 +52,7 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${org.bouncycastle.version}
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-security-utils/pom.xml b/nifi-registry/nifi-registry-core/nifi-registry-security-utils/pom.xml
index 5adcd7b130..5ac010472f 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-security-utils/pom.xml
+++ b/nifi-registry/nifi-registry-core/nifi-registry-security-utils/pom.xml
@@ -25,12 +25,12 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${org.bouncycastle.version}
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
${org.bouncycastle.version}
diff --git a/nifi-toolkit/nifi-toolkit-tls/pom.xml b/nifi-toolkit/nifi-toolkit-tls/pom.xml
index 31ead502bb..59dd7dad50 100644
--- a/nifi-toolkit/nifi-toolkit-tls/pom.xml
+++ b/nifi-toolkit/nifi-toolkit-tls/pom.xml
@@ -47,11 +47,11 @@
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
commons-cli
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/groovy/org/apache/nifi/toolkit/tls/util/TlsHelperGroovyTest.groovy b/nifi-toolkit/nifi-toolkit-tls/src/test/groovy/org/apache/nifi/toolkit/tls/util/TlsHelperGroovyTest.groovy
index 997cb51125..4004bfb76a 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/test/groovy/org/apache/nifi/toolkit/tls/util/TlsHelperGroovyTest.groovy
+++ b/nifi-toolkit/nifi-toolkit-tls/src/test/groovy/org/apache/nifi/toolkit/tls/util/TlsHelperGroovyTest.groovy
@@ -30,11 +30,12 @@ import java.security.Security
import java.security.cert.X509Certificate
class TlsHelperGroovyTest {
- private final BCRSAPublicKey BAD_PUBLIC_KEY = new BCRSAPublicKey(new RSAKeyParameters(false, new BigInteger("1", 10), new BigInteger("1", 10)))
@BeforeAll
static void setProvider() {
+ System.setProperty("org.bouncycastle.rsa.allow_unsafe_mod","true")
Security.addProvider(new BouncyCastleProvider())
+ BCRSAPublicKey badPublicKey = new BCRSAPublicKey(new RSAKeyParameters(false, new BigInteger("3", 10), new BigInteger("1", 10)))
}
@Test
@@ -55,7 +56,7 @@ class TlsHelperGroovyTest {
X509Certificate mockCertificate = [
getSubjectX500Principal: { -> new X500Principal("CN=Mock Certificate") },
- getPublicKey : { -> BAD_PUBLIC_KEY }
+ getPublicKey : { -> badPublicKey }
] as X509Certificate
boolean isCertificateSigned = TlsHelper.verifyCertificateSignature(certificate, [mockCertificate, certificate])
@@ -80,7 +81,7 @@ class TlsHelperGroovyTest {
X509Certificate mockCertificate = [
getSubjectX500Principal: { -> new X500Principal("CN=Mock Certificate") },
- getPublicKey : { -> BAD_PUBLIC_KEY }
+ getPublicKey : { -> badPublicKey }
] as X509Certificate
boolean isCertificateSigned = TlsHelper.verifyCertificateSignature(certificate, [mockCertificate])
diff --git a/pom.xml b/pom.xml
index 3151c27237..9a6da6732a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -114,7 +114,7 @@
1.10.0
4.5.13
4.4.15
- 1.70
+ 1.71
1.17.5
1.7.36
2.3.0
@@ -206,17 +206,27 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${org.bouncycastle.version}
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
${org.bouncycastle.version}
org.bouncycastle
- bcpg-jdk15on
+ bcpg-jdk18on
+ ${org.bouncycastle.version}
+
+
+ org.bouncycastle
+ bcutil-jdk18on
+ ${org.bouncycastle.version}
+
+
+ org.bouncycastle
+ bcmail-jdk18on
${org.bouncycastle.version}
@@ -911,6 +921,12 @@
commons-logging:commons-logging:*
xalan:xalan
+
+ org.bouncycastle:bcprov-jdk15on
+ org.bouncycastle:bcpg-jdk15on
+ org.bouncycastle:bcpkix-jdk15on
+ org.bouncycastle:bcutil-jdk15on
+ org.bouncycastle:bcmail-jdk15on