Update opensaml dependency (#44972)

Add a mirror of the maven repository of the shibboleth project 
and upgrade opensaml and related dependencies to the latest
version available version

Resolves: #44947

buildSrc/version.properties

@@ -29,7 +29,6 @@ joda              = 2.10.4
 #  - distribution/tools/plugin-cli
 #  - x-pack/plugin/security
 bouncycastle      = 1.61
-
 # test dependencies
 randomizedrunner  = 2.7.1
 junit             = 4.12

x-pack/build.gradle

@@ -4,6 +4,22 @@ import org.elasticsearch.gradle.precommit.LicenseHeadersTask
 Project xpackRootProject = project
 
 subprojects {
+
+  // We define a specific repository for opensaml since the shibboleth project doesn't publish to maven central and the
+  // artifacts that are located there are not curated/updated by the project
+  // see: https://wiki.shibboleth.net/confluence/display/DEV/Use+of+Maven+Central
+  repositories {
+    maven {
+      name "opensaml"
+      url "https://artifactory.elstc.co/artifactory/shibboleth-releases/"
+      content {
+        includeGroup "org.opensaml"
+        includeGroup "net.shibboleth.utilities"
+        includeGroup "net.shibboleth"
+      }
+    }
+  }
+
   group = 'org.elasticsearch.plugin'
   ext.xpackRootProject = xpackRootProject
   ext.xpackProject = { String projectName -> xpackRootProject.project(projectName) }

x-pack/plugin/security/build.gradle

@@ -25,25 +25,25 @@ dependencies {
     compile 'com.unboundid:unboundid-ldapsdk:4.0.8'
 
     // the following are all SAML dependencies - might as well download the whole internet
-    compile "org.opensaml:opensaml-core:3.3.0"
-    compile "org.opensaml:opensaml-saml-api:3.3.0"
-    compile "org.opensaml:opensaml-saml-impl:3.3.0"
-    compile "org.opensaml:opensaml-messaging-api:3.3.0"
-    compile "org.opensaml:opensaml-messaging-impl:3.3.0"
-    compile "org.opensaml:opensaml-security-api:3.3.0"
-    compile "org.opensaml:opensaml-security-impl:3.3.0"
-    compile "org.opensaml:opensaml-profile-api:3.3.0"
-    compile "org.opensaml:opensaml-profile-impl:3.3.0"
-    compile "org.opensaml:opensaml-xmlsec-api:3.3.0"
-    compile "org.opensaml:opensaml-xmlsec-impl:3.3.0"
-    compile "org.opensaml:opensaml-soap-api:3.3.0"
-    compile "org.opensaml:opensaml-soap-impl:3.3.0"
-    compile "org.opensaml:opensaml-storage-api:3.3.0"
-    compile "org.opensaml:opensaml-storage-impl:3.3.0"
-    compile "net.shibboleth.utilities:java-support:7.3.0"
-    compile "org.apache.santuario:xmlsec:2.0.8"
+    compile "org.opensaml:opensaml-core:3.4.5"
+    compile "org.opensaml:opensaml-saml-api:3.4.5"
+    compile "org.opensaml:opensaml-saml-impl:3.4.5"
+    compile "org.opensaml:opensaml-messaging-api:3.4.5"
+    compile "org.opensaml:opensaml-messaging-impl:3.4.5"
+    compile "org.opensaml:opensaml-security-api:3.4.5"
+    compile "org.opensaml:opensaml-security-impl:3.4.5"
+    compile "org.opensaml:opensaml-profile-api:3.4.5"
+    compile "org.opensaml:opensaml-profile-impl:3.4.5"
+    compile "org.opensaml:opensaml-xmlsec-api:3.4.5"
+    compile "org.opensaml:opensaml-xmlsec-impl:3.4.5"
+    compile "org.opensaml:opensaml-soap-api:3.4.5"
+    compile "org.opensaml:opensaml-soap-impl:3.4.5"
+    compile "org.opensaml:opensaml-storage-api:3.4.5"
+    compile "org.opensaml:opensaml-storage-impl:3.4.5"
+    compile "net.shibboleth.utilities:java-support:7.5.1"
+    compile "org.apache.santuario:xmlsec:2.1.4"
     compile "io.dropwizard.metrics:metrics-core:3.2.2"
-    compile ("org.cryptacular:cryptacular:1.2.0") {
+    compile ("org.cryptacular:cryptacular:1.2.3") {
         exclude group: 'org.bouncycastle'
     }
     compile "org.slf4j:slf4j-api:${versions.slf4j}"
@@ -343,7 +343,6 @@ thirdPartyAudit {
         'org.bouncycastle.crypto.digests.TigerDigest',
         'org.bouncycastle.crypto.digests.WhirlpoolDigest',
         'org.bouncycastle.crypto.engines.AESEngine',
-        'org.bouncycastle.crypto.engines.AESFastEngine',
         'org.bouncycastle.crypto.engines.BlowfishEngine',
         'org.bouncycastle.crypto.engines.CAST5Engine',
         'org.bouncycastle.crypto.engines.CAST6Engine',
@@ -369,6 +368,7 @@ thirdPartyAudit {
         'org.bouncycastle.crypto.engines.TwofishEngine',
         'org.bouncycastle.crypto.engines.VMPCEngine',
         'org.bouncycastle.crypto.engines.XTEAEngine',
+        'org.bouncycastle.crypto.generators.BCrypt',
         'org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator',
         'org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator',
         'org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator',

x-pack/plugin/security/licenses/cryptacular-1.2.0.jar.sha1

@@ -1 +0,0 @@
-94f6cb97d7f7487a183f283ae80c6e61c86156e3

x-pack/plugin/security/licenses/cryptacular-1.2.3.jar.sha1

@@ -0,0 +1 @@
+7b0398d04a68ff7f58657938b3bdc5f2799b4b49

x-pack/plugin/security/licenses/java-support-7.3.0.jar.sha1

@@ -1 +0,0 @@
-288ecc17f2025ad14f768163d42808987d5ffcd6

x-pack/plugin/security/licenses/java-support-7.5.1.jar.sha1

@@ -0,0 +1 @@
+c3fecaa141e8f0fff8a14e6800aefa8155c9b3e8

x-pack/plugin/security/licenses/opensaml-core-3.3.0.jar.sha1

@@ -1 +0,0 @@
-6fac68342891abec3c22d53e14c706ba3e58918b

x-pack/plugin/security/licenses/opensaml-core-3.4.5.jar.sha1

@@ -0,0 +1 @@
+0958fae127de9e8b0296e6f089c7451b6d5f0846

x-pack/plugin/security/licenses/opensaml-messaging-api-3.3.0.jar.sha1

@@ -1 +0,0 @@
-5da0ff5d28546b3af8cc1487b4717fdeb675b8c4

x-pack/plugin/security/licenses/opensaml-messaging-api-3.4.5.jar.sha1

@@ -0,0 +1 @@
+e3ec93dfbf90c451e9f7fb34a3e33a6ac60edd31

x-pack/plugin/security/licenses/opensaml-messaging-impl-3.3.0.jar.sha1

@@ -1 +0,0 @@
-38b21389971105f32099d04c6f63b4af505364ca

x-pack/plugin/security/licenses/opensaml-messaging-impl-3.4.5.jar.sha1

@@ -0,0 +1 @@
+beaca9bd69ad861dbb55f1694853a02cb6988ae7

x-pack/plugin/security/licenses/opensaml-profile-api-3.3.0.jar.sha1

@@ -1 +0,0 @@
-e4c72301b98cf4967c49c450de7da2dbc1f6b8d0

x-pack/plugin/security/licenses/opensaml-profile-api-3.4.5.jar.sha1

@@ -0,0 +1 @@
+bb0a1f97d38342a5715bad628ee24000b08e821e

x-pack/plugin/security/licenses/opensaml-profile-impl-3.3.0.jar.sha1

@@ -1 +0,0 @@
-25c28fb4ab027fcaacaa268902cffc4451ac840c

x-pack/plugin/security/licenses/opensaml-profile-impl-3.4.5.jar.sha1

@@ -0,0 +1 @@
+6cb4595c7a988d964f6a2d55dcac754b0c68904e

x-pack/plugin/security/licenses/opensaml-saml-api-3.3.0.jar.sha1

@@ -1 +0,0 @@
-c9611395e073206e59816b0b5ce5166450e8101e

x-pack/plugin/security/licenses/opensaml-saml-api-3.4.5.jar.sha1

@@ -0,0 +1 @@
+bef43d21b2d878baceae291af4a0ad3449c7d7ec

x-pack/plugin/security/licenses/opensaml-saml-impl-3.3.0.jar.sha1

@@ -1 +0,0 @@
-391ac88f96a9f8f522d693c168d4c65fad20535d

x-pack/plugin/security/licenses/opensaml-saml-impl-3.4.5.jar.sha1

@@ -0,0 +1 @@
+ecf4a9552575d38cffd4dc56d95e7564b7dccfc1

x-pack/plugin/security/licenses/opensaml-security-api-3.3.0.jar.sha1

@@ -1 +0,0 @@
-89477899f0836040e9a584b451895a61d923bf96

x-pack/plugin/security/licenses/opensaml-security-api-3.4.5.jar.sha1

@@ -0,0 +1 @@
+15cbb232ae6665edc5df5f260e551e69fdb362e5

x-pack/plugin/security/licenses/opensaml-security-impl-3.3.0.jar.sha1

@@ -1 +0,0 @@
-48cf37a5080ee406aef21a49045f5e1d15ea46e6

x-pack/plugin/security/licenses/opensaml-security-impl-3.4.5.jar.sha1

@@ -0,0 +1 @@
+b2bc1aa5b0f400aa50499f3783b10e9f7c216a47

x-pack/plugin/security/licenses/opensaml-soap-api-3.3.0.jar.sha1

@@ -1 +0,0 @@
-4e900056cd80c1f0bd72497c26a48664089e04a8

x-pack/plugin/security/licenses/opensaml-soap-api-3.4.5.jar.sha1

@@ -0,0 +1 @@
+c497df002980c6e482ce7b828924bb24f60f99f7

x-pack/plugin/security/licenses/opensaml-soap-impl-3.3.0.jar.sha1

@@ -1 +0,0 @@
-ea912fe660d11ad443775974e3208f0563edcebd

x-pack/plugin/security/licenses/opensaml-soap-impl-3.4.5.jar.sha1

@@ -0,0 +1 @@
+30ed8d37259e840df5b3fd8daf7b654129a9190c

x-pack/plugin/security/licenses/opensaml-storage-api-3.3.0.jar.sha1

@@ -1 +0,0 @@
-7492688b067dca0568554ec4c7abf9f0b5e1f682

x-pack/plugin/security/licenses/opensaml-storage-api-3.4.5.jar.sha1

@@ -0,0 +1 @@
+a984671fd04e50da03f68003d2b062578e63ec86

x-pack/plugin/security/licenses/opensaml-storage-impl-3.3.0.jar.sha1

@@ -1 +0,0 @@
-1244ecd4e8eccf74eb178906b0e9cac8a62bcbf7

x-pack/plugin/security/licenses/opensaml-storage-impl-3.4.5.jar.sha1

@@ -0,0 +1 @@
+a4b828fe1a9d64953ecdd8a9e00ff31b63ad6ef0

x-pack/plugin/security/licenses/opensaml-xmlsec-api-3.3.0.jar.sha1

@@ -1 +0,0 @@
-e824f1e3ec14080412a4ab4b0807a13933d9be80

x-pack/plugin/security/licenses/opensaml-xmlsec-api-3.4.5.jar.sha1

@@ -0,0 +1 @@
+a1b10f97deca1e3405f95db5b39697c0d46f5e0d

x-pack/plugin/security/licenses/opensaml-xmlsec-impl-3.3.0.jar.sha1

@@ -1 +0,0 @@
-569ae8fc7c84817c5324e9f9b7958adf700a94c1

x-pack/plugin/security/licenses/opensaml-xmlsec-impl-3.4.5.jar.sha1

@@ -0,0 +1 @@
+d46cb9854a1ff85bea34ece7077bc32dbc2f10da

x-pack/plugin/security/licenses/xmlsec-2.0.8.jar.sha1

@@ -1 +0,0 @@
-f5995bd4cd75816568c3b26d2552d957316ba8dc

x-pack/plugin/security/licenses/xmlsec-2.1.4.jar.sha1

@@ -0,0 +1 @@
+cb43326f02e3e77526c24269c8b5d3cc3f7f6653

x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy

@@ -7,6 +7,11 @@ grant {
   // needed because of SAML (cf. o.e.x.s.s.RestorableContextClassLoader)
   permission java.lang.RuntimePermission "getClassLoader";
   permission java.lang.RuntimePermission "setContextClassLoader";
+  // needed during initialization of OpenSAML library where xml security algorithms are registered
+  // see https://github.com/apache/santuario-java/blob/e79f1fe4192de73a975bc7246aee58ed0703343d/src/main/java/org/apache/xml/security/utils/JavaUtils.java#L205-L220
+  // and https://git.shibboleth.net/view/?p=java-opensaml.git;a=blob;f=opensaml-xmlsec-impl/src/main/java/org/opensaml/xmlsec/signature/impl/SignatureMarshaller.java;hb=db0eaa64210f0e32d359cd6c57bedd57902bf811#l52
+  // which uses it in the opensaml-xmlsec-impl
+  permission java.security.SecurityPermission "org.apache.xml.security.register";
 
   // needed for multiple server implementations used in tests
   permission java.net.SocketPermission "*", "accept,connect";
@@ -31,14 +36,6 @@ grant {
   permission java.lang.RuntimePermission "getFileStoreAttributes";
 };
 
-grant codeBase "${codebase.xmlsec-2.0.8.jar}" {
-  // needed during initialization of OpenSAML library where xml security algorithms are registered
-  // see https://github.com/apache/santuario-java/blob/e79f1fe4192de73a975bc7246aee58ed0703343d/src/main/java/org/apache/xml/security/utils/JavaUtils.java#L205-L220
-  // and https://git.shibboleth.net/view/?p=java-opensaml.git;a=blob;f=opensaml-xmlsec-impl/src/main/java/org/opensaml/xmlsec/signature/impl/SignatureMarshaller.java;hb=db0eaa64210f0e32d359cd6c57bedd57902bf811#l52
-  // which uses it in the opensaml-xmlsec-impl
-  permission java.security.SecurityPermission "org.apache.xml.security.register";
-};
-
 grant codeBase "${codebase.netty-common}" {
    // for reading the system-wide configuration for the backlog of established sockets
    permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read";