diff --git a/package.json b/package.json index ac700fe58caad..c52709d80de0c 100644 --- a/package.json +++ b/package.json @@ -584,7 +584,7 @@ "@types/nock": "^10.0.3", "@types/node": "18.18.5", "@types/node-fetch": "2.6.4", - "@types/node-forge": "^1.3.1", + "@types/node-forge": "^1.3.10", "@types/nodemailer": "^6.4.0", "@types/normalize-path": "^3.0.0", "@types/object-hash": "^1.3.0", @@ -633,7 +633,7 @@ "@types/testing-library__jest-dom": "5.14.5", "@types/testing-library__react-hooks": "^4.0.0", "@types/tinycolor2": "^1.4.1", - "@types/tough-cookie": "^4.0.2", + "@types/tough-cookie": "^4.0.5", "@types/type-detect": "^4.0.1", "@types/use-resize-observer": "^6.0.0", "@types/uuid": "^3.4.4", @@ -645,7 +645,6 @@ "@types/webpack-merge": "^4.1.5", "@types/webpack-sources": "^0.1.4", "@types/write-pkg": "^3.1.0", - "@types/xml-crypto": "^1.4.2", "@types/xml2js": "^0.4.11", "@types/yargs": "^15.0.0", "@types/yauzl": "^2.9.1", @@ -819,7 +818,7 @@ "tempy": "^0.3.0", "terser": "^5.19.2", "terser-webpack-plugin": "^4.2.3", - "tough-cookie": "^4.1.2", + "tough-cookie": "^4.1.3", "ts-loader": "^7.0.5", "ts-morph": "^11.0.0", "tsd": "^0.20.0", @@ -836,7 +835,7 @@ "webpack-merge": "^4.2.2", "webpack-sources": "^1.4.1", "write-pkg": "^4.0.0", - "xml-crypto": "^3.0.1", + "xml-crypto": "^5.0.0", "xmlbuilder": "13.0.2", "yargs": "^15.4.1", "zlib": "^1.0.5" diff --git a/x-pack/test/cloud_integration/fixtures/saml/saml_provider/server/saml_tools.ts b/x-pack/test/cloud_integration/fixtures/saml/saml_provider/server/saml_tools.ts index da902d332e6e7..e3da17f4137f6 100644 --- a/x-pack/test/cloud_integration/fixtures/saml/saml_provider/server/saml_tools.ts +++ b/x-pack/test/cloud_integration/fixtures/saml/saml_provider/server/saml_tools.ts @@ -29,6 +29,7 @@ const parseStringAsync = promisify(parseString); const signingKey = fs.readFileSync(KBN_KEY_PATH); const signatureAlgorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'; +const canonicalizationAlgorithm = 'http://www.w3.org/2001/10/xml-exc-c14n#'; export async function getSAMLRequestId(urlWithSAMLRequestId: string) { const inflatedSAMLRequest = (await inflateRawAsync( @@ -87,19 +88,19 @@ export async function getSAMLResponse({ `; - const signature = new SignedXml(); + const signature = new SignedXml({ privateKey: signingKey }); signature.signatureAlgorithm = signatureAlgorithm; - signature.signingKey = signingKey; + signature.canonicalizationAlgorithm = canonicalizationAlgorithm; // Adds a reference to a `Assertion` xml element and an array of transform algorithms to be used during signing. - signature.addReference( - `//*[local-name(.)='Assertion']`, - [ + signature.addReference({ + xpath: `//*[local-name(.)='Assertion']`, + digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256', + transforms: [ 'http://www.w3.org/2000/09/xmldsig#enveloped-signature', 'http://www.w3.org/2001/10/xml-exc-c14n#', ], - 'http://www.w3.org/2001/04/xmlenc#sha256' - ); + }); signature.computeSignature(samlAssertionTemplateXML, { location: { reference: `//*[local-name(.)