Merge pull request elastic/elasticsearch#2799 from javanna/feature/async_rest_client

Rest client: move to async client under the hood

Original commit: elastic/x-pack-elasticsearch@e185f46418

elasticsearch/qa/audit-tests/src/test/java/org/elasticsearch/xpack/security/audit/IndexAuditIT.java

@@ -38,11 +38,10 @@ public class IndexAuditIT extends ESIntegTestCase {
 
     @AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2354")
     public void testShieldIndexAuditTrailWorking() throws Exception {
-        try (Response response = getRestClient().performRequest("GET", "/",
+        Response response = getRestClient().performRequest("GET", "/",
                 new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
-                        UsernamePasswordToken.basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray()))))) {
+                        UsernamePasswordToken.basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray()))));
-            assertThat(response.getStatusLine().getStatusCode(), is(200));
+        assertThat(response.getStatusLine().getStatusCode(), is(200));
-        }
         final AtomicReference<ClusterState> lastClusterState = new AtomicReference<>();
         final AtomicBoolean indexExists = new AtomicBoolean(false);
         boolean found = awaitBusy(() -> {

elasticsearch/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmIT.java

@@ -60,11 +60,10 @@ public class CustomRealmIT extends ESIntegTestCase {
     }
 
     public void testHttpAuthentication() throws Exception {
-        try (Response response = getRestClient().performRequest("GET", "/",
+        Response response = getRestClient().performRequest("GET", "/",
                 new BasicHeader(CustomRealm.USER_HEADER, CustomRealm.KNOWN_USER),
-                new BasicHeader(CustomRealm.PW_HEADER, CustomRealm.KNOWN_PW))) {
+                new BasicHeader(CustomRealm.PW_HEADER, CustomRealm.KNOWN_PW));
-            assertThat(response.getStatusLine().getStatusCode(), is(200));
+        assertThat(response.getStatusLine().getStatusCode(), is(200));
-        }
     }
 
     public void testTransportClient() throws Exception {

elasticsearch/qa/smoke-test-graph-with-security/src/test/java/org/elasticsearch/smoketest/GraphWithSecurityInsufficientRoleIT.java

@@ -21,7 +21,7 @@ public class GraphWithSecurityInsufficientRoleIT extends GraphWithSecurityIT {
     public void test() throws IOException {
         try {
             super.test();
-            fail();
+            fail("should have failed because of missing role");
         } catch(AssertionError ae) {
             assertThat(ae.getMessage(), containsString("action [indices:data/read/xpack/graph/explore"));
             assertThat(ae.getMessage(), containsString("returned [403 Forbidden]"));

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/security/MonitoringSettingsFilterTests.java

@@ -19,14 +19,13 @@ import org.elasticsearch.xpack.security.authc.support.SecuredString;
 
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.Map;
 
 import static org.elasticsearch.common.xcontent.support.XContentMapValues.extractValue;
 import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
 import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
-import static org.hamcrest.Matchers.nullValue;
 import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.nullValue;
 
 public class MonitoringSettingsFilterTests extends MonitoringIntegTestCase {
 
@@ -63,22 +62,20 @@ public class MonitoringSettingsFilterTests extends MonitoringIntegTestCase {
         } else {
             headers = new Header[0];
         }
-        try (Response response = getRestClient().performRequest("GET", "/_nodes/settings",
+        Response response = getRestClient().performRequest("GET", "/_nodes/settings", headers);
-                Collections.emptyMap(), null, headers)) {
+        Map<String, Object> responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map();
-            Map<String, Object> responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map();
+        @SuppressWarnings("unchecked")
+        Map<String, Object> nodes = (Map<String, Object>) responseMap.get("nodes");
+        for (Object node : nodes.values()) {
             @SuppressWarnings("unchecked")
-            Map<String, Object> nodes = (Map<String, Object>) responseMap.get("nodes");
+            Map<String, Object> settings = (Map<String, Object>) ((Map<String, Object>) node).get("settings");
-            for (Object node : nodes.values()) {
+            assertThat(extractValue("xpack.monitoring.collection.exporters._http.type", settings), equalTo("http"));
-                @SuppressWarnings("unchecked")
+            assertThat(extractValue("xpack.monitoring.collection.exporters._http.enabled", settings), equalTo("false"));
-                Map<String, Object> settings = (Map<String, Object>) ((Map<String, Object>) node).get("settings");
+            assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.auth.username");
-                assertThat(extractValue("xpack.monitoring.collection.exporters._http.type", settings), equalTo("http"));
+            assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.auth.password");
-                assertThat(extractValue("xpack.monitoring.collection.exporters._http.enabled", settings), equalTo("false"));
+            assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.ssl.truststore.path");
-                assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.auth.username");
+            assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.ssl.truststore.password");
-                assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.auth.password");
+            assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.ssl.hostname_verification");
-                assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.ssl.truststore.path");
-                assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.ssl.truststore.password");
-                assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.ssl.hostname_verification");
-            }
         }
     }
 

