[
https://issues.apache.org/jira/browse/NIFI-8298?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-8298:
-----------------------------------
Description:
The {{nifi-security-utils}} module includes classes that perform a variety of
functions from TLS communication handling to hashing and encryption operations.
Many of these classes do not depend on the Bouncy Castle Security Provider
library, but many NAR bundles include a dependency on {{nifi-security-utils}}
either directly or indirectly through {{nifi-processor-utils}}. The Bouncy
Castle Security Provider library is almost 6 MB, which contributes a notable
amount to the size of the NiFi assembled binary after completion, due to the
number of copies of the library. Refactoring {{nifi-security-utils}} into more
granular modules should remove the transitive inclusion of Bouncy Castle from a
number of modules.
Several capabilities, including Kerberos handling and SSLSocket classes can be
separated into discrete modules without dependence on Bouncy Castle. Other
classes used for secure hashing and cipher processing rely on Bouncy Castle,
but have uses limited to framework components.
was:
The {{nifi-security-utils}} module includes a classes that perform a variety of
functions from TLS communication handling to hashing and encryption operations.
Many of these classes do not depend on the Bouncy Castle Security Provider
library, but many NAR bundles include a dependency on {{nifi-security-utils}}
either directly or indirectly through {{nifi-processor-utils}}. The Bouncy
Castle Security Provider library is almost 6 MB, which contributes a notable
amount to the size of the NiFi assembled binary after completion, due to the
number of copies of the library. Refactoring {{nifi-security-utils}} into more
granular modules should remove the transitive inclusion of Bouncy Castle from a
number of modules.
Several capabilities, including Kerberos handling and SSLSocket classes can be
separated into discrete modules without dependence on Bouncy Castle. Other
classes used for secure hashing and cipher processing rely on Bouncy Castle,
but have uses limited to framework components.
> Refactor nifi-security-utils to reduce dependence on Bouncy Castle
> ------------------------------------------------------------------
>
> Key: NIFI-8298
> URL: https://issues.apache.org/jira/browse/NIFI-8298
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 1.13.0
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
>
> The {{nifi-security-utils}} module includes classes that perform a variety of
> functions from TLS communication handling to hashing and encryption
> operations. Many of these classes do not depend on the Bouncy Castle
> Security Provider library, but many NAR bundles include a dependency on
> {{nifi-security-utils}} either directly or indirectly through
> {{nifi-processor-utils}}. The Bouncy Castle Security Provider library is
> almost 6 MB, which contributes a notable amount to the size of the NiFi
> assembled binary after completion, due to the number of copies of the
> library. Refactoring {{nifi-security-utils}} into more granular modules
> should remove the transitive inclusion of Bouncy Castle from a number of
> modules.
> Several capabilities, including Kerberos handling and SSLSocket classes can
> be separated into discrete modules without dependence on Bouncy Castle.
> Other classes used for secure hashing and cipher processing rely on Bouncy
> Castle, but have uses limited to framework components.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
