Skip to content

Commit

Permalink
Update opensaml dependency (elastic#44972)
Browse files Browse the repository at this point in the history
Add a mirror of the maven repository of the shibboleth project 
and upgrade opensaml and related dependencies to the latest
version available version

Resolves: elastic#44947
  • Loading branch information
jkakavas authored Nov 23, 2019
1 parent 642390c commit df760fe
Show file tree
Hide file tree
Showing 40 changed files with 58 additions and 46 deletions.
1 change: 0 additions & 1 deletion buildSrc/version.properties
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ joda = 2.10.4
# - distribution/tools/plugin-cli
# - x-pack/plugin/security
bouncycastle = 1.61

# test dependencies
randomizedrunner = 2.7.1
junit = 4.12
Expand Down
16 changes: 16 additions & 0 deletions x-pack/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,22 @@ import org.elasticsearch.gradle.precommit.LicenseHeadersTask
Project xpackRootProject = project

subprojects {

// We define a specific repository for opensaml since the shibboleth project doesn't publish to maven central and the
// artifacts that are located there are not curated/updated by the project
// see: https://wiki.shibboleth.net/confluence/display/DEV/Use+of+Maven+Central
repositories {
maven {
name "opensaml"
url "https://artifactory.elstc.co/artifactory/shibboleth-releases/"
content {
includeGroup "org.opensaml"
includeGroup "net.shibboleth.utilities"
includeGroup "net.shibboleth"
}
}
}

group = 'org.elasticsearch.plugin'
ext.xpackRootProject = xpackRootProject
ext.xpackProject = { String projectName -> xpackRootProject.project(projectName) }
Expand Down
38 changes: 19 additions & 19 deletions x-pack/plugin/security/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -25,25 +25,25 @@ dependencies {
compile 'com.unboundid:unboundid-ldapsdk:4.0.8'

// the following are all SAML dependencies - might as well download the whole internet
compile "org.opensaml:opensaml-core:3.3.0"
compile "org.opensaml:opensaml-saml-api:3.3.0"
compile "org.opensaml:opensaml-saml-impl:3.3.0"
compile "org.opensaml:opensaml-messaging-api:3.3.0"
compile "org.opensaml:opensaml-messaging-impl:3.3.0"
compile "org.opensaml:opensaml-security-api:3.3.0"
compile "org.opensaml:opensaml-security-impl:3.3.0"
compile "org.opensaml:opensaml-profile-api:3.3.0"
compile "org.opensaml:opensaml-profile-impl:3.3.0"
compile "org.opensaml:opensaml-xmlsec-api:3.3.0"
compile "org.opensaml:opensaml-xmlsec-impl:3.3.0"
compile "org.opensaml:opensaml-soap-api:3.3.0"
compile "org.opensaml:opensaml-soap-impl:3.3.0"
compile "org.opensaml:opensaml-storage-api:3.3.0"
compile "org.opensaml:opensaml-storage-impl:3.3.0"
compile "net.shibboleth.utilities:java-support:7.3.0"
compile "org.apache.santuario:xmlsec:2.0.8"
compile "org.opensaml:opensaml-core:3.4.5"
compile "org.opensaml:opensaml-saml-api:3.4.5"
compile "org.opensaml:opensaml-saml-impl:3.4.5"
compile "org.opensaml:opensaml-messaging-api:3.4.5"
compile "org.opensaml:opensaml-messaging-impl:3.4.5"
compile "org.opensaml:opensaml-security-api:3.4.5"
compile "org.opensaml:opensaml-security-impl:3.4.5"
compile "org.opensaml:opensaml-profile-api:3.4.5"
compile "org.opensaml:opensaml-profile-impl:3.4.5"
compile "org.opensaml:opensaml-xmlsec-api:3.4.5"
compile "org.opensaml:opensaml-xmlsec-impl:3.4.5"
compile "org.opensaml:opensaml-soap-api:3.4.5"
compile "org.opensaml:opensaml-soap-impl:3.4.5"
compile "org.opensaml:opensaml-storage-api:3.4.5"
compile "org.opensaml:opensaml-storage-impl:3.4.5"
compile "net.shibboleth.utilities:java-support:7.5.1"
compile "org.apache.santuario:xmlsec:2.1.4"
compile "io.dropwizard.metrics:metrics-core:3.2.2"
compile ("org.cryptacular:cryptacular:1.2.0") {
compile ("org.cryptacular:cryptacular:1.2.3") {
exclude group: 'org.bouncycastle'
}
compile "org.slf4j:slf4j-api:${versions.slf4j}"
Expand Down Expand Up @@ -343,7 +343,6 @@ thirdPartyAudit {
'org.bouncycastle.crypto.digests.TigerDigest',
'org.bouncycastle.crypto.digests.WhirlpoolDigest',
'org.bouncycastle.crypto.engines.AESEngine',
'org.bouncycastle.crypto.engines.AESFastEngine',
'org.bouncycastle.crypto.engines.BlowfishEngine',
'org.bouncycastle.crypto.engines.CAST5Engine',
'org.bouncycastle.crypto.engines.CAST6Engine',
Expand All @@ -369,6 +368,7 @@ thirdPartyAudit {
'org.bouncycastle.crypto.engines.TwofishEngine',
'org.bouncycastle.crypto.engines.VMPCEngine',
'org.bouncycastle.crypto.engines.XTEAEngine',
'org.bouncycastle.crypto.generators.BCrypt',
'org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator',
'org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator',
'org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator',
Expand Down
1 change: 0 additions & 1 deletion x-pack/plugin/security/licenses/cryptacular-1.2.0.jar.sha1

