import org.elasticsearch.gradle.info.BuildParams apply plugin: 'elasticsearch.esplugin' apply plugin: 'elasticsearch.publish' esplugin { name 'x-pack-identity-provider' description 'Elasticsearch Expanded Pack Plugin - Identity Provider' classname 'org.elasticsearch.xpack.idp.IdentityProviderPlugin' extendedPlugins = ['x-pack-core'] } archivesBaseName = 'x-pack-identity-provider' dependencies { compileOnly project(path: xpackModule('core'), configuration: 'default') testImplementation project(path: xpackModule('core'), configuration: 'testArtifacts') // So that we can extend LocalStateCompositeXPackPlugin testImplementation project(path: xpackModule('security'), configuration: 'testArtifacts') // the following are all SAML dependencies - might as well download the whole internet api "org.opensaml:opensaml-core:3.4.5" api "org.opensaml:opensaml-saml-api:3.4.5" api "org.opensaml:opensaml-saml-impl:3.4.5" api "org.opensaml:opensaml-messaging-api:3.4.5" api "org.opensaml:opensaml-messaging-impl:3.4.5" api "org.opensaml:opensaml-security-api:3.4.5" api "org.opensaml:opensaml-security-impl:3.4.5" api "org.opensaml:opensaml-profile-api:3.4.5" api "org.opensaml:opensaml-profile-impl:3.4.5" api "org.opensaml:opensaml-xmlsec-api:3.4.5" api "org.opensaml:opensaml-xmlsec-impl:3.4.5" api "org.opensaml:opensaml-soap-api:3.4.5" api "org.opensaml:opensaml-soap-impl:3.4.5" api "org.opensaml:opensaml-storage-api:3.4.5" api "org.opensaml:opensaml-storage-impl:3.4.5" api "net.shibboleth.utilities:java-support:7.5.1" api "org.apache.santuario:xmlsec:2.1.4" api "io.dropwizard.metrics:metrics-core:3.2.2" api ("org.cryptacular:cryptacular:1.2.4") { exclude group: 'org.bouncycastle' } api "org.slf4j:slf4j-api:${versions.slf4j}" api "org.apache.logging.log4j:log4j-slf4j-impl:${versions.log4j}" api "org.apache.httpcomponents:httpclient:${versions.httpclient}" api "org.apache.httpcomponents:httpcore:${versions.httpcore}" api "org.apache.httpcomponents:httpasyncclient:${versions.httpasyncclient}" api "org.apache.httpcomponents:httpcore-nio:${versions.httpcore}" api "org.apache.httpcomponents:httpclient-cache:${versions.httpclient}" runtimeOnly 'com.google.guava:guava:19.0' testImplementation 'org.elasticsearch:securemock:1.2' testImplementation "org.elasticsearch:mocksocket:${versions.mocksocket}" } compileJava.options.compilerArgs << "-Xlint:-rawtypes,-unchecked" compileTestJava.options.compilerArgs << "-Xlint:-rawtypes,-unchecked" tasks.named("dependencyLicenses").configure { mapping from: /java-support|opensaml-.*/, to: 'shibboleth' mapping from: /http.*/, to: 'httpclient' } forbiddenPatterns { exclude '**/*.key' exclude '**/*.p12' exclude '**/*.der' exclude '**/*.zip' } tasks.named('forbiddenApisMain').configure { signaturesFiles += files('forbidden/xml-signatures.txt') } // classes are missing, e.g. com.ibm.icu.lang.UCharacter thirdPartyAudit { ignoreMissingClasses ( // SAML dependencies // [missing classes] Some cli utilities that we don't use depend on these missing JCommander classes 'com.beust.jcommander.JCommander', 'com.beust.jcommander.converters.BaseConverter', // [missing classes] Shibboleth + OpenSAML have servlet support that we don't use 'javax.servlet.AsyncContext', 'javax.servlet.DispatcherType', 'javax.servlet.Filter', 'javax.servlet.FilterChain', 'javax.servlet.FilterConfig', 'javax.servlet.RequestDispatcher', 'javax.servlet.ServletContext', 'javax.servlet.ServletException', 'javax.servlet.ServletInputStream', 'javax.servlet.ServletOutputStream', 'javax.servlet.ServletRequest', 'javax.servlet.ServletResponse', 'javax.servlet.http.Cookie', 'javax.servlet.http.HttpServletRequest', 'javax.servlet.http.HttpServletResponse', 'javax.servlet.http.HttpServletResponseWrapper', 'javax.servlet.http.HttpSession', 'javax.servlet.http.Part', // [missing classes] Shibboleth + OpenSAML have velocity support that we don't use 'org.apache.velocity.VelocityContext', 'org.apache.velocity.app.VelocityEngine', 