From df760fe2f9f1d888830170df2e7f610d46a4e20f Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Sat, 23 Nov 2019 17:53:51 +0200 Subject: [PATCH] Update opensaml dependency (#44972) Add a mirror of the maven repository of the shibboleth project and upgrade opensaml and related dependencies to the latest version available version Resolves: #44947 --- buildSrc/version.properties | 1 - x-pack/build.gradle | 16 ++++++++ x-pack/plugin/security/build.gradle | 38 +++++++++---------- .../licenses/cryptacular-1.2.0.jar.sha1 | 1 - .../licenses/cryptacular-1.2.3.jar.sha1 | 1 + .../licenses/java-support-7.3.0.jar.sha1 | 1 - .../licenses/java-support-7.5.1.jar.sha1 | 1 + .../licenses/opensaml-core-3.3.0.jar.sha1 | 1 - .../licenses/opensaml-core-3.4.5.jar.sha1 | 1 + .../opensaml-messaging-api-3.3.0.jar.sha1 | 1 - .../opensaml-messaging-api-3.4.5.jar.sha1 | 1 + .../opensaml-messaging-impl-3.3.0.jar.sha1 | 1 - .../opensaml-messaging-impl-3.4.5.jar.sha1 | 1 + .../opensaml-profile-api-3.3.0.jar.sha1 | 1 - .../opensaml-profile-api-3.4.5.jar.sha1 | 1 + .../opensaml-profile-impl-3.3.0.jar.sha1 | 1 - .../opensaml-profile-impl-3.4.5.jar.sha1 | 1 + .../licenses/opensaml-saml-api-3.3.0.jar.sha1 | 1 - .../licenses/opensaml-saml-api-3.4.5.jar.sha1 | 1 + .../opensaml-saml-impl-3.3.0.jar.sha1 | 1 - .../opensaml-saml-impl-3.4.5.jar.sha1 | 1 + .../opensaml-security-api-3.3.0.jar.sha1 | 1 - .../opensaml-security-api-3.4.5.jar.sha1 | 1 + .../opensaml-security-impl-3.3.0.jar.sha1 | 1 - .../opensaml-security-impl-3.4.5.jar.sha1 | 1 + .../licenses/opensaml-soap-api-3.3.0.jar.sha1 | 1 - .../licenses/opensaml-soap-api-3.4.5.jar.sha1 | 1 + .../opensaml-soap-impl-3.3.0.jar.sha1 | 1 - .../opensaml-soap-impl-3.4.5.jar.sha1 | 1 + .../opensaml-storage-api-3.3.0.jar.sha1 | 1 - .../opensaml-storage-api-3.4.5.jar.sha1 | 1 + .../opensaml-storage-impl-3.3.0.jar.sha1 | 1 - .../opensaml-storage-impl-3.4.5.jar.sha1 | 1 + .../opensaml-xmlsec-api-3.3.0.jar.sha1 | 1 - .../opensaml-xmlsec-api-3.4.5.jar.sha1 | 1 + .../opensaml-xmlsec-impl-3.3.0.jar.sha1 | 1 - .../opensaml-xmlsec-impl-3.4.5.jar.sha1 | 1 + .../security/licenses/xmlsec-2.0.8.jar.sha1 | 1 - .../security/licenses/xmlsec-2.1.4.jar.sha1 | 1 + .../plugin-metadata/plugin-security.policy | 13 +++---- 40 files changed, 58 insertions(+), 46 deletions(-) delete mode 100644 x-pack/plugin/security/licenses/cryptacular-1.2.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/cryptacular-1.2.3.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/java-support-7.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/java-support-7.5.1.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/opensaml-core-3.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/opensaml-core-3.4.5.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/opensaml-messaging-api-3.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/opensaml-messaging-api-3.4.5.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/opensaml-messaging-impl-3.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/opensaml-messaging-impl-3.4.5.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/opensaml-profile-api-3.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/opensaml-profile-api-3.4.5.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/opensaml-profile-impl-3.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/opensaml-profile-impl-3.4.5.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/opensaml-saml-api-3.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/opensaml-saml-api-3.4.5.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/opensaml-saml-impl-3.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/opensaml-saml-impl-3.4.5.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/opensaml-security-api-3.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/opensaml-security-api-3.4.5.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/opensaml-security-impl-3.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/opensaml-security-impl-3.4.5.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/opensaml-soap-api-3.