mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-06-27 17:10:22 -04:00
63da93d4c3
* Delegated authorization using Microsoft Graph (SDK) --------- Co-authored-by: elasticsearchmachine <infra-root+elasticsearchmachine@elastic.co> Co-authored-by: Johannes Freden Jansson <johannes.freden@elastic.co> Co-authored-by: Johannes Fredén <109296772+jfreden@users.noreply.github.com>
437 lines
20 KiB
Groovy
437 lines
20 KiB
Groovy
apply plugin: 'elasticsearch.internal-es-plugin'
|
|
apply plugin: 'elasticsearch.publish'
|
|
apply plugin: 'elasticsearch.internal-cluster-test'
|
|
apply plugin: 'elasticsearch.internal-test-artifact'
|
|
|
|
esplugin {
|
|
name = 'x-pack-security'
|
|
description = 'Elasticsearch Expanded Pack Plugin - Security'
|
|
classname = 'org.elasticsearch.xpack.security.Security'
|
|
requiresKeystore =true
|
|
extendedPlugins = ['x-pack-core']
|
|
}
|
|
|
|
base {
|
|
archivesName = 'x-pack-security'
|
|
}
|
|
|
|
dependencies {
|
|
compileOnly project(path: xpackModule('core'))
|
|
api project(path: ':modules:transport-netty4')
|
|
|
|
testImplementation project(path: xpackModule('ilm'))
|
|
testImplementation project(path: xpackModule('downsample'))
|
|
testImplementation project(path: xpackModule('mapper-aggregate-metric'))
|
|
testImplementation project(path: xpackModule('monitoring'))
|
|
testImplementation project(path: xpackModule('spatial'))
|
|
testImplementation project(path: xpackModule('wildcard'))
|
|
testImplementation project(path: ':modules:legacy-geo')
|
|
testImplementation project(path: ':modules:percolator')
|
|
testImplementation project(path: xpackModule('sql:sql-action'))
|
|
testImplementation project(path: ':modules:analysis-common')
|
|
testImplementation project(path: ':modules:reindex')
|
|
testImplementation project(':modules:data-streams')
|
|
testImplementation project(':modules:lang-mustache')
|
|
testImplementation project(':modules:mapper-extras')
|
|
testImplementation project(':modules:parent-join')
|
|
testImplementation project(':modules:rest-root')
|
|
|
|
testImplementation(testArtifact(project(xpackModule('core'))))
|
|
internalClusterTestImplementation(testArtifact(project(xpackModule('core'))))
|
|
api 'com.unboundid:unboundid-ldapsdk:6.0.3'
|
|
|
|
// the following are all SAML dependencies - might as well download the whole internet
|
|
api "org.opensaml:opensaml-core:${versions.opensaml}"
|
|
api "org.opensaml:opensaml-saml-api:${versions.opensaml}"
|
|
api "org.opensaml:opensaml-saml-impl:${versions.opensaml}"
|
|
api "org.opensaml:opensaml-messaging-api:${versions.opensaml}"
|
|
api "org.opensaml:opensaml-messaging-impl:${versions.opensaml}"
|
|
api project(path: ':x-pack:libs:es-opensaml-security-api', configuration: 'shadow')
|
|
// api "org.opensaml:opensaml-security-api:${versions.opensaml}"
|
|
api "org.opensaml:opensaml-security-impl:${versions.opensaml}"
|
|
api "org.opensaml:opensaml-profile-api:${versions.opensaml}"
|
|
api "org.opensaml:opensaml-profile-impl:${versions.opensaml}"
|
|
api "org.opensaml:opensaml-xmlsec-api:${versions.opensaml}"
|
|
api "org.opensaml:opensaml-xmlsec-impl:${versions.opensaml}"
|
|
api "org.opensaml:opensaml-soap-api:${versions.opensaml}"
|
|
api "org.opensaml:opensaml-soap-impl:${versions.opensaml}"
|
|
api "org.opensaml:opensaml-storage-api:${versions.opensaml}"
|
|
api "org.opensaml:opensaml-storage-impl:${versions.opensaml}"
|
|
api "net.shibboleth.utilities:java-support:8.4.0"
|
|
api "com.google.code.findbugs:jsr305:3.0.2"
|
|
api "org.apache.santuario:xmlsec:2.3.4"
|
|
api "io.dropwizard.metrics:metrics-core:4.1.4"
|
|
api ( "org.cryptacular:cryptacular:1.2.5") {
|
|
exclude group: 'org.bouncycastle'
|
|
}
|
|
api "org.slf4j:slf4j-api:${versions.slf4j}"
|
|
runtimeOnly "org.slf4j:slf4j-nop:${versions.slf4j}" // workaround for https://github.com/elastic/elasticsearch/issues/93714
|
|
// api "org.apache.logging.log4j:log4j-slf4j-impl:${versions.log4j}" see above
|
|
|
|
api "org.apache.httpcomponents:httpclient:${versions.httpclient}"
|
|
api "org.apache.httpcomponents:httpcore:${versions.httpcore}"
|
|
api "org.apache.httpcomponents:httpasyncclient:${versions.httpasyncclient}"
|
|
api "org.apache.httpcomponents:httpcore-nio:${versions.httpcore}"
|
|
api "org.apache.httpcomponents:httpclient-cache:${versions.httpclient}"
|
|
runtimeOnly 'com.google.guava:guava:32.0.1-jre'
|
|
runtimeOnly 'com.google.guava:failureaccess:1.0.1'
|
|
runtimeOnly "commons-codec:commons-codec:${versions.commonscodec}"
|
|
runtimeOnly "joda-time:joda-time:2.10.10"
|
|
|
|
// Dependencies for oidc
|
|
api "com.nimbusds:oauth2-oidc-sdk:11.22.2"
|
|
runtimeOnly "com.nimbusds:content-type:2.3"
|
|
api project(path: xpackModule('security:lib:nimbus-jose-jwt-modified'), configuration: 'shadow')
|
|
if (isEclipse) {
|
|
/*
|
|
* Eclipse can't pick up the shadow dependency so we point it at the unmodified version of the library
|
|
* so it can compile things.
|
|
*/
|
|
api "com.nimbusds:nimbus-jose-jwt:10.0.2"
|
|
}
|
|
api "com.nimbusds:lang-tag:1.7"
|
|
api "com.sun.mail:jakarta.mail:1.6.3"
|
|
api "net.jcip:jcip-annotations:1.0"
|
|
api "net.minidev:json-smart:2.5.2"
|
|
api "net.minidev:accessors-smart:2.5.2"
|
|
api "org.ow2.asm:asm:9.7.1"
|
|
|
|
testImplementation "org.elasticsearch:mocksocket:${versions.mocksocket}"
|
|
|
|
// Test dependencies for Kerberos (MiniKdc)
|
|
testImplementation('commons-io:commons-io:2.5')
|
|
testImplementation('org.apache.kerby:kerb-simplekdc:1.1.1')
|
|
testImplementation('org.apache.kerby:kerb-client:1.1.1')
|
|
testImplementation('org.apache.kerby:kerby-config:1.1.1')
|
|
testImplementation('org.apache.kerby:kerb-core:1.1.1')
|
|
testImplementation('org.apache.kerby:kerby-pkix:1.1.1')
|
|
testImplementation('org.apache.kerby:kerby-asn1:1.1.1')
|
|
testImplementation('org.apache.kerby:kerby-util:1.1.1')
|
|
testImplementation('org.apache.kerby:kerb-common:1.1.1')
|
|
testImplementation('org.apache.kerby:kerb-crypto:1.1.1')
|
|
testImplementation('org.apache.kerby:kerb-util:1.1.1')
|
|
testImplementation('org.apache.kerby:token-provider:1.1.1')
|
|
testImplementation('net.jcip:jcip-annotations:1.0')
|
|
testImplementation('org.apache.kerby:kerb-admin:1.1.1')
|
|
testImplementation('org.apache.kerby:kerb-server:1.1.1')
