Skip to content

Commit

Permalink
[8.12] Update platform security modules (main) (#173232) (#173788)
Browse files Browse the repository at this point in the history 
# Backport

This will backport the following commits from `main` to `8.12`:
- [Update platform security modules (main)
(#173232)](#173232)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"renovate[bot]","email":"29139614+renovate[bot]@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-12-20T19:58:38Z","message":"Update
platform security modules (main)
(#173232)","sha":"35d79a901d9c690fbb128f138203799f97826291","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","backport:all-open","v8.13.0"],"number":173232,"url":"https://github.com/elastic/kibana/pull/173232","mergeCommit":{"message":"Update
platform security modules (main)
(#173232)","sha":"35d79a901d9c690fbb128f138203799f97826291"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/173232","number":173232,"mergeCommit":{"message":"Update
platform security modules (main)
(#173232)","sha":"35d79a901d9c690fbb128f138203799f97826291"}}]}]
BACKPORT-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
  • Loading branch information
@kibanamachine @renovate
kibanamachine and renovate[bot] authored Dec 21, 2023
1 parent 170a221 commit 73751e9
Show file tree
Hide file tree
Showing 5 changed files with 62 additions and 67 deletions.
11 changes: 5 additions & 6 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -935,7 +935,7 @@
"file-saver": "^1.3.8",
"fnv-plus": "^1.3.1",
"font-awesome": "4.7.0",
"formik": "^2.2.9",
"formik": "^2.4.5",
"fp-ts": "^2.3.1",
"geojson-vt": "^3.2.1",
"get-port": "^5.0.0",
Expand Down Expand Up @@ -1407,7 +1407,7 @@
"@types/nock": "^10.0.3",
"@types/node": "18.18.5",
"@types/node-fetch": "2.6.4",
"@types/node-forge": "^1.3.1",
"@types/node-forge": "^1.3.10",
"@types/nodemailer": "^6.4.0",
"@types/normalize-path": "^3.0.0",
"@types/object-hash": "^1.3.0",
Expand Down Expand Up @@ -1456,7 +1456,7 @@
"@types/testing-library__jest-dom": "^5.14.7",
"@types/textarea-caret": "^3.0.1",
"@types/tinycolor2": "^1.4.1",
"@types/tough-cookie": "^4.0.2",
"@types/tough-cookie": "^4.0.5",
"@types/type-detect": "^4.0.1",
"@types/uuid": "^9.0.0",
"@types/vinyl": "^2.0.4",
Expand All @@ -1466,7 +1466,6 @@
"@types/webpack-env": "^1.15.3",
"@types/webpack-merge": "^4.1.5",
"@types/webpack-sources": "^0.1.4",
"@types/xml-crypto": "^1.4.2",
"@types/xml2js": "^0.4.11",
"@types/yargs": "^15.0.0",
"@types/yauzl": "^2.9.1",
Expand Down Expand Up @@ -1638,7 +1637,7 @@
"tempy": "^0.3.0",
"terser": "^5.16.5",
"terser-webpack-plugin": "^4.2.3",
"tough-cookie": "^4.1.2",
"tough-cookie": "^4.1.3",
"tree-kill": "^1.2.2",
"ts-morph": "^13.0.2",
"tsd": "^0.20.0",
Expand All @@ -1654,7 +1653,7 @@
"webpack-dev-server": "^4.9.3",
"webpack-merge": "^4.2.2",
"webpack-sources": "^1.4.1",
"xml-crypto": "^3.0.1",
"xml-crypto": "^5.0.0",
"xmlbuilder": "13.0.2",
"yargs": "^15.4.1",
"yarn-deduplicate": "^6.0.2"
Expand Down
14 changes: 7 additions & 7 deletions packages/kbn-mock-idp-plugin/common/utils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,19 +149,19 @@ export async function createSAMLResponse(options: {
</saml:Assertion>
`;

const signature = new SignedXml();
const signature = new SignedXml({ privateKey: await readFile(KBN_KEY_PATH) });
signature.signatureAlgorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
signature.signingKey = await readFile(KBN_KEY_PATH);
signature.canonicalizationAlgorithm = 'http://www.w3.org/2001/10/xml-exc-c14n#';

// Adds a reference to a `Assertion` xml element and an array of transform algorithms to be used during signing.
signature.addReference(
`//*[local-name(.)='Assertion']`,
[
signature.addReference({
xpath: `//*[local-name(.)='Assertion']`,
digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256',
transforms: [
'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
'http://www.w3.org/2001/10/xml-exc-c14n#',
],
'http://www.w3.org/2001/04/xmlenc#sha256'
);
});

signature.computeSignature(samlAssertionTemplateXML, {
location: { reference: `//*[local-name(.)='Issuer']`, action: 'after' },
Expand Down
15 changes: 8 additions & 7 deletions x-pack/test/cloud_integration/plugins/saml_provider/server/saml_tools.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ const parseStringAsync = promisify(parseString);

const signingKey = fs.readFileSync(KBN_KEY_PATH);
const signatureAlgorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
const canonicalizationAlgorithm = 'http://www.w3.org/2001/10/xml-exc-c14n#';

export async function getSAMLRequestId(urlWithSAMLRequestId: string) {
const inflatedSAMLRequest = (await inflateRawAsync(
Expand Down Expand Up @@ -87,19 +88,19 @@ export async function getSAMLResponse({
</saml:Assertion>
`;

const signature = new SignedXml();
const signature = new SignedXml({ privateKey: signingKey });
signature.signatureAlgorithm = signatureAlgorithm;
signature.signingKey = signingKey;
signature.canonicalizationAlgorithm = canonicalizationAlgorithm;

// Adds a reference to a `Assertion` xml element and an array of transform algorithms to be used during signing.
signature.addReference(
`//*[local-name(.)='Assertion']`,
[
signature.addReference({
xpath: `//*[local-name(.)='Assertion']`,
digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256',
transforms: [
'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
'http://www.w3.org/2001/10/xml-exc-c14n#',
],
'http://www.w3.org/2001/04/xmlenc#sha256'
);
});

signature.computeSignature(samlAssertionTemplateXML, {
location: { reference: `//*[local-name(.)='Issuer']`, action: 'after' },
Expand Down
15 changes: 8 additions & 7 deletions x-pack/test/security_api_integration/packages/helpers/saml/saml_tools.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ const parseStringAsync = promisify(parseString);

const signingKey = fs.readFileSync(KBN_KEY_PATH);
const signatureAlgorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
const canonicalizationAlgorithm = 'http://www.w3.org/2001/10/xml-exc-c14n#';

export async function getSAMLRequestId(urlWithSAMLRequestId: string) {
const inflatedSAMLRequest = (await inflateRawAsync(
Expand Down Expand Up @@ -83,19 +84,19 @@ export async function getSAMLResponse({
</saml:Assertion>
`;

const signature = new SignedXml();
const signature = new SignedXml({ privateKey: signingKey });
signature.signatureAlgorithm = signatureAlgorithm;
signature.signingKey = signingKey;
signature.canonicalizationAlgorithm = canonicalizationAlgorithm;

// Adds a reference to a `Assertion` xml element and an array of transform algorithms to be used during signing.
signature.addReference(
`//*[local-name(.)='Assertion']`,
[
signature.addReference({
xpath: `//*[local-name(.)='Assertion']`,
digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256',
transforms: [
'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
'http://www.w3.org/2001/10/xml-exc-c14n#',
],
'http://www.w3.org/2001/04/xmlenc#sha256'
);
});

signature.computeSignature(samlAssertionTemplateXML, {
location: { reference: `//*[local-name(.)='Issuer']`, action: 'after' },
Expand Down
74 changes: 34 additions & 40 deletions yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9628,10 +9628,10 @@
"@types/node" "*"
form-data "^3.0.0"

"@types/node-forge@^1.3.1":
version "1.3.1"
resolved "https://registry.yarnpkg.com/@types/node-forge/-/node-forge-1.3.1.tgz#49e44432c306970b4e900c3b214157c480af19fa"
integrity sha512-hvQ7Wav8I0j9amPXJtGqI/Yx70zeF62UKlAYq8JPm0nHzjKKzZvo9iR3YI2MiOghZRlOI+tQ2f6D+G6vVf4V2Q==
"@types/node-forge@^1.3.10":
version "1.3.10"
resolved "https://registry.yarnpkg.com/@types/node-forge/-/node-forge-1.3.10.tgz#62a19d4f75a8b03290578c2b04f294b1a5a71b07"
integrity sha512-y6PJDYN4xYBxwd22l+OVH35N+1fCYWiuC3aiP2SlXVE6Lo7SS+rSx9r89hLxrP4pn6n1lBGhHJ12pj3F3Mpttw==
dependencies:
"@types/node" "*"

