This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new f91d6c4 NIFI-7268 Removed org.mindrot.jBcrypt library and replaced
with at.fa… (#4151)
f91d6c4 is described below
commit f91d6c420d78aa000f1cc894636f56b533b589b8
Author: M Tien <56892372+mtien-apa...@users.noreply.github.com>
AuthorDate: Tue Mar 17 19:49:15 2020 -0700
NIFI-7268 Removed org.mindrot.jBcrypt library and replaced with at.fa…
(#4151)
* NIFI-7268 Removed org.mindrot.jBcrypt library and replaced with
at.favre.lib.bcrypt library.
Updated LICENSE and NOTICE files to reflect changes.
Updated unit tests.
Co-authored-by: Andy LoPresto <alopre...@apache.org>
* NIFI-7268 Fixed typo in Javadoc.
Co-authored-by: Andy LoPresto <alopre...@apache.org>
---
LICENSE | 17 -----
nifi-assembly/LICENSE | 17 -----
nifi-assembly/pom.xml | 4 +-
nifi-commons/nifi-security-utils/pom.xml | 9 +--
.../security/util/crypto/BcryptCipherProvider.java | 79 +++++++++++++++++-----
.../crypto/BcryptCipherProviderGroovyTest.groovy | 45 ++++++------
.../src/main/resources/META-INF/LICENSE | 17 -----
.../src/main/resources/META-INF/LICENSE | 19 ------
.../src/main/resources/META-INF/LICENSE | 21 ------
.../src/main/resources/META-INF/LICENSE | 17 -----
.../src/main/resources/META-INF/LICENSE | 19 +-----
.../src/main/resources/META-INF/LICENSE | 17 -----
.../nifi-standard-processors/pom.xml | 5 +-
nifi-nar-bundles/nifi-standard-bundle/pom.xml | 6 +-
14 files changed, 97 insertions(+), 195 deletions(-)
diff --git a/LICENSE b/LICENSE
index e6f09b4..f1db125 100644
--- a/LICENSE
+++ b/LICENSE
@@ -298,23 +298,6 @@ This product bundles HexViewJS available under an MIT
License
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-This product bundles 'jBCrypt' which is available under an MIT license.
-For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE
-
- Copyright (c) 2006 Damien Miller <d...@mindrot.org>
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
This product bundles 'Fontello' which is available under an MIT license.
Copyright (C) 2011 by Vitaly Puzrin
diff --git a/nifi-assembly/LICENSE b/nifi-assembly/LICENSE
index d61cb40..345c887 100644
--- a/nifi-assembly/LICENSE
+++ b/nifi-assembly/LICENSE
@@ -1658,23 +1658,6 @@ information can be found here:
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
-This product bundles 'jBCrypt' which is available under an MIT license.
-For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE
-
- Copyright (c) 2006 Damien Miller <d...@mindrot.org>
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
This product bundles 'js-beautify' which is available under an MIT license.
Copyright (c) 2007-2013 Einar Lielmanis and contributors.
diff --git a/nifi-assembly/pom.xml b/nifi-assembly/pom.xml
index ef8d3d0..7ee07c3 100644
--- a/nifi-assembly/pom.xml
+++ b/nifi-assembly/pom.xml
@@ -1108,7 +1108,7 @@ language governing permissions and limitations under the
License. -->
<exclude>com.fasterxml.jackson.core:jackson-core</exclude>
<exclude>com.fasterxml.jackson.core:jackson-databind</exclude>
<exclude>com.jayway.jsonpath:json-path</exclude>
-
<exclude>de.svenkubiak:jBCrypt</exclude>
+
<exclude>at.favre.lib:bcrypt</exclude>
<exclude>net.java.dev.jna:jna</exclude>
<exclude>net.java.dev.jna:jna-platform</exclude>
<exclude>net.minidev:json-smart</exclude>
@@ -1165,7 +1165,7 @@ language governing permissions and limitations under the
License. -->
<include>com.fasterxml.jackson.core:jackson-core</include>
<include>com.fasterxml.jackson.core:jackson-databind</include>
<include>com.jayway.jsonpath:json-path</include>
-
<include>de.svenkubiak:jBCrypt</include>
+
<include>at.favre.lib:bcrypt</include>
<include>net.java.dev.jna:jna</include>
<include>net.java.dev.jna:jna-platform</include>
<include>net.minidev:json-smart</include>
diff --git a/nifi-commons/nifi-security-utils/pom.xml
b/nifi-commons/nifi-security-utils/pom.xml
index 54ba633..a15b480 100644
