honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-17 02:14:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adjust reload keystore test to pass in FIPS (#56889) (#56940)

Browse Source 
In KeystoreWrapper class we determine if the error to decrypt a
given keystore is caused by a wrong password based on the exception
that the SunJCE implementation of AES is
throwing(AEADBadTagException). Other implementations from other
Security Providers fail with a different exception and as such we
cannot differentiate between a corrupted file and a wrong password
in a foolproof way.
As in other tests such as in
KeyStoreWrapperTests#testDecryptKeyStoreWithWrongPassword
we handle this by matching both possible exception messages.
This commit is contained in:
Ioannis Kakavas 2020-05-19 18:11:43 +03:00 committed by GitHub
parent 0f233b1b0b
commit 38e55cd348
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rest-api-spec/src/main/resources/rest-api-spec/test/nodes.reload_secure_settings/10_basic.yml
View File

@ -18,7 +18,9 @@ setup:
- is_true: nodes - is_true: nodes
- is_true: cluster_name - is_true: cluster_name
- match: { nodes.$node_id.reload_exception.type: "security_exception" } - match: { nodes.$node_id.reload_exception.type: "security_exception" }
- match: { nodes.$node_id.reload_exception.reason: "Provided keystore password was incorrect" } - match: { nodes.$node_id.reload_exception.reason:
/^(Provided\skeystore\spassword\swas\sincorrect|
Keystore\shas\sbeen\scorrupted\sor\stampered\swith)$/ }
--- ---
"node_reload_secure_settings test correct(empty) password": "node_reload_secure_settings test correct(empty) password":