test: filter out unsupported ciphers when checking default socket factory
Closes elastic/elasticsearch#2 Original commit: elastic/x-pack-elasticsearch@6510f65dc4
This commit is contained in:
parent
e8ad8cbb36
commit
50452e403f
|
@ -251,17 +251,17 @@ public class ClientSSLServiceTests extends ESTestCase {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2")
|
|
||||||
public void testThatSSLSocketFactoryHasProperCiphersAndProtocols() throws Exception {
|
public void testThatSSLSocketFactoryHasProperCiphersAndProtocols() throws Exception {
|
||||||
ClientSSLService sslService = createClientSSLService(settingsBuilder()
|
ClientSSLService sslService = createClientSSLService(settingsBuilder()
|
||||||
.put("shield.ssl.keystore.path", testclientStore)
|
.put("shield.ssl.keystore.path", testclientStore)
|
||||||
.put("shield.ssl.keystore.password", "testclient")
|
.put("shield.ssl.keystore.password", "testclient")
|
||||||
.build());
|
.build());
|
||||||
SSLSocketFactory factory = sslService.sslSocketFactory();
|
SSLSocketFactory factory = sslService.sslSocketFactory();
|
||||||
assertThat(factory.getDefaultCipherSuites(), is(sslService.ciphers()));
|
final String[] ciphers = sslService.supportedCiphers(factory.getSupportedCipherSuites(), sslService.ciphers());
|
||||||
|
assertThat(factory.getDefaultCipherSuites(), is(ciphers));
|
||||||
|
|
||||||
try (SSLSocket socket = (SSLSocket) factory.createSocket()) {
|
try (SSLSocket socket = (SSLSocket) factory.createSocket()) {
|
||||||
assertThat(socket.getEnabledCipherSuites(), is(sslService.ciphers()));
|
assertThat(socket.getEnabledCipherSuites(), is(ciphers));
|
||||||
assertThat(socket.getEnabledProtocols(), is(sslService.supportedProtocols()));
|
assertThat(socket.getEnabledProtocols(), is(sslService.supportedProtocols()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,7 +32,6 @@ import static org.hamcrest.Matchers.not;
|
||||||
import static org.hamcrest.Matchers.notNullValue;
|
import static org.hamcrest.Matchers.notNullValue;
|
||||||
import static org.hamcrest.Matchers.nullValue;
|
import static org.hamcrest.Matchers.nullValue;
|
||||||
import static org.hamcrest.Matchers.sameInstance;
|
import static org.hamcrest.Matchers.sameInstance;
|
||||||
import static org.mockito.Mockito.mock;
|
|
||||||
|
|
||||||
public class ServerSSLServiceTests extends ESTestCase {
|
public class ServerSSLServiceTests extends ESTestCase {
|
||||||
Path testnodeStore;
|
Path testnodeStore;
|
||||||
|
@ -223,17 +222,17 @@ public class ServerSSLServiceTests extends ESTestCase {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2")
|
|
||||||
public void testThatSSLSocketFactoryHasProperCiphersAndProtocols() throws Exception {
|
public void testThatSSLSocketFactoryHasProperCiphersAndProtocols() throws Exception {
|
||||||
ServerSSLService sslService = new ServerSSLService(settingsBuilder()
|
ServerSSLService sslService = new ServerSSLService(settingsBuilder()
|
||||||
.put("shield.ssl.keystore.path", testnodeStore)
|
.put("shield.ssl.keystore.path", testnodeStore)
|
||||||
.put("shield.ssl.keystore.password", "testnode")
|
.put("shield.ssl.keystore.password", "testnode")
|
||||||
.build(), env);
|
.build(), env);
|
||||||
SSLSocketFactory factory = sslService.sslSocketFactory();
|
SSLSocketFactory factory = sslService.sslSocketFactory();
|
||||||
assertThat(factory.getDefaultCipherSuites(), is(sslService.ciphers()));
|
final String[] ciphers = sslService.supportedCiphers(factory.getSupportedCipherSuites(), sslService.ciphers());
|
||||||
|
assertThat(factory.getDefaultCipherSuites(), is(ciphers));
|
||||||
|
|
||||||
try (SSLSocket socket = (SSLSocket) factory.createSocket()) {
|
try (SSLSocket socket = (SSLSocket) factory.createSocket()) {
|
||||||
assertThat(socket.getEnabledCipherSuites(), is(sslService.ciphers()));
|
assertThat(socket.getEnabledCipherSuites(), is(ciphers));
|
||||||
assertThat(socket.getEnabledProtocols(), is(sslService.supportedProtocols()));
|
assertThat(socket.getEnabledProtocols(), is(sslService.supportedProtocols()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue