/* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the "Elastic License * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side * Public License v 1"; you may not use this file except in compliance with, at * your election, the "Elastic License 2.0", the "GNU Affero General Public * License v3.0 only", or the "Server Side Public License, v 1". */ import org.elasticsearch.gradle.OS apply plugin: 'elasticsearch.build' base { archivesName = 'elasticsearch-plugin-cli' } tasks.named("dependencyLicenses").configure { mapping from: /asm-.*/, to: 'asm' } dependencies { compileOnly project(":server") compileOnly project(":libs:cli") implementation project(":libs:plugin-api") implementation project(":libs:plugin-scanner") implementation project(":libs:entitlement") // TODO: asm is picked up from the plugin scanner and entitlements, we should consolidate so it is not defined twice implementation 'org.ow2.asm:asm:9.7.1' implementation 'org.ow2.asm:asm-tree:9.7.1' api "org.bouncycastle:bcpg-fips:1.0.7.1" api "org.bouncycastle:bc-fips:1.0.2.5" testImplementation project(":test:framework") testImplementation "com.google.jimfs:jimfs:${versions.jimfs}" testRuntimeOnly "com.google.guava:guava:${versions.jimfs_guava}" } tasks.named("dependencyLicenses").configure { mapping from: /bc.*/, to: 'bouncycastle' } tasks.named("test").configure { // TODO: find a way to add permissions for the tests in this module systemProperty 'tests.security.manager', 'false' // These tests are "heavy" on the secure number generator. On Linux, the NativePRNG defaults to /dev/random for the seeds, and // its entropy is quite limited, to the point that it's known to hang: https://bugs.openjdk.org/browse/JDK-6521844 // We force the seed to be initialized from /dev/urandom, which is less secure, but in case of unit tests is not important. if (OS.current() == OS.LINUX) { systemProperty 'java.security.egd', 'file:/dev/urandom' } } /* * these two classes intentionally use the following JDK internal APIs in order to offer the necessary * functionality * * sun.security.internal.spec.TlsKeyMaterialParameterSpec * sun.security.internal.spec.TlsKeyMaterialSpec * sun.security.internal.spec.TlsMasterSecretParameterSpec * sun.security.internal.spec.TlsPrfParameterSpec * sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec * sun.security.provider.SecureRandom * */ tasks.named("thirdPartyAudit").configure { ignoreViolations( 'org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$CoreSecureRandom', 'org.bouncycastle.jcajce.provider.ProvSunTLSKDF', 'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$BaseTLSKeyGeneratorSpi', 'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSKeyMaterialGenerator', 'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSKeyMaterialGenerator$2', 'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSMasterSecretGenerator', 'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSMasterSecretGenerator$2', 'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSPRFKeyGenerator', 'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSRsaPreMasterSecretGenerator', 'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSRsaPreMasterSecretGenerator$2', 'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSExtendedMasterSecretGenerator', 'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSExtendedMasterSecretGenerator$2' ) }