Change EmailSslTest for FIPS 140 JVMs (#46278)
This commit changes the SSLContext for the email server we use in the tests so that it loads its key material from an in memory keystore (that is in turn built from a pair of PEM encoded private key and certificate) instead of a PKCS#12 one. This is done so that when we run our tests in FIPS 140-2 JVMs, the keystore is of a type that the Security Provider actually supports. This also mutes testCanSendMessageToSmtpServerByDisablingVerification as we can't run tests with verification set to `none` in FIPS 140 JVMs.
This commit is contained in:
Ioannis Kakavas
parent
0ac52d0e72
commit
690164d0be
|
|
@ -12,6 +12,8 @@ import org.elasticsearch.common.settings.Setting;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.env.TestEnvironment;
|
import org.elasticsearch.env.TestEnvironment;
|
||||||
import org.elasticsearch.test.ESTestCase;
|
import org.elasticsearch.test.ESTestCase;
|
||||||
|
import org.elasticsearch.xpack.core.ssl.CertParsingUtils;
|
||||||
|
import org.elasticsearch.xpack.core.ssl.PemUtils;
|
||||||
import org.elasticsearch.xpack.core.ssl.SSLService;
|
import org.elasticsearch.xpack.core.ssl.SSLService;
|
||||||
import org.elasticsearch.xpack.core.watcher.execution.WatchExecutionContext;
|
import org.elasticsearch.xpack.core.watcher.execution.WatchExecutionContext;
|
||||||
import org.elasticsearch.xpack.core.watcher.watch.Payload;
|
import org.elasticsearch.xpack.core.watcher.watch.Payload;
|
||||||
|
|
@ -31,7 +33,8 @@ import javax.mail.internet.MimeMessage;
|
||||||
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.SSLContext;
|
||||||
import javax.net.ssl.SSLException;
|
import javax.net.ssl.SSLException;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.nio.file.Files;
|
||||||
|
import java.nio.file.Path;
|
||||||
import java.security.GeneralSecurityException;
|
import java.security.GeneralSecurityException;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
|
@ -50,19 +53,27 @@ public class EmailSslTests extends ESTestCase {
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void startSmtpServer() throws GeneralSecurityException, IOException {
|
public void startSmtpServer() throws GeneralSecurityException, IOException {
|
||||||
final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
// Keystore and private key will share the same password
|
||||||
final char[] keystorePassword = "test-smtp".toCharArray();
|
final char[] keystorePassword = "test-smtp".toCharArray();
|
||||||
try (InputStream is = getDataInputStream("test-smtp.p12")) {
|
final Path tempDir = createTempDir();
|
||||||
keyStore.load(is, keystorePassword);
|
final Path certPath = tempDir.resolve("test-smtp.crt");
|
||||||
}
|
final Path keyPath = tempDir.resolve("test-smtp.pem");
|
||||||
|
Files.copy(getDataPath("/org/elasticsearch/xpack/watcher/actions/email/test-smtp.crt"), certPath);
|
||||||
|
Files.copy(getDataPath("/org/elasticsearch/xpack/watcher/actions/email/test-smtp.pem"), keyPath);
|
||||||
|
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
||||||
|
keyStore.load(null, keystorePassword);
|
||||||
|
keyStore.setKeyEntry("test-smtp", PemUtils.readPrivateKey(keyPath, keystorePassword::clone), keystorePassword,
|
||||||
|
CertParsingUtils.readCertificates(Collections.singletonList(certPath)));
|
||||||
final SSLContext sslContext = new SSLContextBuilder().loadKeyMaterial(keyStore, keystorePassword).build();
|
final SSLContext sslContext = new SSLContextBuilder().loadKeyMaterial(keyStore, keystorePassword).build();
|
||||||
server = EmailServer.localhost(logger, sslContext);
|
server = EmailServer.localhost(logger, sslContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
@After
|
@After
|
||||||
public void stopSmtpServer() {
|
public void stopSmtpServer() {
|
||||||
|
if (null != server) {
|
||||||
server.stop();
|
server.stop();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public void testFailureSendingMessageToSmtpServerWithUntrustedCertificateAuthority() throws Exception {
|
public void testFailureSendingMessageToSmtpServerWithUntrustedCertificateAuthority() throws Exception {
|
||||||
final Settings.Builder settings = Settings.builder();
|
final Settings.Builder settings = Settings.builder();
|
||||||
|
|
@ -96,6 +107,7 @@ public class EmailSslTests extends ESTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testCanSendMessageToSmtpServerByDisablingVerification() throws Exception {
|
public void testCanSendMessageToSmtpServerByDisablingVerification() throws Exception {
|
||||||
|
assumeFalse("Can't run in a FIPS JVM with verification mode None", inFipsJvm());
|
||||||
List<MimeMessage> messages = new ArrayList<>();
|
List<MimeMessage> messages = new ArrayList<>();
|
||||||
server.addListener(messages::add);
|
server.addListener(messages::add);
|
||||||
try {
|
try {
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,20 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDSTCCAjGgAwIBAgIUWcS0sZGBePVMAYWycyuWzSZYWQswDQYJKoZIhvcNAQEL
|
||||||
|
BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
|
||||||
|
cmF0ZWQgQ0EwHhcNMTkwODA3MDUxMDUzWhcNMjIwODA2MDUxMDUzWjA0MTIwMAYD
|
||||||
|
VQQDEylFbGFzdGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBDQTCC
|
||||||
|
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqIbuH52X93CF8M7hiCvNVf
|
||||||
|
HO9qC/I+UBzYVXt03dU9tFTxilgLRNFwC+3O7uxu8P5OH7qUdIiwdLjQ6+5cfA+R
|
||||||
|
eL9YbSOQBydmk0bH+MK5lJkrdyHZEWSHbI2Urr87aMUmHTGbQoNzzk61XifS4vlS
|
||||||
|
GcqsoWteV56IbWNyYTu8EC2i7c2ZJS759aTK02dlxpdymfoTC+O1uWIGUBki5Cqe
|
||||||
|
rKd9dzEVRWLEb6NfhCMUeUQ09TjGVzHjk4RAY+CcNiy3RufDIQ4pUEdiky/vPl/f
|
||||||
|
Y/oDsFVW2KUVjzKM4dzDuQOe4KxuqQGojfHtPPJFHoYLXQ7TdewF025ns9T7tCUC
|
||||||
|
AwEAAaNTMFEwHQYDVR0OBBYEFNPZ3LZtYf4LxJ+jDzGts1cJ8kF7MB8GA1UdIwQY
|
||||||
|
MBaAFNPZ3LZtYf4LxJ+jDzGts1cJ8kF7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
|
||||||
|
hvcNAQELBQADggEBAFYUrH+epWXc+7dKwerPrPiqjMOEVB6GhrHb6SJQ5qxeeX+Q
|
||||||
|
P4rRrylk9XEVk3cgH+5SFygYkmXk8heJ2X0vB1cDdgLz47iXI4lrz1n8TOF+lOlM
|
||||||
|
e9QsoRNp2iCJ/fYXknr38n+z0QsJLLhz5B0dgpd8ASbGir7cG9+DF3R8DmbcTpR7
|
||||||
|
tHJA9XTDsJmzFv9reqieP5Kieg1tioaho/qA0XIxzpOIqDKcWOZLtJE5PuMaUSF8
|
||||||
|
RwJRVRF5wBZwFpcQwy0E1/rPsWzehtDZ3S5AyME4vsow1M8e5c+YyHpsZcDSdUtB
|
||||||
|
t0t0BVNDONjm3WlJ1QYryQJOYp8/ZbdVzwpGdVg=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
@ -0,0 +1,20 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDOjCCAiKgAwIBAgIVAJJCL6+YymqqtgFngOxqkOOiAtx4MA0GCSqGSIb3DQEB
|
||||||
|
CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
|
||||||
|
ZXJhdGVkIENBMB4XDTE5MDgwNzA1MTA1NFoXDTIyMDgwNjA1MTA1NFowFDESMBAG
|
||||||
