From 1e03de4999a6ff21bf29d8e17aef897f9ba9a87d Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Tue, 26 May 2020 10:51:47 +0300 Subject: [PATCH] Fix key usage in SamlAuthenticatorTests (#57124) (#57129) In #51089 where SamlAuthenticatorTests were refactored, we missed to update one test case which meant that a single key would be used both for signing and encryption in the same run. As explained in #51089, and due to FIPS 140 requirements, BouncyCastle FIPS provider will block RSA keys that have been used for signing from being used for encryption and vice versa This commit changes testNoAttributesReturnedWhenTheyCannotBeDecrypted to always use the specific keys we have added for encryption. --- .../xpack/security/authc/saml/SamlAuthenticatorTests.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticatorTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticatorTests.java index f6caca1b0a2..f18a8a74ae4 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticatorTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticatorTests.java @@ -403,7 +403,7 @@ public class SamlAuthenticatorTests extends SamlTestCase { final String xml = getSimpleResponseAsString(now); // Encrypting with different cert instead of sp cert will mean that the SP cannot decrypt - final Response encrypted = encryptAttributes(xml, readKeyPair("RSA_4096_updated")); + final Response encrypted = encryptAttributes(xml, readKeyPair("ENCRYPTION_RSA_4096_updated")); final String encryptedString = SamlUtils.getXmlContent(encrypted, false); assertThat(encryptedString, not(equalTo(xml)));