[CI] HttpExporterSslIT#testCanAddNewExporterWithSsl fails on FIPS JVM #32673
Description
The following reproduces on the FIPS JVM:
REPRODUCE WITH: ./gradlew :x-pack:plugin:monitoring:internalClusterTest \
-Dtests.seed=E34BAFEB137A1040 \
-Dtests.class=org.elasticsearch.xpack.monitoring.exporter.http.HttpExporterSslIT \
-Dtests.method="testCanAddNewExporterWithSsl" \
-Dtests.security.manager=true \
-Dtests.locale=no-NO \
-Dtests.timezone=Africa/Blantyre
Relevant stack traces:
2> java.io.IOException: Invalid keystore format
2> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658)
2> at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
2> at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
2> at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
2> at java.security.KeyStore.load(KeyStore.java:1445)
2> at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:61)
2> at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:52)
2> at java.security.AccessController.doPrivileged(Native Method)
2> at sun.security.util.AnchorCertificates.<clinit>(AnchorCertificates.java:52)
2> at sun.security.provider.certpath.AlgorithmChecker.checkFingerprint(AlgorithmChecker.java:214)
2> at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:164)
2> at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:118)
2> at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:157)
2> at sun.security.validator.Validator.validate(Validator.java:260)
2> at sun.security.validator.Validator.validate(Validator.java:236)
2> at sun.security.validator.Validator.validate(Validator.java:205)
2> at javax.crypto.JarVerifier.isTrusted(JarVerifier.java:610)
2> at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:530)
2> at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:363)
2> at javax.crypto.JarVerifier.verify(JarVerifier.java:289)
2> at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:164)
2> at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:190)
2> at javax.crypto.JceSecurity.getInstance(JceSecurity.java:114)
2> at javax.crypto.Mac.getInstance(Mac.java:257)
2> at org.bouncycastle.jcajce.provider.ProvBCFKS$BCFIPSKeyStoreSpi.calculateMac(Unknown Source)
2> at org.bouncycastle.jcajce.provider.ProvBCFKS$BCFIPSKeyStoreSpi.verifyMac(Unknown Source)
2> at org.bouncycastle.jcajce.provider.ProvBCFKS$BCFIPSKeyStoreSpi.engineLoad(Unknown Source)
2> at java.security.KeyStore.load(KeyStore.java:1445)
2> at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:226)
2> at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:50)
and
1> Caused by: java.security.KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used
1> at sun.security.ssl.SSLContextImpl.chooseTrustManager(SSLContextImpl.java:115) ~[?:?]
1> at sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:78) ~[?:?]
1> at javax.net.ssl.SSLContext.init(SSLContext.java:282) ~[?:1.8.0_172]
1> at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:372) ~[x-pack-core-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
1> ... 26 more
Predictably, this also reproduces on 6.x and 6.4 .