--- a/nifi-commons/nifi-security-utils/pom.xml
+++ b/nifi-commons/nifi-security-utils/pom.xml
@@ -68,10 +68,9 @@
<version>1.12.0-SNAPSHOT</version>
</dependency>
<dependency>
- <groupId>de.svenkubiak</groupId>
- <artifactId>jBCrypt</artifactId>
- <version>0.4.1</version>
- <scope>compile</scope>
+ <groupId>at.favre.lib</groupId>
+ <artifactId>bcrypt</artifactId>
+ <version>0.9.0</version>
</dependency>
<!-- Test Dependencies -->
<dependency>
@@ -100,8 +99,6 @@
<configuration>
<excludes combine.children="append">
<exclude>src/test/resources/xxe_template.xml</exclude>
- <!-- This file is copied from
https://github.com/jeremyh/jBCrypt
-because the binary is compiled for Java 8 and we must support Java 7 -->
</excludes>
</configuration>
</plugin>
diff --git
a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/BcryptCipherProvider.java
b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/BcryptCipherProvider.java
index c79bd20..7a22263 100644
---
a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/BcryptCipherProvider.java
+++
b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/BcryptCipherProvider.java
@@ -16,21 +16,24 @@
*/
package org.apache.nifi.security.util.crypto;
-import java.nio.charset.StandardCharsets;
-import java.security.MessageDigest;
-import java.util.Arrays;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
+import at.favre.lib.crypto.bcrypt.BCrypt;
+import at.favre.lib.crypto.bcrypt.Radix64Encoder;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.security.util.EncryptionMethod;
-import org.mindrot.jbcrypt.BCrypt;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.SecureRandom;
+import java.util.Arrays;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
public class BcryptCipherProvider extends RandomIVPBECipherProvider {
private static final Logger logger =
LoggerFactory.getLogger(BcryptCipherProvider.class);
@@ -94,7 +97,7 @@ public class BcryptCipherProvider extends
RandomIVPBECipherProvider {
/**
* Returns an initialized cipher for the specified algorithm. The key (and
IV if necessary) are derived by the KDF of the implementation.
- *
+ * <p>
* The IV can be retrieved by the calling method using {@link
Cipher#getIV()}.
*
* @param encryptionMethod the {@link EncryptionMethod}
@@ -127,12 +130,11 @@ public class BcryptCipherProvider extends
RandomIVPBECipherProvider {
final String cipherName =
CipherUtility.parseCipherFromAlgorithm(algorithm);
if (!CipherUtility.isValidKeyLength(keyLength, cipherName)) {
- throw new IllegalArgumentException(String.valueOf(keyLength) + "
is not a valid key length for " + cipherName);
+ throw new IllegalArgumentException(keyLength + " is not a valid
key length for " + cipherName);
}
- String bcryptSalt = formatSaltForBcrypt(salt);
-
- String hash = BCrypt.hashpw(password, bcryptSalt);
+ byte[] rawSalt = extractRawSalt(salt);
+ String hash = new String(BCrypt.withDefaults().hash(workFactor,
rawSalt, password.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
/* The SHA-512 hash is required in order to derive a key longer than
184 bits (the resulting size of the Bcrypt hash) and ensuring the avalanche
effect causes higher key entropy (if all
derived keys follow a consistent pattern, it weakens the strength of
the encryption) */
@@ -145,7 +147,7 @@ public class BcryptCipherProvider extends
RandomIVPBECipherProvider {
return keyedCipherProvider.getCipher(encryptionMethod, tempKey, iv,
encryptMode);
}
- private String formatSaltForBcrypt(byte[] salt) {
+ private static String formatSaltForBcrypt(byte[] salt) {
if (salt == null || salt.length == 0) {
throw new IllegalArgumentException("The salt cannot be empty. To
generate a salt, use BcryptCipherProvider#generateSalt()");
}
@@ -160,9 +162,54 @@ public class BcryptCipherProvider extends
RandomIVPBECipherProvider {
}
}
+ /**
+ * Returns the full salt in a {@code byte[]} for this cipher provider
(i.e. {@code $2a$10$abcdef...} format).
+ *
+ * @return the full salt as a byte[]
+ */
@Override
public byte[] generateSalt() {
- return BCrypt.gensalt(workFactor).getBytes(StandardCharsets.UTF_8);
+ byte[] salt = new byte[DEFAULT_SALT_LENGTH];
+ SecureRandom sr = new SecureRandom();
+ sr.nextBytes(salt);
+ // TODO: This library allows for 2a, 2b, and 2y versions so this
should be changed to be configurable
+ String saltString = "$2a$" +
+ StringUtils.leftPad(String.valueOf(workFactor), 2, "0") +
+ "$" + new String(new Radix64Encoder.Default().encode(salt),
StandardCharsets.UTF_8);
+ return saltString.getBytes(StandardCharsets.UTF_8);
+ }
+
+ /**
+ * Returns the raw salt as a {@code byte[]} extracted from the Bcrypt
formatted salt byte[].
+ *
+ * @param fullSalt the Bcrypt salt sequence as bytes
+ * @return the raw salt (16 bytes) without Radix 64 encoding
+ */
+ public static byte[] extractRawSalt(byte[] fullSalt) {
+ try {
+ String formattedSalt = formatSaltForBcrypt(fullSalt);
+ String rawSalt =
formattedSalt.substring(formattedSalt.lastIndexOf("$") + 1);
+ if (rawSalt.length() != 22) {
+ throw new IllegalArgumentException("The formatted salt did not
contain a raw salt");
+ }
+ return new
Radix64Encoder.Default().decode(rawSalt.getBytes(StandardCharsets.UTF_8));
+ } catch (IllegalArgumentException e) {
+ logger.warn("Unable to extract a raw salt from bcrypt salt {}",
new String(fullSalt, StandardCharsets.UTF_8));
+ throw e;
+ }
+ }
+
+ /**
+ * Returns the raw salt as a {@code byte[]} extracted from the Bcrypt
formatted salt String.
+ *
+ * @param fullSalt the Bcrypt salt sequence
+ * @return the raw salt (16 bytes)
+ */
+ public static byte[] extractRawSalt(String fullSalt) {
+ if (fullSalt == null) {
+ return new byte[0];
+ }
+ return extractRawSalt(fullSalt.getBytes(StandardCharsets.UTF_8));
}
@Override
diff --git
a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/BcryptCipherProviderGroovyTest.groovy
b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/BcryptCipherProviderGroovyTest.groovy
index ab5647d..5aa5aec 100644
---
a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/BcryptCipherProviderGroovyTest.groovy
+++
b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/BcryptCipherProviderGroovyTest.groovy
@@ -16,17 +16,13 @@
*/
package org.apache.nifi.security.util.crypto
+import at.favre.lib.crypto.bcrypt.BCrypt
+import at.favre.lib.crypto.bcrypt.Radix64Encoder
import org.apache.commons.codec.binary.Base64
import org.apache.commons.codec.binary.Hex
import org.apache.nifi.security.util.EncryptionMethod
-import org.mindrot.jbcrypt.BCrypt
import org.bouncycastle.jce.provider.BouncyCastleProvider
-import org.junit.After
-import org.junit.Assume
-import org.junit.Before
-import org.junit.BeforeClass
-import org.junit.Ignore
-import org.junit.Test
+import org.junit.*
import org.junit.runner.RunWith
import org.junit.runners.JUnit4
import org.slf4j.Logger
@@ -35,6 +31,7 @@ import org.slf4j.LoggerFactory
import javax.crypto.Cipher
import javax.crypto.spec.IvParameterSpec
import javax.crypto.spec.SecretKeySpec
+import java.nio.charset.StandardCharsets
import java.security.Security
import static groovy.test.GroovyAssert.shouldFail
@@ -180,13 +177,13 @@ class BcryptCipherProviderGroovyTest {
@Test
void testHashPWShouldMatchTestVectors() {
// Arrange
- final String PASSWORD = 'abcdefghijklmnopqrstuvwxyz'
- final String SALT = '$2a$10$fVH8e28OQRj9tqiDXs1e1u'
+ final byte[] PASSWORD =
'abcdefghijklmnopqrstuvwxyz'.getBytes(StandardCharsets.UTF_8)
+ final byte[] SALT = new
Radix64Encoder.Default().decode('fVH8e28OQRj9tqiDXs1e1u'.getBytes(StandardCharsets.UTF_8))
final String EXPECTED_HASH =
'$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq'
-// final int WORK_FACTOR = 10
+ final int WORK_FACTOR = 10
// Act
- String calculatedHash = BCrypt.hashpw(PASSWORD, SALT)
+ String calculatedHash = new
String(BCrypt.withDefaults().hash(WORK_FACTOR, SALT, PASSWORD),
StandardCharsets.UTF_8)
logger.info("Generated ${calculatedHash}")
// Assert
@@ -196,17 +193,18 @@ class BcryptCipherProviderGroovyTest {
@Test
void testGetCipherShouldSupportExternalCompatibility() throws Exception {
// Arrange
- RandomIVPBECipherProvider cipherProvider = new BcryptCipherProvider(4)
+ final int WORK_FACTOR = 10
+ RandomIVPBECipherProvider cipherProvider = new
BcryptCipherProvider(WORK_FACTOR)
final String PLAINTEXT = "This is a plaintext message."
