add back randomization of global/per realm SSL configuration
Original commit: elastic/x-pack-elasticsearch@8dedc9ad45
This commit is contained in:
parent
c248d7b5da
commit
cc66740683
|
@ -25,19 +25,23 @@ public class AbstractActiveDirectoryIntegTests extends ESTestCase {
|
||||||
|
|
||||||
protected ClientSSLService clientSSLService;
|
protected ClientSSLService clientSSLService;
|
||||||
protected Settings globalSettings;
|
protected Settings globalSettings;
|
||||||
|
protected boolean useGlobalSSL;
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void initializeSslSocketFactory() throws Exception {
|
public void initializeSslSocketFactory() throws Exception {
|
||||||
|
useGlobalSSL = randomBoolean();
|
||||||
Path keystore = getDataPath("../ldap/support/ldaptrust.jks");
|
Path keystore = getDataPath("../ldap/support/ldaptrust.jks");
|
||||||
/*
|
/*
|
||||||
* Prior to each test we reinitialize the socket factory with a new SSLService so that we get a new SSLContext.
|
* Prior to each test we reinitialize the socket factory with a new SSLService so that we get a new SSLContext.
|
||||||
* If we re-use a SSLContext, previously connected sessions can get re-established which breaks hostname
|
* If we re-use a SSLContext, previously connected sessions can get re-established which breaks hostname
|
||||||
* verification tests since a re-established connection does not perform hostname verification.
|
* verification tests since a re-established connection does not perform hostname verification.
|
||||||
*/
|
*/
|
||||||
globalSettings = Settings.builder().put("path.home", createTempDir())
|
Settings.Builder builder = Settings.builder().put("path.home", createTempDir());
|
||||||
.put("xpack.security.ssl.keystore.path", keystore)
|
if (useGlobalSSL) {
|
||||||
.put("xpack.security.ssl.keystore.password", "changeit")
|
builder.put("xpack.security.ssl.keystore.path", keystore)
|
||||||
.build();
|
.put("xpack.security.ssl.keystore.password", "changeit");
|
||||||
|
}
|
||||||
|
globalSettings = builder.build();
|
||||||
Environment environment = new Environment(globalSettings);
|
Environment environment = new Environment(globalSettings);
|
||||||
clientSSLService = new ClientSSLService(globalSettings, new Global(globalSettings));
|
clientSSLService = new ClientSSLService(globalSettings, new Global(globalSettings));
|
||||||
clientSSLService.setEnvironment(environment);
|
clientSSLService.setEnvironment(environment);
|
||||||
|
@ -50,9 +54,11 @@ public class AbstractActiveDirectoryIntegTests extends ESTestCase {
|
||||||
.put(ActiveDirectorySessionFactory.AD_DOMAIN_NAME_SETTING, adDomainName)
|
.put(ActiveDirectorySessionFactory.AD_DOMAIN_NAME_SETTING, adDomainName)
|
||||||
.put(ActiveDirectorySessionFactory.AD_USER_SEARCH_BASEDN_SETTING, userSearchDN)
|
.put(ActiveDirectorySessionFactory.AD_USER_SEARCH_BASEDN_SETTING, userSearchDN)
|
||||||
.put(ActiveDirectorySessionFactory.AD_USER_SEARCH_SCOPE_SETTING, scope)
|
.put(ActiveDirectorySessionFactory.AD_USER_SEARCH_SCOPE_SETTING, scope)
|
||||||
.put(ActiveDirectorySessionFactory.HOSTNAME_VERIFICATION_SETTING, hostnameVerification)
|
.put(ActiveDirectorySessionFactory.HOSTNAME_VERIFICATION_SETTING, hostnameVerification);
|
||||||
.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))
|
if (useGlobalSSL == false) {
|
||||||
|
builder.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))
|
||||||
.put("ssl.truststore.password", "changeit");
|
.put("ssl.truststore.password", "changeit");
|
||||||
|
}
|
||||||
return builder.build();
|
return builder.build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -208,11 +208,14 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
|
||||||
public void testStandardLdapConnection() throws Exception {
|
public void testStandardLdapConnection() throws Exception {
|
||||||
String groupSearchBase = "DC=ad,DC=test,DC=elasticsearch,DC=com";
|
String groupSearchBase = "DC=ad,DC=test,DC=elasticsearch,DC=com";