='Issuer']`, action: 'after' }, diff --git a/x-pack/test/security_api_integration/fixtures/saml/saml_tools.ts b/x-pack/test/security_api_integration/fixtures/saml/saml_tools.ts index ad34f37fdc0a4..255625082407b 100644 --- a/x-pack/test/security_api_integration/fixtures/saml/saml_tools.ts +++ b/x-pack/test/security_api_integration/fixtures/saml/saml_tools.ts @@ -28,6 +28,7 @@ const parseStringAsync = promisify(parseString); const signingKey = fs.readFileSync(KBN_KEY_PATH); const signatureAlgorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'; +const canonicalizationAlgorithm = 'http://www.w3.org/2001/10/xml-exc-c14n#'; export async function getSAMLRequestId(urlWithSAMLRequestId: string) { const inflatedSAMLRequest = (await inflateRawAsync( @@ -83,19 +84,19 @@ export async function getSAMLResponse({ `; - const signature = new SignedXml(); + const signature = new SignedXml({ privateKey: signingKey }); signature.signatureAlgorithm = signatureAlgorithm; - signature.signingKey = signingKey; + signature.canonicalizationAlgorithm = canonicalizationAlgorithm; // Adds a reference to a `Assertion` xml element and an array of transform algorithms to be used during signing. - signature.addReference( - `//*[local-name(.)='Assertion']`, - [ + signature.addReference({ + xpath: `//*[local-name(.)='Assertion']`, + digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256', + transforms: [ 'http://www.w3.org/2000/09/xmldsig#enveloped-signature', 'http://www.w3.org/2001/10/xml-exc-c14n#', ], - 'http://www.w3.org/2001/04/xmlenc#sha256' - ); + }); signature.computeSignature(samlAssertionTemplateXML, { location: { reference: `//*[local-name(.)='Issuer']`, action: 'after' }, diff --git a/yarn.lock b/yarn.lock index cee3d17177ad1..7bebbc50ec70d 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6427,10 +6427,10 @@ "@types/node" "*" form-data "^3.0.0" -"@types/node-forge@^1.3.1": - version "1.3.1" - resolved "https://registry.yarnpkg.com/@types/node-forge/-/node-forge-1.3.1.tgz#49e44432c306970b4e900c3b214157c480af19fa" - integrity sha512-hvQ7Wav8I0j9amPXJtGqI/Yx70zeF62UKlAYq8JPm0nHzjKKzZvo9iR3YI2MiOghZRlOI+tQ2f6D+G6vVf4V2Q== +"@types/node-forge@^1.3.10": + version "1.3.10" + resolved "https://registry.yarnpkg.com/@types/node-forge/-/node-forge-1.3.10.tgz#62a19d4f75a8b03290578c2b04f294b1a5a71b07" + integrity sha512-y6PJDYN4xYBxwd22l+OVH35N+1fCYWiuC3aiP2SlXVE6Lo7SS+rSx9r89hLxrP4pn6n1lBGhHJ12pj3F3Mpttw== dependencies: "@types/node" "*" @@ -6981,10 +6981,10 @@ dependencies: "@types/geojson" "*" -"@types/tough-cookie@*", "@types/tough-cookie@^4.0.2": - version "4.0.2" - resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-4.0.2.tgz#6286b4c7228d58ab7866d19716f3696e03a09397" - integrity sha512-Q5vtl1W5ue16D+nIaW8JWebSSraJVlK+EthKn7e7UcD4KWsaSJ8BqGPXNaPghgtcn/fhvrN17Tv8ksUsQpiplw== +"@types/tough-cookie@*", "@types/tough-cookie@^4.0.5": + version "4.0.5" + resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-4.0.5.tgz#cb6e2a691b70cb177c6e3ae9c1d2e8b2ea8cd304" + integrity sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA== "@types/type-detect@^4.0.1": version "4.0.1" @@ -7107,14 +7107,6 @@ dependencies: "@types/node" "*" -"@types/xml-crypto@^1.4.2": - version "1.4.2" - resolved "https://registry.yarnpkg.com/@types/xml-crypto/-/xml-crypto-1.4.2.tgz#5ea7ef970f525ae8fe1e2ce0b3d40da1e3b279ae" - integrity sha512-1kT+3gVkeBDg7Ih8NefxGYfCApwZViMIs5IEs5AXF6Fpsrnf9CLAEIRh0DYb1mIcRcvysVbe27cHsJD6rJi36w== - dependencies: - "@types/node" "*" - xpath "0.0.27" - "@types/xml2js@^0.4.11": version "0.4.11" resolved "https://registry.yarnpkg.com/@types/xml2js/-/xml2js-0.4.11.tgz#bf46a84ecc12c41159a7bd9cf51ae84129af0e79" @@ -7542,10 +7534,15 @@ resolved "https://registry.yarnpkg.com/@wildpeaks/snapshot-dom/-/snapshot-dom-1.6.0.tgz#83297612bf93b97983beafbe6ae71672642ac884" integrity sha512-fCM5tYK6VZ1nhbk3Q11lkf6UOJlOCRU0oScQ8NV8OYBPC58wQmQaOF9g+rk+yhNYf3beybOBr+ZuiNen3B0Bxw== -"@xmldom/xmldom@^0.8.5": - version "0.8.6" - resolved "https://registry.yarnpkg.com/@xmldom/xmldom/-/xmldom-0.8.6.tgz#8a1524eb5bd5e965c1e3735476f0262469f71440" - integrity sha512-uRjjusqpoqfmRkTaNuLJ2VohVr67Q5YwDATW3VU7PfzTj6IRaihGrYI7zckGZjxQPBIp63nfvJbM+Yu5ICh0Bg== +"@xmldom/is-dom-node@^1.0.1": + version "1.0.1" + resolved "https://registry.yarnpkg.com/@xmldom/is-dom-node/-/is-dom-node-1.0.1.tgz#83b9f3e1260fb008061c6fa787b93a00f9be0629" + integrity sha512-CJDxIgE5I0FH+ttq/Fxy6nRpxP70+e2O048EPe85J2use3XKdatVM7dDVvFNjQudd9B49NPoZ+8PG49zj4Er8Q== + +"@xmldom/xmldom@^0.8.10": + version "0.8.10" + resolved "https://registry.yarnpkg.com/@xmldom/xmldom/-/xmldom-0.8.10.tgz#a1337ca426aa61cef9fe15b5b28e340a72f6fa99" + integrity sha512-2WALfTl4xo2SkGCYRt6rDTFfk9R1czmBvUQy12gK2KuRKIpWEhcbbzy8EZXtz/jkRqHX8bFEc6FC1HjX4TUWYw== "@xobotyi/scrollbar-width@1.9.5": version "1.9.5" @@ -29851,13 +29848,14 @@ xdg-basedir@^4.0.0: resolved "https://registry.yarnpkg.com/xdg-basedir/-/xdg-basedir-4.0.0.tgz#4bc8d9984403696225ef83a1573cbbcb4e79db13" integrity sha512-PSNhEJDejZYV7h50BohL09Er9VaIefr2LMAf3OEmpCkjOi34eYyQYAXUTjEQtZJTKcF0E2UKTh+osDLsgNim9Q== -xml-crypto@^3.0.1: - version "3.0.1" - resolved "https://registry.yarnpkg.com/xml-crypto/-/xml-crypto-3.0.1.tgz#1d4852b040e80413d8058e2917eddd9f17a00b8b" - integrity sha512-7XrwB3ujd95KCO6+u9fidb8ajvRJvIfGNWD0XLJoTWlBKz+tFpUzEYxsN+Il/6/gHtEs1RgRh2RH+TzhcWBZUw== +xml-crypto@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/xml-crypto/-/xml-crypto-5.0.0.tgz#e54dff59bf0e18527b91af7690513041ebb90273" + integrity sha512-TdJZp/gdKb5RYiZigLy/RUz9EpbEV+HoOR4ofby3VonDSn7FmNZlex7OuxLPD8sRlCLZ5YYFI+9s1OhFs7fwEw== dependencies: - "@xmldom/xmldom" "^0.8.5" - xpath "0.0.32" + "@xmldom/is-dom-node" "^1.0.1" + "@xmldom/xmldom" "^0.8.10" + xpath "^0.0.33" xml-name-validator@^4.0.0: version "4.0.0" @@ -29892,15 +29890,10 @@ xmlchars@^2.2.0: resolved "https://registry.yarnpkg.com/xmlchars/-/xmlchars-2.2.0.tgz#060fe1bcb7f9c76fe2a17db86a9bc3ab894210cb" integrity sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw== -xpath@0.0.27: - version "0.0.27" - resolved "https://registry.yarnpkg.com/xpath/-/xpath-0.0.27.tgz#dd3421fbdcc5646ac32c48531b4d7e9d0c2cfa92" - integrity sha512-fg03WRxtkCV6ohClePNAECYsmpKKTv5L8y/X3Dn1hQrec3POx2jHZ/0P2qQ6HvsrU1BmeqXcof3NGGueG6LxwQ== - -xpath@0.0.32: - version "0.0.32" - resolved "https://registry.yarnpkg.com/xpath/-/xpath-0.0.32.tgz#1b73d3351af736e17ec078d6da4b8175405c48af" - integrity sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw== +xpath@^0.0.33: + version "0.0.33" + resolved "https://registry.yarnpkg.com/xpath/-/xpath-0.0.33.tgz#5136b6094227c5df92002e7c3a13516a5074eb07" + integrity sha512-NNXnzrkDrAzalLhIUc01jO2mOzXGXh1JwPgkihcLLzw98c0WgYDmmjSh1Kl3wzaxSVWMuA+fe0WTWOBDWCBmNA== "xtend@>=4.0.0 <4.1.0-0", xtend@^4.0.0, xtend@^4.0.1, xtend@^4.0.2, xtend@~4.0.0, xtend@~4.0.1: version "4.0.2"