'org.apache.velocity.context.Context', 'org.apache.velocity.exception.VelocityException', 'org.apache.velocity.runtime.RuntimeServices', 'org.apache.velocity.runtime.log.LogChute', 'org.apache.velocity.runtime.resource.loader.StringResourceLoader', 'org.apache.velocity.runtime.resource.util.StringResourceRepository', // [missing classes] OpenSAML depends on Apache XML security which depends on Xalan, but only for functionality that OpenSAML doesn't use 'org.apache.xml.dtm.DTM', 'org.apache.xml.utils.PrefixResolver', 'org.apache.xml.utils.PrefixResolverDefault', 'org.apache.xpath.Expression', 'org.apache.xpath.NodeSetDTM', 'org.apache.xpath.XPath', 'org.apache.xpath.XPathContext', 'org.apache.xpath.compiler.FunctionTable', 'org.apache.xpath.functions.Function', 'org.apache.xpath.objects.XNodeSet', 'org.apache.xpath.objects.XObject', // [missing classes] OpenSAML storage has an optional LDAP storage impl 'org.ldaptive.AttributeModification', 'org.ldaptive.AttributeModificationType', 'org.ldaptive.Connection', 'org.ldaptive.DeleteOperation', 'org.ldaptive.DeleteRequest', 'org.ldaptive.LdapAttribute', 'org.ldaptive.LdapEntry', 'org.ldaptive.LdapException', 'org.ldaptive.ModifyOperation', 'org.ldaptive.ModifyRequest', 'org.ldaptive.Response', 'org.ldaptive.ResultCode', 'org.ldaptive.SearchOperation', 'org.ldaptive.SearchRequest', 'org.ldaptive.SearchResult', 'org.ldaptive.ext.MergeOperation', 'org.ldaptive.ext.MergeRequest', 'org.ldaptive.pool.ConnectionPool', 'org.ldaptive.pool.PooledConnectionFactory', // [missing classes] OpenSAML storage has an optional JSON-backed storage impl 'javax.json.Json', 'javax.json.JsonException', 'javax.json.JsonNumber', 'javax.json.JsonObject', 'javax.json.JsonReader', 'javax.json.JsonValue$ValueType', 'javax.json.JsonValue', 'javax.json.stream.JsonGenerator', // [missing classes] OpenSAML storage has an optional JPA storage impl 'javax.persistence.EntityManager', 'javax.persistence.EntityManagerFactory', 'javax.persistence.EntityTransaction', 'javax.persistence.LockModeType', 'javax.persistence.Query', // [missing classes] OpenSAML storage and HttpClient cache have optional memcache support 'net.spy.memcached.CASResponse', 'net.spy.memcached.CASValue', 'net.spy.memcached.MemcachedClient', 'net.spy.memcached.MemcachedClientIF', 'net.spy.memcached.CachedData', 'net.spy.memcached.internal.OperationFuture', 'net.spy.memcached.transcoders.Transcoder', // [missing classes] Http Client cache has optional ehcache support 'net.sf.ehcache.Ehcache', 'net.sf.ehcache.Element', // [missing classes] SLF4j includes an optional class that depends on an extension class (!) 'org.slf4j.ext.EventData', // Bouncycastle is an optional dependency for apache directory, cryptacular and opensaml packages. We // acknowledge them here instead of adding bouncy castle as a compileOnly dependency 'org.bouncycastle.asn1.ASN1Encodable', 'org.bouncycastle.asn1.ASN1InputStream', 'org.bouncycastle.asn1.ASN1Integer', 'org.bouncycastle.asn1.ASN1ObjectIdentifier', 'org.bouncycastle.asn1.ASN1OctetString', 'org.bouncycastle.asn1.ASN1Primitive', 'org.bouncycastle.asn1.ASN1Sequence', 'org.bouncycastle.asn1.ASN1TaggedObject', 'org.bouncycastle.asn1.DEROctetString', 'org.bouncycastle.asn1.DERSequence', 'org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo', 'org.bouncycastle.asn1.pkcs.EncryptionScheme', 'org.bouncycastle.asn1.pkcs.KeyDerivationFunc', 'org.bouncycastle.asn1.pkcs.PBEParameter', 'org.bouncycastle.asn1.pkcs.PBES2Parameters', 'org.bouncycastle.asn1.pkcs.PBKDF2Params', 'org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers', 'org.bouncycastle.asn1.pkcs.PrivateKeyInfo', 'org.bouncycastle.asn1.x500.AttributeTypeAndValue', 'org.bouncycastle.asn1.x500.RDN', 'org.bouncycastle.asn1.x500.X500Name', 'org.bouncycastle.asn1.x509.AccessDescription', 'org.bouncycastle.asn1.x509.AlgorithmIdentifier', 'org.bouncycastle.asn1.x509.AuthorityKeyIdentifier', 'org.bouncycastle.asn1.x509.BasicConstraints', 'org.bouncycastle.asn1.x509.DistributionPoint', 