honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add back randomization of global/per realm SSL configuration 

Original commit: elastic/x-pack-elasticsearch@8dedc9ad45
This commit is contained in:
jaymode 2016-05-25 13:47:07 -04:00
parent c248d7b5da
commit cc66740683
4 changed files with 51 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/AbstractActiveDirectoryIntegTests.java
View File

@ -25,19 +25,23 @@ public class AbstractActiveDirectoryIntegTests extends ESTestCase {
protected ClientSSLService clientSSLService; protected ClientSSLService clientSSLService;
protected Settings globalSettings; protected Settings globalSettings;
protected boolean useGlobalSSL;
@Before @Before
public void initializeSslSocketFactory() throws Exception { public void initializeSslSocketFactory() throws Exception {
useGlobalSSL = randomBoolean();
Path keystore = getDataPath("../ldap/support/ldaptrust.jks"); Path keystore = getDataPath("../ldap/support/ldaptrust.jks");
/* /*
* Prior to each test we reinitialize the socket factory with a new SSLService so that we get a new SSLContext. * Prior to each test we reinitialize the socket factory with a new SSLService so that we get a new SSLContext.
* If we re-use a SSLContext, previously connected sessions can get re-established which breaks hostname * If we re-use a SSLContext, previously connected sessions can get re-established which breaks hostname
* verification tests since a re-established connection does not perform hostname verification. * verification tests since a re-established connection does not perform hostname verification.
*/ */
globalSettings = Settings.builder().put("path.home", createTempDir()) Settings.Builder builder = Settings.builder().put("path.home", createTempDir());
.put("xpack.security.ssl.keystore.path", keystore) if (useGlobalSSL) {
.put("xpack.security.ssl.keystore.password", "changeit") builder.put("xpack.security.ssl.keystore.path", keystore)
.build(); .put("xpack.security.ssl.keystore.password", "changeit");
}
globalSettings = builder.build();
Environment environment = new Environment(globalSettings); Environment environment = new Environment(globalSettings);
clientSSLService = new ClientSSLService(globalSettings, new Global(globalSettings)); clientSSLService = new ClientSSLService(globalSettings, new Global(globalSettings));
clientSSLService.setEnvironment(environment); clientSSLService.setEnvironment(environment);
@ -50,9 +54,11 @@ public class AbstractActiveDirectoryIntegTests extends ESTestCase {
.put(ActiveDirectorySessionFactory.AD_DOMAIN_NAME_SETTING, adDomainName) .put(ActiveDirectorySessionFactory.AD_DOMAIN_NAME_SETTING, adDomainName)
.put(ActiveDirectorySessionFactory.AD_USER_SEARCH_BASEDN_SETTING, userSearchDN) .put(ActiveDirectorySessionFactory.AD_USER_SEARCH_BASEDN_SETTING, userSearchDN)
.put(ActiveDirectorySessionFactory.AD_USER_SEARCH_SCOPE_SETTING, scope) .put(ActiveDirectorySessionFactory.AD_USER_SEARCH_SCOPE_SETTING, scope)
.put(ActiveDirectorySessionFactory.HOSTNAME_VERIFICATION_SETTING, hostnameVerification) .put(ActiveDirectorySessionFactory.HOSTNAME_VERIFICATION_SETTING, hostnameVerification);
.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks")) if (useGlobalSSL == false) {
.put("ssl.truststore.password", "changeit"); builder.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))
.put("ssl.truststore.password", "changeit");
}
return builder.build(); return builder.build();
} }
} }

34
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactoryTests.java
View File

@ -208,11 +208,14 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
public void testStandardLdapConnection() throws Exception { public void testStandardLdapConnection() throws Exception {
String groupSearchBase = "DC=ad,DC=test,DC=elasticsearch,DC=com"; String groupSearchBase = "DC=ad,DC=test,DC=elasticsearch,DC=com";
String userTemplate = "CN={0},CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com"; String userTemplate = "CN={0},CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com";
Settings settings = Settings.builder() Settings settings = LdapTestCase.buildLdapSettings(AD_LDAP_URL, userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE);
.put(LdapTestCase.buildLdapSettings(AD_LDAP_URL, userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE)) if (useGlobalSSL == false) {
.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks")) settings = Settings.builder()
.put("ssl.truststore.password", "changeit") .put(settings)
.build(); .put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))
.put("ssl.truststore.password", "changeit")
.build();
}
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings); RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings);
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, clientSSLService).init(); LdapSessionFactory sessionFactory = new LdapSessionFactory(config, clientSSLService).init();
@ -231,11 +234,14 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public void testStandardLdapWithAttributeGroups() throws Exception { public void testStandardLdapWithAttributeGroups() throws Exception {
String userTemplate = "CN={0},CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com"; String userTemplate = "CN={0},CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com";
Settings settings = Settings.builder() Settings settings = LdapTestCase.buildLdapSettings(new String[] { AD_LDAP_URL }, userTemplate, false);
.put(LdapTestCase.buildLdapSettings(new String[] { AD_LDAP_URL }, userTemplate, false)) if (useGlobalSSL == false) {
.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks")) settings = Settings.builder()
.put("ssl.truststore.password", "changeit") .put(settings)
.build(); .put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))
.put("ssl.truststore.password", "changeit")
.build();
}
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings); RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings);
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, clientSSLService).init(); LdapSessionFactory sessionFactory = new LdapSessionFactory(config, clientSSLService).init();
@ -285,9 +291,11 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
Settings.Builder builder = Settings.builder() Settings.Builder builder = Settings.builder()
.put(ActiveDirectorySessionFactory.URLS_SETTING, ldapUrl) .put(ActiveDirectorySessionFactory.URLS_SETTING, ldapUrl)
.put(ActiveDirectorySessionFactory.AD_DOMAIN_NAME_SETTING, adDomainName) .put(ActiveDirectorySessionFactory.AD_DOMAIN_NAME_SETTING, adDomainName)
.put(ActiveDirectorySessionFactory.HOSTNAME_VERIFICATION_SETTING, hostnameVerification) .put(ActiveDirectorySessionFactory.HOSTNAME_VERIFICATION_SETTING, hostnameVerification);
.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks")) if (useGlobalSSL == false) {
.put("ssl.truststore.password", "changeit"); builder.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))
.put("ssl.truststore.password", "changeit");
}
return builder.build(); return builder.build();
} }
} }

