diff --git a/libs/ssl-config/src/test/java/org/elasticsearch/common/ssl/PemKeyConfigTests.java b/libs/ssl-config/src/test/java/org/elasticsearch/common/ssl/PemKeyConfigTests.java index 4d44c6723c9..e0862321ca7 100644 --- a/libs/ssl-config/src/test/java/org/elasticsearch/common/ssl/PemKeyConfigTests.java +++ b/libs/ssl-config/src/test/java/org/elasticsearch/common/ssl/PemKeyConfigTests.java @@ -70,6 +70,7 @@ public class PemKeyConfigTests extends ESTestCase { } public void testBuildKeyConfigFromPkcs8PemFilesWithPassword() throws Exception { + assumeFalse("Can't run in a FIPS JVM, PBE KeySpec is not available", inFipsJvm()); final Path cert = getDataPath("/certs/cert2/cert2.crt"); final Path key = getDataPath("/certs/cert2/cert2-pkcs8.key"); final PemKeyConfig keyConfig = new PemKeyConfig(cert, key, "c2-pass".toCharArray()); diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/PEMKeyConfigTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/PEMKeyConfigTests.java index 4577241c026..811a315c8e4 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/PEMKeyConfigTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/PEMKeyConfigTests.java @@ -23,6 +23,7 @@ public class PEMKeyConfigTests extends ESTestCase { public static final SecureString TESTNODE_PASSWORD = new SecureString("testnode".toCharArray()); public void testEncryptedPkcs8RsaKey() throws Exception { + assumeFalse("Can't run in a FIPS JVM, PBE KeySpec is not available", inFipsJvm()); verifyKeyConfig("testnode.crt", "key_pkcs8_encrypted.pem", TESTNODE_PASSWORD); } @@ -31,11 +32,11 @@ public class PEMKeyConfigTests extends ESTestCase { } public void testUnencryptedPkcs8DsaKey() throws Exception { - verifyKeyConfig("testnode.crt", "dsa_key_pkcs8_plain.pem", NO_PASSWORD); + verifyKeyConfig("testnode_dsa.crt", "dsa_key_pkcs8_plain.pem", NO_PASSWORD); } public void testUnencryptedPkcs8EcKey() throws Exception { - verifyKeyConfig("testnode.crt", "ec_key_pkcs8_plain.pem", NO_PASSWORD); + verifyKeyConfig("testnode_ec.crt", "ec_key_pkcs8_plain.pem", NO_PASSWORD); } public void testEncryptedPkcs1RsaKey() throws Exception { diff --git a/x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/README.asciidoc b/x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/README.asciidoc index f7fbd2ad69c..987a8785af7 100644 --- a/x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/README.asciidoc +++ b/x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/README.asciidoc @@ -91,6 +91,10 @@ openssl pkcs12 -in dsa.p12 -nodes -nocerts | openssl pkcs8 -topk8 -nocrypt -outf ---- [source,shell] ---- +openssl pkcs12 -in dsa.p12 -nodes -nokeys -cacerts -out testnode_dsa.crt +---- +[source,shell] +---- keytool -importkeystore -srckeystore testnode.jks -destkeystore ec.p12 -deststoretype PKCS12 \ -srcalias testnode_ec -deststorepass testnode -destkeypass testnode ---- @@ -99,8 +103,10 @@ keytool -importkeystore -srckeystore testnode.jks -destkeystore ec.p12 -deststor openssl pkcs12 -in ec.p12 -nodes -nocerts | openssl pkcs8 -topk8 -nocrypt -outform pem \ -out ec_key_pkcs8_plain.pem ---- - - +[source,shell] +---- +openssl pkcs12 -in ec.p12 -nodes -nokeys -cacerts -out testnode_ec.crt +---- Create `PKCS#8` encrypted key from the encrypted `PKCS#1` encoded `testnode.pem` [source,shell] diff --git a/x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode_dsa.crt b/x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode_dsa.crt new file mode 100644 index 00000000000..26f7113d51d Binary files /dev/null and b/x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode_dsa.crt differ