'org.bouncycastle.asn1.x509.Extension', 'org.bouncycastle.asn1.x509.GeneralName', 'org.bouncycastle.asn1.x509.GeneralNames', 'org.bouncycastle.asn1.x509.GeneralNamesBuilder', 'org.bouncycastle.asn1.x509.KeyPurposeId', 'org.bouncycastle.asn1.x509.KeyUsage', 'org.bouncycastle.asn1.x509.PolicyInformation', 'org.bouncycastle.asn1.x509.SubjectKeyIdentifier', 'org.bouncycastle.asn1.x509.SubjectPublicKeyInfo', 'org.bouncycastle.asn1.x9.X9ECParameters', 'org.bouncycastle.cert.X509v3CertificateBuilder', 'org.bouncycastle.cert.jcajce.JcaX509CertificateConverter', 'org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils', 'org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder', 'org.bouncycastle.crypto.BlockCipher', 'org.bouncycastle.crypto.BufferedBlockCipher', 'org.bouncycastle.crypto.CipherParameters', 'org.bouncycastle.crypto.Digest', 'org.bouncycastle.crypto.PBEParametersGenerator', 'org.bouncycastle.crypto.StreamCipher', 'org.bouncycastle.crypto.digests.GOST3411Digest', 'org.bouncycastle.crypto.digests.MD2Digest', 'org.bouncycastle.crypto.digests.MD4Digest', 'org.bouncycastle.crypto.digests.MD5Digest', 'org.bouncycastle.crypto.digests.RIPEMD128Digest', 'org.bouncycastle.crypto.digests.RIPEMD160Digest', 'org.bouncycastle.crypto.digests.RIPEMD256Digest', 'org.bouncycastle.crypto.digests.RIPEMD320Digest', 'org.bouncycastle.crypto.digests.SHA1Digest', 'org.bouncycastle.crypto.digests.SHA224Digest', 'org.bouncycastle.crypto.digests.SHA256Digest', 'org.bouncycastle.crypto.digests.SHA384Digest', 'org.bouncycastle.crypto.digests.SHA3Digest', 'org.bouncycastle.crypto.digests.SHA512Digest', 'org.bouncycastle.crypto.digests.TigerDigest', 'org.bouncycastle.crypto.digests.WhirlpoolDigest', 'org.bouncycastle.crypto.engines.AESEngine', 'org.bouncycastle.crypto.engines.BlowfishEngine', 'org.bouncycastle.crypto.engines.CAST5Engine', 'org.bouncycastle.crypto.engines.CAST6Engine', 'org.bouncycastle.crypto.engines.CamelliaEngine', 'org.bouncycastle.crypto.engines.DESEngine', 'org.bouncycastle.crypto.engines.DESedeEngine', 'org.bouncycastle.crypto.engines.GOST28147Engine', 'org.bouncycastle.crypto.engines.Grain128Engine', 'org.bouncycastle.crypto.engines.HC128Engine', 'org.bouncycastle.crypto.engines.HC256Engine', 'org.bouncycastle.crypto.engines.ISAACEngine', 'org.bouncycastle.crypto.engines.NoekeonEngine', 'org.bouncycastle.crypto.engines.RC2Engine', 'org.bouncycastle.crypto.engines.RC4Engine', 'org.bouncycastle.crypto.engines.RC532Engine', 'org.bouncycastle.crypto.engines.RC564Engine', 'org.bouncycastle.crypto.engines.RC6Engine', 'org.bouncycastle.crypto.engines.SEEDEngine', 'org.bouncycastle.crypto.engines.Salsa20Engine', 'org.bouncycastle.crypto.engines.SerpentEngine', 'org.bouncycastle.crypto.engines.SkipjackEngine', 'org.bouncycastle.crypto.engines.TEAEngine', 'org.bouncycastle.crypto.engines.TwofishEngine', 'org.bouncycastle.crypto.engines.VMPCEngine', 'org.bouncycastle.crypto.engines.XTEAEngine', 'org.bouncycastle.crypto.generators.BCrypt', 'org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator', 'org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator', 'org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator', 'org.bouncycastle.crypto.io.CipherInputStream', 'org.bouncycastle.crypto.io.CipherOutputStream', 'org.bouncycastle.crypto.macs.HMac', 'org.bouncycastle.crypto.modes.AEADBlockCipher', 'org.bouncycastle.crypto.modes.CBCBlockCipher', 'org.bouncycastle.crypto.modes.CCMBlockCipher', 'org.bouncycastle.crypto.modes.CFBBlockCipher', 'org.bouncycastle.crypto.modes.EAXBlockCipher', 'org.bouncycastle.crypto.modes.GCMBlockCipher', 'org.bouncycastle.crypto.modes.OCBBlockCipher', 'org.bouncycastle.crypto.modes.OFBBlockCipher', 'org.bouncycastle.crypto.paddings.BlockCipherPadding', 'org.bouncycastle.crypto.paddings.ISO10126d2Padding', 'org.bouncycastle.crypto.paddings.ISO7816d4Padding', 'org.bouncycastle.crypto.paddings.PKCS7Padding', 'org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher', 