Update platform security modules (main) (elastic#173232)

(cherry picked from commit 35d79a9)

# Conflicts:
#	package.json
#	packages/kbn-mock-idp-plugin/common/utils.ts
#	yarn.lock

package.json

@@ -584,7 +584,7 @@
     "@types/nock": "^10.0.3",
     "@types/node": "18.18.5",
     "@types/node-fetch": "2.6.4",
-    "@types/node-forge": "^1.3.1",
+    "@types/node-forge": "^1.3.10",
     "@types/nodemailer": "^6.4.0",
     "@types/normalize-path": "^3.0.0",
     "@types/object-hash": "^1.3.0",
@@ -633,7 +633,7 @@
     "@types/testing-library__jest-dom": "5.14.5",
     "@types/testing-library__react-hooks": "^4.0.0",
     "@types/tinycolor2": "^1.4.1",
-    "@types/tough-cookie": "^4.0.2",
+    "@types/tough-cookie": "^4.0.5",
     "@types/type-detect": "^4.0.1",
     "@types/use-resize-observer": "^6.0.0",
     "@types/uuid": "^3.4.4",
@@ -645,7 +645,6 @@
     "@types/webpack-merge": "^4.1.5",
     "@types/webpack-sources": "^0.1.4",
     "@types/write-pkg": "^3.1.0",
-    "@types/xml-crypto": "^1.4.2",
     "@types/xml2js": "^0.4.11",
     "@types/yargs": "^15.0.0",
     "@types/yauzl": "^2.9.1",
@@ -819,7 +818,7 @@
     "tempy": "^0.3.0",
     "terser": "^5.19.2",
     "terser-webpack-plugin": "^4.2.3",
-    "tough-cookie": "^4.1.2",
+    "tough-cookie": "^4.1.3",
     "ts-loader": "^7.0.5",
     "ts-morph": "^11.0.0",
     "tsd": "^0.20.0",
@@ -836,7 +835,7 @@
     "webpack-merge": "^4.2.2",
     "webpack-sources": "^1.4.1",
     "write-pkg": "^4.0.0",
-    "xml-crypto": "^3.0.1",
+    "xml-crypto": "^5.0.0",
     "xmlbuilder": "13.0.2",
     "yargs": "^15.4.1",
     "zlib": "^1.0.5"

x-pack/test/cloud_integration/fixtures/saml/saml_provider/server/saml_tools.ts

@@ -29,6 +29,7 @@ const parseStringAsync = promisify(parseString);
 
 const signingKey = fs.readFileSync(KBN_KEY_PATH);
 const signatureAlgorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
+const canonicalizationAlgorithm = 'http://www.w3.org/2001/10/xml-exc-c14n#';
 
 export async function getSAMLRequestId(urlWithSAMLRequestId: string) {
   const inflatedSAMLRequest = (await inflateRawAsync(
@@ -87,19 +88,19 @@ export async function getSAMLResponse({
     </saml:Assertion>
   `;
 
-  const signature = new SignedXml();
+  const signature = new SignedXml({ privateKey: signingKey });
   signature.signatureAlgorithm = signatureAlgorithm;
-  signature.signingKey = signingKey;
+  signature.canonicalizationAlgorithm = canonicalizationAlgorithm;
 
   // Adds a reference to a `Assertion` xml element and an array of transform algorithms to be used during signing.
-  signature.addReference(
-    `//*[local-name(.)='Assertion']`,
-    [
+  signature.addReference({
+    xpath: `//*[local-name(.)='Assertion']`,
+    digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256',
+    transforms: [
       'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
       'http://www.w3.org/2001/10/xml-exc-c14n#',
     ],
-    'http://www.w3.org/2001/04/xmlenc#sha256'
-  );
+  });
 
   signature.computeSignature(samlAssertionTemplateXML, {
     location: { reference: `//*[local-name(.)='Issuer']`, action: 'after' },

x-pack/test/security_api_integration/fixtures/saml/saml_tools.ts

@@ -28,6 +28,7 @@ const parseStringAsync = promisify(parseString);
 
 const signingKey = fs.readFileSync(KBN_KEY_PATH);
 const signatureAlgorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
+const canonicalizationAlgorithm = 'http://www.w3.org/2001/10/xml-exc-c14n#';
 
 export async function getSAMLRequestId(urlWithSAMLRequestId: string) {
   const inflatedSAMLRequest = (await inflateRawAsync(
@@ -83,19 +84,19 @@ export async function getSAMLResponse({
     </saml:Assertion>
   `;
 
