You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ex...@apache.org on 2022/10/21 00:35:41 UTC
[nifi] branch main updated: NIFI-10614 Upgraded Bouncy Castle from 1.70 to 1.71
This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new c155d29658 NIFI-10614 Upgraded Bouncy Castle from 1.70 to 1.71
c155d29658 is described below
commit c155d29658da424cd5356f9f9121a76b08f2bf87
Author: Joe Witt <jo...@apache.org>
AuthorDate: Fri Oct 7 16:11:58 2022 -0700
NIFI-10614 Upgraded Bouncy Castle from 1.70 to 1.71
- Blocked Bouncy Castle jdk15on dependencies
- Forced jdk18on dependencies and validated across entire build
This closes #6498
Signed-off-by: David Handermann <ex...@apache.org>
---
.../minifi-framework/minifi-framework-core/pom.xml | 2 +-
nifi-commons/nifi-property-encryptor/pom.xml | 2 +-
nifi-commons/nifi-property-protection-gcp/pom.xml | 16 ++++++++
nifi-commons/nifi-repository-encryption/pom.xml | 2 +-
nifi-commons/nifi-security-kerberos/pom.xml | 8 ++++
nifi-commons/nifi-security-utils/pom.xml | 4 +-
.../nifi-box-bundle/nifi-box-services-api/pom.xml | 18 +++++++++
.../nifi-flowfile-repo-serialization/pom.xml | 2 +-
.../nifi-framework/nifi-framework-core/pom.xml | 2 +-
.../nifi-web/nifi-web-security/pom.xml | 8 +++-
.../nifi-gcp-parameter-providers/pom.xml | 16 ++++++++
.../nifi-gcp-bundle/nifi-gcp-processors/pom.xml | 24 +++++++++++
.../nifi-hive-bundle/nifi-hive3-processors/pom.xml | 16 ++++++++
.../nifi-iceberg-processors/pom.xml | 8 ++++
.../nifi-media-processors/pom.xml | 32 +++++++++++++++
.../nifi-pgp-bundle/nifi-pgp-processors/pom.xml | 2 +-
.../nifi-pgp-bundle/nifi-pgp-service-api/pom.xml | 2 +-
.../nifi-pgp-bundle/nifi-pgp-service/pom.xml | 2 +-
.../nifi-pgp-bundle/nifi-pgp-test-utils/pom.xml | 2 +-
.../nifi-persistent-provenance-repository/pom.xml | 2 +-
nifi-nar-bundles/nifi-smb-bundle/pom.xml | 10 +++++
.../nifi-standard-processors/pom.xml | 32 +++++++++++++--
.../nifi-key-service/pom.xml | 2 +-
.../nifi-registry-framework/pom.xml | 47 ++++++++++++++++------
.../nifi-registry-properties/pom.xml | 2 +-
.../nifi-registry-security-utils/pom.xml | 4 +-
nifi-toolkit/nifi-toolkit-tls/pom.xml | 4 +-
.../toolkit/tls/util/TlsHelperGroovyTest.groovy | 7 ++--
pom.xml | 24 +++++++++--
29 files changed, 260 insertions(+), 42 deletions(-)
diff --git a/minifi/minifi-nar-bundles/minifi-framework-bundle/minifi-framework/minifi-framework-core/pom.xml b/minifi/minifi-nar-bundles/minifi-framework-bundle/minifi-framework/minifi-framework-core/pom.xml
index 6d11578431..602c15a1d9 100644
--- a/minifi/minifi-nar-bundles/minifi-framework-bundle/minifi-framework/minifi-framework-core/pom.xml
+++ b/minifi/minifi-nar-bundles/minifi-framework-bundle/minifi-framework/minifi-framework-core/pom.xml
@@ -106,7 +106,7 @@ limitations under the License.
