From b4506647664dae4c74eee422fdb5f69eb2facda1 Mon Sep 17 00:00:00 2001 From: jaymode Date: Mon, 8 May 2017 12:31:26 -0400 Subject: [PATCH] Test: ensure system supports ECDSA before running EllicpticCurveSSLTests Some JDKs do not support the ECDSA cipher suites that we use in the EllipticCurveSSLTests, which is the underlying cause of some CI failures. This change ensures there is at least one enabled ECDSA cipher before testing that a connection can be made. relates elastic/x-pack-elasticsearch#1278 Original commit: elastic/x-pack-elasticsearch@f6c93d776c335b4fd9fcb34625048eb7fe38f4d1 --- .../transport/ssl/EllipticCurveSSLTests.java | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/plugin/src/test/java/org/elasticsearch/xpack/security/transport/ssl/EllipticCurveSSLTests.java b/plugin/src/test/java/org/elasticsearch/xpack/security/transport/ssl/EllipticCurveSSLTests.java index f4da23c13fc..768d9e3a27c 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/security/transport/ssl/EllipticCurveSSLTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/security/transport/ssl/EllipticCurveSSLTests.java @@ -11,9 +11,12 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.test.SecurityIntegTestCase; import org.elasticsearch.xpack.ssl.CertUtils; +import org.elasticsearch.xpack.ssl.SSLService; +import org.junit.Before; import javax.net.ssl.HandshakeCompletedEvent; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; @@ -27,6 +30,7 @@ import java.security.PrivateKey; import java.security.PrivilegedExceptionAction; import java.security.SecureRandom; import java.security.cert.Certificate; +import java.util.Arrays; import java.util.Collections; import java.util.concurrent.CountDownLatch; import java.util.concurrent.atomic.AtomicReference; @@ -66,7 +70,6 @@ public class EllipticCurveSSLTests extends SecurityIntegTestCase { return false; } - @AwaitsFix(bugUrl = "https://github.com/elastic/x-pack-elasticsearch/issues/1278") public void testConnection() throws Exception { final Path keyPath = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/prime256v1-key.pem"); final Path certPath = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/prime256v1-cert.pem"); @@ -106,4 +109,14 @@ public class EllipticCurveSSLTests extends SecurityIntegTestCase { assertThat(session.getCipherSuite(), containsString("ECDSA")); } } + + @Before + public void assumeECDSACiphersSupported() { + final SSLService sslService = internalCluster().getInstance(SSLService.class); + SSLEngine sslEngine = sslService.createSSLEngine(Settings.EMPTY, Settings.EMPTY); + assumeTrue("ECDSA ciphers must be supported for this test to run. Enabled ciphers: " + + Arrays.toString(sslEngine.getEnabledCipherSuites()) + ", supported ciphers: " + + Arrays.toString(sslEngine.getSupportedCipherSuites()), + Arrays.stream(sslEngine.getEnabledCipherSuites()).anyMatch(s -> s.contains("ECDSA"))); + } }