|
||||||
String userTemplate = "CN={0},CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com";
|
String userTemplate = "CN={0},CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com";
|
||||||
Settings settings = Settings.builder()
|
Settings settings = LdapTestCase.buildLdapSettings(AD_LDAP_URL, userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE);
|
||||||
.put(LdapTestCase.buildLdapSettings(AD_LDAP_URL, userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
|
if (useGlobalSSL == false) {
|
||||||
|
settings = Settings.builder()
|
||||||
|
.put(settings)
|
||||||
.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))
|
.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))
|
||||||
.put("ssl.truststore.password", "changeit")
|
.put("ssl.truststore.password", "changeit")
|
||||||
.build();
|
.build();
|
||||||
|
}
|
||||||
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings);
|
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings);
|
||||||
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, clientSSLService).init();
|
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, clientSSLService).init();
|
||||||
|
|
||||||
|
@ -231,11 +234,14 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
public void testStandardLdapWithAttributeGroups() throws Exception {
|
public void testStandardLdapWithAttributeGroups() throws Exception {
|
||||||
String userTemplate = "CN={0},CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com";
|
String userTemplate = "CN={0},CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com";
|
||||||
Settings settings = Settings.builder()
|
Settings settings = LdapTestCase.buildLdapSettings(new String[] { AD_LDAP_URL }, userTemplate, false);
|
||||||
.put(LdapTestCase.buildLdapSettings(new String[] { AD_LDAP_URL }, userTemplate, false))
|
if (useGlobalSSL == false) {
|
||||||
|
settings = Settings.builder()
|
||||||
|
.put(settings)
|
||||||
.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))
|
.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))
|
||||||
.put("ssl.truststore.password", "changeit")
|
.put("ssl.truststore.password", "changeit")
|
||||||
.build();
|
.build();
|
||||||
|
}
|
||||||
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings);
|
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings);
|
||||||
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, clientSSLService).init();
|
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, clientSSLService).init();
|
||||||
|
|
||||||
|
@ -285,9 +291,11 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
|
||||||
Settings.Builder builder = Settings.builder()
|
Settings.Builder builder = Settings.builder()
|
||||||
.put(ActiveDirectorySessionFactory.URLS_SETTING, ldapUrl)
|
.put(ActiveDirectorySessionFactory.URLS_SETTING, ldapUrl)
|
||||||
.put(ActiveDirectorySessionFactory.AD_DOMAIN_NAME_SETTING, adDomainName)
|
.put(ActiveDirectorySessionFactory.AD_DOMAIN_NAME_SETTING, adDomainName)
|
||||||
.put(ActiveDirectorySessionFactory.HOSTNAME_VERIFICATION_SETTING, hostnameVerification)
|
.put(ActiveDirectorySessionFactory.HOSTNAME_VERIFICATION_SETTING, hostnameVerification);
|
||||||
.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))
|
if (useGlobalSSL == false) {
|
||||||
|
builder.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))
|
||||||
.put("ssl.truststore.password", "changeit");
|
.put("ssl.truststore.password", "changeit");
|
||||||
|
}
|
||||||
return builder.build();
|
return builder.build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,10 +33,12 @@ public abstract class GroupsResolverTestCase extends ESTestCase {
|
||||||
public void setUpLdapConnection() throws Exception {
|
public void setUpLdapConnection() throws Exception {
|
||||||
Path keystore = getDataPath("../ldap/support/ldaptrust.jks");
|
Path keystore = getDataPath("../ldap/support/ldaptrust.jks");
|
||||||
