[8.18] Bump json-smart and oauth2-oidc-sdk (elastic#122737) (elastic#122834)

* Bump json-smart and oauth2-oidc-sdk (elastic#122737)

* Bump json-smart and oauth2-oidc-sdk

---------

Co-authored-by: elasticsearchmachine <[email protected]>

* fixup! Add back verification data for test dep

---------

Co-authored-by: elasticsearchmachine <[email protected]>

Author: jfreden

docs/changelog/122737.yaml

@@ -0,0 +1,5 @@
+pr: 122737
+summary: Bump json-smart and oauth2-oidc-sdk
+area: Authentication
+type: upgrade
+issues: []

gradle/verification-metadata.xml

@@ -979,36 +979,24 @@
             <sha256 value="e8c1c594e2425bdbea2d860de55c69b69fc5d59454452449a0f0913c2a5b8a31" origin="Generated by Gradle"/>
          </artifact>
       </component>
+      <component group="com.nimbusds" name="nimbus-jose-jwt" version="10.0.1">
+         <artifact name="nimbus-jose-jwt-10.0.1.jar">
+            <sha256 value="f28dbd9ab128324f05050d76b78469d3a9cd83e0319aabc68d1c276e3923e13a" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
       <component group="com.nimbusds" name="nimbus-jose-jwt" version="4.41.1">
          <artifact name="nimbus-jose-jwt-4.41.1.jar">
             <sha256 value="fbfd0d5f2b2f86758b821daa5e79b5d7c965edd9dc1b2cc80b515df1c6ddc22d" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="com.nimbusds" name="nimbus-jose-jwt" version="9.37.3">
-         <artifact name="nimbus-jose-jwt-9.37.3.jar">
-            <sha256 value="12ae4a3a260095d7aeba2adea7ae396e8b9570db8b7b409e09a824c219cc0444" origin="Generated by Gradle">
-               <also-trust value="afc63b689d881439b95f343b1dca750391edac63b87392be4d90d19c94ccafbe"/>
-            </sha256>
-         </artifact>
-      </component>
       <component group="com.nimbusds" name="nimbus-jose-jwt" version="9.8.1">
          <artifact name="nimbus-jose-jwt-9.8.1.jar">
             <sha256 value="7664cf8c6f2adadf600287812b32878277beda54912eab9d4c2932cd50cb704a" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="com.nimbusds" name="oauth2-oidc-sdk" version="11.10.1">
-         <artifact name="oauth2-oidc-sdk-11.10.1.jar">
-            <sha256 value="9e51b2c17503cdd3eb97f41491c712aff7783bb3c67185d789f44ccf2a603b26" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="com.nimbusds" name="oauth2-oidc-sdk" version="11.9.1">
-         <artifact name="oauth2-oidc-sdk-11.9.1.jar">
-            <sha256 value="0820c9690966304d075347b88e81ae490213440fc4d2c84f3d370d41941b2b9c" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="com.nimbusds" name="oauth2-oidc-sdk" version="9.37">
-         <artifact name="oauth2-oidc-sdk-9.37.jar">
-            <sha256 value="44a04bbed5ae3f6d198aa73ee6b545c476e528ec1a267ef3e9f7033f886dd6fe" origin="Generated by Gradle"/>
+      <component group="com.nimbusds" name="oauth2-oidc-sdk" version="11.22.2">
+         <artifact name="oauth2-oidc-sdk-11.22.2.jar">
+            <sha256 value="64fab42f17bf8e0efb193dd34da716ef7abb7515234036119df1776b808dc066" origin="Generated by Gradle"/>
          </artifact>
       </component>
       <component group="com.perforce" name="p4java" version="2015.2.1365273">
@@ -1774,34 +1762,24 @@
             <sha256 value="0972bbc99437c4163acd09b630e6c77eab4cfab8a9594621c95466c0c6645396" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="net.minidev" name="accessors-smart" version="2.5.0">
-         <artifact name="accessors-smart-2.5.0.jar">
-            <sha256 value="12314fc6881d66a413fd66370787adba16e504fbf7e138690b0f3952e3fbd321" origin="Generated by Gradle"/>
+      <component group="net.minidev" name="accessors-smart" version="2.5.2">
+         <artifact name="accessors-smart-2.5.2.jar">
+            <sha256 value="9b8a7bc43861d6156c021166d941fb7dddbe4463e2fa5ee88077e4b01452a836" origin="Generated by Gradle"/>
          </artifact>
       </component>
       <component group="net.minidev" name="json-smart" version="2.3">
          <artifact name="json-smart-2.3.jar">
             <sha256 value="903f48c8aa4c3f6426440b8d32de89fa1dc23b1169abde25e4e1d068aa67708b" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="net.minidev" name="json-smart" version="2.4.10">
-         <artifact name="json-smart-2.4.10.jar">
-            <sha256 value="70cab5e9488630dc631b1fc6e7fa550d95cddd19ba14db39ceca7cabfbd4e5ae" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
       <component group="net.minidev" name="json-smart" version="2.4.2">
          <artifact name="json-smart-2.4.2.jar">
             <sha256 value="64072f56d9dff5040b2acec477c5d5e6bcebfc88c508f12acb26072d07942146" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="net.minidev" name="json-smart" version="2.5.0">
-         <artifact name="json-smart-2.5.0.jar">
-            <sha256 value="432b9e545848c4141b80717b26e367f83bf33f19250a228ce75da6e967da2bc7" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="net.minidev" name="json-smart" version="2.5.1">
-         <artifact name="json-smart-2.5.1.jar">
-            <sha256 value="86c0c189581b79b57b0719f443a724e9f628ffbb9eef645cf79194f5973a1001" origin="Generated by Gradle"/>
+      <component group="net.minidev" name="json-smart" version="2.5.2">
+         <artifact name="json-smart-2.5.2.jar">
+            <sha256 value="4fbdedb0105cedc7f766b95c297d2e88fb6a560da48f3bbaa0cc538ea8b7bf71" origin="Generated by Gradle"/>
          </artifact>
       </component>
       <component group="net.nextencia" name="rrdiagram" version="0.9.4">
@@ -4353,31 +4331,6 @@
             <sha256 value="ca5b8d11569e53921b0e3486469e7c674361c79845dad3d514f38ab6e0c8c10a" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="org.ow2.asm" name="asm" version="9.2">
-         <artifact name="asm-9.2.jar">
-            <sha256 value="b9d4fe4d71938df38839f0eca42aaaa64cf8b313d678da036f0cb3ca199b47f5" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="org.ow2.asm" name="asm" version="9.3">
-         <artifact name="asm-9.3.jar">
-            <sha256 value="1263369b59e29c943918de11d6d6152e2ec6085ce63e5710516f8c67d368e4bc" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="org.ow2.asm" name="asm" version="9.4">
-         <artifact name="asm-9.4.jar">
-            <sha256 value="39d0e2b3dc45af65a09b097945750a94a126e052e124f93468443a1d0e15f381" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="org.ow2.asm" name="asm" version="9.5">
-         <artifact name="asm-9.5.jar">
-            <sha256 value="b62e84b5980729751b0458c534cf1366f727542bb8d158621335682a460f0353" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="org.ow2.asm" name="asm" version="9.6">
-         <artifact name="asm-9.6.jar">
-            <sha256 value="3c6fac2424db3d4a853b669f4e3d1d9c3c552235e19a319673f887083c2303a1" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
       <component group="org.ow2.asm" name="asm" version="9.7.1">
          <artifact name="asm-9.7.1.jar">
             <sha256 value="8cadd43ac5eb6d09de05faecca38b917a040bb9139c7edeb4cc81c740b713281" origin="Generated by Gradle"/>

modules/repository-azure/build.gradle

@@ -62,20 +62,20 @@ dependencies {
   api "com.github.stephenc.jcip:jcip-annotations:1.0-1"
   api "com.nimbusds:content-type:2.3"
   api "com.nimbusds:lang-tag:1.7"
-  api("com.nimbusds:nimbus-jose-jwt:9.37.3"){
+  api("com.nimbusds:nimbus-jose-jwt:10.0.1"){
     exclude group: 'com.google.crypto.tink', module: 'tink' // it's an optional dependency on which we don't rely
   }
-  api("com.nimbusds:oauth2-oidc-sdk:11.9.1"){
+  api("com.nimbusds:oauth2-oidc-sdk:11.22.2"){
     exclude group: 'com.google.crypto.tink', module: 'tink' // it's an optional dependency on which we don't rely
   }
   api "jakarta.activation:jakarta.activation-api:1.2.1"
   api "jakarta.xml.bind:jakarta.xml.bind-api:2.3.3"
   api "net.java.dev.jna:jna-platform:${versions.jna}" // Maven says 5.14.0 but this aligns with the Elasticsearch-wide version
   api "net.java.dev.jna:jna:${versions.jna}" // Maven says 5.14.0 but this aligns with the Elasticsearch-wide version
-  api "net.minidev:accessors-smart:2.5.0"
-  api "net.minidev:json-smart:2.5.0"
+  api "net.minidev:accessors-smart:2.5.2"
+  api "net.minidev:json-smart:2.5.2"
   api "org.codehaus.woodstox:stax2-api:4.2.2"
-  api "org.ow2.asm:asm:9.3"
+  api "org.ow2.asm:asm:9.7.1"
 
