honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[TEST] Improve SSLTrustRestrictionsTests (elastic/x-pack-elasticsearch#2015) 

Use assertBusy rather than a fixed sleep time to wait for SSL reloading.

relates elastic/x-pack-elasticsearch#2007

Original commit: elastic/x-pack-elasticsearch@c8f789c327
This commit is contained in:
Tim Vernum 2017-07-20 13:10:27 +10:00 committed by GitHub
parent fe9d99daed
commit 776f7cec65
1 changed files with 19 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
plugin/src/test/java/org/elasticsearch/xpack/ssl/SSLTrustRestrictionsTests.java
View File

@ -18,20 +18,20 @@ import java.security.KeyPair;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Collections; import java.util.Collections;
import java.util.concurrent.TimeUnit;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter; import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.env.Environment; import org.elasticsearch.env.Environment;
import org.elasticsearch.test.ESIntegTestCase; import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.SecurityIntegTestCase; import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.junit.annotations.TestLogging; import org.elasticsearch.test.junit.annotations.TestLogging;
import org.elasticsearch.transport.Transport; import org.elasticsearch.transport.Transport;
import org.junit.AfterClass; import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import static org.elasticsearch.xpack.ssl.CertUtils.generateSignedCertificate; import static org.elasticsearch.xpack.ssl.CertUtils.generateSignedCertificate;
@ -53,7 +53,7 @@ public class SSLTrustRestrictionsTests extends SecurityIntegTestCase {
private static final int KEYSIZE = 1024; private static final int KEYSIZE = 1024;
private static final int RESOURCE_RELOAD_MILLIS = 3; private static final int RESOURCE_RELOAD_MILLIS = 3;
private static final int WAIT_RELOAD_MILLIS = 25; private static final TimeValue MAX_WAIT_RELOAD = TimeValue.timeValueSeconds(1);
private static Path configPath; private static Path configPath;
private static Settings nodeSSL; private static Settings nodeSSL;
@ -157,22 +157,25 @@ public class SSLTrustRestrictionsTests extends SecurityIntegTestCase {
} }
} }
@AwaitsFix(bugUrl = "https://github.com/elastic/x-pack-elasticsearch/issues/2007")
public void testRestrictionsAreReloaded() throws Exception { public void testRestrictionsAreReloaded() throws Exception {
writeRestrictions("*"); writeRestrictions("*");
assertBusy(() -> {
try { try {
tryConnect(untrustedCert); tryConnect(untrustedCert);
} catch (SSLHandshakeException | SocketException ex) { } catch (SSLHandshakeException | SocketException ex) {
fail("handshake should have been successful, but failed with " + ex); fail("handshake should have been successful, but failed with " + ex);
} }
}, MAX_WAIT_RELOAD.millis(), TimeUnit.MILLISECONDS);
writeRestrictions("*.trusted"); writeRestrictions("*.trusted");
Thread.sleep(WAIT_RELOAD_MILLIS); assertBusy(() -> {
try { try {
tryConnect(untrustedCert); tryConnect(untrustedCert);
fail("handshake should have failed, but was successful"); fail("handshake should have failed, but was successful");
} catch (SSLHandshakeException | SocketException ex) { } catch (SSLHandshakeException | SocketException ex) {
// expected // expected
} }
}, MAX_WAIT_RELOAD.millis(), TimeUnit.MILLISECONDS);
} }
private void tryConnect(CertificateInfo certificate) throws Exception { private void tryConnect(CertificateInfo certificate) throws Exception {