boolean useGlobalSSL = randomBoolean();
|
boolean useGlobalSSL = randomBoolean();
|
||||||
Settings settings = Settings.builder().put("path.home", createTempDir())
|
Settings.Builder builder = Settings.builder().put("path.home", createTempDir());
|
||||||
.put("xpack.security.ssl.keystore.path", keystore)
|
if (useGlobalSSL) {
|
||||||
.put("xpack.security.ssl.keystore.password", "changeit")
|
builder.put("xpack.security.ssl.keystore.path", keystore)
|
||||||
.build();
|
.put("xpack.security.ssl.keystore.password", "changeit");
|
||||||
|
}
|
||||||
|
Settings settings = builder.build();
|
||||||
Environment env = new Environment(settings);
|
Environment env = new Environment(settings);
|
||||||
ClientSSLService clientSSLService = new ClientSSLService(settings, new Global(settings));
|
ClientSSLService clientSSLService = new ClientSSLService(settings, new Global(settings));
|
||||||
clientSSLService.setEnvironment(env);
|
clientSSLService.setEnvironment(env);
|
||||||
|
|
|
@ -38,6 +38,7 @@ public class OpenLdapTests extends ESTestCase {
|
||||||
public static final String OPEN_LDAP_URL = "ldaps://54.200.235.244:636";
|
public static final String OPEN_LDAP_URL = "ldaps://54.200.235.244:636";
|
||||||
public static final String PASSWORD = "NickFuryHeartsES";
|
public static final String PASSWORD = "NickFuryHeartsES";
|
||||||
|
|
||||||
|
private boolean useGlobalSSL;
|
||||||
private ClientSSLService clientSSLService;
|
private ClientSSLService clientSSLService;
|
||||||
private Settings globalSettings;
|
private Settings globalSettings;
|
||||||
|
|
||||||
|
@ -49,10 +50,13 @@ public class OpenLdapTests extends ESTestCase {
|
||||||
* If we re-use a SSLContext, previously connected sessions can get re-established which breaks hostname
|
* If we re-use a SSLContext, previously connected sessions can get re-established which breaks hostname
|
||||||
* verification tests since a re-established connection does not perform hostname verification.
|
* verification tests since a re-established connection does not perform hostname verification.
|
||||||
*/
|
*/
|
||||||
globalSettings = Settings.builder().put("path.home", createTempDir())
|
useGlobalSSL = randomBoolean();
|
||||||
.put("xpack.security.ssl.keystore.path", keystore)
|
Settings.Builder builder = Settings.builder().put("path.home", createTempDir());
|
||||||
.put("xpack.security.ssl.keystore.password", "changeit")
|
if (useGlobalSSL) {
|
||||||
.build();
|
builder.put("xpack.security.ssl.keystore.path", keystore)
|
||||||
|
.put("xpack.security.ssl.keystore.password", "changeit");
|
||||||
|
}
|
||||||
|
globalSettings = builder.build();
|
||||||
Environment environment = new Environment(globalSettings);
|
Environment environment = new Environment(globalSettings);
|
||||||
clientSSLService = new ClientSSLService(globalSettings, new Global(globalSettings));
|
clientSSLService = new ClientSSLService(globalSettings, new Global(globalSettings));
|
||||||
clientSSLService.setEnvironment(environment);
|
clientSSLService.setEnvironment(environment);
|
||||||
|
@ -180,6 +184,9 @@ public class OpenLdapTests extends ESTestCase {
|
||||||
|
|
||||||
Settings buildLdapSettings(String ldapUrl, String userTemplate, String groupSearchBase, LdapSearchScope scope) {
|
Settings buildLdapSettings(String ldapUrl, String userTemplate, String groupSearchBase, LdapSearchScope scope) {
|
||||||
Settings baseSettings = LdapTestCase.buildLdapSettings(ldapUrl, userTemplate, groupSearchBase, scope);
|
Settings baseSettings = LdapTestCase.buildLdapSettings(ldapUrl, userTemplate, groupSearchBase, scope);
|
||||||
|
if (useGlobalSSL) {
|
||||||
|
return baseSettings;
|
||||||
|
}
|
||||||
return Settings.builder()
|
return Settings.builder()
|
||||||
.put(baseSettings)
|
.put(baseSettings)
|
||||||
.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))
|
.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))
|
||||||
|
|
Loading…
Reference in New Issue