[
https://issues.apache.org/jira/browse/NIFI-1324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15093976#comment-15093976
]
ASF subversion and git services commented on NIFI-1324:
-------------------------------------------------------
Commit ffbfffce6dd381ffdac5704ef2279f1fe5345e89 in nifi's branch
refs/heads/master from [~alopresto]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=ffbfffc ]
NIFI-1324:
Changed Maven dependencies for BouncyCastle bcprov and bcpg from jdk16:1.46 to
jdk15on:1.53 (kept nifi-web-security on jdk16:1.46 because jdk15on:1.53 splits
OCSP logic into new module bcpkix).
Added individual unit tests for PGP public keyring validation.
Passes all legacy unit tests.
Added TODOs for customizable brick encryption and refactoring shared code.
Cleaned up magic numbers to constants.
Added unit tests for OpenPGPPasswordBasedEncryptor (internal consistency and
legacy file decrypt).
Began refactoring shared encrypt code from OpenPGP* implementations.
Extracted encrypt utility method from OpenPGPPasswordBasedEncryptor to PGPUtil
class.
Added test resources (signed and unsigned key-encrypted files).
Added unit tests for OpenPGPKeyBasedEncryptor (internal consistency and
external file decrypt).
Changed BC dependency for nifi-web-security to bcprov-jdk15on:1.53 and
bcpkix-jdk15on:1.53.
Updated OCSPValidator to use new BC logic for OCSP validation. This code
compiles but should be fully audited, as the legacy OCSP validation was not
completely implemented.
Added skeleton of OCSP validator unit tests with successful keypair and
certificate generation and signing code.
Added further unit tests for issued certificates.
Annotated unimplemented unit tests with note about Groovy integration.
Refactored Jersey call in OCSPCertificateValidator to internal method.
Added toString() to NiFi local OcspRequest.
Implemented positive & negative unit tests with cache injection for
valid/revoked OCSP certificate.
Resolved contrib-check issues.
Removed ignored code in unit test.
Signed-off-by: Matt Gilman <[email protected]>
> Upgrade to correct version of BouncyCastle
> ------------------------------------------
>
> Key: NIFI-1324
> URL: https://issues.apache.org/jira/browse/NIFI-1324
> Project: Apache NiFi
> Issue Type: Task
> Components: Core Framework
> Affects Versions: 0.4.1
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Labels: dependencies, security
> Fix For: 0.5.0
>
>
> The existing Maven dependencies are for
> {{org.bouncycastle:bcprov-jdk16:1.46}} and
> {{org.bouncycastle:bcpg-jdk16:1.46}}. While {{jdk16}} looks "newer" than
> {{jdk15on}}, this was actually a legacy mistake on the part of BouncyCastle
> versioning. The correct and current version of BouncyCastle is {{jdk15on}},
> as evidenced by the age of the releases:
> * jdk15on: 03/2012 - 10/2015 "The Bouncy Castle Crypto package is a Java
> implementation of cryptographic algorithms. This jar contains JCE provider
> and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to
> JDK 1.8." (http://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on)
> * jdk16: 11/2007 - 02/2011 "The Bouncy Castle Crypto package is a Java
> implementation of cryptographic algorithms. This jar contains JCE provider
> and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.6."
> (http://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk16)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
