test: filter out unsupported ciphers when checking default socket factory

Closes elastic/elasticsearch#2

Original commit: elastic/x-pack-elasticsearch@6510f65dc4
This commit is contained in:
jaymode 2016-02-09 08:14:05 -05:00
parent e8ad8cbb36
commit 50452e403f
2 changed files with 6 additions and 7 deletions

View File

@ -251,17 +251,17 @@ public class ClientSSLServiceTests extends ESTestCase {
} }
} }
@AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2")
public void testThatSSLSocketFactoryHasProperCiphersAndProtocols() throws Exception { public void testThatSSLSocketFactoryHasProperCiphersAndProtocols() throws Exception {
ClientSSLService sslService = createClientSSLService(settingsBuilder() ClientSSLService sslService = createClientSSLService(settingsBuilder()
.put("shield.ssl.keystore.path", testclientStore) .put("shield.ssl.keystore.path", testclientStore)
.put("shield.ssl.keystore.password", "testclient") .put("shield.ssl.keystore.password", "testclient")
.build()); .build());
SSLSocketFactory factory = sslService.sslSocketFactory(); SSLSocketFactory factory = sslService.sslSocketFactory();
assertThat(factory.getDefaultCipherSuites(), is(sslService.ciphers())); final String[] ciphers = sslService.supportedCiphers(factory.getSupportedCipherSuites(), sslService.ciphers());
assertThat(factory.getDefaultCipherSuites(), is(ciphers));
try (SSLSocket socket = (SSLSocket) factory.createSocket()) { try (SSLSocket socket = (SSLSocket) factory.createSocket()) {
assertThat(socket.getEnabledCipherSuites(), is(sslService.ciphers())); assertThat(socket.getEnabledCipherSuites(), is(ciphers));
assertThat(socket.getEnabledProtocols(), is(sslService.supportedProtocols())); assertThat(socket.getEnabledProtocols(), is(sslService.supportedProtocols()));
} }
} }

View File

@ -32,7 +32,6 @@ import static org.hamcrest.Matchers.not;
import static org.hamcrest.Matchers.notNullValue; import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue; import static org.hamcrest.Matchers.nullValue;
import static org.hamcrest.Matchers.sameInstance; import static org.hamcrest.Matchers.sameInstance;
import static org.mockito.Mockito.mock;
public class ServerSSLServiceTests extends ESTestCase { public class ServerSSLServiceTests extends ESTestCase {
Path testnodeStore; Path testnodeStore;
@ -223,17 +222,17 @@ public class ServerSSLServiceTests extends ESTestCase {
} }
} }
@AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2")
public void testThatSSLSocketFactoryHasProperCiphersAndProtocols() throws Exception { public void testThatSSLSocketFactoryHasProperCiphersAndProtocols() throws Exception {
ServerSSLService sslService = new ServerSSLService(settingsBuilder() ServerSSLService sslService = new ServerSSLService(settingsBuilder()
.put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.path", testnodeStore)
.put("shield.ssl.keystore.password", "testnode") .put("shield.ssl.keystore.password", "testnode")
.build(), env); .build(), env);
SSLSocketFactory factory = sslService.sslSocketFactory(); SSLSocketFactory factory = sslService.sslSocketFactory();
assertThat(factory.getDefaultCipherSuites(), is(sslService.ciphers())); final String[] ciphers = sslService.supportedCiphers(factory.getSupportedCipherSuites(), sslService.ciphers());
assertThat(factory.getDefaultCipherSuites(), is(ciphers));
try (SSLSocket socket = (SSLSocket) factory.createSocket()) { try (SSLSocket socket = (SSLSocket) factory.createSocket()) {
assertThat(socket.getEnabledCipherSuites(), is(sslService.ciphers())); assertThat(socket.getEnabledCipherSuites(), is(ciphers));
assertThat(socket.getEnabledProtocols(), is(sslService.supportedProtocols())); assertThat(socket.getEnabledProtocols(), is(sslService.supportedProtocols()));
} }
} }