This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push: new f91d6c4 NIFI-7268 Removed org.mindrot.jBcrypt library and replaced with at.fa… (#4151) f91d6c4 is described below commit f91d6c420d78aa000f1cc894636f56b533b589b8 Author: M Tien <56892372+mtien-apa...@users.noreply.github.com> AuthorDate: Tue Mar 17 19:49:15 2020 -0700 NIFI-7268 Removed org.mindrot.jBcrypt library and replaced with at.fa… (#4151) * NIFI-7268 Removed org.mindrot.jBcrypt library and replaced with at.favre.lib.bcrypt library. Updated LICENSE and NOTICE files to reflect changes. Updated unit tests. Co-authored-by: Andy LoPresto <alopre...@apache.org> * NIFI-7268 Fixed typo in Javadoc. Co-authored-by: Andy LoPresto <alopre...@apache.org> --- LICENSE | 17 ----- nifi-assembly/LICENSE | 17 ----- nifi-assembly/pom.xml | 4 +- nifi-commons/nifi-security-utils/pom.xml | 9 +-- .../security/util/crypto/BcryptCipherProvider.java | 79 +++++++++++++++++----- .../crypto/BcryptCipherProviderGroovyTest.groovy | 45 ++++++------ .../src/main/resources/META-INF/LICENSE | 17 ----- .../src/main/resources/META-INF/LICENSE | 19 ------ .../src/main/resources/META-INF/LICENSE | 21 ------ .../src/main/resources/META-INF/LICENSE | 17 ----- .../src/main/resources/META-INF/LICENSE | 19 +----- .../src/main/resources/META-INF/LICENSE | 17 ----- .../nifi-standard-processors/pom.xml | 5 +- nifi-nar-bundles/nifi-standard-bundle/pom.xml | 6 +- 14 files changed, 97 insertions(+), 195 deletions(-) diff --git a/LICENSE b/LICENSE index e6f09b4..f1db125 100644 --- a/LICENSE +++ b/LICENSE @@ -298,23 +298,6 @@ This product bundles HexViewJS available under an MIT License TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -This product bundles 'jBCrypt' which is available under an MIT license. -For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE - - Copyright (c) 2006 Damien Miller <d...@mindrot.org> - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - This product bundles 'Fontello' which is available under an MIT license. Copyright (C) 2011 by Vitaly Puzrin diff --git a/nifi-assembly/LICENSE b/nifi-assembly/LICENSE index d61cb40..345c887 100644 --- a/nifi-assembly/LICENSE +++ b/nifi-assembly/LICENSE @@ -1658,23 +1658,6 @@ information can be found here: OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -This product bundles 'jBCrypt' which is available under an MIT license. -For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE - - Copyright (c) 2006 Damien Miller <d...@mindrot.org> - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - This product bundles 'js-beautify' which is available under an MIT license. Copyright (c) 2007-2013 Einar Lielmanis and contributors. diff --git a/nifi-assembly/pom.xml b/nifi-assembly/pom.xml index ef8d3d0..7ee07c3 100644 --- a/nifi-assembly/pom.xml +++ b/nifi-assembly/pom.xml @@ -1108,7 +1108,7 @@ language governing permissions and limitations under the License. --> <exclude>com.fasterxml.jackson.core:jackson-core</exclude> <exclude>com.fasterxml.jackson.core:jackson-databind</exclude> <exclude>com.jayway.jsonpath:json-path</exclude> - <exclude>de.svenkubiak:jBCrypt</exclude> + <exclude>at.favre.lib:bcrypt</exclude> <exclude>net.java.dev.jna:jna</exclude> <exclude>net.java.dev.jna:jna-platform</exclude> <exclude>net.minidev:json-smart</exclude> @@ -1165,7 +1165,7 @@ language governing permissions and limitations under the License. --> <include>com.fasterxml.jackson.core:jackson-core</include> <include>com.fasterxml.jackson.core:jackson-databind</include> <include>com.jayway.jsonpath:json-path</include> - <include>de.svenkubiak:jBCrypt</include> + <include>at.favre.lib:bcrypt</include> <include>net.java.dev.jna:jna</include> <include>net.java.dev.jna:jna-platform</include> <include>net.minidev:json-smart</include> diff --git a/nifi-commons/nifi-security-utils/pom.xml b/nifi-commons/nifi-security-utils/pom.xml index 54ba633..a15b480 100644 --- a/nifi-commons/nifi-security-utils/pom.xml +++ b/nifi-commons/nifi-security-utils/pom.xml @@ -68,10 +68,9 @@ <version>1.12.0-SNAPSHOT</version> </dependency> <dependency> - <groupId>de.svenkubiak</groupId> - <artifactId>jBCrypt</artifactId> - <version>0.4.1</version> - <scope>compile</scope> + <groupId>at.favre.lib</groupId> + <artifactId>bcrypt</artifactId> + <version>0.9.0</version> </dependency> <!