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java

@@ -7,12 +7,12 @@ package org.elasticsearch.integration;
 
 import org.apache.http.HttpEntity;
 import org.apache.http.StatusLine;
+import org.apache.http.entity.ContentType;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.message.BasicHeader;
 import org.apache.http.util.EntityUtils;
 import org.elasticsearch.client.Response;
 import org.elasticsearch.client.ResponseException;
-import org.elasticsearch.client.RestClient;
 import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.xpack.security.authc.support.Hasher;
 import org.elasticsearch.xpack.security.authc.support.SecuredString;
@@ -36,14 +36,13 @@ public abstract class AbstractPrivilegeTestCase extends SecurityIntegTestCase {
 
     protected void assertAccessIsAllowed(String user, String method, String uri, String body,
                                          Map<String, String> params) throws IOException {
-        try (Response response = getRestClient().performRequest(method, uri, params, entityOrNull(body),
+        Response response = getRestClient().performRequest(method, uri, params, entityOrNull(body),
                 new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
-                        UsernamePasswordToken.basicAuthHeaderValue(user, new SecuredString("passwd".toCharArray()))))) {
+                        UsernamePasswordToken.basicAuthHeaderValue(user, new SecuredString("passwd".toCharArray()))));
-            StatusLine statusLine = response.getStatusLine();
+        StatusLine statusLine = response.getStatusLine();
-            String message = String.format(Locale.ROOT, "%s %s: Expected no error got %s %s with body %s", method, uri,
+        String message = String.format(Locale.ROOT, "%s %s: Expected no error got %s %s with body %s", method, uri,
-                    statusLine.getStatusCode(), statusLine.getReasonPhrase(), EntityUtils.toString(response.getEntity()));
+                statusLine.getStatusCode(), statusLine.getReasonPhrase(), EntityUtils.toString(response.getEntity()));
-            assertThat(message, statusLine.getStatusCode(), is(not(greaterThanOrEqualTo(400))));
+        assertThat(message, statusLine.getStatusCode(), is(not(greaterThanOrEqualTo(400))));
-        }
     }
 
     protected void assertAccessIsAllowed(String user, String method, String uri, String body) throws IOException {
@@ -72,7 +71,7 @@ public abstract class AbstractPrivilegeTestCase extends SecurityIntegTestCase {
         } catch(ResponseException e) {
             StatusLine statusLine = e.getResponse().getStatusLine();
             String message = String.format(Locale.ROOT, "%s %s body %s: Expected 403, got %s %s with body %s", method, uri, body,
-                    statusLine.getStatusCode(), statusLine.getReasonPhrase(), e.getResponseBody());
+                    statusLine.getStatusCode(), statusLine.getReasonPhrase(), EntityUtils.toString(e.getResponse().getEntity()));
             assertThat(message, statusLine.getStatusCode(), is(403));
         }
     }
@@ -80,7 +79,7 @@ public abstract class AbstractPrivilegeTestCase extends SecurityIntegTestCase {
     private static HttpEntity entityOrNull(String body) {
         HttpEntity entity = null;
         if (body != null) {
-            entity = new StringEntity(body, RestClient.JSON_CONTENT_TYPE);
+            entity = new StringEntity(body, ContentType.APPLICATION_JSON);
         }
         return entity;
     }

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java

@@ -6,6 +6,7 @@
 package org.elasticsearch.integration;
 
 import org.apache.http.Header;
+import org.apache.http.entity.ContentType;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.message.BasicHeader;
 import org.apache.http.util.EntityUtils;
@@ -13,15 +14,14 @@ import org.elasticsearch.action.bulk.BulkResponse;
 import org.elasticsearch.action.get.GetResponse;
 import org.elasticsearch.action.update.UpdateResponse;
 import org.elasticsearch.client.Response;
-import org.elasticsearch.client.RestClient;
 import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.xpack.security.Security;
-import org.elasticsearch.xpack.security.authc.support.SecuredString;
-import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
 import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.test.SecuritySettingsSource;
 import org.elasticsearch.xpack.XPackPlugin;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
 
 import java.io.IOException;
 import java.util.Collections;
@@ -79,50 +79,42 @@ public class BulkUpdateTests extends SecurityIntegTestCase {
                 UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
                         new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
 