|
|
testImplementation('org.apache.kerby:kerb-identity:1.1.1')
|
|
testImplementation('org.apache.kerby:kerby-xdr:1.1.1')
|
|
|
|
// LDAP backend support for SimpleKdcServer
|
|
testImplementation('org.apache.kerby:kerby-backend:1.1.1')
|
|
testImplementation('org.apache.kerby:ldap-backend:1.1.1')
|
|
testImplementation('org.apache.kerby:kerb-identity:1.1.1')
|
|
testImplementation('org.apache.directory.api:api-ldap-client-api:1.0.0')
|
|
testImplementation('org.apache.directory.api:api-ldap-schema-data:1.0.0')
|
|
testImplementation('org.apache.directory.api:api-ldap-codec-core:1.0.0')
|
|
testImplementation('org.apache.directory.api:api-ldap-extras-aci:1.0.0')
|
|
testImplementation('org.apache.directory.api:api-ldap-extras-codec:1.0.0')
|
|
testImplementation('org.apache.directory.api:api-ldap-extras-codec-api:1.0.0')
|
|
testImplementation('commons-pool:commons-pool:1.6')
|
|
testImplementation('commons-collections:commons-collections:3.2.2')
|
|
testImplementation("org.apache.mina:mina-core:${versions.apache_mina}")
|
|
testImplementation('org.apache.directory.api:api-util:1.0.1')
|
|
testImplementation('org.apache.directory.api:api-i18n:1.0.1')
|
|
testImplementation('org.apache.directory.api:api-ldap-model:1.0.1')
|
|
testImplementation('org.apache.directory.api:api-asn1-api:1.0.1')
|
|
testImplementation('org.apache.directory.api:api-asn1-ber:1.0.1')
|
|
testImplementation('org.apache.servicemix.bundles:org.apache.servicemix.bundles.antlr:2.7.7_5')
|
|
testImplementation('org.apache.directory.server:apacheds-core-api:2.0.0-M24')
|
|
testImplementation('org.apache.directory.server:apacheds-i18n:2.0.0-M24')
|
|
testImplementation('org.apache.directory.api:api-ldap-extras-util:1.0.0')
|
|
testImplementation('net.sf.ehcache:ehcache:2.10.4')
|
|
testImplementation('org.apache.directory.server:apacheds-kerberos-codec:2.0.0-M24')
|
|
testImplementation('org.apache.directory.server:apacheds-protocol-ldap:2.0.0-M24')
|
|
testImplementation('org.apache.directory.server:apacheds-protocol-shared:2.0.0-M24')
|
|
testImplementation('org.apache.directory.jdbm:apacheds-jdbm1:2.0.0-M3')
|
|
testImplementation('org.apache.directory.server:apacheds-jdbm-partition:2.0.0-M24')
|
|
testImplementation('org.apache.directory.server:apacheds-xdbm-partition:2.0.0-M24')
|
|
testImplementation('org.apache.directory.api:api-ldap-extras-sp:1.0.0')
|
|
testImplementation('org.apache.directory.server:apacheds-test-framework:2.0.0-M24')
|
|
testImplementation('org.apache.directory.server:apacheds-core-annotations:2.0.0-M24')
|
|
testImplementation('org.apache.directory.server:apacheds-ldif-partition:2.0.0-M24')
|
|
testImplementation('org.apache.directory.server:apacheds-mavibot-partition:2.0.0-M24')
|
|
testImplementation('org.apache.directory.server:apacheds-protocol-kerberos:2.0.0-M24')
|
|
testImplementation('org.apache.directory.server:apacheds-server-annotations:2.0.0-M24')
|
|
testImplementation('org.apache.directory.api:api-ldap-codec-standalone:1.0.0')
|
|
testImplementation('org.apache.directory.api:api-ldap-net-mina:1.0.0')
|
|
testImplementation('org.apache.directory.server:ldap-client-test:2.0.0-M24')
|
|
testImplementation('org.apache.directory.server:apacheds-interceptor-kerberos:2.0.0-M24')
|
|
testImplementation('org.apache.directory.mavibot:mavibot:1.0.0-M8')
|
|
}
|
|
|
|
tasks.named("test").configure {
|
|
systemProperty 'es.insecure_network_trace_enabled', 'true'
|
|
}
|
|
|
|
tasks.named("processInternalClusterTestResources").configure {
|
|
from(project(xpackModule('core')).file('src/main/config'))
|
|
from(project(xpackModule('core')).file('src/test/resources'))
|
|
}
|
|
|
|
tasks.named("processTestResources").configure {
|
|
from(project(xpackModule('core')).file('src/main/config'))
|
|
from(project(xpackModule('core')).file('src/test/resources'))
|
|
}
|
|
|
|
artifacts {
|
|
// normal es plugins do not publish the jar but we need to since users need it for extensions
|
|
archives tasks.named("jar")
|
|
}
|
|
|
|
tasks.named("dependencyLicenses").configure {
|
|
mapping from: /java-support|opensaml-.*/, to: 'shibboleth'
|
|
mapping from: /http.*/, to: 'httpclient'
|
|
mapping from: /bc.*/, to: 'bouncycastle'
|
|
mapping from: /failureaccess.*/, to: 'guava'
|
|
mapping from: 'content-type', to: 'nimbus'
|
|
}
|
|
|
|
tasks.named("forbiddenPatterns").configure {
|
|
exclude '**/*.key'
|
|
exclude '**/*.p12'
|
|
exclude '**/*.der'
|
|
exclude '**/*.zip'
|
|
}
|
|
|
|
tasks.named('forbiddenApisMain').configure {
|
|
signaturesFiles += files(
|
|
'forbidden/ldap-signatures.txt',
|
|
'forbidden/xml-signatures.txt',
|
|
'forbidden/oidc-signatures.txt',
|
|
project(':modules:transport-netty4').file('forbidden/netty-signatures.txt')
|
|
)
|
|
}
|
|
|
|
tasks.named('forbiddenApisTest').configure {
|
|
//we are using jdk-internal instead of jdk-non-portable to allow for com.sun.net.httpserver.* usage
|
|
modifyBundledSignatures { bundledSignatures ->
|
|
bundledSignatures -= 'jdk-non-portable'
|
|
bundledSignatures += 'jdk-internal'
|
|
bundledSignatures
|
|
}
|
|
}
|
|
|
|
// classes are missing, e.g. com.ibm.icu.lang.UCharacter
|
|
tasks.named("thirdPartyAudit").configure {
|
|
ignoreMissingClasses(
|
|
// SAML dependencies
|
|
// [missing classes] Some cli utilities that we don't use depend on these missing JCommander classes
|
|
'com.beust.jcommander.JCommander',
|
|
'com.beust.jcommander.converters.BaseConverter',
|
|
// [missing classes] Shibboleth + OpenSAML have servlet support that we don't use
|
|
'javax.servlet.AsyncContext',
|
|
'javax.servlet.DispatcherType',
|
|
'javax.servlet.Filter',
|
|
'javax.servlet.FilterChain',
|
|
'javax.servlet.FilterConfig',
|
|
'javax.servlet.RequestDispatcher',
|
|
'javax.servlet.ServletContext',
|
|
'javax.servlet.ServletInputStream',
|
|
'javax.servlet.ServletOutputStream',
|
|
'javax.servlet.ServletRequest',
|
|
'javax.servlet.ServletResponse',
|
|
'javax.servlet.http.Cookie',
|
|
'javax.servlet.http.HttpServletRequest',
|
|
'javax.servlet.http.HttpServletResponse',
|
|
'javax.servlet.http.HttpServletResponseWrapper',
|
|
'javax.servlet.http.HttpSession',
|
|
'javax.servlet.http.HttpUpgradeHandler',
|
|
'javax.servlet.http.Part',
|
|
'jakarta.servlet.ServletRequest',
|
|