-  const signature = new SignedXml();
+  const signature = new SignedXml({ privateKey: signingKey });
   signature.signatureAlgorithm = signatureAlgorithm;
-  signature.signingKey = signingKey;
+  signature.canonicalizationAlgorithm = canonicalizationAlgorithm;
 
   // Adds a reference to a `Assertion` xml element and an array of transform algorithms to be used during signing.
-  signature.addReference(
-    `//*[local-name(.)='Assertion']`,
-    [
+  signature.addReference({
+    xpath: `//*[local-name(.)='Assertion']`,
+    digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256',
+    transforms: [
       'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
       'http://www.w3.org/2001/10/xml-exc-c14n#',
     ],
-    'http://www.w3.org/2001/04/xmlenc#sha256'
-  );
+  });
 
   signature.computeSignature(samlAssertionTemplateXML, {
     location: { reference: `//*[local-name(.)='Issuer']`, action: 'after' },

yarn.lock

@@ -6427,10 +6427,10 @@
     "@types/node" "*"
     form-data "^3.0.0"
 
-"@types/node-forge@^1.3.1":
-  version "1.3.1"
-  resolved "https://registry.yarnpkg.com/@types/node-forge/-/node-forge-1.3.1.tgz#49e44432c306970b4e900c3b214157c480af19fa"
-  integrity sha512-hvQ7Wav8I0j9amPXJtGqI/Yx70zeF62UKlAYq8JPm0nHzjKKzZvo9iR3YI2MiOghZRlOI+tQ2f6D+G6vVf4V2Q==
+"@types/node-forge@^1.3.10":
+  version "1.3.10"
+  resolved "https://registry.yarnpkg.com/@types/node-forge/-/node-forge-1.3.10.tgz#62a19d4f75a8b03290578c2b04f294b1a5a71b07"
+  integrity sha512-y6PJDYN4xYBxwd22l+OVH35N+1fCYWiuC3aiP2SlXVE6Lo7SS+rSx9r89hLxrP4pn6n1lBGhHJ12pj3F3Mpttw==
   dependencies:
     "@types/node" "*"
 
@@ -6981,10 +6981,10 @@
   dependencies:
     "@types/geojson" "*"
 
-"@types/tough-cookie@*", "@types/tough-cookie@^4.0.2":
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-4.0.2.tgz#6286b4c7228d58ab7866d19716f3696e03a09397"
-  integrity sha512-Q5vtl1W5ue16D+nIaW8JWebSSraJVlK+EthKn7e7UcD4KWsaSJ8BqGPXNaPghgtcn/fhvrN17Tv8ksUsQpiplw==
+"@types/tough-cookie@*", "@types/tough-cookie@^4.0.5":
+  version "4.0.5"
+  resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-4.0.5.tgz#cb6e2a691b70cb177c6e3ae9c1d2e8b2ea8cd304"
+  integrity sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA==
 
 "@types/type-detect@^4.0.1":
   version "4.0.1"
@@ -7107,14 +7107,6 @@
   dependencies:
     "@types/node" "*"
 
-"@types/xml-crypto@^1.4.2":
-  version "1.4.2"
-  resolved "https://registry.yarnpkg.com/@types/xml-crypto/-/xml-crypto-1.4.2.tgz#5ea7ef970f525ae8fe1e2ce0b3d40da1e3b279ae"
-  integrity sha512-1kT+3gVkeBDg7Ih8NefxGYfCApwZViMIs5IEs5AXF6Fpsrnf9CLAEIRh0DYb1mIcRcvysVbe27cHsJD6rJi36w==
-  dependencies:
-    "@types/node" "*"
-    xpath "0.0.27"
-
 "@types/xml2js@^0.4.11":
   version "0.4.11"
   resolved "https://registry.yarnpkg.com/@types/xml2js/-/xml2js-0.4.11.tgz#bf46a84ecc12c41159a7bd9cf51ae84129af0e79"
@@ -7542,10 +7534,15 @@
   resolved "https://registry.yarnpkg.com/@wildpeaks/snapshot-dom/-/snapshot-dom-1.6.0.tgz#83297612bf93b97983beafbe6ae71672642ac884"
   integrity sha512-fCM5tYK6VZ1nhbk3Q11lkf6UOJlOCRU0oScQ8NV8OYBPC58wQmQaOF9g+rk+yhNYf3beybOBr+ZuiNen3B0Bxw==
 
-"@xmldom/xmldom@^0.8.5":
-  version "0.8.6"
-  resolved "https://registry.yarnpkg.com/@xmldom/xmldom/-/xmldom-0.8.6.tgz#8a1524eb5bd5e965c1e3735476f0262469f71440"
-  integrity sha512-uRjjusqpoqfmRkTaNuLJ2VohVr67Q5YwDATW3VU7PfzTj6IRaihGrYI7zckGZjxQPBIp63nfvJbM+Yu5ICh0Bg==
+"@xmldom/is-dom-node@^1.0.1":
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/@xmldom/is-dom-node/-/is-dom-node-1.0.1.tgz#83b9f3e1260fb008061c6fa787b93a00f9be0629"
+  integrity sha512-CJDxIgE5I0FH+ttq/Fxy6nRpxP70+e2O048EPe85J2use3XKdatVM7dDVvFNjQudd9B49NPoZ+8PG49zj4Er8Q==
+
+"@xmldom/xmldom@^0.8.10":
+  version "0.8.10"
+  resolved "https://registry.yarnpkg.com/@xmldom/xmldom/-/xmldom-0.8.10.tgz#a1337ca426aa61cef9fe15b5b28e340a72f6fa99"
+  integrity sha512-2WALfTl4xo2SkGCYRt6rDTFfk9R1czmBvUQy12gK2KuRKIpWEhcbbzy8EZXtz/jkRqHX8bFEc6FC1HjX4TUWYw==
 
 "@xobotyi/[email protected]":
   version "1.9.5"
@@ -29851,13 +29848,14 @@ xdg-basedir@^4.0.0:
   resolved "https://registry.yarnpkg.com/xdg-basedir/-/xdg-basedir-4.0.0.tgz#4bc8d9984403696225ef83a1573cbbcb4e79db13"
   integrity sha512-PSNhEJDejZYV7h50BohL09Er9VaIefr2LMAf3OEmpCkjOi34eYyQYAXUTjEQtZJTKcF0E2UKTh+osDLsgNim9Q==
 
-xml-crypto@^3.0.1:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/xml-crypto/-/xml-crypto-3.0.1.tgz#1d4852b040e80413d8058e2917eddd9f17a00b8b"
-  integrity sha512-7XrwB3ujd95KCO6+u9fidb8ajvRJvIfGNWD0XLJoTWlBKz+tFpUzEYxsN+Il/6/gHtEs1RgRh2RH+TzhcWBZUw==
+xml-crypto@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/xml-crypto/-/xml-crypto-5.0.0.tgz#e54dff59bf0e18527b91af7690513041ebb90273"
+  integrity sha512-TdJZp/gdKb5RYiZigLy/RUz9EpbEV+HoOR4ofby3VonDSn7FmNZlex7OuxLPD8sRlCLZ5YYFI+9s1OhFs7fwEw==
   dependencies:
-    "@xmldom/xmldom" "^0.8.5"
-    xpath "0.0.32"
+    "@xmldom/is-dom-node" "^1.0.1"
+    "@xmldom/xmldom" "^0.8.10"
+    xpath "^0.0.33"
 
 xml-name-validator@^4.0.0:
   version "4.0.0"
@@ -29892,15 +29890,10 @@ xmlchars@^2.2.0:
   resolved "https://registry.yarnpkg.com/xmlchars/-/xmlchars-2.2.0.tgz#060fe1bcb7f9c76fe2a17db86a9bc3ab894210cb"
   integrity sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==
 
-[email protected]:
-  version "0.0.27"
-  resolved "https://registry.yarnpkg.com/xpath/-/xpath-0.0.27.tgz#dd3421fbdcc5646ac32c48531b4d7e9d0c2cfa92"
-  integrity sha512-fg03WRxtkCV6ohClePNAECYsmpKKTv5L8y/X3Dn1hQrec3POx2jHZ/0P2qQ6HvsrU1BmeqXcof3NGGueG6LxwQ==
-
-[email protected]:
-  version "0.0.32"
-  resolved "https://registry.yarnpkg.com/xpath/-/xpath-0.0.32.tgz#1b73d3351af736e17ec078d6da4b8175405c48af"
-  integrity sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw==
+xpath@^0.0.33:
+  version "0.0.33"
+  resolved "https://registry.yarnpkg.com/xpath/-/xpath-0.0.33.tgz#5136b6094227c5df92002e7c3a13516a5074eb07"
+  integrity sha512-NNXnzrkDrAzalLhIUc01jO2mOzXGXh1JwPgkihcLLzw98c0WgYDmmjSh1Kl3wzaxSVWMuA+fe0WTWOBDWCBmNA==
 
 "xtend@>=4.0.0 <4.1.0-0", xtend@^4.0.0, xtend@^4.0.1, xtend@^4.0.2, xtend@~4.0.0, xtend@~4.0.1:
   version "4.0.2"