[ https://issues.apache.org/jira/browse/NIFI-2961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15824295#comment-15824295 ]
ASF GitHub Bot commented on NIFI-2961: -------------------------------------- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/1294#discussion_r96270544 --- Diff: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/EncryptAttributes.java --- @@ -0,0 +1,508 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.processors.standard; + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.codec.binary.Hex; +import org.apache.nifi.annotation.behavior.DynamicProperty; +import org.apache.nifi.annotation.behavior.EventDriven; +import org.apache.nifi.annotation.behavior.InputRequirement; +import org.apache.nifi.annotation.behavior.SideEffectFree; +import org.apache.nifi.annotation.behavior.SupportsBatching; +import org.apache.nifi.annotation.documentation.CapabilityDescription; +import org.apache.nifi.annotation.documentation.Tags; +import org.apache.nifi.annotation.lifecycle.OnScheduled; +import org.apache.nifi.components.AllowableValue; +import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.components.PropertyValue; +import org.apache.nifi.components.ValidationContext; +import org.apache.nifi.components.ValidationResult; +import org.apache.nifi.expression.AttributeExpression; +import org.apache.nifi.flowfile.FlowFile; +import org.apache.nifi.flowfile.attributes.CoreAttributes; +import org.apache.nifi.logging.ComponentLog; +import org.apache.nifi.processor.AbstractProcessor; +import org.apache.nifi.processor.ProcessContext; +import org.apache.nifi.processor.ProcessSession; +import org.apache.nifi.processor.ProcessorInitializationContext; +import org.apache.nifi.processor.Relationship; +import org.apache.nifi.processor.exception.ProcessException; +import org.apache.nifi.processor.util.StandardValidators; +import org.apache.nifi.processors.standard.util.crypto.EncryptProcessorUtils; +import org.apache.nifi.processors.standard.util.crypto.EncryptProcessorUtils.Encryptor; +import org.apache.nifi.processors.standard.util.crypto.KeyedEncryptor; +import org.apache.nifi.processors.standard.util.crypto.OpenPGPKeyBasedEncryptor; +import org.apache.nifi.processors.standard.util.crypto.OpenPGPPasswordBasedEncryptor; +import org.apache.nifi.processors.standard.util.crypto.PasswordBasedEncryptor; +import org.apache.nifi.security.util.EncryptionMethod; +import org.apache.nifi.security.util.KeyDerivationFunction; +import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.nio.charset.StandardCharsets; +import java.security.Security; +import java.text.Normalizer; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.regex.Pattern; + +/** + * Provides functionality of encrypting attributes with various algorithms. + * Note. It'll not modify filename or uuid as they are sensitive and are + * internally used by either Algorithm itself or FlowFile repo. + */ +@EventDriven +@SideEffectFree +@SupportsBatching +@InputRequirement(InputRequirement.Requirement.INPUT_REQUIRED) +@Tags({"encryption", "decryption", "password", "JCE", "OpenPGP", "PGP", "GPG", "regex", + "regexp", "Attribute Expression Language"}) +@CapabilityDescription("Encrypts or Decrypts a FlowFile attributes using either symmetric encryption with a password " + + "and randomly generated salt, or asymmetric encryption using a public and secret key. Different options are " + + "available to provide list of attributes. Default options are: 'all-attributes'/'core-attributes/" + + "'all-except-core-attributes'. You can also add custom properties containing expression language condition. " + + "These conditions will be evaluated and only those attributes will be considered for which the condition " + + "is \'true\'. You can also provide RegEx to select a group of attributes. RegEx and Expression Language conditions" + + "can be combined for advanced filtering of attribute list") +@DynamicProperty(name = "Attribute Name", value = "Attribute Expression Language", description = "Evaluates expression language " + + "as boolean expression, if attribute exist and boolean condition evaluates to true, then it'll be considered " + + "for encryption/decryption") +public class EncryptAttributes extends AbstractProcessor { --- End diff -- The class name should be `EncryptAttribute` (singular) as per the standard pattern. > Create EncryptAttribute processor > --------------------------------- > > Key: NIFI-2961 > URL: https://issues.apache.org/jira/browse/NIFI-2961 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions > Affects Versions: 1.0.0 > Reporter: Andy LoPresto > Labels: attributes, encryption, security > > Similar to {{EncryptContent}}, the {{EncryptAttribute}} processor would allow > individual (and multiple) flowfile attributes to be encrypted (either > in-place or to a new attribute key) with various encryption algorithms (AES, > RSA, PBE, and PGP). > Specific compatibility with the {{OpenSSL EVP_BytesToKey}}, {{PBKDF2}}, > {{scrypt}}, and {{bcrypt}} key derivation functions should be included. > The processor should provide the boolean option to encrypt or decrypt (only > one operation per instance of the processor). The processor should also allow > Base64 encoding (aka ASCII armor) for the encrypted attributes to prevent > byte escaping/data loss. > If [dangerous processor > annotations|https://cwiki.apache.org/confluence/display/NIFI/Security+Feature+Roadmap] > are introduced, this processor should be marked as such and the > corresponding attribute protection (i.e. provenance before/after, etc.) > should be applied. > Originally requested in this [Stack Overflow > question|https://stackoverflow.com/questions/40294945/nifi-encrypt-json]. -- This message was sent by Atlassian JIRA (v6.3.4#6332)