Update opensaml dependency (elastic#44972)

Add a mirror of the maven repository of the shibboleth project
and upgrade opensaml and related dependencies to the latest
version available version

Resolves: elastic#44947

Author: jkakavas

buildSrc/version.properties

@@ -29,7 +29,6 @@ joda              = 2.10.4
 #  - distribution/tools/plugin-cli
 #  - x-pack/plugin/security
 bouncycastle      = 1.61
-
 # test dependencies
 randomizedrunner  = 2.7.1
 junit             = 4.12

x-pack/build.gradle

@@ -4,6 +4,22 @@ import org.elasticsearch.gradle.precommit.LicenseHeadersTask
 Project xpackRootProject = project
 
 subprojects {
+
+  // We define a specific repository for opensaml since the shibboleth project doesn't publish to maven central and the
+  // artifacts that are located there are not curated/updated by the project
+  // see: https://wiki.shibboleth.net/confluence/display/DEV/Use+of+Maven+Central
+  repositories {
+    maven {
+      name "opensaml"
+      url "https://artifactory.elstc.co/artifactory/shibboleth-releases/"
+      content {
+        includeGroup "org.opensaml"
+        includeGroup "net.shibboleth.utilities"
+        includeGroup "net.shibboleth"
+      }
+    }
+  }
+
   group = 'org.elasticsearch.plugin'
   ext.xpackRootProject = xpackRootProject
   ext.xpackProject = { String projectName -> xpackRootProject.project(projectName) }

x-pack/plugin/security/build.gradle

@@ -0,0 +1 @@
+7b0398d04a68ff7f58657938b3bdc5f2799b4b49

x-pack/plugin/security/licenses/cryptacular-1.2.0.jar.sha1

@@ -0,0 +1 @@
+c3fecaa141e8f0fff8a14e6800aefa8155c9b3e8

x-pack/plugin/security/licenses/cryptacular-1.2.3.jar.sha1

@@ -0,0 +1 @@
+0958fae127de9e8b0296e6f089c7451b6d5f0846

x-pack/plugin/security/licenses/java-support-7.3.0.jar.sha1

@@ -0,0 +1 @@
+e3ec93dfbf90c451e9f7fb34a3e33a6ac60edd31

x-pack/plugin/security/licenses/java-support-7.5.1.jar.sha1

@@ -0,0 +1 @@
+beaca9bd69ad861dbb55f1694853a02cb6988ae7

x-pack/plugin/security/licenses/opensaml-core-3.3.0.jar.sha1

@@ -0,0 +1 @@
+bb0a1f97d38342a5715bad628ee24000b08e821e

x-pack/plugin/security/licenses/opensaml-core-3.4.5.jar.sha1

@@ -0,0 +1 @@
+6cb4595c7a988d964f6a2d55dcac754b0c68904e

x-pack/plugin/security/licenses/opensaml-messaging-api-3.3.0.jar.sha1

@@ -0,0 +1 @@
+bef43d21b2d878baceae291af4a0ad3449c7d7ec

x-pack/plugin/security/licenses/opensaml-messaging-api-3.4.5.jar.sha1

@@ -0,0 +1 @@
+ecf4a9552575d38cffd4dc56d95e7564b7dccfc1

x-pack/plugin/security/licenses/opensaml-messaging-impl-3.3.0.jar.sha1

@@ -0,0 +1 @@
+15cbb232ae6665edc5df5f260e551e69fdb362e5

x-pack/plugin/security/licenses/opensaml-messaging-impl-3.4.5.jar.sha1

@@ -0,0 +1 @@
+b2bc1aa5b0f400aa50499f3783b10e9f7c216a47

x-pack/plugin/security/licenses/opensaml-profile-api-3.3.0.jar.sha1

@@ -0,0 +1 @@
+c497df002980c6e482ce7b828924bb24f60f99f7

x-pack/plugin/security/licenses/opensaml-profile-api-3.4.5.jar.sha1

@@ -0,0 +1 @@
+30ed8d37259e840df5b3fd8daf7b654129a9190c

x-pack/plugin/security/licenses/opensaml-profile-impl-3.3.0.jar.sha1

@@ -0,0 +1 @@
+a984671fd04e50da03f68003d2b062578e63ec86

x-pack/plugin/security/licenses/opensaml-profile-impl-3.4.5.jar.sha1

@@ -0,0 +1 @@
+a4b828fe1a9d64953ecdd8a9e00ff31b63ad6ef0

x-pack/plugin/security/licenses/opensaml-saml-api-3.3.0.jar.sha1

@@ -0,0 +1 @@
+a1b10f97deca1e3405f95db5b39697c0d46f5e0d

x-pack/plugin/security/licenses/opensaml-saml-api-3.4.5.jar.sha1

@@ -0,0 +1 @@
+d46cb9854a1ff85bea34ece7077bc32dbc2f10da

x-pack/plugin/security/licenses/opensaml-saml-impl-3.3.0.jar.sha1

@@ -0,0 +1 @@
+cb43326f02e3e77526c24269c8b5d3cc3f7f6653

x-pack/plugin/security/licenses/opensaml-saml-impl-3.4.5.jar.sha1

@@ -7,6 +7,11 @@ grant {
   // needed because of SAML (cf. o.e.x.s.s.RestorableContextClassLoader)
   permission java.lang.RuntimePermission "getClassLoader";
   permission java.lang.RuntimePermission "setContextClassLoader";
+  // needed during initialization of OpenSAML library where xml security algorithms are registered
+  // see https://github.com/apache/santuario-java/blob/e79f1fe4192de73a975bc7246aee58ed0703343d/src/main/java/org/apache/xml/security/utils/JavaUtils.java#L205-L220
+  // and https://git.shibboleth.net/view/?p=java-opensaml.git;a=blob;f=opensaml-xmlsec-impl/src/main/java/org/opensaml/xmlsec/signature/impl/SignatureMarshaller.java;hb=db0eaa64210f0e32d359cd6c57bedd57902bf811#l52
+  // which uses it in the opensaml-xmlsec-impl
+  permission java.security.SecurityPermission "org.apache.xml.security.register";
 
   // needed for multiple server implementations used in tests
   permission java.net.SocketPermission "*", "accept,connect";
@@ -31,14 +36,6 @@ grant {
   permission java.lang.RuntimePermission "getFileStoreAttributes";
 };
 
-grant codeBase "${codebase.xmlsec-2.0.8.jar}" {
-  // needed during initialization of OpenSAML library where xml security algorithms are registered
-  // see https://github.com/apache/santuario-java/blob/e79f1fe4192de73a975bc7246aee58ed0703343d/src/main/java/org/apache/xml/security/utils/JavaUtils.java#L205-L220
-  // and https://git.shibboleth.net/view/?p=java-opensaml.git;a=blob;f=opensaml-xmlsec-impl/src/main/java/org/opensaml/xmlsec/signature/impl/SignatureMarshaller.java;hb=db0eaa64210f0e32d359cd6c57bedd57902bf811#l52
-  // which uses it in the opensaml-xmlsec-impl
-  permission java.security.SecurityPermission "org.apache.xml.security.register";
-};
-
 grant codeBase "${codebase.netty-common}" {
    // for reading the system-wide configuration for the backlog of established sockets
    permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read";