'jakarta.servlet.http.HttpServletRequest',
|
|
'jakarta.servlet.http.HttpServletResponse',
|
|
// [missing classes] Shibboleth + OpenSAML have velocity support that we don't use
|
|
'org.apache.velocity.VelocityContext',
|
|
'org.apache.velocity.app.VelocityEngine',
|
|
'org.apache.velocity.context.Context',
|
|
'org.apache.velocity.runtime.resource.loader.StringResourceLoader',
|
|
'org.apache.velocity.runtime.resource.util.StringResourceRepository',
|
|
// [missing classes] OpenSAML storage has an optional LDAP storage impl
|
|
'org.ldaptive.AttributeModification',
|
|
'org.ldaptive.AttributeModificationType',
|
|
'org.ldaptive.Connection',
|
|
'org.ldaptive.DeleteOperation',
|
|
'org.ldaptive.LdapAttribute',
|
|
'org.ldaptive.LdapEntry',
|
|
'org.ldaptive.LdapException',
|
|
'org.ldaptive.ModifyOperation',
|
|
'org.ldaptive.Response',
|
|
'org.ldaptive.ResultCode',
|
|
'org.ldaptive.SearchOperation',
|
|
'org.ldaptive.SearchRequest',
|
|
'org.ldaptive.SearchResult',
|
|
'org.ldaptive.ext.MergeOperation',
|
|
'org.ldaptive.ext.MergeRequest',
|
|
'org.ldaptive.pool.ConnectionPool',
|
|
'org.ldaptive.pool.PooledConnectionFactory',
|
|
// [missing classes] OpenSAML storage has an optional JSON-backed storage impl
|
|
'javax.json.Json',
|
|
'javax.json.JsonNumber',
|
|
'javax.json.JsonObject',
|
|
'javax.json.JsonReader',
|
|
'javax.json.JsonValue$ValueType',
|
|
'javax.json.JsonValue',
|
|
'javax.json.stream.JsonGenerator',
|
|
// [missing classes] OpenSAML storage has an optional JPA storage impl
|
|
'javax.persistence.EntityManager',
|
|
'javax.persistence.EntityManagerFactory',
|
|
'javax.persistence.EntityTransaction',
|
|
'javax.persistence.LockModeType',
|
|
'javax.persistence.Query',
|
|
// [missing classes] OpenSAML storage and HttpClient cache have optional memcache support
|
|
'net.spy.memcached.CASResponse',
|
|
'net.spy.memcached.CASValue',
|
|
'net.spy.memcached.MemcachedClient',
|
|
'net.spy.memcached.MemcachedClientIF',
|
|
'net.spy.memcached.CachedData',
|
|
'net.spy.memcached.internal.OperationFuture',
|
|
'net.spy.memcached.transcoders.Transcoder',
|
|
// [missing classes] Http Client cache has optional ehcache support
|
|
'net.sf.ehcache.Ehcache',
|
|
'net.sf.ehcache.Element',
|
|
// Bouncycastle is an optional dependency for apache directory, cryptacular and opensaml packages. We
|
|
// acknowledge them here instead of adding bouncy castle as a compileOnly dependency
|
|
'org.bouncycastle.asn1.ASN1Encodable',
|
|
'org.bouncycastle.asn1.ASN1InputStream',
|
|
'org.bouncycastle.asn1.ASN1Integer',
|
|
'org.bouncycastle.asn1.ASN1ObjectIdentifier',
|
|
'org.bouncycastle.asn1.ASN1OctetString',
|
|
'org.bouncycastle.asn1.ASN1Primitive',
|
|
'org.bouncycastle.asn1.ASN1Sequence',
|
|
'org.bouncycastle.asn1.ASN1TaggedObject',
|
|
// 'org.bouncycastle.asn1.DEROctetString',
|
|
'org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo',
|
|
'org.bouncycastle.asn1.pkcs.EncryptionScheme',
|
|
'org.bouncycastle.asn1.pkcs.KeyDerivationFunc',
|
|
'org.bouncycastle.asn1.pkcs.PBEParameter',
|
|
'org.bouncycastle.asn1.pkcs.PBES2Parameters',
|
|
'org.bouncycastle.asn1.pkcs.PBKDF2Params',
