[jira] [Commented] (NIFI-8298) Refactor nifi-security-utils to reduce dependence on Bouncy Castle

Fri, 19 Mar 2021 10:15:07 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-8298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17305040#comment-17305040
 ] 

ASF subversion and git services commented on NIFI-8298:
-------------------------------------------------------

Commit 0e659981d4f9bcf8e188599bf39f98dfe2156768 in nifi's branch 
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=0e65998 ]

NIFI-8298 Refactored Kerberos and Socket classes from security-utils to new 
modules

- Created nifi-security-socket-ssl
- Created nifi-security-kerberos
- Removed nifi-security-utils dependency from nifi-processor-utils
- Updated modules to reference new dependencies
- Eliminated unnecessary transitive dependencies on bcprov-jdk15on from over 30 
modules

Signed-off-by: Nathan Gough <[email protected]>

This closes #4881.


> Refactor nifi-security-utils to reduce dependence on Bouncy Castle
> ------------------------------------------------------------------
>
>                 Key: NIFI-8298
>                 URL: https://issues.apache.org/jira/browse/NIFI-8298
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 1.13.0
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Major
>          Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> The {{nifi-security-utils}} module includes classes that perform a variety of 
> functions from TLS communication handling to hashing and encryption 
> operations.  Many of these classes do not depend on the Bouncy Castle 
> Security Provider library, but many NAR bundles include a dependency on 
> {{nifi-security-utils}} either directly or indirectly through 
> {{nifi-processor-utils}}.  The Bouncy Castle Security Provider library is 
> almost 6 MB, which contributes a notable amount to the size of the NiFi 
> assembled binary after completion, due to the number of copies of the 
> library.  Refactoring {{nifi-security-utils}} into more granular modules 
> should remove the transitive inclusion of Bouncy Castle from a number of 
> modules.
> Several capabilities, including Kerberos handling and SSLSocket classes can 
> be separated into discrete modules without dependence on Bouncy Castle.  
> Other classes used for secure hashing and cipher processing rely on Bouncy 
> Castle, but have uses limited to framework components.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to