Disable specific locales for tests in fips mode (#38938)

* Disable specific locales for tests in fips mode The Bouncy Castle FIPS provider that we use for running our tests in fips mode has an issue with locale sensitive handling of Dates as described in https://github.com/bcgit/bc-java/issues/405 This causes certificate validation to fail if any given test that includes some form of certificate validation happens to run in one of the locales. This manifested earlier in #33081 which was handled insufficiently in #33299 This change ensures that the problematic 3 locales * th-TH * ja-JP-u-ca-japanese-x-lvariant-JP * th-TH-u-nu-thai-x-lvariant-TH will not be used when running our tests in a FIPS 140 JVM. It also reverts #33299
2019-02-19 08:45:01 +02:00 · 2019-02-19 08:45:01 +02:00 · 59e9a0f4f4
parent 5c30446bd0
commit 59e9a0f4f4
4 changed files with 18 additions and 35 deletions
--- a/test/framework/src/main/java/org/elasticsearch/test/ESTestCase.java
+++ b/test/framework/src/main/java/org/elasticsearch/test/ESTestCase.java
@ -327,6 +327,16 @@ public abstract class ESTestCase extends LuceneTestCase {
        Requests.INDEX_CONTENT_TYPE = XContentType.JSON;
    }

+    @BeforeClass
+    public static void ensureSupportedLocale() {
+        if (isUnusableLocale()) {
+            Logger logger = LogManager.getLogger(ESTestCase.class);
+            logger.warn("Attempting to run tests in an unusable locale in a FIPS JVM. Certificate expiration validation will fail, " +
+                "switching to English. See: https://github.com/bcgit/bc-java/issues/405");
+            Locale.setDefault(Locale.ENGLISH);
+        }
+    }
+
    @Before
    public final void before()  {
        logger.info("{}before test", getTestParamsForLogging());
@ -1419,6 +1429,12 @@ public abstract class ESTestCase extends LuceneTestCase {
        }
    }

+    private static boolean isUnusableLocale() {
+        return inFipsJvm() && (Locale.getDefault().toLanguageTag().equals("th-TH")
+            || Locale.getDefault().toLanguageTag().equals("ja-JP-u-ca-japanese-x-lvariant-JP")
+            || Locale.getDefault().toLanguageTag().equals("th-TH-u-nu-thai-x-lvariant-TH"));
+    }
+
    public static boolean inFipsJvm() {
        return Security.getProviders()[0].getName().toLowerCase(Locale.ROOT).contains("fips");
    }
--- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java
+++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java
@ -5,15 +5,11 @@
 */
 package org.elasticsearch.xpack.core.ssl;

-import org.apache.logging.log4j.Logger;
-import org.apache.logging.log4j.LogManager;
 import org.elasticsearch.test.ESTestCase;
 import org.hamcrest.Description;
 import org.hamcrest.TypeSafeMatcher;
-import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.Before;
-import org.junit.BeforeClass;

 import javax.net.ssl.X509ExtendedTrustManager;

@ -32,7 +28,6 @@ import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
-import java.util.Locale;
 import java.util.Map;
 import java.util.Objects;
 import java.util.regex.Pattern;
@ -45,34 +40,6 @@ public class RestrictedTrustManagerTests extends ESTestCase {
    private int numberOfClusters;
    private int numberOfNodes;

-    private static Locale restoreLocale;
-
-    @BeforeClass
-    public static void ensureSupportedLocale() throws Exception {
-        Logger logger = LogManager.getLogger(RestrictedTrustManagerTests.class);
-        if (isUnusableLocale()) {
-            // See: https://github.com/elastic/elasticsearch/issues/33081
-            logger.warn("Attempting to run RestrictedTrustManagerTests tests in an unusable locale in a FIPS JVM. Certificate expiration " +
-                "validation will fail, switching to English");
-            restoreLocale = Locale.getDefault();
-            Locale.setDefault(Locale.ENGLISH);
-        }
-    }
-
-    private static boolean isUnusableLocale() {
-        return inFipsJvm() && (Locale.getDefault().toLanguageTag().equals("th-TH")
-            || Locale.getDefault().toLanguageTag().equals("ja-JP-u-ca-japanese-x-lvariant-JP")
-            || Locale.getDefault().toLanguageTag().equals("th-TH-u-nu-thai-x-lvariant-TH"));
-    }
-
-    @AfterClass
-    public static void restoreLocale() throws Exception {
-        if (restoreLocale != null) {
-            Locale.setDefault(restoreLocale);
-            restoreLocale = null;
-        }
-    }
-
    @Before
    public void readCertificates() throws GeneralSecurityException, IOException {

--- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlTestCase.java
+++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlTestCase.java
@ -53,7 +53,7 @@ public abstract class SamlTestCase extends ESTestCase {
    }

    @AfterClass
-    public static void restoreLocale() throws Exception {
+    public static void restoreLocale() {
        if (restoreLocale != null) {
            Locale.setDefault(restoreLocale);
            restoreLocale = null;
--- a/x-pack/qa/evil-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTestCase.java
+++ b/x-pack/qa/evil-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTestCase.java
@ -98,7 +98,7 @@ public abstract class KerberosTestCase extends ESTestCase {
    }

    @AfterClass
-    public static void restoreLocale() throws Exception {
+    public static void restoreLocale() {
        if (restoreLocale != null) {
            Locale.setDefault(restoreLocale);
            restoreLocale = null;