|
|
'org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers',
|
|
'org.bouncycastle.asn1.pkcs.PrivateKeyInfo',
|
|
'org.bouncycastle.asn1.x500.AttributeTypeAndValue',
|
|
'org.bouncycastle.asn1.x500.RDN',
|
|
'org.bouncycastle.asn1.x500.X500Name',
|
|
'org.bouncycastle.asn1.x509.AccessDescription',
|
|
'org.bouncycastle.asn1.x509.AlgorithmIdentifier',
|
|
'org.bouncycastle.asn1.x509.AuthorityKeyIdentifier',
|
|
'org.bouncycastle.asn1.x509.BasicConstraints',
|
|
'org.bouncycastle.asn1.x509.DistributionPoint',
|
|
'org.bouncycastle.asn1.x509.Extension',
|
|
'org.bouncycastle.asn1.x509.GeneralName',
|
|
'org.bouncycastle.asn1.x509.GeneralNames',
|
|
'org.bouncycastle.asn1.x509.GeneralNamesBuilder',
|
|
'org.bouncycastle.asn1.x509.KeyPurposeId',
|
|
'org.bouncycastle.asn1.x509.KeyUsage',
|
|
'org.bouncycastle.asn1.x509.PolicyInformation',
|
|
'org.bouncycastle.asn1.x509.SubjectKeyIdentifier',
|
|
'org.bouncycastle.asn1.x509.SubjectPublicKeyInfo',
|
|
// 'org.bouncycastle.asn1.x9.DomainParameters',
|
|
// 'org.bouncycastle.asn1.x9.ECNamedCurveTable',
|
|
'org.bouncycastle.asn1.x9.X9ECParameters',
|
|
'org.bouncycastle.cert.X509v3CertificateBuilder',
|
|
'org.bouncycastle.cert.jcajce.JcaX509CertificateConverter',
|
|
'org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils',
|
|
'org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder',
|
|
'org.bouncycastle.crypto.BlockCipher',
|
|
'org.bouncycastle.crypto.BufferedBlockCipher',
|
|
'org.bouncycastle.crypto.CipherParameters',
|
|
'org.bouncycastle.crypto.Digest',
|
|
'org.bouncycastle.crypto.PBEParametersGenerator',
|
|
'org.bouncycastle.crypto.StreamCipher',
|
|
'org.bouncycastle.crypto.agreement.kdf.ConcatenationKDFGenerator',
|
|
// 'org.bouncycastle.crypto.ec.CustomNamedCurves',
|
|
'org.bouncycastle.crypto.generators.BCrypt',
|
|
'org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator',
|
|
'org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator',
|
|
'org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator',
|
|
'org.bouncycastle.crypto.macs.HMac',
|
|
'org.bouncycastle.crypto.modes.AEADBlockCipher',
|
|
'org.bouncycastle.crypto.paddings.BlockCipherPadding',
|
|
'org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher',
|
|
'org.bouncycastle.crypto.params.AsymmetricKeyParameter',
|
|
'org.bouncycastle.crypto.params.DSAKeyParameters',
|
|
'org.bouncycastle.crypto.params.DSAParameters',
|
|
'org.bouncycastle.crypto.params.DSAPrivateKeyParameters',
|
|
'org.bouncycastle.crypto.params.DSAPublicKeyParameters',
|
|
'org.bouncycastle.crypto.params.ECDomainParameters',
|
|
'org.bouncycastle.crypto.params.ECKeyParameters',
|
|
'org.bouncycastle.crypto.params.ECPrivateKeyParameters',
|
|
'org.bouncycastle.crypto.params.ECPublicKeyParameters',
|
|
// 'org.bouncycastle.crypto.params.KDFParameters',
|
|
'org.bouncycastle.crypto.params.KeyParameter',
|
|
'org.bouncycastle.crypto.params.RSAKeyParameters',
|
|
'org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters',
|
|
'org.bouncycastle.crypto.prng.EntropySource',
|
|
'org.bouncycastle.crypto.prng.SP800SecureRandom',
|
|
