diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/AbstractActiveDirectoryIntegTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/AbstractActiveDirectoryIntegTests.java index 05feae8091e..9cbd6b06eae 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/AbstractActiveDirectoryIntegTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/AbstractActiveDirectoryIntegTests.java @@ -25,19 +25,23 @@ public class AbstractActiveDirectoryIntegTests extends ESTestCase { protected ClientSSLService clientSSLService; protected Settings globalSettings; + protected boolean useGlobalSSL; @Before public void initializeSslSocketFactory() throws Exception { + useGlobalSSL = randomBoolean(); Path keystore = getDataPath("../ldap/support/ldaptrust.jks"); /* * Prior to each test we reinitialize the socket factory with a new SSLService so that we get a new SSLContext. * If we re-use a SSLContext, previously connected sessions can get re-established which breaks hostname * verification tests since a re-established connection does not perform hostname verification. */ - globalSettings = Settings.builder().put("path.home", createTempDir()) - .put("xpack.security.ssl.keystore.path", keystore) - .put("xpack.security.ssl.keystore.password", "changeit") - .build(); + Settings.Builder builder = Settings.builder().put("path.home", createTempDir()); + if (useGlobalSSL) { + builder.put("xpack.security.ssl.keystore.path", keystore) + .put("xpack.security.ssl.keystore.password", "changeit"); + } + globalSettings = builder.build(); Environment environment = new Environment(globalSettings); clientSSLService = new ClientSSLService(globalSettings, new Global(globalSettings)); clientSSLService.setEnvironment(environment); @@ -50,9 +54,11 @@ public class AbstractActiveDirectoryIntegTests extends ESTestCase { .put(ActiveDirectorySessionFactory.AD_DOMAIN_NAME_SETTING, adDomainName) .put(ActiveDirectorySessionFactory.AD_USER_SEARCH_BASEDN_SETTING, userSearchDN) .put(ActiveDirectorySessionFactory.AD_USER_SEARCH_SCOPE_SETTING, scope) - .put(ActiveDirectorySessionFactory.HOSTNAME_VERIFICATION_SETTING, hostnameVerification) - .put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks")) - .put("ssl.truststore.password", "changeit"); + .put(ActiveDirectorySessionFactory.HOSTNAME_VERIFICATION_SETTING, hostnameVerification); + if (useGlobalSSL == false) { + builder.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks")) + .put("ssl.truststore.password", "changeit"); + } return builder.build(); } } diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactoryTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactoryTests.java index 7c28654cfbb..491f980083a 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactoryTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactoryTests.java @@ -208,11 +208,14 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI public void testStandardLdapConnection() throws Exception { String groupSearchBase = "DC=ad,DC=test,DC=elasticsearch,DC=com"; String userTemplate = "CN={0},CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com"; - Settings settings = Settings.builder() - .put(LdapTestCase.buildLdapSettings(AD_LDAP_URL, userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE)) - .put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks")) - .put("ssl.truststore.password", "changeit") - .build(); + Settings settings = LdapTestCase.buildLdapSettings(AD_LDAP_URL, userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE); + if (useGlobalSSL == false) { + settings = Settings.builder() + .put(settings) + .put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks")) + .put("ssl.truststore.password", "changeit") + .build(); + } RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings); LdapSessionFactory sessionFactory = new LdapSessionFactory(config, clientSSLService).init(); @@ -231,11 +234,14 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI @SuppressWarnings("unchecked") public void testStandardLdapWithAttributeGroups() throws Exception { String userTemplate = "CN={0},CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com"; - Settings settings = Settings.builder() - .put(LdapTestCase.buildLdapSettings(new String[] { AD_LDAP_URL }, userTemplate, false)) - .put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks")) - .put("ssl.truststore.password", "changeit") - .build(); + Settings