10
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/GroupsResolverTestCase.java
View File

@ -33,10 +33,12 @@ public abstract class GroupsResolverTestCase extends ESTestCase {
public void setUpLdapConnection() throws Exception { public void setUpLdapConnection() throws Exception {
Path keystore = getDataPath("../ldap/support/ldaptrust.jks"); Path keystore = getDataPath("../ldap/support/ldaptrust.jks");
boolean useGlobalSSL = randomBoolean(); boolean useGlobalSSL = randomBoolean();
Settings settings = Settings.builder().put("path.home", createTempDir()) Settings.Builder builder = Settings.builder().put("path.home", createTempDir());
.put("xpack.security.ssl.keystore.path", keystore) if (useGlobalSSL) {
.put("xpack.security.ssl.keystore.password", "changeit") builder.put("xpack.security.ssl.keystore.path", keystore)
.build(); .put("xpack.security.ssl.keystore.password", "changeit");
}
Settings settings = builder.build();
Environment env = new Environment(settings); Environment env = new Environment(settings);
ClientSSLService clientSSLService = new ClientSSLService(settings, new Global(settings)); ClientSSLService clientSSLService = new ClientSSLService(settings, new Global(settings));
clientSSLService.setEnvironment(env); clientSSLService.setEnvironment(env);

15
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java
View File

@ -38,6 +38,7 @@ public class OpenLdapTests extends ESTestCase {
public static final String OPEN_LDAP_URL = "ldaps://54.200.235.244:636"; public static final String OPEN_LDAP_URL = "ldaps://54.200.235.244:636";
public static final String PASSWORD = "NickFuryHeartsES"; public static final String PASSWORD = "NickFuryHeartsES";
private boolean useGlobalSSL;
private ClientSSLService clientSSLService; private ClientSSLService clientSSLService;
private Settings globalSettings; private Settings globalSettings;
@ -49,10 +50,13 @@ public class OpenLdapTests extends ESTestCase {
* If we re-use a SSLContext, previously connected sessions can get re-established which breaks hostname * If we re-use a SSLContext, previously connected sessions can get re-established which breaks hostname
* verification tests since a re-established connection does not perform hostname verification. * verification tests since a re-established connection does not perform hostname verification.
*/ */
globalSettings = Settings.builder().put("path.home", createTempDir()) useGlobalSSL = randomBoolean();
.put("xpack.security.ssl.keystore.path", keystore) Settings.Builder builder = Settings.builder().put("path.home", createTempDir());
.put("xpack.security.ssl.keystore.password", "changeit") if (useGlobalSSL) {
.build(); builder.put("xpack.security.ssl.keystore.path", keystore)
.put("xpack.security.ssl.keystore.password", "changeit");
}
globalSettings = builder.build();
Environment environment = new Environment(globalSettings); Environment environment = new Environment(globalSettings);
clientSSLService = new ClientSSLService(globalSettings, new Global(globalSettings)); clientSSLService = new ClientSSLService(globalSettings, new Global(globalSettings));
clientSSLService.setEnvironment(environment); clientSSLService.setEnvironment(environment);
@ -180,6 +184,9 @@ public class OpenLdapTests extends ESTestCase {
Settings buildLdapSettings(String ldapUrl, String userTemplate, String groupSearchBase, LdapSearchScope scope) { Settings buildLdapSettings(String ldapUrl, String userTemplate, String groupSearchBase, LdapSearchScope scope) {
Settings baseSettings = LdapTestCase.buildLdapSettings(ldapUrl, userTemplate, groupSearchBase, scope); Settings baseSettings = LdapTestCase.buildLdapSettings(ldapUrl, userTemplate, groupSearchBase, scope);
if (useGlobalSSL) {
return baseSettings;
}
return Settings.builder() return Settings.builder()
.put(baseSettings) .put(baseSettings)
.put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks")) .put("ssl.truststore.path", getDataPath("../ldap/support/ldaptrust.jks"))