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<scope>compile</scope>
</dependency>
</dependencies>
diff --git a/nifi-commons/nifi-property-encryptor/pom.xml b/nifi-commons/nifi-property-encryptor/pom.xml
index dd938f56e3..c11ca02626 100644
--- a/nifi-commons/nifi-property-encryptor/pom.xml
+++ b/nifi-commons/nifi-property-encryptor/pom.xml
@@ -29,7 +29,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
diff --git a/nifi-commons/nifi-property-protection-gcp/pom.xml b/nifi-commons/nifi-property-protection-gcp/pom.xml
index 48c8be5246..0cd1c466de 100644
--- a/nifi-commons/nifi-property-protection-gcp/pom.xml
+++ b/nifi-commons/nifi-property-protection-gcp/pom.xml
@@ -58,7 +58,23 @@
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk18on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk18on</artifactId>
+ </dependency>
</dependencies>
</project>
diff --git a/nifi-commons/nifi-repository-encryption/pom.xml b/nifi-commons/nifi-repository-encryption/pom.xml
index c324fd4caf..43ca06fef3 100644
--- a/nifi-commons/nifi-repository-encryption/pom.xml
+++ b/nifi-commons/nifi-repository-encryption/pom.xml
@@ -39,7 +39,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
</dependency>
</dependencies>
</project>
diff --git a/nifi-commons/nifi-security-kerberos/pom.xml b/nifi-commons/nifi-security-kerberos/pom.xml
index 1b6ee2cf32..8a62d16a20 100644
--- a/nifi-commons/nifi-security-kerberos/pom.xml
+++ b/nifi-commons/nifi-security-kerberos/pom.xml
@@ -54,7 +54,15 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-reload4j</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk18on</artifactId>
+ </dependency>
</dependencies>
</project>
diff --git a/nifi-commons/nifi-security-utils/pom.xml b/nifi-commons/nifi-security-utils/pom.xml
index b535fe3401..8664aa09fe 100644
--- a/nifi-commons/nifi-security-utils/pom.xml
+++ b/nifi-commons/nifi-security-utils/pom.xml
@@ -57,11 +57,11 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
diff --git a/nifi-nar-bundles/nifi-box-bundle/nifi-box-services-api/pom.xml b/nifi-nar-bundles/nifi-box-bundle/nifi-box-services-api/pom.xml
index fc361895e2..22a6b4a692 100644
--- a/nifi-nar-bundles/nifi-box-bundle/nifi-box-services-api/pom.xml
+++ b/nifi-nar-bundles/nifi-box-bundle/nifi-box-services-api/pom.xml
@@ -30,6 +30,24 @@
<groupId>com.box</groupId>
<artifactId>box-java-sdk</artifactId>
<version>3.6.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk18on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-flowfile-repo-serialization/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-flowfile-repo-serialization/pom.xml
index 08d56dcae2..fce2769d71 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-flowfile-repo-serialization/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-flowfile-repo-serialization/pom.xml
@@ -68,7 +68,7 @@
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml
index 67bcf1cd8b..27bfc2981e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml
@@ -127,7 +127,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.core</groupId>
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml
index 00429c7fad..f2554bb62b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml
@@ -170,11 +170,11 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
@@ -214,6 +214,10 @@
<groupId>org.apache.velocity</groupId>
<artifactId>velocity</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-parameter-providers/pom.xml b/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-parameter-providers/pom.xml
index 8791937b2b..370ccb12bd 100644
--- a/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-parameter-providers/pom.xml
+++ b/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-parameter-providers/pom.xml
@@ -52,8 +52,24 @@
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk18on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk18on</artifactId>
+ </dependency>
<dependency>
<groupId>com.google.auth</groupId>
<artifactId>google-auth-library-oauth2-http</artifactId>
diff --git a/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-processors/pom.xml b/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-processors/pom.xml
index 3970bf1e21..71131b9cec 100644
--- a/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-processors/pom.xml
@@ -116,8 +116,24 @@
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk18on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk18on</artifactId>
+ </dependency>
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>google-cloud-pubsublite</artifactId>
@@ -126,6 +142,14 @@
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml
index c42e7bba7c..26363b6473 100644
--- a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml
@@ -246,8 +246,24 @@
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk18on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk18on</artifactId>
+ </dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-mapreduce-client-core</artifactId>
diff --git a/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml b/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml
index 9c40340143..f24be5a078 100644
--- a/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml
@@ -145,8 +145,16 @@
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-yarn-common</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk18on</artifactId>