This file was deleted.

1 change: 1 addition & 0 deletions x-pack/plugin/security/licenses/cryptacular-1.2.3.jar.sha1
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
7b0398d04a68ff7f58657938b3bdc5f2799b4b49

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
c3fecaa141e8f0fff8a14e6800aefa8155c9b3e8

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
0958fae127de9e8b0296e6f089c7451b6d5f0846

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
e3ec93dfbf90c451e9f7fb34a3e33a6ac60edd31

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
beaca9bd69ad861dbb55f1694853a02cb6988ae7

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
bb0a1f97d38342a5715bad628ee24000b08e821e

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
6cb4595c7a988d964f6a2d55dcac754b0c68904e

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
bef43d21b2d878baceae291af4a0ad3449c7d7ec

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ecf4a9552575d38cffd4dc56d95e7564b7dccfc1

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
15cbb232ae6665edc5df5f260e551e69fdb362e5

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
b2bc1aa5b0f400aa50499f3783b10e9f7c216a47

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
c497df002980c6e482ce7b828924bb24f60f99f7

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
30ed8d37259e840df5b3fd8daf7b654129a9190c

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
a984671fd04e50da03f68003d2b062578e63ec86

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
a4b828fe1a9d64953ecdd8a9e00ff31b63ad6ef0

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
a1b10f97deca1e3405f95db5b39697c0d46f5e0d

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
d46cb9854a1ff85bea34ece7077bc32dbc2f10da
1 change: 0 additions & 1 deletion x-pack/plugin/security/licenses/xmlsec-2.0.8.jar.sha1

This file was deleted.

1 change: 1 addition & 0 deletions x-pack/plugin/security/licenses/xmlsec-2.1.4.jar.sha1
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
cb43326f02e3e77526c24269c8b5d3cc3f7f6653
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@ grant {
// needed because of SAML (cf. o.e.x.s.s.RestorableContextClassLoader)
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
// needed during initialization of OpenSAML library where xml security algorithms are registered
// see https://github.com/apache/santuario-java/blob/e79f1fe4192de73a975bc7246aee58ed0703343d/src/main/java/org/apache/xml/security/utils/JavaUtils.java#L205-L220
// and https://git.shibboleth.net/view/?p=java-opensaml.git;a=blob;f=opensaml-xmlsec-impl/src/main/java/org/opensaml/xmlsec/signature/impl/SignatureMarshaller.java;hb=db0eaa64210f0e32d359cd6c57bedd57902bf811#l52
// which uses it in the opensaml-xmlsec-impl
permission java.security.SecurityPermission "org.apache.xml.security.register";

// needed for multiple server implementations used in tests
permission java.net.SocketPermission "*", "accept,connect";
Expand All @@ -31,14 +36,6 @@ grant {
permission java.lang.RuntimePermission "getFileStoreAttributes";
};

grant codeBase "${codebase.xmlsec-2.0.8.jar}" {
// needed during initialization of OpenSAML library where xml security algorithms are registered
// see https://github.com/apache/santuario-java/blob/e79f1fe4192de73a975bc7246aee58ed0703343d/src/main/java/org/apache/xml/security/utils/JavaUtils.java#L205-L220
// and https://git.shibboleth.net/view/?p=java-opensaml.git;a=blob;f=opensaml-xmlsec-impl/src/main/java/org/opensaml/xmlsec/signature/impl/SignatureMarshaller.java;hb=db0eaa64210f0e32d359cd6c57bedd57902bf811#l52
// which uses it in the opensaml-xmlsec-impl
permission java.security.SecurityPermission "org.apache.xml.security.register";
};

grant codeBase "${codebase.netty-common}" {
// for reading the system-wide configuration for the backlog of established sockets
permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read";
Expand Down

0 comments on commit df760fe

Please sign in to comment.