[TEST]Split transport verification mode none tests (#32488)
This commit splits SecurityNetty4TransportTests in two methods one handling verification mode certificate and full and one handling verification mode none. This is done so that the second method can be muted in a FIPS 140 JVM where verification mode none cannot be used.
This commit is contained in:
parent
018e77cac6
commit
1ee6393117
|
@ -21,22 +21,37 @@ import static org.elasticsearch.xpack.core.security.transport.netty4.SecurityNet
|
||||||
|
|
||||||
public class SecurityNetty4TransportTests extends ESTestCase {
|
public class SecurityNetty4TransportTests extends ESTestCase {
|
||||||
|
|
||||||
public void testGetTransportProfileConfigurations() {
|
public void testGetSecureTransportProfileConfigurations() {
|
||||||
final Settings settings = Settings.builder()
|
final Settings settings = Settings.builder()
|
||||||
.put("path.home", createTempDir())
|
.put("path.home", createTempDir())
|
||||||
.put("xpack.security.transport.ssl.verification_mode", VerificationMode.CERTIFICATE.name())
|
.put("xpack.security.transport.ssl.verification_mode", VerificationMode.CERTIFICATE.name())
|
||||||
.put("transport.profiles.full.xpack.security.ssl.verification_mode", VerificationMode.FULL.name())
|
.put("transport.profiles.full.xpack.security.ssl.verification_mode", VerificationMode.FULL.name())
|
||||||
.put("transport.profiles.cert.xpack.security.ssl.verification_mode", VerificationMode.CERTIFICATE.name())
|
.put("transport.profiles.cert.xpack.security.ssl.verification_mode", VerificationMode.CERTIFICATE.name())
|
||||||
|
.build();
|
||||||
|
final Environment env = TestEnvironment.newEnvironment(settings);
|
||||||
|
SSLService sslService = new SSLService(settings, env);
|
||||||
|
final SSLConfiguration defaultConfig = sslService.getSSLConfiguration("xpack.security.transport.ssl");
|
||||||
|
final Map<String, SSLConfiguration> profileConfigurations = getTransportProfileConfigurations(settings, sslService, defaultConfig);
|
||||||
|
assertThat(profileConfigurations.size(), Matchers.equalTo(3));
|
||||||
|
assertThat(profileConfigurations.keySet(), Matchers.containsInAnyOrder("full", "cert", "default"));
|
||||||
|
assertThat(profileConfigurations.get("full").verificationMode(), Matchers.equalTo(VerificationMode.FULL));
|
||||||
|
assertThat(profileConfigurations.get("cert").verificationMode(), Matchers.equalTo(VerificationMode.CERTIFICATE));
|
||||||
|
assertThat(profileConfigurations.get("default"), Matchers.sameInstance(defaultConfig));
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testGetInsecureTransportProfileConfigurations() {
|
||||||
|
assumeFalse("Can't run in a FIPS JVM with verification mode None", inFipsJvm());
|
||||||
|
final Settings settings = Settings.builder()
|
||||||
|
.put("path.home", createTempDir())
|
||||||
|
.put("xpack.security.transport.ssl.verification_mode", VerificationMode.CERTIFICATE.name())
|
||||||
.put("transport.profiles.none.xpack.security.ssl.verification_mode", VerificationMode.NONE.name())
|
.put("transport.profiles.none.xpack.security.ssl.verification_mode", VerificationMode.NONE.name())
|
||||||
.build();
|
.build();
|
||||||
final Environment env = TestEnvironment.newEnvironment(settings);
|
final Environment env = TestEnvironment.newEnvironment(settings);
|
||||||
SSLService sslService = new SSLService(settings, env);
|
SSLService sslService = new SSLService(settings, env);
|
||||||
final SSLConfiguration defaultConfig = sslService.getSSLConfiguration("xpack.security.transport.ssl");
|
final SSLConfiguration defaultConfig = sslService.getSSLConfiguration("xpack.security.transport.ssl");
|
||||||
final Map<String, SSLConfiguration> profileConfigurations = getTransportProfileConfigurations(settings, sslService, defaultConfig);
|
final Map<String, SSLConfiguration> profileConfigurations = getTransportProfileConfigurations(settings, sslService, defaultConfig);
|
||||||
assertThat(profileConfigurations.size(), Matchers.equalTo(4));
|
assertThat(profileConfigurations.size(), Matchers.equalTo(2));
|
||||||
assertThat(profileConfigurations.keySet(), Matchers.containsInAnyOrder("full", "cert", "none", "default"));
|
assertThat(profileConfigurations.keySet(), Matchers.containsInAnyOrder("none", "default"));
|
||||||
assertThat(profileConfigurations.get("full").verificationMode(), Matchers.equalTo(VerificationMode.FULL));
|
|
||||||
assertThat(profileConfigurations.get("cert").verificationMode(), Matchers.equalTo(VerificationMode.CERTIFICATE));
|
|
||||||
assertThat(profileConfigurations.get("none").verificationMode(), Matchers.equalTo(VerificationMode.NONE));
|
assertThat(profileConfigurations.get("none").verificationMode(), Matchers.equalTo(VerificationMode.NONE));
|
||||||
assertThat(profileConfigurations.get("default"), Matchers.sameInstance(defaultConfig));
|
assertThat(profileConfigurations.get("default"), Matchers.sameInstance(defaultConfig));
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue