Use PEM files for PkiOptionalClientAuthTests (#37683)

Use PEM files for the key/cert for TLS on the http layer of the
node instead of a JKS keystore so that the tests can also run
in a FIPS 140 JVM .

Resolves: #37682
This commit is contained in:
Ioannis Kakavas 2019-01-22 17:26:36 +02:00 committed by GitHub
parent 3f2723366e
commit 5c1a1f7ac1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 18 deletions

View File

@ -52,9 +52,10 @@ public class PkiOptionalClientAuthTests extends SecuritySingleNodeTestCase {
.put(super.nodeSettings())
.put("xpack.security.http.ssl.enabled", true)
.put("xpack.security.http.ssl.client_authentication", SSLClientAuth.OPTIONAL)
.put("xpack.security.http.ssl.keystore.path",
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"))
.put("xpack.security.http.ssl.keystore.password", "testnode")
.put("xpack.security.http.ssl.key",
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem"))
.put("xpack.security.http.ssl.certificate",
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"))
.put("xpack.security.authc.realms.file.file.order", "0")
.put("xpack.security.authc.realms.pki.pki1.order", "1")
.put("xpack.security.authc.realms.pki.pki1.truststore.path",
@ -62,14 +63,16 @@ public class PkiOptionalClientAuthTests extends SecuritySingleNodeTestCase {
.put("xpack.security.authc.realms.pki.pki1.files.role_mapping", getDataPath("role_mapping.yml"))
.put("transport.profiles.want_client_auth.port", randomClientPortRange)
.put("transport.profiles.want_client_auth.bind_host", "localhost")
.put("transport.profiles.want_client_auth.xpack.security.ssl.keystore.path",
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"))
.put("transport.profiles.want_client_auth.xpack.security.ssl.keystore.password", "testnode")
.put("transport.profiles.want_client_auth.xpack.security.ssl.key",
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem"))
.put("transport.profiles.want_client_auth.xpack.security.ssl.certificate",
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"))
.put("transport.profiles.want_client_auth.xpack.security.ssl.client_authentication", SSLClientAuth.OPTIONAL);
SecuritySettingsSource.addSecureSettings(builder, secureSettings -> {
secureSettings.setString("xpack.security.authc.realms.pki.pki1.truststore.secure_password", "truststore-testnode-only");
secureSettings.setString("xpack.security.http.ssl.keystore.secure_password", "testnode");
secureSettings.setString("xpack.security.http.ssl.secure_key_passphrase", "testnode");
secureSettings.setString("transport.profiles.want_client_auth.xpack.security.ssl.secure_key_passphrase", "testnode");
});
return builder.build();