Expand Down Expand Up @@ -10149,10 +10149,10 @@
dependencies:
"@types/geojson" "*"

"@types/tough-cookie@*", "@types/tough-cookie@^4.0.2":
version "4.0.2"
resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-4.0.2.tgz#6286b4c7228d58ab7866d19716f3696e03a09397"
integrity sha512-Q5vtl1W5ue16D+nIaW8JWebSSraJVlK+EthKn7e7UcD4KWsaSJ8BqGPXNaPghgtcn/fhvrN17Tv8ksUsQpiplw==
"@types/tough-cookie@*", "@types/tough-cookie@^4.0.5":
version "4.0.5"
resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-4.0.5.tgz#cb6e2a691b70cb177c6e3ae9c1d2e8b2ea8cd304"
integrity sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA==

"@types/type-detect@^4.0.1":
version "4.0.1"
Expand Down Expand Up @@ -10264,14 +10264,6 @@
dependencies:
"@types/node" "*"

"@types/xml-crypto@^1.4.2":
version "1.4.2"
resolved "https://registry.yarnpkg.com/@types/xml-crypto/-/xml-crypto-1.4.2.tgz#5ea7ef970f525ae8fe1e2ce0b3d40da1e3b279ae"
integrity sha512-1kT+3gVkeBDg7Ih8NefxGYfCApwZViMIs5IEs5AXF6Fpsrnf9CLAEIRh0DYb1mIcRcvysVbe27cHsJD6rJi36w==
dependencies:
"@types/node" "*"
xpath "0.0.27"

"@types/xml2js@^0.4.11":
version "0.4.11"
resolved "https://registry.yarnpkg.com/@types/xml2js/-/xml2js-0.4.11.tgz#bf46a84ecc12c41159a7bd9cf51ae84129af0e79"
Expand Down Expand Up @@ -10721,10 +10713,15 @@
object.fromentries "^2.0.0"
prop-types "^15.7.0"

"@xmldom/xmldom@^0.8.5":
version "0.8.6"
resolved "https://registry.yarnpkg.com/@xmldom/xmldom/-/xmldom-0.8.6.tgz#8a1524eb5bd5e965c1e3735476f0262469f71440"
integrity sha512-uRjjusqpoqfmRkTaNuLJ2VohVr67Q5YwDATW3VU7PfzTj6IRaihGrYI7zckGZjxQPBIp63nfvJbM+Yu5ICh0Bg==
"@xmldom/is-dom-node@^1.0.1":
version "1.0.1"
resolved "https://registry.yarnpkg.com/@xmldom/is-dom-node/-/is-dom-node-1.0.1.tgz#83b9f3e1260fb008061c6fa787b93a00f9be0629"
integrity sha512-CJDxIgE5I0FH+ttq/Fxy6nRpxP70+e2O048EPe85J2use3XKdatVM7dDVvFNjQudd9B49NPoZ+8PG49zj4Er8Q==

"@xmldom/xmldom@^0.8.10":
version "0.8.10"
resolved "https://registry.yarnpkg.com/@xmldom/xmldom/-/xmldom-0.8.10.tgz#a1337ca426aa61cef9fe15b5b28e340a72f6fa99"
integrity sha512-2WALfTl4xo2SkGCYRt6rDTFfk9R1czmBvUQy12gK2KuRKIpWEhcbbzy8EZXtz/jkRqHX8bFEc6FC1HjX4TUWYw==

