[TEST] Allow to run in FIPS JVM (#32607)

jkakavas · albertzaharovits · commit 8d2dbfa64875 · 2018-08-06T10:49:57.000+03:00
* Do not attempt to run cases with ssl.verification_mode NONE in
SessionFactoryTests so that the tests can run in a FIPS 140 JVM
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryTests.java
@@ -93,10 +93,13 @@ public void testConnectionFactoryReturnsCorrectLDAPConnectionOptions() throws Ex
         options = SessionFactory.connectionOptions(realmConfig, sslService.apply(settings), logger);
         assertThat(options.getSSLSocketVerifier(), is(instanceOf(TrustAllSSLSocketVerifier.class)));
 
-        settings = Settings.builder().put("ssl.verification_mode", VerificationMode.NONE).build();
-        realmConfig = new RealmConfig(realmName, settings, environment.settings(), environment, threadContext);
-        options = SessionFactory.connectionOptions(realmConfig, sslService.apply(settings), logger);
-        assertThat(options.getSSLSocketVerifier(), is(instanceOf(TrustAllSSLSocketVerifier.class)));
+        // Can't run in FIPS with verification_mode none, disable this check instead of duplicating the test case
+        if (inFipsJvm() == false) {
+            settings = Settings.builder().put("ssl.verification_mode", VerificationMode.NONE).build();
+            realmConfig = new RealmConfig(realmName, settings, environment.settings(), environment, threadContext);
+            options = SessionFactory.connectionOptions(realmConfig, sslService.apply(settings), logger);
+            assertThat(options.getSSLSocketVerifier(), is(instanceOf(TrustAllSSLSocketVerifier.class)));
+        }
 
         settings = Settings.builder().put("ssl.verification_mode", VerificationMode.FULL).build();
         realmConfig = new RealmConfig(realmName, settings, environment.settings(), environment, threadContext);