-- Test Dependencies --> <dependency> @@ -100,8 +99,6 @@ <configuration> <excludes combine.children="append"> <exclude>src/test/resources/xxe_template.xml</exclude> - <!-- This file is copied from https://github.com/jeremyh/jBCrypt -because the binary is compiled for Java 8 and we must support Java 7 --> </excludes> </configuration> </plugin> diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/BcryptCipherProvider.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/BcryptCipherProvider.java index c79bd20..7a22263 100644 --- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/BcryptCipherProvider.java +++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/BcryptCipherProvider.java @@ -16,21 +16,24 @@ */ package org.apache.nifi.security.util.crypto; -import java.nio.charset.StandardCharsets; -import java.security.MessageDigest; -import java.util.Arrays; -import java.util.regex.Matcher; -import java.util.regex.Pattern; -import javax.crypto.Cipher; -import javax.crypto.SecretKey; -import javax.crypto.spec.SecretKeySpec; +import at.favre.lib.crypto.bcrypt.BCrypt; +import at.favre.lib.crypto.bcrypt.Radix64Encoder; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.processor.exception.ProcessException; import org.apache.nifi.security.util.EncryptionMethod; -import org.mindrot.jbcrypt.BCrypt; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.spec.SecretKeySpec; +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.security.SecureRandom; +import java.util.Arrays; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + public class BcryptCipherProvider extends RandomIVPBECipherProvider { private static final Logger logger = LoggerFactory.getLogger(BcryptCipherProvider.class); @@ -94,7 +97,7 @@ public class BcryptCipherProvider extends RandomIVPBECipherProvider { /** * Returns an initialized cipher for the specified algorithm. The key (and IV if necessary) are derived by the KDF of the implementation. - * + * <p> * The IV can be retrieved by the calling method using {@link Cipher#getIV()}. * * @param encryptionMethod the {@link EncryptionMethod} @@ -127,12 +130,11 @@ public class BcryptCipherProvider extends RandomIVPBECipherProvider { final String cipherName = CipherUtility.parseCipherFromAlgorithm(algorithm); if (!CipherUtility.isValidKeyLength(keyLength, cipherName)) { - throw new IllegalArgumentException(String.valueOf(keyLength) + " is not a valid key length for " + cipherName); + throw new IllegalArgumentException(keyLength + " is not a valid key length for " + cipherName); } - String bcryptSalt = formatSaltForBcrypt(salt); - - String hash = BCrypt.hashpw(password, bcryptSalt); + byte[] rawSalt = extractRawSalt(salt); + String hash = new String(BCrypt.withDefaults().hash(workFactor, rawSalt, password.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8); /* The SHA-512 hash is required in order to derive a key longer than 184 bits (the resulting size of the Bcrypt hash) and ensuring the avalanche effect causes higher key entropy (if all derived keys follow a consistent pattern, it weakens the strength of the encryption) */ @@ -145,7 +147,7 @@ public class BcryptCipherProvider extends RandomIVPBECipherProvider { return keyedCipherProvider.getCipher(encryptionMethod, tempKey, iv, encryptMode); } - private String formatSaltForBcrypt(byte[] salt) { + private static String formatSaltForBcrypt(byte[] salt) { if (salt == null || salt.length == 0) { throw new IllegalArgumentException("The salt cannot be empty. To generate a salt, use BcryptCipherProvider#generateSalt()"); } @@ -160,9 +162,54 @@ public class BcryptCipherProvider extends RandomIVPBECipherProvider { } } + /** + * Returns the full salt in a {@code byte[]} for this cipher provider (i.e. {@code $2a$10$abcdef...} format). + * + * @return the full salt as a byte[] + */ @Override public byte[] generateSalt() { - return BCrypt.gensalt(workFactor).getBytes(StandardCharsets.UTF_8); + byte[] salt = new byte[DEFAULT_SALT_LENGTH]; + SecureRandom sr = new SecureRandom(); + sr.nextBytes(salt); + // TODO: This library allows for 2a, 2b, and 2y versions so this should be changed to be configurable + String saltString = "$2a$" + + StringUtils.leftPad(String.valueOf(workFactor), 2, "0") + + "$" + new String(new Radix64Encoder.Default().encode(salt), StandardCharsets.UTF_8); + return saltString.getBytes(StandardCharsets.UTF_8); + } + + /** + * Returns the raw salt as a {@code byte[]} extracted from the Bcrypt formatted salt byte[]. + * + * @param fullSalt the Bcrypt salt sequence as bytes + * @return the raw salt (16 bytes) without Radix 64 encoding + */ + public static byte[] extractRawSalt(byte[] fullSalt) { + try { + String formattedSalt = formatSaltForBcrypt(fullSalt); + String rawSalt = formattedSalt.substring(formattedSalt.lastIndexOf("$") + 1); + if (rawSalt.length() != 22) { + throw new IllegalArgumentException("The formatted salt did not contain a raw salt"); + } + return new Radix64Encoder.Default().decode(rawSalt.getBytes(StandardCharsets.UTF_8)); + } catch (IllegalArgumentException e) { + logger.warn("Unable to extract a raw salt from bcrypt salt {}", new String(fullSalt, StandardCharsets.UTF_8)); + throw e; + } + } + + /** + * Returns the raw salt as a {@code byte[]} extracted from the Bcrypt formatted salt String. + * + * @param fullSalt the Bcrypt salt sequence + * @return the raw salt (16 bytes) + */ + public static byte[] extractRawSalt(String fullSalt) { + if (fullSalt == null) { + return new byte[0]; + } + return extractRawSalt(fullSalt.getBytes(StandardCharsets.UTF_8)); } @Override diff --git a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/BcryptCipherProviderGroovyTest.groovy b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/BcryptCipherProviderGroovyTest.groovy index ab5647d..5aa5aec 100644 --- a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/BcryptCipherProviderGroovyTest.groovy +++ b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/BcryptCipherProviderGroovyTest.groovy @@ -16,17 +16,13 @@ */ package org.apache.nifi.security.util.crypto +import at.favre.lib.crypto.bcrypt.BCrypt +import at.favre.lib.crypto.bcrypt.Radix64Encoder import org.apache.commons.codec.binary.Base64 import org.apache.commons.codec.binary.Hex import org.apache.nifi.security.util.EncryptionMethod -import org.mindrot.jbcrypt.BCrypt import org.bouncycastle.jce.provider.BouncyCastleProvider -import org.junit.After -import org.junit.Assume -import org.junit.Before -import org.junit.BeforeClass -import org.junit.Ignore -import org.junit.Test +import org.junit.* import org.junit.runner.RunWith import org.junit.runners.JUnit4 import org.slf4j.Logger @@ -35,6 +31,7 @@ import org.slf4j.LoggerFactory import javax.crypto.Cipher import javax.crypto.spec.IvParameterSpec import javax.crypto.spec.SecretKeySpec +import java.nio.charset.StandardCharsets import java.security.Security import static groovy.test.GroovyAssert.shouldFail @@ -180,13 +177,13 @@ class BcryptCipherProviderGroovyTest { @Test void testHashPWShouldMatchTestVectors() { // Arrange - final String PASSWORD = 'abcdefghijklmnopqrstuvwxyz' - final String SALT = '$2a$10$fVH8e28OQRj9tqiDXs1e1u' + final