From 21ad7e6b408784b20f39e5dd6a705a0d96862750 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Tue, 31 Jul 2018 09:42:43 +0300 Subject: [PATCH] [TEST]Split transport verification mode none tests This commit splits SecurityNetty4TransportTests in two methods one handling verification mode certificate and full and one handling verification mode none. This is done so that the second method can be muted in a FIPS 140 JVM where verification mode none cannot be used. --- .../netty4/SecurityNetty4TransportTests.java | 23 +++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/transport/netty4/SecurityNetty4TransportTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/transport/netty4/SecurityNetty4TransportTests.java index 3c4ebee2ac59c..6ce7e2aebdef8 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/transport/netty4/SecurityNetty4TransportTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/transport/netty4/SecurityNetty4TransportTests.java @@ -21,22 +21,37 @@ public class SecurityNetty4TransportTests extends ESTestCase { - public void testGetTransportProfileConfigurations() { + public void testGetSecureTransportProfileConfigurations() { final Settings settings = Settings.builder() .put("path.home", createTempDir()) .put("xpack.security.transport.ssl.verification_mode", VerificationMode.CERTIFICATE.name()) .put("transport.profiles.full.xpack.security.ssl.verification_mode", VerificationMode.FULL.name()) .put("transport.profiles.cert.xpack.security.ssl.verification_mode", VerificationMode.CERTIFICATE.name()) - .put("transport.profiles.none.xpack.security.ssl.verification_mode", VerificationMode.NONE.name()) .build(); final Environment env = TestEnvironment.newEnvironment(settings); SSLService sslService = new SSLService(settings, env); final SSLConfiguration defaultConfig = sslService.getSSLConfiguration("xpack.security.transport.ssl"); final Map profileConfigurations = getTransportProfileConfigurations(settings, sslService, defaultConfig); - assertThat(profileConfigurations.size(), Matchers.equalTo(4)); - assertThat(profileConfigurations.keySet(), Matchers.containsInAnyOrder("full", "cert", "none", "default")); + assertThat(profileConfigurations.size(), Matchers.equalTo(3)); + assertThat(profileConfigurations.keySet(), Matchers.containsInAnyOrder("full", "cert", "default")); assertThat(profileConfigurations.get("full").verificationMode(), Matchers.equalTo(VerificationMode.FULL)); assertThat(profileConfigurations.get("cert").verificationMode(), Matchers.equalTo(VerificationMode.CERTIFICATE)); + assertThat(profileConfigurations.get("default"), Matchers.sameInstance(defaultConfig)); + } + + public void testGetInsecureTransportProfileConfigurations() { + assumeFalse("Can't run in a FIPS JVM with verification mode None", inFipsJvm()); + final Settings settings = Settings.builder() + .put("path.home", createTempDir()) + .put("xpack.security.transport.ssl.verification_mode", VerificationMode.CERTIFICATE.name()) + .put("transport.profiles.none.xpack.security.ssl.verification_mode", VerificationMode.NONE.name()) + .build(); + final Environment env = TestEnvironment.newEnvironment(settings); + SSLService sslService = new SSLService(settings, env); + final SSLConfiguration defaultConfig = sslService.getSSLConfiguration("xpack.security.transport.ssl"); + final Map profileConfigurations = getTransportProfileConfigurations(settings, sslService, defaultConfig); + assertThat(profileConfigurations.size(), Matchers.equalTo(2)); + assertThat(profileConfigurations.keySet(), Matchers.containsInAnyOrder("none", "default")); assertThat(profileConfigurations.get("none").verificationMode(), Matchers.equalTo(VerificationMode.NONE)); assertThat(profileConfigurations.get("default"), Matchers.sameInstance(defaultConfig)); }