   runtimeOnly "com.google.code.gson:gson:2.11.0"
   runtimeOnly "org.cryptomator:siv-mode:1.5.2"
@@ -189,11 +189,6 @@ tasks.named("thirdPartyAudit").configure {
     'org.bouncycastle.cert.X509CertificateHolder',
     'org.bouncycastle.cert.jcajce.JcaX509CertificateHolder',
     'org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder',
-    'org.bouncycastle.crypto.InvalidCipherTextException',
-    'org.bouncycastle.crypto.engines.AESEngine',
-    'org.bouncycastle.crypto.modes.GCMBlockCipher',
-    'org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider',
-    'org.bouncycastle.jce.provider.BouncyCastleProvider',
     'org.bouncycastle.openssl.PEMKeyPair',
     'org.bouncycastle.openssl.PEMParser',
     'org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter',

x-pack/plugin/security/build.gradle

@@ -79,21 +79,21 @@ dependencies {
   runtimeOnly "joda-time:joda-time:2.10.10"
 
   // Dependencies for oidc
-  api "com.nimbusds:oauth2-oidc-sdk:11.10.1"
+  api "com.nimbusds:oauth2-oidc-sdk:11.22.2"
   api project(path: xpackModule('security:lib:nimbus-jose-jwt-modified'), configuration: 'shadow')
   if (isEclipse) {
     /*
      * Eclipse can't pick up the shadow dependency so we point it at the unmodified version of the library
      * so it can compile things.
      */
-    api "com.nimbusds:nimbus-jose-jwt:9.37.3"
+    api "com.nimbusds:nimbus-jose-jwt:10.0.1"
   }
-  api "com.nimbusds:lang-tag:1.4.4"
+  api "com.nimbusds:lang-tag:1.7"
   api "com.sun.mail:jakarta.mail:1.6.3"
   api "net.jcip:jcip-annotations:1.0"
-  api "net.minidev:json-smart:2.5.1"
-  api "net.minidev:accessors-smart:2.4.2"
-  api "org.ow2.asm:asm:8.0.1"
+  api "net.minidev:json-smart:2.5.2"
+  api "net.minidev:accessors-smart:2.5.2"
+  api "org.ow2.asm:asm:9.7.1"
 
   testImplementation "org.elasticsearch:mocksocket:${versions.mocksocket}"
 

x-pack/plugin/security/lib/nimbus-jose-jwt-modified-part1/build.gradle

@@ -11,7 +11,7 @@ apply plugin: 'com.gradleup.shadow'
 // See the build.gradle file in the parent directory for an explanation of this unusual build
 
 dependencies {
-  implementation "com.nimbusds:nimbus-jose-jwt:9.37.3"
+  implementation "com.nimbusds:nimbus-jose-jwt:10.0.1"
 }
 
 tasks.named('shadowJar').configure {

x-pack/plugin/security/lib/nimbus-jose-jwt-modified/build.gradle

@@ -11,7 +11,7 @@ apply plugin: 'com.gradleup.shadow'
 // See the build.gradle file in the parent directory for an explanation of this unusual build
 
 dependencies {
-  implementation "com.nimbusds:nimbus-jose-jwt:9.37.3"
+  implementation "com.nimbusds:nimbus-jose-jwt:10.0.1"
   implementation project(path: xpackModule('security:lib:nimbus-jose-jwt-modified-part2'), configuration: 'shadow')
 }
 

x-pack/plugin/security/lib/nimbus-jose-jwt-modified/src/main/java/com/nimbusds/jose/util/JSONObjectUtils.java

@@ -13,6 +13,7 @@
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.text.ParseException;
+import java.util.Date;
 import java.util.List;
 import java.util.Map;
 
@@ -192,6 +193,16 @@ public static Base64URL getBase64URL(final Map<String, Object> o, final String k
         }
     }
 
+    public static Date getEpochSecondAsDate(final Map<String, Object> o, final String key) throws ParseException {
+        try {
+            return AccessController.doPrivileged(
+                (PrivilegedExceptionAction<Date>) () -> org.elasticsearch.nimbus.jose.util.JSONObjectUtils.getEpochSecondAsDate(o, key)
+            );
+        } catch (PrivilegedActionException e) {
+            throw (ParseException) e.getException();
+        }
+    }
+
     public static String toJSONString(final Map<String, ?> o) {
         return AccessController.doPrivileged(
             (PrivilegedAction<String>) () -> org.elasticsearch.nimbus.jose.util.JSONObjectUtils.toJSONString(o)