"@xobotyi/[email protected]":
version "1.9.5"
Expand Down Expand Up @@ -17174,18 +17171,19 @@ formidable@^2.1.2:
once "^1.4.0"
qs "^6.11.0"

formik@^2.2.9:
version "2.2.9"
resolved "https://registry.yarnpkg.com/formik/-/formik-2.2.9.tgz#8594ba9c5e2e5cf1f42c5704128e119fc46232d0"
integrity sha512-LQLcISMmf1r5at4/gyJigGn0gOwFbeEAlji+N9InZF6LIMXnFNkO42sCI8Jt84YZggpD4cPWObAZaxpEFtSzNA==
formik@^2.4.5:
version "2.4.5"
resolved "https://registry.yarnpkg.com/formik/-/formik-2.4.5.tgz#f899b5b7a6f103a8fabb679823e8fafc7e0ee1b4"
integrity sha512-Gxlht0TD3vVdzMDHwkiNZqJ7Mvg77xQNfmBRrNtvzcHZs72TJppSTDKHpImCMJZwcWPBJ8jSQQ95GJzXFf1nAQ==
dependencies:
"@types/hoist-non-react-statics" "^3.3.1"
deepmerge "^2.1.1"
hoist-non-react-statics "^3.3.0"
lodash "^4.17.21"
lodash-es "^4.17.21"
react-fast-compare "^2.0.1"
tiny-warning "^1.0.2"
tslib "^1.10.0"
tslib "^2.0.0"

forwarded-parse@^2.1.0:
version "2.1.0"
Expand Down Expand Up @@ -31214,13 +31212,14 @@ xdg-basedir@^4.0.0:
resolved "https://registry.yarnpkg.com/xdg-basedir/-/xdg-basedir-4.0.0.tgz#4bc8d9984403696225ef83a1573cbbcb4e79db13"
integrity sha512-PSNhEJDejZYV7h50BohL09Er9VaIefr2LMAf3OEmpCkjOi34eYyQYAXUTjEQtZJTKcF0E2UKTh+osDLsgNim9Q==

xml-crypto@^3.0.1:
version "3.0.1"
resolved "https://registry.yarnpkg.com/xml-crypto/-/xml-crypto-3.0.1.tgz#1d4852b040e80413d8058e2917eddd9f17a00b8b"
integrity sha512-7XrwB3ujd95KCO6+u9fidb8ajvRJvIfGNWD0XLJoTWlBKz+tFpUzEYxsN+Il/6/gHtEs1RgRh2RH+TzhcWBZUw==
xml-crypto@^5.0.0:
version "5.0.0"
resolved "https://registry.yarnpkg.com/xml-crypto/-/xml-crypto-5.0.0.tgz#e54dff59bf0e18527b91af7690513041ebb90273"
integrity sha512-TdJZp/gdKb5RYiZigLy/RUz9EpbEV+HoOR4ofby3VonDSn7FmNZlex7OuxLPD8sRlCLZ5YYFI+9s1OhFs7fwEw==
dependencies:
"@xmldom/xmldom" "^0.8.5"
xpath "0.0.32"
"@xmldom/is-dom-node" "^1.0.1"
"@xmldom/xmldom" "^0.8.10"
xpath "^0.0.33"

xml-name-validator@^4.0.0:
version "4.0.0"
Expand Down Expand Up @@ -31262,15 +31261,10 @@ xmldoc@^1.1.2:
dependencies:
sax "^1.2.1"

[email protected]:
version "0.0.27"
resolved "https://registry.yarnpkg.com/xpath/-/xpath-0.0.27.tgz#dd3421fbdcc5646ac32c48531b4d7e9d0c2cfa92"
integrity sha512-fg03WRxtkCV6ohClePNAECYsmpKKTv5L8y/X3Dn1hQrec3POx2jHZ/0P2qQ6HvsrU1BmeqXcof3NGGueG6LxwQ==

[email protected]:
version "0.0.32"
resolved "https://registry.yarnpkg.com/xpath/-/xpath-0.0.32.tgz#1b73d3351af736e17ec078d6da4b8175405c48af"
integrity sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw==
xpath@^0.0.33:
version "0.0.33"
resolved "https://registry.yarnpkg.com/xpath/-/xpath-0.0.33.tgz#5136b6094227c5df92002e7c3a13516a5074eb07"
integrity sha512-NNXnzrkDrAzalLhIUc01jO2mOzXGXh1JwPgkihcLLzw98c0WgYDmmjSh1Kl3wzaxSVWMuA+fe0WTWOBDWCBmNA==

xstate@^4.38.2:
version "4.38.2"
Expand Down

0 comments on commit 73751e9

Please sign in to comment.