+ </dependency>
<!-- Test dependencies -->
<dependency>
diff --git a/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml b/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml
index 85834d8e63..8ceb147728 100644
--- a/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml
@@ -73,8 +73,40 @@
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcmail-jdk15on</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcutil-jdk15on</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk18on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk18on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcmail-jdk18on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcutil-jdk18on</artifactId>
+ </dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/pom.xml b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/pom.xml
index 8946a1eb14..1759cc9c03 100644
--- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/pom.xml
@@ -28,7 +28,7 @@
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpg-jdk15on</artifactId>
+ <artifactId>bcpg-jdk18on</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service-api/pom.xml b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service-api/pom.xml
index 5c5af916cd..330c359222 100644
--- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service-api/pom.xml
+++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service-api/pom.xml
@@ -28,7 +28,7 @@
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpg-jdk15on</artifactId>
+ <artifactId>bcpg-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service/pom.xml b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service/pom.xml
index 63f0c4e7cc..335fee0352 100644
--- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service/pom.xml
+++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-service/pom.xml
@@ -34,7 +34,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpg-jdk15on</artifactId>
+ <artifactId>bcpg-jdk18on</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/pom.xml b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/pom.xml
index d0dfd22dd4..2400811e94 100644
--- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/pom.xml
+++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/pom.xml
@@ -28,7 +28,7 @@
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpg-jdk15on</artifactId>
+ <artifactId>bcpg-jdk18on</artifactId>
</dependency>
</dependencies>
</project>
diff --git a/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/pom.xml b/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/pom.xml
index e0ebbe4516..d207290174 100644
--- a/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/pom.xml
+++ b/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/pom.xml
@@ -102,7 +102,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
diff --git a/nifi-nar-bundles/nifi-smb-bundle/pom.xml b/nifi-nar-bundles/nifi-smb-bundle/pom.xml
index 20b6a7e54d..2f9e13e602 100644
--- a/nifi-nar-bundles/nifi-smb-bundle/pom.xml
+++ b/nifi-nar-bundles/nifi-smb-bundle/pom.xml
@@ -40,6 +40,16 @@
<groupId>com.hierynomus</groupId>
<artifactId>smbj</artifactId>
<version>0.11.5</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>net.engio</groupId>
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
index ec34cc4c3b..7101acd05e 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
@@ -147,15 +147,15 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpg-jdk15on</artifactId>
+ <artifactId>bcpg-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
@@ -175,6 +175,32 @@
<dependency>
<groupId>com.hierynomus</groupId>
<artifactId>sshj</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcutil-jdk15on</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk18on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk18on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcutil-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>com.exceptionfactory.socketbroker</groupId>
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/pom.xml
index 7da2104334..7494e92f9f 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/pom.xml
@@ -39,7 +39,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-framework/pom.xml b/nifi-registry/nifi-registry-core/nifi-registry-framework/pom.xml
index 89dcd7052e..77dcc7e5a4 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-framework/pom.xml
+++ b/nifi-registry/nifi-registry-core/nifi-registry-framework/pom.xml
@@ -258,17 +258,6 @@
</exclusion>
</exclusions>
</dependency>
- <dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
- <version>${org.bouncycastle.version}</version>
- </dependency>
- <!-- JGit depends on bcpg so declare a consistent version with our other bouncy castle deps -->
- <dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcpg-jdk15on</artifactId>
- <version>${org.bouncycastle.version}</version>
- </dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
@@ -336,6 +325,40 @@
<groupId>org.eclipse.jgit</groupId>
<artifactId>org.eclipse.jgit.gpg.bc</artifactId>
<version>${jgit.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpg-jdk15on</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcutil-jdk15on</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk18on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk18on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpg-jdk18on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcutil-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.eclipse.jgit</groupId>