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/opensaml-soap-api-3.4.5.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/opensaml-soap-impl-3.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/opensaml-soap-impl-3.4.5.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/opensaml-storage-api-3.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/opensaml-storage-api-3.4.5.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/opensaml-storage-impl-3.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/opensaml-storage-impl-3.4.5.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/opensaml-xmlsec-api-3.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/opensaml-xmlsec-api-3.4.5.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/opensaml-xmlsec-impl-3.3.0.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/opensaml-xmlsec-impl-3.4.5.jar.sha1 delete mode 100644 x-pack/plugin/security/licenses/xmlsec-2.0.8.jar.sha1 create mode 100644 x-pack/plugin/security/licenses/xmlsec-2.1.4.jar.sha1 diff --git a/buildSrc/version.properties b/buildSrc/version.properties index fea203a435ea9..81e2e2c19cdda 100644 --- a/buildSrc/version.properties +++ b/buildSrc/version.properties @@ -29,7 +29,6 @@ joda = 2.10.4 # - distribution/tools/plugin-cli # - x-pack/plugin/security bouncycastle = 1.61 - # test dependencies randomizedrunner = 2.7.1 junit = 4.12 diff --git a/x-pack/build.gradle b/x-pack/build.gradle index 5ff129dee9824..8375034f30942 100644 --- a/x-pack/build.gradle +++ b/x-pack/build.gradle @@ -4,6 +4,22 @@ import org.elasticsearch.gradle.precommit.LicenseHeadersTask Project xpackRootProject = project subprojects { + + // We define a specific repository for opensaml since the shibboleth project doesn't publish to maven central and the + // artifacts that are located there are not curated/updated by the project + // see: https://wiki.shibboleth.net/confluence/display/DEV/Use+of+Maven+Central + repositories { + maven { + name "opensaml" + url "https://artifactory.elstc.co/artifactory/shibboleth-releases/" + content { + includeGroup "org.opensaml" + includeGroup "net.shibboleth.utilities" + includeGroup "net.shibboleth" + } + } + } + group = 'org.elasticsearch.plugin' ext.xpackRootProject = xpackRootProject ext.xpackProject = { String projectName -> xpackRootProject.project(projectName) } diff --git a/x-pack/plugin/security/build.gradle b/x-pack/plugin/security/build.gradle index 517f45ba97840..c474ab8300210 100644 --- a/x-pack/plugin/security/build.gradle +++ b/x-pack/plugin/security/build.gradle @@ -25,25 +25,25 @@ dependencies { compile 'com.unboundid:unboundid-ldapsdk:4.0.8' // the following are all SAML dependencies - might as well download the whole internet - compile "org.opensaml:opensaml-core:3.3.0" - compile "org.opensaml:opensaml-saml-api:3.3.0" - compile "org.opensaml:opensaml-saml-impl:3.3.0" - compile "org.opensaml:opensaml-messaging-api:3.3.0" - compile "org.opensaml:opensaml-messaging-impl:3.3.0" - compile "org.opensaml:opensaml-security-api:3.3.0" - compile "org.opensaml:opensaml-security-impl:3.3.0" - compile "org.opensaml:opensaml-profile-api:3.3.0" - compile "org.opensaml:opensaml-profile-impl:3.3.0" - compile "org.opensaml:opensaml-xmlsec-api:3.3.0" - compile "org.opensaml:opensaml-xmlsec-impl:3.3.0" - compile "org.opensaml:opensaml-soap-api:3.3.0" - compile "org.opensaml:opensaml-soap-impl:3.3.0" - compile "org.opensaml:opensaml-storage-api:3.3.0" - compile "org.opensaml:opensaml-storage-impl:3.3.0" - compile "net.shibboleth.utilities:java-support:7.3.0" - compile "org.apache.santuario:xmlsec:2.0.8" + compile "org.opensaml:opensaml-core:3.4.5" + compile "org.opensaml:opensaml-saml-api:3.4.5" + compile "org.opensaml:opensaml-saml-impl:3.4.5" + compile "org.opensaml:opensaml-messaging-api:3.4.5" + compile "org.opensaml:opensaml-messaging-impl:3.4.5" + compile "org.opensaml:opensaml-security-api:3.4.5" + compile "org.opensaml:opensaml-security-impl:3.4.5" + compile "org.opensaml:opensaml-profile-api:3.4.5" + compile "org.opensaml:opensaml-profile-impl:3.4.5" + compile "org.opensaml:opensaml-xmlsec-api:3.4.5" + compile "org.opensaml:opensaml-xmlsec-impl:3.4.5" + compile "org.opensaml:opensaml-soap-api:3.4.5" + compile "org.opensaml:opensaml-soap-impl:3.4.5" + compile "org.opensaml:opensaml-storage-api:3.4.5" + compile "org.opensaml:opensaml-storage-impl:3.4.5" + compile "net.shibboleth.utilities:java-support:7.5.1" + compile "org.apache.santuario:xmlsec:2.1.4" compile "io.dropwizard.metrics:metrics-core:3.2.2" - compile ("org.cryptacular:cryptacular:1.2.0") { + compile ("org.cryptacular:cryptacular:1.2.3") { exclude group: 'org.bouncycastle' } compile "org.slf4j:slf4j-api:${versions.slf4j}" @@ -343,7 +343,6 @@ thirdPartyAudit { 'org.bouncycastle.crypto.digests.TigerDigest', 'org.bouncycastle.crypto.digests.WhirlpoolDigest', 'org.bouncycastle.crypto.engines.AESEngine', - 'org.bouncycastle.crypto.engines.AESFastEngine', 'org.bouncycastle.crypto.engines.BlowfishEngine', 'org.bouncycastle.crypto.engines.CAST5Engine', 'org.bouncycastle.crypto.engines.CAST6Engine', @@ -369,6 +368,7 @@ thirdPartyAudit { 'org.bouncycastle.crypto.engines.TwofishEngine', 'org.bouncycastle.crypto.engines.VMPCEngine', 'org.bouncycastle.crypto.engines.XTEAEngine', + 'org.bouncycastle.crypto.generators.BCrypt', 'org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator', 'org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator', 'org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator', diff --git a/x-pack/plugin/security/licenses/cryptacular-1.2.0.jar.sha1 b/x-pack/plugin/security/licenses/cryptacular-1.2.0.jar.sha1 deleted file mode 100644 index 8c42f79047e06..0000000000000 --- a/x-pack/plugin/security/licenses/cryptacular-1.2.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -94f6cb97d7f7487a183f283ae80c6e61c86156e3 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/cryptacular-1.2.3.jar.sha1 b/x-pack/plugin/security/licenses/cryptacular-1.2.3.jar.sha1 new file mode 100644 index 0000000000000..9b5ebbac8b66f --- /dev/null +++ b/x-pack/plugin/security/licenses/cryptacular-1.2.3.jar.sha1 @@ -0,0 +1 @@ +7b0398d04a68ff7f58657938b3bdc5f2799b4b49 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/java-support-7.3.0.jar.sha1 b/x-pack/plugin/security/licenses/java-support-7.3.0.jar.sha1 deleted file mode 100644 index edc1658c49607..0000000000000 --- a/x-pack/plugin/security/licenses/java-support-7.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -288ecc17f2025ad14f768163d42808987d5ffcd6 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/java-support-7.5.1.jar.sha1 b/x-pack/plugin/security/licenses/java-support-7.5.1.jar.sha1 new file mode 100644 index 0000000000000..2d138de40005a --- /dev/null +++ b/x-pack/plugin/security/licenses/java-support-7.5.1.jar.sha1 @@ -0,0 +1 @@ +c3fecaa141e8f0fff8a14e6800aefa8155c9b3e8 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-core-3.3.0.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-core-3.3.0.jar.sha1 deleted file mode 100644 index 52e48aecf6c4b..0000000000000 --- a/x-pack/plugin/security/licenses/opensaml-core-3.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -6fac68342891abec3c22d53e14c706ba3e58918b \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-core-3.4.5.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-core-3.4.5.jar.sha1 new file mode 100644 index 0000000000000..be9ed5be9296b --- /dev/null +++ b/x-pack/plugin/security/licenses/opensaml-core-3.4.5.jar.sha1 @@ -0,0 +1 @@ +0958fae127de9e8b0296e6f089c7451b6d5f0846 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-messaging-api-3.3.0.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-messaging-api-3.3.0.jar.sha1 deleted file mode 100644 index 64af335f0d3ca..0000000000000 --- a/x-pack/plugin/security/licenses/opensaml-messaging-api-3.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -5da0ff5d28546b3af8cc1487b4717fdeb675b8c4 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-messaging-api-3.4.5.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-messaging-api-3.4.5.jar.sha1 new file mode 100644 index 0000000000000..c370c3bd6369c --- /dev/null +++ b/x-pack/plugin/security/licenses/opensaml-messaging-api-3.4.5.jar.sha1 @@ -0,0 +1 @@ +e3ec93dfbf90c451e9f7fb34a3e33a6ac60edd31 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-messaging-impl-3.3.0.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-messaging-impl-3.3.0.jar.sha1 deleted file mode 100644 index 7f65533789acf..0000000000000 --- a/x-pack/plugin/security/licenses/opensaml-messaging-impl-3.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -38b21389971105f32099d04c6f63b4af505364ca \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-messaging-impl-3.4.5.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-messaging-impl-3.4.5.jar.sha1 new file mode 100644 index 0000000000000..9131bc2ac23c1 --- /dev/null +++ b/x-pack/plugin/security/licenses/opensaml-messaging-impl-3.4.5.jar.sha1 @@ -0,0 +1 @@ +beaca9bd69ad861dbb55f1694853a02cb6988ae7 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-profile-api-3.3.0.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-profile-api-3.3.0.jar.sha1 deleted file mode 100644 index e9ad1a88ba192..0000000000000 --- a/x-pack/plugin/security/licenses/opensaml-profile-api-3.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -e4c72301b98cf4967c49c450de7da2dbc1f6b8d0 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-profile-api-3.4.5.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-profile-api-3.4.5.jar.sha1 new file mode 100644 index 0000000000000..409c3b9b6db30 --- /dev/null +++ b/x-pack/plugin/security/licenses/opensaml-profile-api-3.4.5.jar.sha1 @@ -0,0 +1 @@ +bb0a1f97d38342a5715bad628ee24000b08e821e \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-profile-impl-3.3.0.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-profile-impl-3.3.0.jar.sha1 deleted file mode 100644 index eb5ba5d3e1da1..0000000000000 --- a/x-pack/plugin/security/licenses/opensaml-profile-impl-3.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -25c28fb4ab027fcaacaa268902cffc4451ac840c \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-profile-impl-3.4.5.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-profile-impl-3.4.5.jar.sha1 new file mode 100644 index 0000000000000..38ce75e4c2da3 --- /dev/null +++ b/x-pack/plugin/security/licenses/opensaml-profile-impl-3.4.5.jar.sha1 @@ -0,0 +1 @@ +6cb4595c7a988d964f6a2d55dcac754b0c68904e \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-saml-api-3.3.0.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-saml-api-3.3.0.jar.sha1 deleted file mode 100644 index 76a2bfe45b20e..0000000000000 --- a/x-pack/plugin/security/licenses/opensaml-saml-api-3.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -c9611395e073206e59816b0b5ce5166450e8101e \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-saml-api-3.4.5.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-saml-api-3.4.5.jar.sha1 new file mode 100644 index 0000000000000..d575629f16277 --- /dev/null +++ b/x-pack/plugin/security/licenses/opensaml-saml-api-3.4.5.jar.sha1 @@ -0,0 +1 @@ +bef43d21b2d878baceae291af4a0ad3449c7d7ec \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-saml-impl-3.3.0.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-saml-impl-3.3.0.jar.sha1 deleted file mode 100644 index 8fb734014758e..0000000000000 --- a/x-pack/plugin/security/licenses/opensaml-saml-impl-3.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -391ac88f96a9f8f522d693c168d4c65fad20535d \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-saml-impl-3.4.5.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-saml-impl-3.4.5.jar.sha1 new file mode 100644 index 0000000000000..f52b95e499521 --- /dev/null +++ b/x-pack/plugin/security/licenses/opensaml-saml-impl-3.4.5.jar.sha1 @@ -0,0 +1 @@ +ecf4a9552575d38cffd4dc56d95e7564b7dccfc1 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-security-api-3.3.0.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-security-api-3.3.0.jar.sha1 deleted file mode 100644 index 880f45d51fc73..0000000000000 --- a/x-pack/plugin/security/licenses/opensaml-security-api-3.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -89477899f0836040e9a584b451895a61d923bf96 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-security-api-3.4.5.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-security-api-3.4.5.jar.sha1 new file mode 100644 index 0000000000000..7db3d5ea3558e --- /dev/null +++ b/x-pack/plugin/security/licenses/opensaml-security-api-3.4.5.jar.sha1 @@ -0,0 +1 @@ +15cbb232ae6665edc5df5f260e551e69fdb362e5 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-security-impl-3.3.0.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-security-impl-3.3.0.jar.sha1 deleted file mode 100644 index 1a0ebae336345..0000000000000 --- a/x-pack/plugin/security/licenses/opensaml-security-impl-3.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -48cf37a5080ee406aef21a49045f5e1d15ea46e6 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-security-impl-3.4.5.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-security-impl-3.4.5.jar.sha1 new file mode 100644 index 0000000000000..e5bbed6dae0ba --- /dev/null +++ b/x-pack/plugin/security/licenses/opensaml-security-impl-3.4.5.jar.sha1 @@ -0,0 +1 @@ +b2bc1aa5b0f400aa50499f3783b10e9f7c216a47 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-soap-api-3.3.0.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-soap-api-3.3.0.jar.sha1 deleted file mode 100644 index cf4b5e7092ba4..0000000000000 --- a/x-pack/plugin/security/licenses/opensaml-soap-api-3.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -4e900056cd80c1f0bd72497c26a48664089e04a8 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-soap-api-3.4.5.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-soap-api-3.4.5.jar.sha1 new file mode 100644 index 0000000000000..840170214e9f7 --- /dev/null +++ b/x-pack/plugin/security/licenses/opensaml-soap-api-3.4.5.jar.sha1 @@ -0,0 +1 @@ +c497df002980c6e482ce7b828924bb24f60f99f7 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-soap-impl-3.3.0.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-soap-impl-3.3.0.jar.sha1 deleted file mode 100644 index 4a80173835652..0000000000000 --- a/x-pack/plugin/security/licenses/opensaml-soap-impl-3.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -ea912fe660d11ad443775974e3208f0563edcebd \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-soap-impl-3.4.5.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-soap-impl-3.4.5.jar.sha1 new file mode 100644 index 0000000000000..219b3060af86c --- /dev/null +++ b/x-pack/plugin/security/licenses/opensaml-soap-impl-3.4.5.jar.sha1 @@ -0,0 +1 @@ +30ed8d37259e840df5b3fd8daf7b654129a9190c \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-storage-api-3.3.0.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-storage-api-3.3.0.jar.sha1 deleted file mode 100644 index 42a82939319c5..0000000000000 --- a/x-pack/plugin/security/licenses/opensaml-storage-api-3.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -7492688b067dca0568554ec4c7abf9f0b5e1f682 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-storage-api-3.4.5.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-storage-api-3.4.5.jar.sha1 new file mode 100644 index 0000000000000..2290462e05c65 --- /dev/null +++ b/x-pack/plugin/security/licenses/opensaml-storage-api-3.4.5.jar.sha1 @@ -0,0 +1 @@ +a984671fd04e50da03f68003d2b062578e63ec86 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-storage-impl-3.3.0.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-storage-impl-3.3.0.jar.sha1 deleted file mode 100644 index cc653a0b383a5..0000000000000 --- a/x-pack/plugin/security/licenses/opensaml-storage-impl-3.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -1244ecd4e8eccf74eb178906b0e9cac8a62bcbf7 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-storage-impl-3.4.5.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-storage-impl-3.4.5.jar.sha1 new file mode 100644 index 0000000000000..c511027f9aff4 --- /dev/null +++ b/x-pack/plugin/security/licenses/opensaml-storage-impl-3.4.5.jar.sha1 @@ -0,0 +1 @@ +a4b828fe1a9d64953ecdd8a9e00ff31b63ad6ef0 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-xmlsec-api-3.3.0.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-xmlsec-api-3.3.0.jar.sha1 deleted file mode 100644 index 6c29986c3b90d..0000000000000 --- a/x-pack/plugin/security/licenses/opensaml-xmlsec-api-3.