[TEST]Split transport verification mode none tests (#32488)

This commit splits SecurityNetty4TransportTests in two methods
one handling verification mode certificate and full and one
handling verification mode none. This is done so that the second
method can be muted in a FIPS 140 JVM where verification mode none
cannot be used.
This commit is contained in:
Ioannis Kakavas 2018-08-03 14:44:40 +03:00 committed by GitHub
parent 018e77cac6
commit 1ee6393117
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 5 deletions

View File

@ -21,22 +21,37 @@ import static org.elasticsearch.xpack.core.security.transport.netty4.SecurityNet
public class SecurityNetty4TransportTests extends ESTestCase { public class SecurityNetty4TransportTests extends ESTestCase {
public void testGetTransportProfileConfigurations() { public void testGetSecureTransportProfileConfigurations() {
final Settings settings = Settings.builder() final Settings settings = Settings.builder()
.put("path.home", createTempDir()) .put("path.home", createTempDir())
.put("xpack.security.transport.ssl.verification_mode", VerificationMode.CERTIFICATE.name()) .put("xpack.security.transport.ssl.verification_mode", VerificationMode.CERTIFICATE.name())
.put("transport.profiles.full.xpack.security.ssl.verification_mode", VerificationMode.FULL.name()) .put("transport.profiles.full.xpack.security.ssl.verification_mode", VerificationMode.FULL.name())
.put("transport.profiles.cert.xpack.security.ssl.verification_mode", VerificationMode.CERTIFICATE.name()) .put("transport.profiles.cert.xpack.security.ssl.verification_mode", VerificationMode.CERTIFICATE.name())
.build();
final Environment env = TestEnvironment.newEnvironment(settings);
SSLService sslService = new SSLService(settings, env);
final SSLConfiguration defaultConfig = sslService.getSSLConfiguration("xpack.security.transport.ssl");
final Map<String, SSLConfiguration> profileConfigurations = getTransportProfileConfigurations(settings, sslService, defaultConfig);
assertThat(profileConfigurations.size(), Matchers.equalTo(3));
assertThat(profileConfigurations.keySet(), Matchers.containsInAnyOrder("full", "cert", "default"));
assertThat(profileConfigurations.get("full").verificationMode(), Matchers.equalTo(VerificationMode.FULL));
assertThat(profileConfigurations.get("cert").verificationMode(), Matchers.equalTo(VerificationMode.CERTIFICATE));
assertThat(profileConfigurations.get("default"), Matchers.sameInstance(defaultConfig));
}
public void testGetInsecureTransportProfileConfigurations() {
assumeFalse("Can't run in a FIPS JVM with verification mode None", inFipsJvm());
final Settings settings = Settings.builder()
.put("path.home", createTempDir())
.put("xpack.security.transport.ssl.verification_mode", VerificationMode.CERTIFICATE.name())
.put("transport.profiles.none.xpack.security.ssl.verification_mode", VerificationMode.NONE.name()) .put("transport.profiles.none.xpack.security.ssl.verification_mode", VerificationMode.NONE.name())
.build(); .build();
final Environment env = TestEnvironment.newEnvironment(settings); final Environment env = TestEnvironment.newEnvironment(settings);
SSLService sslService = new SSLService(settings, env); SSLService sslService = new SSLService(settings, env);
final SSLConfiguration defaultConfig = sslService.getSSLConfiguration("xpack.security.transport.ssl"); final SSLConfiguration defaultConfig = sslService.getSSLConfiguration("xpack.security.transport.ssl");
final Map<String, SSLConfiguration> profileConfigurations = getTransportProfileConfigurations(settings, sslService, defaultConfig); final Map<String, SSLConfiguration> profileConfigurations = getTransportProfileConfigurations(settings, sslService, defaultConfig);
assertThat(profileConfigurations.size(), Matchers.equalTo(4)); assertThat(profileConfigurations.size(), Matchers.equalTo(2));
assertThat(profileConfigurations.keySet(), Matchers.containsInAnyOrder("full", "cert", "none", "default")); assertThat(profileConfigurations.keySet(), Matchers.containsInAnyOrder("none", "default"));
assertThat(profileConfigurations.get("full").verificationMode(), Matchers.equalTo(VerificationMode.FULL));
assertThat(profileConfigurations.get("cert").verificationMode(), Matchers.equalTo(VerificationMode.CERTIFICATE));
assertThat(profileConfigurations.get("none").verificationMode(), Matchers.equalTo(VerificationMode.NONE)); assertThat(profileConfigurations.get("none").verificationMode(), Matchers.equalTo(VerificationMode.NONE));
assertThat(profileConfigurations.get("default"), Matchers.sameInstance(defaultConfig)); assertThat(profileConfigurations.get("default"), Matchers.sameInstance(defaultConfig));
} }