final String PASSWORD = "thisIsABadPassword"
// These values can be generated by running `$ ./openssl_bcrypt` in
the terminal
- final byte[] SALT = Hex.decodeHex("81455b915ce9efd1fc61a08eb0255936"
as char[])
- final byte[] IV = Hex.decodeHex("41a51e0150df6a1f72826b36c6371f3f" as
char[])
+ final byte[] SALT = Hex.decodeHex("f575109f118452c45d2ea121c58df136"
as char[])
+ final byte[] IV = Hex.decodeHex("57b017f9c0fdf8f0341424477e6baac1" as
char[])
// $v2$w2$base64_salt_22__base64_hash_31
- final String FULL_HASH =
"\$2a\$10\$gUVbkVzp79H8YaCOsCVZNuz/d759nrMKzjuviaS5/WdcKHzqngGKi"
+ final String FULL_HASH =
"\$2a\$10\$9XUQnxGEUsRdLqEhxY3xNujOQQkW3spKqxssi.Ox39VhhxB.z4496"
logger.info("Full Hash: ${FULL_HASH}")
final String HASH = FULL_HASH[-31..-1]
logger.info(" Hash: ${HASH.padLeft(60, " ")}")
@@ -218,7 +216,7 @@ class BcryptCipherProviderGroovyTest {
logger.info("Extracted Salt (hex): ${extractedSaltHex}")
logger.info(" Expected Salt (hex): ${Hex.encodeHexString(SALT)}")
- final String CIPHER_TEXT =
"3a226ba2b3c8fe559acb806620001246db289375ba8075a68573478b56a69f15"
+ final String CIPHER_TEXT =
"e51fee301593cc06b3112a7b9a16ab71be113c47d2b17cccc1b31a6e3b5a1631"
byte[] cipherBytes = Hex.decodeHex(CIPHER_TEXT as char[])
EncryptionMethod encryptionMethod = EncryptionMethod.AES_CBC
@@ -227,7 +225,7 @@ class BcryptCipherProviderGroovyTest {
// Sanity check
Cipher rubyCipher = Cipher.getInstance(encryptionMethod.algorithm,
"BC")
- def rubyKey = new
SecretKeySpec(Hex.decodeHex("724cd9e1b0b9e87c7f7e7d7b270bca07" as char[]),
"AES")
+ def rubyKey = new
SecretKeySpec(Hex.decodeHex("adfc156f88ee8429a1c57879cb80b89a" as char[]),
"AES")
def ivSpec = new IvParameterSpec(IV)
rubyCipher.init(Cipher.ENCRYPT_MODE, rubyKey, ivSpec)
byte[] rubyCipherBytes = rubyCipher.doFinal(PLAINTEXT.bytes)
@@ -240,7 +238,7 @@ class BcryptCipherProviderGroovyTest {
// Sanity for hash generation
final String FULL_SALT = FULL_HASH[0..<29]
logger.sanity("Salt from external: ${FULL_SALT}")
- String generatedHash = BCrypt.hashpw(PASSWORD, FULL_SALT)
+ String generatedHash = new
String(BCrypt.withDefaults().hash(WORK_FACTOR,
BcryptCipherProvider.extractRawSalt(FULL_SALT.bytes), PASSWORD.bytes))
logger.sanity("Generated hash: ${generatedHash}")
assert generatedHash == FULL_HASH
@@ -257,16 +255,17 @@ class BcryptCipherProviderGroovyTest {
@Test
void testGetCipherShouldHandleFullSalt() throws Exception {
// Arrange
- RandomIVPBECipherProvider cipherProvider = new BcryptCipherProvider(4)
+ final int WORK_FACTOR = 10
+ RandomIVPBECipherProvider cipherProvider = new
BcryptCipherProvider(WORK_FACTOR)
final String PLAINTEXT = "This is a plaintext message."
final String PASSWORD = "thisIsABadPassword"
// These values can be generated by running `$ ./openssl_bcrypt.rb` in
the terminal
- final byte[] IV = Hex.decodeHex("41a51e0150df6a1f72826b36c6371f3f" as
char[])
+ final byte[] IV = Hex.decodeHex("57b017f9c0fdf8f0341424477e6baac1" as
char[])
// $v2$w2$base64_salt_22__base64_hash_31
- final String FULL_HASH =
"\$2a\$10\$gUVbkVzp79H8YaCOsCVZNuz/d759nrMKzjuviaS5/WdcKHzqngGKi"
+ final String FULL_HASH =
"\$2a\$10\$9XUQnxGEUsRdLqEhxY3xNujOQQkW3spKqxssi.Ox39VhhxB.z4496"
logger.info("Full Hash: ${FULL_HASH}")
final String FULL_SALT = FULL_HASH[0..<29]
logger.info(" Salt: ${FULL_SALT}")
@@ -278,7 +277,7 @@ class BcryptCipherProviderGroovyTest {
String extractedSaltHex =
Hex.encodeHexString(Base64.decodeBase64(extractedSalt))
logger.info("Extracted Salt (hex): ${extractedSaltHex}")
- final String CIPHER_TEXT =
"3a226ba2b3c8fe559acb806620001246db289375ba8075a68573478b56a69f15"
+ final String CIPHER_TEXT =
"e51fee301593cc06b3112a7b9a16ab71be113c47d2b17cccc1b31a6e3b5a1631"
byte[] cipherBytes = Hex.decodeHex(CIPHER_TEXT as char[])
EncryptionMethod encryptionMethod = EncryptionMethod.AES_CBC
@@ -496,7 +495,7 @@ class BcryptCipherProviderGroovyTest {
// Benchmark using a work factor of 5 (the second-lowest allowed)
int workFactor = 5
- String salt = BCrypt.gensalt(workFactor)
+ String salt = new BcryptCipherProvider(5).generateSalt()
// Run once to prime the system
double duration = time {
diff --git
a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-services-nar/src/main/resources/META-INF/LICENSE
b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-services-nar/src/main/resources/META-INF/LICENSE
index 5a38c1c..04416de 100644
---
a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-services-nar/src/main/resources/META-INF/LICENSE
+++
b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-services-nar/src/main/resources/META-INF/LICENSE
@@ -311,23 +311,6 @@ style license.
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
-This product bundles 'jBCrypt' which is available under an MIT license.
-For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE
-
- Copyright (c) 2006 Damien Miller <d...@mindrot.org>
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
This product bundles 'logback' which is dual-licensed under the EPL v1.0
and the LGPL 2.1.
diff --git
a/nifi-nar-bundles/nifi-graph-bundle/nifi-neo4j-cypher-service-nar/src/main/resources/META-INF/LICENSE
b/nifi-nar-bundles/nifi-graph-bundle/nifi-neo4j-cypher-service-nar/src/main/resources/META-INF/LICENSE
index 3f5fc79..2d2db98 100644
---
a/nifi-nar-bundles/nifi-graph-bundle/nifi-neo4j-cypher-service-nar/src/main/resources/META-INF/LICENSE
+++
b/nifi-nar-bundles/nifi-graph-bundle/nifi-neo4j-cypher-service-nar/src/main/resources/META-INF/LICENSE
@@ -215,25 +215,6 @@ MIT
* HOMEPAGE:
* http://www.bouncycastle.org/
-This product bundles 'jBCrypt' which is available under an MIT license.
-For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE
-
- Copyright (c) 2006 Damien Miller <d...@mindrot.org>
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-
-
The binary distribution of this product bundles 'ParaNamer' and 'Paranamer
Core'
which is available under a BSD style license.
diff --git
a/nifi-nar-bundles/nifi-graph-bundle/nifi-other-graph-services-nar/src/main/resources/META-INF/LICENSE
b/nifi-nar-bundles/nifi-graph-bundle/nifi-other-graph-services-nar/src/main/resources/META-INF/LICENSE
index a6837df..619c8e4 100644
---
a/nifi-nar-bundles/nifi-graph-bundle/nifi-other-graph-services-nar/src/main/resources/META-INF/LICENSE
+++
b/nifi-nar-bundles/nifi-graph-bundle/nifi-other-graph-services-nar/src/main/resources/META-INF/LICENSE
@@ -202,27 +202,6 @@
limitations under the License.
-
-
-This product bundles 'jBCrypt' which is available under an MIT license.
-For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE
-
- Copyright (c) 2006 Damien Miller <d...@mindrot.org>
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-
-
The binary distribution of this product bundles 'ParaNamer' and 'Paranamer
Core'
which is available under a BSD style license.
diff --git
a/nifi-nar-bundles/nifi-prometheus-bundle/nifi-prometheus-nar/src/main/resources/META-INF/LICENSE
b/nifi-nar-bundles/nifi-prometheus-bundle/nifi-prometheus-nar/src/main/resources/META-INF/LICENSE
index a421946..e4592f6 100644
---
a/nifi-nar-bundles/nifi-prometheus-bundle/nifi-prometheus-nar/src/main/resources/META-INF/LICENSE
+++
b/nifi-nar-bundles/nifi-prometheus-bundle/nifi-prometheus-nar/src/main/resources/META-INF/LICENSE
@@ -206,20 +206,3 @@ The Apache NiFi project contains subcomponents with
separate copyright
notices and license terms. Your use of the source code for the these
subcomponents is subject to the terms and conditions of the following
licenses.
-
-This product bundles 'jBCrypt' which is available under an MIT license.
-For details see https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE
-
- Copyright (c) 2006 Damien Miller <d...@mindrot.org>
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git
a/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-nar/src/main/resources/META-INF/LICENSE
b/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-nar/src/main/resources/META-INF/LICENSE
index b7ed096..3de44fa 100644
---
a/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-nar/src/main/resources/META-INF/LICENSE
+++
b/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-nar/src/main/resources/META-INF/LICENSE
@@ -229,21 +229,4 @@ licenses.
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- THE SOFTWARE.
-
-The binary distribution of this product bundles 'jBCrypt' which is available
under an MIT
- license. For details see
https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE
-
- Copyright (c) 2006 Damien Miller <d...@mindrot.org>
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
\ No newline at end of file
+ THE SOFTWARE.
\ No newline at end of file
diff --git
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-nar/src/main/resources/META-INF/LICENSE
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-nar/src/main/resources/META-INF/LICENSE
index aa8c950..4988de1 100644
---
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-nar/src/main/resources/META-INF/LICENSE
+++
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-nar/src/main/resources/META-INF/LICENSE
@@ -288,23 +288,6 @@ For details see http://asm.ow2.org/asmdex-license.html
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
THE POSSIBILITY OF SUCH DAMAGE.
-The binary distribution of this product bundles 'jBCrypt' which is available
under an MIT
- license. For details see
https://github.com/svenkubiak/jBCrypt/blob/0.4.1/LICENSE
-
- Copyright (c) 2006 Damien Miller <d...@mindrot.org>
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
This product bundles 'AngularUI Codemirror' which is available under an MIT
license.
Copyright (c) 2012 the AngularUI Team, http://angular-ui.github.com
diff --git
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
index 3901ac5..055fdb5 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
@@ -217,8 +217,9 @@
<type>jar</type>
</dependency>
<dependency>
- <groupId>de.svenkubiak</groupId>
- <artifactId>jBCrypt</artifactId>
+ <groupId>at.favre.lib</groupId>
+ <artifactId>bcrypt</artifactId>
+ <version>0.9.0</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
diff --git a/nifi-nar-bundles/nifi-standard-bundle/pom.xml
b/nifi-nar-bundles/nifi-standard-bundle/pom.xml
index f87d71c..c91df6b 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-bundle/pom.xml
@@ -284,9 +284,9 @@
<type>jar</type>
</dependency>
<dependency>
- <groupId>de.svenkubiak</groupId>
- <artifactId>jBCrypt</artifactId>
- <version>0.4.1</version>
+ <groupId>at.favre.lib</groupId>
+ <artifactId>bcrypt</artifactId>
+ <version>0.9.0</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