settings = LdapTestCase.buildLdapSettings(new String[] { AD_LDAP_URL }, userTemplate, false); + if (useGlobalSSL == false) { + settings = Settings.builder() + .put(settings) + .put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks")) + .put("ssl.truststore.password", "changeit") + .build(); + } RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings); LdapSessionFactory sessionFactory = new LdapSessionFactory(config, clientSSLService).init(); @@ -285,9 +291,11 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI Settings.Builder builder = Settings.builder() .put(ActiveDirectorySessionFactory.URLS_SETTING, ldapUrl) .put(ActiveDirectorySessionFactory.AD_DOMAIN_NAME_SETTING, adDomainName) - .put(ActiveDirectorySessionFactory.HOSTNAME_VERIFICATION_SETTING, hostnameVerification) - .put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks")) - .put("ssl.truststore.password", "changeit"); + .put(ActiveDirectorySessionFactory.HOSTNAME_VERIFICATION_SETTING, hostnameVerification); + if (useGlobalSSL == false) { + builder.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks")) + .put("ssl.truststore.password", "changeit"); + } return builder.build(); } } diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/GroupsResolverTestCase.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/GroupsResolverTestCase.java index 944557d983e..be0a45373ec 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/GroupsResolverTestCase.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/GroupsResolverTestCase.java @@ -33,10 +33,12 @@ public abstract class GroupsResolverTestCase extends ESTestCase { public void setUpLdapConnection() throws Exception { Path keystore = getDataPath("../ldap/support/ldaptrust.jks"); boolean useGlobalSSL = randomBoolean(); - Settings settings = Settings.builder().put("path.home", createTempDir()) - .put("xpack.security.ssl.keystore.path", keystore) - .put("xpack.security.ssl.keystore.password", "changeit") - .build(); + Settings.Builder builder = Settings.builder().put("path.home", createTempDir()); + if (useGlobalSSL) { + builder.put("xpack.security.ssl.keystore.path", keystore) + .put("xpack.security.ssl.keystore.password", "changeit"); + } + Settings settings = builder.build(); Environment env = new Environment(settings); ClientSSLService clientSSLService = new ClientSSLService(settings, new Global(settings)); clientSSLService.setEnvironment(env); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java index 98bd09f95bd..90fc92d8672 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java @@ -38,6 +38,7 @@ public class OpenLdapTests extends ESTestCase { public static final String OPEN_LDAP_URL = "ldaps://54.200.235.244:636"; public static final String PASSWORD = "NickFuryHeartsES"; + private boolean useGlobalSSL; private ClientSSLService clientSSLService; private Settings globalSettings; @@ -49,10 +50,13 @@ public class OpenLdapTests extends ESTestCase { * If we re-use a SSLContext, previously connected sessions can get re-established which breaks hostname * verification tests since a re-established connection does not perform hostname verification. */ - globalSettings = Settings.builder().put("path.home", createTempDir()) - .put("xpack.security.ssl.keystore.path", keystore) - .put("xpack.security.ssl.keystore.password", "changeit") - .build(); + useGlobalSSL = randomBoolean(); + Settings.Builder builder = Settings.builder().put("path.home", createTempDir()); + if (useGlobalSSL) { + builder.put("xpack.security.ssl.keystore.path", keystore) + .put("xpack.security.ssl.keystore.password", "changeit"); + } + globalSettings = builder.build(); Environment environment = new Environment(globalSettings); clientSSLService = new ClientSSLService(globalSettings, new Global(globalSettings)); clientSSLService.setEnvironment(environment); @@ -180,6 +184,9 @@ public class OpenLdapTests extends ESTestCase { Settings buildLdapSettings(String ldapUrl, String userTemplate, String groupSearchBase, LdapSearchScope scope) { Settings baseSettings = LdapTestCase.buildLdapSettings(ldapUrl, userTemplate, groupSearchBase, scope); + if (useGlobalSSL) { + return baseSettings; + } return Settings.builder() .put(baseSettings) .put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))