byte[] PASSWORD = 'abcdefghijklmnopqrstuvwxyz'.getBytes(StandardCharsets.UTF_8) + final byte[] SALT = new Radix64Encoder.Default().decode('fVH8e28OQRj9tqiDXs1e1u'.getBytes(StandardCharsets.UTF_8)) final String EXPECTED_HASH = '$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq' -// final int WORK_FACTOR = 10 + final int WORK_FACTOR = 10 // Act - String calculatedHash = BCrypt.hashpw(PASSWORD, SALT) + String calculatedHash = new String(BCrypt.withDefaults().hash(WORK_FACTOR, SALT, PASSWORD), StandardCharsets.UTF_8) logger.info("Generated ${calculatedHash}") // Assert @@ -196,17 +193,18 @@ class BcryptCipherProviderGroovyTest { @Test void testGetCipherShouldSupportExternalCompatibility() throws Exception { // Arrange - RandomIVPBECipherProvider cipherProvider = new BcryptCipherProvider(4) + final int WORK_FACTOR = 10 + RandomIVPBECipherProvider cipherProvider = new BcryptCipherProvider(WORK_FACTOR) final String PLAINTEXT = "This is a plaintext message." final String PASSWORD = "thisIsABadPassword" // These values can be generated by running `$ ./openssl_bcrypt` in the terminal - final byte[] SALT = Hex.decodeHex("81455b915ce9efd1fc61a08eb0255936" as char[]) - final byte[] IV = Hex.decodeHex("41a51e0150df6a1f72826b36c6371f3f" as char[]) + final byte[] SALT = Hex.decodeHex("f575109f118452c45d2ea121c58df136" as char[]) + final byte[] IV = Hex.decodeHex("57b017f9c0fdf8f0341424477e6baac1" as char[]) // $v2$w2$base64_salt_22__base64_hash_31 - final String FULL_HASH = "\$2a\$10\$gUVbkVzp79H8YaCOsCVZNuz/d759nrMKzjuviaS5/WdcKHzqngGKi" + final String FULL_HASH = "\$2a\$10\$9XUQnxGEUsRdLqEhxY3xNujOQQkW3spKqxssi.Ox39VhhxB.z4496" logger.info("Full Hash: ${FULL_HASH}") final String HASH = FULL_HASH[-31..-1] logger.info(" Hash: ${HASH.padLeft(60, " ")}") @@ -218,7 +216,7 @@ class BcryptCipherProviderGroovyTest { logger.info("Extracted Salt (hex): ${extractedSaltHex}") logger.info(" Expected Salt (hex): ${Hex.encodeHexString(SALT)}") - final String CIPHER_TEXT = "3a226ba2b3c8fe559acb806620001246db289375ba8075a68573478b56a69f15" + final String CIPHER_TEXT = "e51fee301593cc06b3112a7b9a16ab71be113c47d2b17cccc1b31a6e3b5a1631" byte[] cipherBytes = Hex.decodeHex(CIPHER_TEXT as char[]) EncryptionMethod encryptionMethod = EncryptionMethod.AES_CBC @@ -227,7 +225,7 @@ class BcryptCipherProviderGroovyTest { // Sanity check Cipher rubyCipher = Cipher.getInstance(encryptionMethod.algorithm, "BC") - def rubyKey = new SecretKeySpec(Hex.decodeHex("724cd9e1b0b9e87c7f7e7d7b270bca07" as char[]), "AES") + def rubyKey = new SecretKeySpec(Hex.decodeHex("adfc156f88ee8429a1c57879cb80b89a" as char[]), "AES") def ivSpec = new IvParameterSpec(IV) rubyCipher.init(Cipher.ENCRYPT_MODE, rubyKey, ivSpec) byte[] rubyCipherBytes = rubyCipher.doFinal(PLAINTEXT.bytes) @@ -240,7 +238,7 @@ class BcryptCipherProviderGroovyTest { // Sanity for hash generation final String FULL_SALT = FULL_HASH[0..<29] logger.sanity("Salt from external: ${FULL_SALT}") - String generatedHash = BCrypt.hashpw(PASSWORD, FULL_SALT) + String generatedHash = new String(BCrypt.withDefaults().hash(WORK_FACTOR, BcryptCipherProvider.extractRawSalt(FULL_SALT.bytes), PASSWORD.bytes)) logger.sanity("Generated hash: ${generatedHash}") assert generatedHash == FULL_HASH @@ -257,16 +255,17 @@ class BcryptCipherProviderGroovyTest { @Test void testGetCipherShouldHandleFullSalt() throws Exception { // Arrange - RandomIVPBECipherProvider cipherProvider = new BcryptCipherProvider(4) + final int WORK_FACTOR = 10 + RandomIVPBECipherProvider cipherProvider = new BcryptCipherProvider(WORK_FACTOR) final String PLAINTEXT = "This is a plaintext message." final String PASSWORD = "thisIsABadPassword" // These values can be generated by running `$ ./openssl_bcrypt.rb` in the terminal - final byte[] IV = Hex.decodeHex("41a51e0150df6a1f72826b36c6371f3f" as char[]) + final byte[] IV = Hex.decodeHex("57b017f9c0fdf8f0341424477e6baac1" as char[]) // $v2$w2$base64_salt_22__base64_hash_31 - final String FULL_HASH = "\$2a\$10\$gUVbkVzp79H8YaCOsCVZNuz/d759nrMKzjuviaS5/WdcKHzqngGKi" + final String FULL_HASH = "\$2a\$10\$9XUQnxGEUsRdLqEhxY3xNujOQQkW3spKqxssi.Ox39VhhxB.z4496" logger.info("Full Hash: ${FULL_HASH}") final String FULL_SALT = FULL_HASH[0..<29] logger.info(" Salt: ${FULL_SALT}") @@ -278,7 +277,7 @@ class BcryptCipherProviderGroovyTest { String extractedSaltHex = Hex.encodeHexString(Base64.decodeBase64(extractedSalt)) logger.info("Extracted Salt (hex): ${extractedSaltHex}") - final String CIPHER_TEXT = "3a226ba2b3c8fe559acb806620001246db289375ba8075a68573478b56a69f15" + final String CIPHER_TEXT = "e51fee301593cc06b3112a7b9a16ab71be113c47d2b17cccc1b31a6e3b5a1631" byte[] cipherBytes = Hex.decodeHex(CIPHER_TEXT as char[]) EncryptionMethod encryptionMethod = EncryptionMethod.AES_CBC @@ -496,7 +495,7 @@ class BcryptCipherProviderGroovyTest { // Benchmark using a work factor of 5 (the second-lowest allowed) int workFactor = 5 - String salt = BCrypt.gensalt(workFactor) + String salt = new BcryptCipherProvider(5).generateSalt() // Run once to prime the system double duration = time { diff --git a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-services-nar/src/main/resources/META-INF/LICENSE b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-services-nar/src/main/resources/META-INF/LICENSE index 5a38c1c..04416de 100644 --- a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-services-nar/src/main/resources/META-INF/LICENSE +++ b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-services-nar/src/main/resources/META-INF/LICENSE @@ -311,23 +311,6 @@ style license. FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -This product bundles 'jBCrypt' which is available under an MIT license. -For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE - - Copyright (c) 2006 Damien Miller <d...@mindrot.org> - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - This product bundles 'logback' which is dual-licensed under the EPL v1.0 and the LGPL 2.1. diff --git a/nifi-nar-bundles/nifi-graph-bundle/nifi-neo4j-cypher-service-nar/src/main/resources/META-INF/LICENSE b/nifi-nar-bundles/nifi-graph-bundle/nifi-neo4j-cypher-service-nar/src/main/resources/META-INF/LICENSE index 3f5fc79..2d2db98 100644 --- a/nifi-nar-bundles/nifi-graph-bundle/nifi-neo4j-cypher-service-nar/src/main/resources/META-INF/LICENSE +++ b/nifi-nar-bundles/nifi-graph-bundle/nifi-neo4j-cypher-service-nar/src/main/resources/META-INF/LICENSE @@ -215,25 +215,6 @@ MIT * HOMEPAGE: * http://www.bouncycastle.org/ -This product bundles 'jBCrypt' which is available under an MIT license. -For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE - - Copyright (c) 2006 Damien Miller <d...@mindrot.org> - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - - The binary distribution of this product bundles 'ParaNamer' and 'Paranamer Core' which is available under a BSD style license. diff --git a/nifi-nar-bundles/nifi-graph-bundle/nifi-other-graph-services-nar/src/main/resources/META-INF/LICENSE b/nifi-nar-bundles/nifi-graph-bundle/nifi-other-graph-services-nar/src/main/resources/META-INF/LICENSE index a6837df..619c8e4 100644 --- a/nifi-nar-bundles/nifi-graph-bundle/nifi-other-graph-services-nar/src/main/resources/META-INF/LICENSE +++ b/nifi-nar-bundles/nifi-graph-bundle/nifi-other-graph-services-nar/src/main/resources/META-INF/LICENSE @@ -202,27 +202,6 @@ limitations under the License. - - -This product bundles 'jBCrypt' which is available under an MIT license. -For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE - - Copyright (c) 2006 Damien Miller <d...