|
A1UEAxMJdGVzdC1zbXRwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
|
||||||
|
kawwFDDphZ484SI62BlIfCI/O8w9KRcSvE8ECELkBRxGjeA6ozF7ctw4rp30L7fU
|
||||||
|
/RDxbX6o3X4uAMCIwixrvn6rbebggl2WrK3ilIF6Cwotny6dg/qbu30WmDJc7sPp
|
||||||
|
32t+jGlHyx4I3anSu4C7IJaE1fjZlExxgfsgoV/CtsCmIdPM3qABUHPds3iVd8Q/
|
||||||
|
+HESn7/ZWjU2AOsL2V5EbM4AHG5ar6d2zyGMxwmASUpjotjC06FI3PeDGrV/rFlX
|
||||||
|
K1f8ALrnO9oDQQzwxrWrru8CxVNW5BmJp2aAr/0pp5S05+dozHLYhsWNrb70bFfA
|
||||||
|
dXsnXRLO8H/CakvhhrM8JQIDAQABo2MwYTAdBgNVHQ4EFgQUsS6DitT6Q+dcIjDj
|
||||||
|
aQGATdwKVmYwHwYDVR0jBBgwFoAU09nctm1h/gvEn6MPMa2zVwnyQXswFAYDVR0R
|
||||||
|
BA0wC4IJbG9jYWxob3N0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAByS
|
||||||
|
BEiNYEWPM99ALWhQy2NkbDKev9Wgv1GEdgh040UkZ9zMf/RpV+C/Lp9QlagHH+lc
|
||||||
|
LNEeWGOFSTexWv+QbPcoCVVMH4H+JpRWqcwH/zG21lx2eEMPJwrZKC8YElDw+D/7
|
||||||
|
qJgCSRKm3H/CfQqdPKtKU0vZjtKXHBt8PDOGMO0475rm95sZv6rrOqlY9LpJ7Cm8
|
||||||
|
6o08gnSZpka1ND0HcB13I9L/rsqMsk3clO7r2d10VCCG2A254ElUSjBCFKbWIfh/
|
||||||
|
ws/R0OTCd9UnHmlCWjjxoJ8D/1PNefst17WhGCFQLwB1wWRTDyIyZqAVzVyA94sX
|
||||||
|
tdYxxBNthPY7Z1aEr5o=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
@ -0,0 +1,30 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
Proc-Type: 4,ENCRYPTED
|
||||||
|
DEK-Info: AES-128-CBC,AD2AC08225DD9EA7A429BB867D62D2D1
|
||||||
|
|
||||||
|
Hv/myqMGjejCI3OFUSwyykeAvVMccqe/pntxjVjx9S5tqSr+gnfvKiUsDGPnoDeR
|
||||||
|
qP9dGKMA94oAgfRFTdk1nYOASB2C+fakMRtstK/N8K3sOsTPsh4oo+0RAM+ErN6Z
|
||||||
|
MFFkY+K9hxrhEeuD19M0ro8/U+KoKcaaSVuLZHfcJiBKBklOHAhPAKzTsS9u1LuJ
|
||||||
|
YyMPV6MtYxCfgZi+xdxedAPV0hp4eKZBA38fN6aZGR42Tr2e4aOgnFKGAA9lgyGg
|
||||||
|
TfZeqaLcxpGTkL4vPSptVdDlU3a4kHcskeJ7/FasYdXOfVU09Awcg3kBEnGHpkmO
|
||||||
|
6PifuRgsJyfvdUgJPw1Kjgh2a2s0spmWfSrwIAbWTrtBHfg7Pcok7EqeJ8KNH4R1
|
||||||
|
UBckUbtCfbsE6E+AnTDbQEiZZOcrn8QYPlyztQGUoZUOikBbEdUzfiHdM9FHKjfi
|
||||||
|
BD7M+NCwaBmAwdyyN1w9qcbRk6VZm35V4hxCHLKWdi3qeLapOES1RL8OZxsiHzyU
|
||||||
|
nExL6Lgk1A1Mheb7adNjY153ckhiQvzjGfm9yIoCvm43VSWcI5FIJG90Zy8hl4n0
|
||||||
|
UuWlJE6LsG3yJUT8wpAlVuqKF6PXeMWOYpWhtpVdUcIXIahHL8wlsTZ4GeXqXqAb
|
||||||
|
crgjrG1nwIx8y5QGkXPCKIeM7gPWdz6nJdcg+7tqLTC7bS5h9Zsae8f3k4be/lSg
|
||||||
|
YcALp5kWWcXAM3rglftN+oo6tgPRtoM8XzRf8h+/f/geN69LMD9Ej/u51JbO0Ca6
|
||||||
|
6A19jdODnYo7F/YhxeBQ0znill6uGsNp950qvYo/GX1K4/2GsjlKueKFXDaSk+Ov
|
||||||
|
YkwrYQrNQsFVqwIWp8HgJ5l8pBw+ZpG4Xd/nzZ+5d5C1Z1VUgweDtgrYiGe2MMDK
|
||||||
|
0/7QgUkmyIOOHsC2vBwOJ28NnGSENol3FJaK+DXDp/kahADlxTztuJNeh2LhTa8t
|
||||||
|
yRZq9xJsW/jU7wqOlozk8w74F1V4nZCgBfW8i5Jj7OHWPa2HPgIKgogr7VhyOcZx
|
||||||
|
/xhSLtVK+8QZNHa08D1Opj8HVhtdoV5jaUEX0T2fVKlaFGWsmMHpo7EDHyq0czVH
|
||||||
|
MkgvuuqRqhN9zu6HmnXSOlXh/ddjkcfz5AKSxX8cKAyto50xpWQwFalb2YGbRY0n
|
||||||
|
e4khQrSZ2f72qlINXy24uyNsSyX1VADKdlW7lhxgQrLXUujD7biHuhO/XFi3o/9F
|
||||||
|
E7TPslr7ykLHJ93qofqsigtygClw2svNT560Qnkq82oS7Sf5upVYLPSCeRzZSmwY
|
||||||
|
d9x1XXHgO+6OqUc7HSE+OHexccEEuqrx+LBFfAVePb2w9AjvK2yq+fmMMBC+cnLx
|
||||||
|
xAMEntQxQIWzeBqITG1rr/qq1HB7xYQdFl06wOJxiY+jOFHv3Fpd7rghgXfr15ih
|
||||||
|
7d0S0B/UBi/IDQ1kkTSxr9HxAmXo4EVjpEOohcFV0bt1ypx6YfD4TNxEqF8Z4lh6
|
||||||
|
4mJH2LCOJXjiZ4cnjvgzN/g5SMCKw3mrCjB3p+92HNUgy5Am3AXuZBNYeaAmVgeX
|
||||||
|
L7Lly3CtNJ8jSNNgM92St5GTHA7Gk4Nz/uNAUYxVjDGNpwVieAAbpNRj6TSBCwtL
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
Loading…
Reference in New Issue