@@ -349,7 +372,7 @@
<dependency>
<groupId>com.jcraft</groupId>
<artifactId>jsch</artifactId>
- <version>0.1.54</version>
+ <version>0.1.55</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-properties/pom.xml b/nifi-registry/nifi-registry-core/nifi-registry-properties/pom.xml
index 3934cef622..29f61e006c 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-properties/pom.xml
+++ b/nifi-registry/nifi-registry-core/nifi-registry-properties/pom.xml
@@ -52,7 +52,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<version>${org.bouncycastle.version}</version>
</dependency>
<dependency>
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-security-utils/pom.xml b/nifi-registry/nifi-registry-core/nifi-registry-security-utils/pom.xml
index 5adcd7b130..5ac010472f 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-security-utils/pom.xml
+++ b/nifi-registry/nifi-registry-core/nifi-registry-security-utils/pom.xml
@@ -25,12 +25,12 @@
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<version>${org.bouncycastle.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
<version>${org.bouncycastle.version}</version>
</dependency>
<dependency>
diff --git a/nifi-toolkit/nifi-toolkit-tls/pom.xml b/nifi-toolkit/nifi-toolkit-tls/pom.xml
index 31ead502bb..59dd7dad50 100644
--- a/nifi-toolkit/nifi-toolkit-tls/pom.xml
+++ b/nifi-toolkit/nifi-toolkit-tls/pom.xml
@@ -47,11 +47,11 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>commons-cli</groupId>
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/groovy/org/apache/nifi/toolkit/tls/util/TlsHelperGroovyTest.groovy b/nifi-toolkit/nifi-toolkit-tls/src/test/groovy/org/apache/nifi/toolkit/tls/util/TlsHelperGroovyTest.groovy
index 997cb51125..4004bfb76a 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/test/groovy/org/apache/nifi/toolkit/tls/util/TlsHelperGroovyTest.groovy
+++ b/nifi-toolkit/nifi-toolkit-tls/src/test/groovy/org/apache/nifi/toolkit/tls/util/TlsHelperGroovyTest.groovy
@@ -30,11 +30,12 @@ import java.security.Security
import java.security.cert.X509Certificate
class TlsHelperGroovyTest {
- private final BCRSAPublicKey BAD_PUBLIC_KEY = new BCRSAPublicKey(new RSAKeyParameters(false, new BigInteger("1", 10), new BigInteger("1", 10)))
@BeforeAll
static void setProvider() {
+ System.setProperty("org.bouncycastle.rsa.allow_unsafe_mod","true")
Security.addProvider(new BouncyCastleProvider())
+ BCRSAPublicKey badPublicKey = new BCRSAPublicKey(new RSAKeyParameters(false, new BigInteger("3", 10), new BigInteger("1", 10)))
}
@Test
@@ -55,7 +56,7 @@ class TlsHelperGroovyTest {
X509Certificate mockCertificate = [
getSubjectX500Principal: { -> new X500Principal("CN=Mock Certificate") },
- getPublicKey : { -> BAD_PUBLIC_KEY }
+ getPublicKey : { -> badPublicKey }
] as X509Certificate
boolean isCertificateSigned = TlsHelper.verifyCertificateSignature(certificate, [mockCertificate, certificate])
@@ -80,7 +81,7 @@ class TlsHelperGroovyTest {
X509Certificate mockCertificate = [
getSubjectX500Principal: { -> new X500Principal("CN=Mock Certificate") },
- getPublicKey : { -> BAD_PUBLIC_KEY }
+ getPublicKey : { -> badPublicKey }
] as X509Certificate
boolean isCertificateSigned = TlsHelper.verifyCertificateSignature(certificate, [mockCertificate])
diff --git a/pom.xml b/pom.xml
index 3151c27237..9a6da6732a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -114,7 +114,7 @@
<org.apache.commons.text.version>1.10.0</org.apache.commons.text.version>
<org.apache.httpcomponents.httpclient.version>4.5.13</org.apache.httpcomponents.httpclient.version>
<org.apache.httpcomponents.httpcore.version>4.4.15</org.apache.httpcomponents.httpcore.version>
- <org.bouncycastle.version>1.70</org.bouncycastle.version>
+ <org.bouncycastle.version>1.71</org.bouncycastle.version>
<testcontainers.version>1.17.5</testcontainers.version>
<org.slf4j.version>1.7.36</org.slf4j.version>
<ranger.version>2.3.0</ranger.version>
@@ -206,17 +206,27 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<version>${org.bouncycastle.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
<version>${org.bouncycastle.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpg-jdk15on</artifactId>
+ <artifactId>bcpg-jdk18on</artifactId>
+ <version>${org.bouncycastle.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcutil-jdk18on</artifactId>
+ <version>${org.bouncycastle.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcmail-jdk18on</artifactId>
<version>${org.bouncycastle.version}</version>
</dependency>
<dependency>
@@ -911,6 +921,12 @@
<exclude>commons-logging:commons-logging:*</exclude>
<!-- Apache Xalan is no longer maintained and is bundled in the standard JRE -->
<exclude>xalan:xalan</exclude>
+ <!-- As of Bouncycastle 1.71 Java 8 is the minimum required so jdk15on artifacts not allowed -->
+ <exclude>org.bouncycastle:bcprov-jdk15on</exclude>
+ <exclude>org.bouncycastle:bcpg-jdk15on</exclude>
+ <exclude>org.bouncycastle:bcpkix-jdk15on</exclude>
+ <exclude>org.bouncycastle:bcutil-jdk15on</exclude>
+ <exclude>org.bouncycastle:bcmail-jdk15on</exclude>
</excludes>
<includes>
<!-- Versions of JSR305 after 3.0.1 are allowed https://github.com/findbugsproject/findbugs/issues/128 -->