honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix broken test on FIPS for specific seed (#41230) 

Under random seed 4304ED44CB755610 the generated byte pattern causes
BC-FIPS to throw

    java.io.IOException: DER length more than 4 bytes: 101

Rather than simply returning an empty list (as it does for most random
values).

Backport of: #40939
This commit is contained in:
Tim Vernum 2019-04-26 15:43:48 +10:00 committed by GitHub
parent 1f8ff052a1
commit 13fa72cae3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libs/ssl-config/src/test/java/org/elasticsearch/common/ssl/PemTrustConfigTests.java
View File

@ -123,18 +123,19 @@ public class PemTrustConfigTests extends ESTestCase {
private void assertEmptyFile(PemTrustConfig trustConfig, Path file) { private void assertEmptyFile(PemTrustConfig trustConfig, Path file) {
final SslConfigException exception = expectThrows(SslConfigException.class, trustConfig::createTrustManager); final SslConfigException exception = expectThrows(SslConfigException.class, trustConfig::createTrustManager);
logger.info("failure", exception);
assertThat(exception.getMessage(), Matchers.containsString(file.toAbsolutePath().toString())); assertThat(exception.getMessage(), Matchers.containsString(file.toAbsolutePath().toString()));
assertThat(exception.getMessage(), Matchers.containsString("failed to parse any certificates")); assertThat(exception.getMessage(), Matchers.containsString("failed to parse any certificates"));
} }
private void assertInvalidFileFormat(PemTrustConfig trustConfig, Path file) { private void assertInvalidFileFormat(PemTrustConfig trustConfig, Path file) {
if (inFipsJvm()) {
// When running on BC-FIPS, an invalid file format behaves like an empty file
assertEmptyFile(trustConfig, file);
return;
}
final SslConfigException exception = expectThrows(SslConfigException.class, trustConfig::createTrustManager); final SslConfigException exception = expectThrows(SslConfigException.class, trustConfig::createTrustManager);
assertThat(exception.getMessage(), Matchers.containsString(file.toAbsolutePath().toString())); assertThat(exception.getMessage(), Matchers.containsString(file.toAbsolutePath().toString()));
// When running on BC-FIPS, an invalid file format *might* just fail to parse, without any errors (just like an empty file)
// or it might behave per the SUN provider, and throw a GSE (depending on exactly what was invalid)
if (inFipsJvm() && exception.getMessage().contains("failed to parse any certificates")) {
return;
}
assertThat(exception.getMessage(), Matchers.containsString("cannot create trust")); assertThat(exception.getMessage(), Matchers.containsString("cannot create trust"));
assertThat(exception.getMessage(), Matchers.containsString("PEM")); assertThat(exception.getMessage(), Matchers.containsString("PEM"));
assertThat(exception.getCause(), Matchers.instanceOf(GeneralSecurityException.class)); assertThat(exception.getCause(), Matchers.instanceOf(GeneralSecurityException.class));