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -e824f1e3ec14080412a4ab4b0807a13933d9be80 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-xmlsec-api-3.4.5.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-xmlsec-api-3.4.5.jar.sha1 new file mode 100644 index 0000000000000..44dea7d989bef --- /dev/null +++ b/x-pack/plugin/security/licenses/opensaml-xmlsec-api-3.4.5.jar.sha1 @@ -0,0 +1 @@ +a1b10f97deca1e3405f95db5b39697c0d46f5e0d \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-xmlsec-impl-3.3.0.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-xmlsec-impl-3.3.0.jar.sha1 deleted file mode 100644 index 2ec1aa75d6e2c..0000000000000 --- a/x-pack/plugin/security/licenses/opensaml-xmlsec-impl-3.3.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -569ae8fc7c84817c5324e9f9b7958adf700a94c1 \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/opensaml-xmlsec-impl-3.4.5.jar.sha1 b/x-pack/plugin/security/licenses/opensaml-xmlsec-impl-3.4.5.jar.sha1 new file mode 100644 index 0000000000000..dcdc61dc2e247 --- /dev/null +++ b/x-pack/plugin/security/licenses/opensaml-xmlsec-impl-3.4.5.jar.sha1 @@ -0,0 +1 @@ +d46cb9854a1ff85bea34ece7077bc32dbc2f10da \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/xmlsec-2.0.8.jar.sha1 b/x-pack/plugin/security/licenses/xmlsec-2.0.8.jar.sha1 deleted file mode 100644 index eea95c3ce5826..0000000000000 --- a/x-pack/plugin/security/licenses/xmlsec-2.0.8.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -f5995bd4cd75816568c3b26d2552d957316ba8dc \ No newline at end of file diff --git a/x-pack/plugin/security/licenses/xmlsec-2.1.4.jar.sha1 b/x-pack/plugin/security/licenses/xmlsec-2.1.4.jar.sha1 new file mode 100644 index 0000000000000..d85a4194f6a59 --- /dev/null +++ b/x-pack/plugin/security/licenses/xmlsec-2.1.4.jar.sha1 @@ -0,0 +1 @@ +cb43326f02e3e77526c24269c8b5d3cc3f7f6653 \ No newline at end of file diff --git a/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy b/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy index df6cf33c65d8e..3ecd08cf3d48d 100644 --- a/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy +++ b/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy @@ -7,6 +7,11 @@ grant { // needed because of SAML (cf. o.e.x.s.s.RestorableContextClassLoader) permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; + // needed during initialization of OpenSAML library where xml security algorithms are registered + // see https://github.com/apache/santuario-java/blob/e79f1fe4192de73a975bc7246aee58ed0703343d/src/main/java/org/apache/xml/security/utils/JavaUtils.java#L205-L220 + // and https://git.shibboleth.net/view/?p=java-opensaml.git;a=blob;f=opensaml-xmlsec-impl/src/main/java/org/opensaml/xmlsec/signature/impl/SignatureMarshaller.java;hb=db0eaa64210f0e32d359cd6c57bedd57902bf811#l52 + // which uses it in the opensaml-xmlsec-impl + permission java.security.SecurityPermission "org.apache.xml.security.register"; // needed for multiple server implementations used in tests permission java.net.SocketPermission "*", "accept,connect"; @@ -31,14 +36,6 @@ grant { permission java.lang.RuntimePermission "getFileStoreAttributes"; }; -grant codeBase "${codebase.xmlsec-2.0.8.jar}" { - // needed during initialization of OpenSAML library where xml security algorithms are registered - // see https://github.com/apache/santuario-java/blob/e79f1fe4192de73a975bc7246aee58ed0703343d/src/main/java/org/apache/xml/security/utils/JavaUtils.java#L205-L220 - // and https://git.shibboleth.net/view/?p=java-opensaml.git;a=blob;f=opensaml-xmlsec-impl/src/main/java/org/opensaml/xmlsec/signature/impl/SignatureMarshaller.java;hb=db0eaa64210f0e32d359cd6c57bedd57902bf811#l52 - // which uses it in the opensaml-xmlsec-impl - permission java.security.SecurityPermission "org.apache.xml.security.register"; -}; - grant codeBase "${codebase.netty-common}" { // for reading the system-wide configuration for the backlog of established sockets permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read";