@mindrot.org> - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - - The binary distribution of this product bundles 'ParaNamer' and 'Paranamer Core' which is available under a BSD style license. diff --git a/nifi-nar-bundles/nifi-prometheus-bundle/nifi-prometheus-nar/src/main/resources/META-INF/LICENSE b/nifi-nar-bundles/nifi-prometheus-bundle/nifi-prometheus-nar/src/main/resources/META-INF/LICENSE index a421946..e4592f6 100644 --- a/nifi-nar-bundles/nifi-prometheus-bundle/nifi-prometheus-nar/src/main/resources/META-INF/LICENSE +++ b/nifi-nar-bundles/nifi-prometheus-bundle/nifi-prometheus-nar/src/main/resources/META-INF/LICENSE @@ -206,20 +206,3 @@ The Apache NiFi project contains subcomponents with separate copyright notices and license terms. Your use of the source code for the these subcomponents is subject to the terms and conditions of the following licenses. - -This product bundles 'jBCrypt' which is available under an MIT license. -For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE - - Copyright (c) 2006 Damien Miller <d...@mindrot.org> - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-nar/src/main/resources/META-INF/LICENSE b/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-nar/src/main/resources/META-INF/LICENSE index b7ed096..3de44fa 100644 --- a/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-nar/src/main/resources/META-INF/LICENSE +++ b/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-nar/src/main/resources/META-INF/LICENSE @@ -229,21 +229,4 @@ licenses. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - THE SOFTWARE. - -The binary distribution of this product bundles 'jBCrypt' which is available under an MIT - license. For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE - - Copyright (c) 2006 Damien Miller <d...@mindrot.org> - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. \ No newline at end of file + THE SOFTWARE. \ No newline at end of file diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-nar/src/main/resources/META-INF/LICENSE b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-nar/src/main/resources/META-INF/LICENSE index aa8c950..4988de1 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-nar/src/main/resources/META-INF/LICENSE +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-nar/src/main/resources/META-INF/LICENSE @@ -288,23 +288,6 @@ For details see http://asm.ow2.org/asmdex-license.html ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -The binary distribution of this product bundles 'jBCrypt' which is available under an MIT - license. For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE - - Copyright (c) 2006 Damien Miller <d...@mindrot.org> - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - This product bundles 'AngularUI Codemirror' which is available under an MIT license. Copyright (c) 2012 the AngularUI Team, http://angular-ui.github.com diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml index 3901ac5..055fdb5 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml +++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml @@ -217,8 +217,9 @@ <type>jar</type> </dependency> <dependency> - <groupId>de.svenkubiak</groupId> - <artifactId>jBCrypt</artifactId> + <groupId>at.favre.lib</groupId> + <artifactId>bcrypt</artifactId> + <version>0.9.0</version> </dependency> <dependency> <groupId>com.google.guava</groupId> diff --git a/nifi-nar-bundles/nifi-standard-bundle/pom.xml b/nifi-nar-bundles/nifi-standard-bundle/pom.xml index f87d71c..c91df6b 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-standard-bundle/pom.xml @@ -284,9 +284,9 @@ <type>jar</type> </dependency> <dependency> - <groupId>de.svenkubiak</groupId> - <artifactId>jBCrypt</artifactId> - <version>0.4.1</version> + <groupId>at.favre.lib</groupId> + <artifactId>bcrypt</artifactId> + <version>0.9.0</version> </dependency> <dependency> <groupId>com.google.guava</groupId>