82 lines
3.6 KiB
Groovy
82 lines
3.6 KiB
Groovy
/*
|
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
* or more contributor license agreements. Licensed under the "Elastic License
|
|
* 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
|
|
* Public License v 1"; you may not use this file except in compliance with, at
|
|
* your election, the "Elastic License 2.0", the "GNU Affero General Public
|
|
* License v3.0 only", or the "Server Side Public License, v 1".
|
|
*/
|
|
|
|
import org.elasticsearch.gradle.OS
|
|
|
|
apply plugin: 'elasticsearch.build'
|
|
|
|
base {
|
|
archivesName = 'elasticsearch-plugin-cli'
|
|
}
|
|
|
|
tasks.named("dependencyLicenses").configure {
|
|
mapping from: /asm-.*/, to: 'asm'
|
|
}
|
|
|
|
dependencies {
|
|
compileOnly project(":server")
|
|
compileOnly project(":libs:cli")
|
|
implementation project(":libs:plugin-api")
|
|
implementation project(":libs:plugin-scanner")
|
|
implementation project(":libs:entitlement")
|
|
// TODO: asm is picked up from the plugin scanner and entitlements, we should consolidate so it is not defined twice
|
|
implementation 'org.ow2.asm:asm:9.7.1'
|
|
implementation 'org.ow2.asm:asm-tree:9.7.1'
|
|
|
|
api "org.bouncycastle:bcpg-fips:1.0.7.1"
|
|
api "org.bouncycastle:bc-fips:1.0.2.5"
|
|
testImplementation project(":test:framework")
|
|
testImplementation "com.google.jimfs:jimfs:${versions.jimfs}"
|
|
testRuntimeOnly "com.google.guava:guava:${versions.jimfs_guava}"
|
|
}
|
|
|
|
tasks.named("dependencyLicenses").configure {
|
|
mapping from: /bc.*/, to: 'bouncycastle'
|
|
}
|
|
|
|
tasks.named("test").configure {
|
|
// TODO: find a way to add permissions for the tests in this module
|
|
systemProperty 'tests.security.manager', 'false'
|
|
// These tests are "heavy" on the secure number generator. On Linux, the NativePRNG defaults to /dev/random for the seeds, and
|
|
// its entropy is quite limited, to the point that it's known to hang: https://bugs.openjdk.org/browse/JDK-6521844
|
|
// We force the seed to be initialized from /dev/urandom, which is less secure, but in case of unit tests is not important.
|
|
if (OS.current() == OS.LINUX) {
|
|
systemProperty 'java.security.egd', 'file:/dev/urandom'
|
|
}
|
|
}
|
|
|
|
/*
|
|
* these two classes intentionally use the following JDK internal APIs in order to offer the necessary
|
|
* functionality
|
|
*
|
|
* sun.security.internal.spec.TlsKeyMaterialParameterSpec
|
|
* sun.security.internal.spec.TlsKeyMaterialSpec
|
|
* sun.security.internal.spec.TlsMasterSecretParameterSpec
|
|
* sun.security.internal.spec.TlsPrfParameterSpec
|
|
* sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec
|
|
* sun.security.provider.SecureRandom
|
|
*
|
|
*/
|
|
tasks.named("thirdPartyAudit").configure {
|
|
ignoreViolations(
|
|
'org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$CoreSecureRandom',
|
|
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF',
|
|
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$BaseTLSKeyGeneratorSpi',
|
|
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSKeyMaterialGenerator',
|
|
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSKeyMaterialGenerator$2',
|
|
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSMasterSecretGenerator',
|
|
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSMasterSecretGenerator$2',
|
|
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSPRFKeyGenerator',
|
|
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSRsaPreMasterSecretGenerator',
|
|
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSRsaPreMasterSecretGenerator$2',
|
|
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSExtendedMasterSecretGenerator',
|
|
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSExtendedMasterSecretGenerator$2'
|
|
)
|
|
}
|