'org.bouncycastle.crypto.paddings.TBCPadding', 'org.bouncycastle.crypto.paddings.X923Padding', 'org.bouncycastle.crypto.paddings.ZeroBytePadding', 'org.bouncycastle.crypto.params.AEADParameters', 'org.bouncycastle.crypto.params.AsymmetricKeyParameter', 'org.bouncycastle.crypto.params.DSAKeyParameters', 'org.bouncycastle.crypto.params.DSAParameters', 'org.bouncycastle.crypto.params.DSAPrivateKeyParameters', 'org.bouncycastle.crypto.params.DSAPublicKeyParameters', 'org.bouncycastle.crypto.params.ECDomainParameters', 'org.bouncycastle.crypto.params.ECKeyParameters', 'org.bouncycastle.crypto.params.ECPrivateKeyParameters', 'org.bouncycastle.crypto.params.ECPublicKeyParameters', 'org.bouncycastle.crypto.params.KeyParameter', 'org.bouncycastle.crypto.params.ParametersWithIV', 'org.bouncycastle.crypto.params.RC2Parameters', 'org.bouncycastle.crypto.params.RC5Parameters', 'org.bouncycastle.crypto.params.RSAKeyParameters', 'org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters', 'org.bouncycastle.crypto.prng.EntropySource', 'org.bouncycastle.crypto.prng.SP800SecureRandom', 'org.bouncycastle.crypto.prng.SP800SecureRandomBuilder', 'org.bouncycastle.crypto.prng.drbg.HashSP800DRBG', 'org.bouncycastle.crypto.prng.drbg.SP80090DRBG', 'org.bouncycastle.crypto.signers.DSASigner', 'org.bouncycastle.crypto.signers.ECDSASigner', 'org.bouncycastle.crypto.signers.RSADigestSigner', 'org.bouncycastle.crypto.util.PrivateKeyFactory', 'org.bouncycastle.crypto.util.PrivateKeyInfoFactory', 'org.bouncycastle.crypto.util.PublicKeyFactory', 'org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory', 'org.bouncycastle.jcajce.provider.asymmetric.dsa.KeyPairGeneratorSpi', 'org.bouncycastle.jcajce.provider.asymmetric.ec.KeyPairGeneratorSpi$EC', 'org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyPairGeneratorSpi', 'org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util', 'org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil', 'org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec', 'org.bouncycastle.math.ec.ECFieldElement', 'org.bouncycastle.math.ec.ECPoint', 'org.bouncycastle.openssl.jcajce.JcaPEMWriter', 'org.bouncycastle.operator.jcajce.JcaContentSignerBuilder', 'org.bouncycastle.util.Arrays', 'org.bouncycastle.util.Strings', 'org.bouncycastle.util.io.Streams', 'org.bouncycastle.x509.extension.X509ExtensionUtil' ) ignoreViolations( // Guava uses internal java api: sun.misc.Unsafe 'com.google.common.cache.Striped64', 'com.google.common.cache.Striped64$1', 'com.google.common.cache.Striped64$Cell', 'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator', 'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1', 'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper', 'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1', ) } if (BuildParams.runtimeJavaVersion > JavaVersion.VERSION_1_8) { thirdPartyAudit.ignoreMissingClasses( 'javax.xml.bind.JAXBContext', 'javax.xml.bind.JAXBElement', 'javax.xml.bind.JAXBException', 'javax.xml.bind.Unmarshaller', 'javax.xml.bind.UnmarshallerHandler', ) } test { /* * We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each * other if we allow them to set the number of available processors as it's set-once in Netty. */ systemProperty 'es.set.netty.runtime.available.processors', 'false' } // xpack modules are installed in real clusters as the meta plugin, so // installing them as individual plugins for integ tests doesn't make sense, // so we disable integ tests integTest.enabled = false // add all sub-projects of the qa sub-project gradle.projectsEvaluated { project.subprojects .find { it.path == project.path + ":qa" } .subprojects .findAll { it.path.startsWith(project.path + ":qa") } .each { check.dependsOn it.check } } if (BuildParams.inFipsJvm) { // We don't support the IDP in FIPS-140 mode, so no need to run tests test.enabled = false // We run neither integTests nor unit tests in FIPS-140 mode testingConventions.enabled = false }