'org.bouncycastle.crypto.prng.SP800SecureRandomBuilder',
|
|
'org.bouncycastle.crypto.prng.drbg.SP80090DRBG',
|
|
'org.bouncycastle.crypto.signers.DSASigner',
|
|
'org.bouncycastle.crypto.signers.ECDSASigner',
|
|
'org.bouncycastle.crypto.signers.RSADigestSigner',
|
|
'org.bouncycastle.crypto.util.PrivateKeyFactory',
|
|
'org.bouncycastle.crypto.util.PrivateKeyInfoFactory',
|
|
'org.bouncycastle.crypto.util.PublicKeyFactory',
|
|
'org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory',
|
|
'org.bouncycastle.jcajce.provider.asymmetric.dsa.KeyPairGeneratorSpi',
|
|
'org.bouncycastle.jcajce.provider.asymmetric.ec.KeyPairGeneratorSpi$EC',
|
|
'org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyPairGeneratorSpi',
|
|
'org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util',
|
|
'org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil',
|
|
// 'org.bouncycastle.jce.ECNamedCurveTable',
|
|
// 'org.bouncycastle.jce.spec.ECNamedCurveParameterSpec',
|
|
'org.bouncycastle.math.ec.ECFieldElement',
|
|
'org.bouncycastle.math.ec.ECPoint',
|
|
'org.bouncycastle.openssl.jcajce.JcaPEMWriter',
|
|
'org.bouncycastle.operator.jcajce.JcaContentSignerBuilder',
|
|
'org.bouncycastle.util.Arrays',
|
|
'org.bouncycastle.util.io.Streams',
|
|
'org.bouncycastle.cert.X509CertificateHolder',
|
|
)
|
|
|
|
ignoreViolations(
|
|
// Guava uses internal java api: sun.misc.Unsafe
|
|
'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray',
|
|
'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$1',
|
|
'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$2',
|
|
'com.google.common.hash.Striped64',
|
|
'com.google.common.hash.Striped64$1',
|
|
'com.google.common.hash.Striped64$Cell',
|
|
'com.google.common.cache.Striped64',
|
|
'com.google.common.cache.Striped64$1',
|
|
'com.google.common.cache.Striped64$Cell',
|
|
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
|
|
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
|
|
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper',
|
|
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1',
|
|
)
|
|
}
|
|
|
|
tasks.named("thirdPartyAudit").configure {
|
|
ignoreMissingClasses(
|
|
'javax.xml.bind.JAXBContext',
|
|
'javax.xml.bind.JAXBElement',
|
|
'javax.xml.bind.JAXBException',
|
|
'javax.xml.bind.Unmarshaller',
|
|
'javax.xml.bind.UnmarshallerHandler',
|
|
// Optional dependency of oauth2-oidc-sdk that we don't need since we do not support AES-SIV for JWE
|
|
'org.cryptomator.siv.SivMode',
|
|
'javax.activation.ActivationDataFlavor',
|
|
'javax.activation.DataContentHandler',
|
|
'javax.activation.DataHandler',
|
|
'javax.activation.DataSource',
|
|
'javax.activation.FileDataSource',
|
|
'javax.activation.FileTypeMap'
|
|
)
|
|
}
|
|
|
|
tasks.named("internalClusterTest").configure {
|
|
/*
|
|
* Some tests in this module set up a lot of transport threads so we reduce the buffer size per transport thread from the 1M default
|
|
* to keep direct memory usage under control.
|
|
*/
|
|
systemProperty 'es.transport.buffer.size', '256k'
|
|
systemProperty 'es.dlm_feature_flag_enabled', 'true'
|
|
}
|
|
|
|
addQaCheckDependencies(project)
|