-        StringEntity body = new StringEntity("{\"test\":\"test\"}", RestClient.JSON_CONTENT_TYPE);
+        StringEntity body = new StringEntity("{\"test\":\"test\"}", ContentType.APPLICATION_JSON);
-        try (Response response = getRestClient().performRequest("PUT", path, Collections.emptyMap(), body, basicAuthHeader)) {
+        Response response = getRestClient().performRequest("PUT", path, Collections.emptyMap(), body, basicAuthHeader);
-            assertThat(response.getStatusLine().getStatusCode(), equalTo(201));
+        assertThat(response.getStatusLine().getStatusCode(), equalTo(201));
-        }
 
-        try (Response response = getRestClient().performRequest("GET", path, basicAuthHeader)) {
+        response = getRestClient().performRequest("GET", path, basicAuthHeader);
-            assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
+        assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
-            assertThat(EntityUtils.toString(response.getEntity()), containsString("\"test\":\"test\""));
+        assertThat(EntityUtils.toString(response.getEntity()), containsString("\"test\":\"test\""));
-        }
 
         if (randomBoolean()) {
             flushAndRefresh();
         }
 
         //update with new field
-        body = new StringEntity("{\"doc\": {\"not test\": \"not test\"}}", RestClient.JSON_CONTENT_TYPE);
+        body = new StringEntity("{\"doc\": {\"not test\": \"not test\"}}", ContentType.APPLICATION_JSON);
-        try (Response response = getRestClient().performRequest("POST", path + "/_update",
+        response = getRestClient().performRequest("POST", path + "/_update", Collections.emptyMap(), body, basicAuthHeader);
-                Collections.emptyMap(), body, basicAuthHeader)) {
+        assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
-            assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
-        }
 
-        try (Response response = getRestClient().performRequest("GET", path, basicAuthHeader)) {
+        response = getRestClient().performRequest("GET", path, basicAuthHeader);
-            assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
+        assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
-            String responseBody = EntityUtils.toString(response.getEntity());
+        String responseBody = EntityUtils.toString(response.getEntity());
-            assertThat(responseBody, containsString("\"test\":\"test\""));
+        assertThat(responseBody, containsString("\"test\":\"test\""));
-            assertThat(responseBody, containsString("\"not test\":\"not test\""));
+        assertThat(responseBody, containsString("\"not test\":\"not test\""));
-        }
 
         // this part is important. Without this, the document may be read from the translog which would bypass the bug where
         // FLS kicks in because the request can't be found and only returns meta fields
         flushAndRefresh();
 
         body = new StringEntity("{\"update\": {\"_index\": \"index1\", \"_type\": \"type\", \"_id\": \"1\"}}\n" +
-                "{\"doc\": {\"bulk updated\":\"bulk updated\"}}\n", RestClient.JSON_CONTENT_TYPE);
+                "{\"doc\": {\"bulk updated\":\"bulk updated\"}}\n", ContentType.APPLICATION_JSON);
-        try (Response response = getRestClient().performRequest("POST", "/_bulk",
+        response = getRestClient().performRequest("POST", "/_bulk", Collections.emptyMap(), body, basicAuthHeader);
-                Collections.emptyMap(), body, basicAuthHeader)) {
+        assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
-            assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
-        }
 
-        try (Response response = getRestClient().performRequest("GET", path, basicAuthHeader)) {
+        response = getRestClient().performRequest("GET", path, basicAuthHeader);
-            String responseBody = EntityUtils.toString(response.getEntity());
+        responseBody = EntityUtils.toString(response.getEntity());
-            assertThat(responseBody, containsString("\"test\":\"test\""));
+        assertThat(responseBody, containsString("\"test\":\"test\""));
-            assertThat(responseBody, containsString("\"not test\":\"not test\""));
+        assertThat(responseBody, containsString("\"not test\":\"not test\""));
-            assertThat(responseBody, containsString("\"bulk updated\":\"bulk updated\""));
+        assertThat(responseBody, containsString("\"bulk updated\":\"bulk updated\""));
-        }
     }
 }

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java

@@ -162,13 +162,12 @@ public class ClearRealmsCacheTests extends SecurityIntegTestCase {
         }
 
         static void executeHttpRequest(String path, Map<String, String> params) throws Exception {
-            try (Response response = getRestClient().performRequest("POST", path, params,
+            Response response = getRestClient().performRequest("POST", path, params,
                     new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
                             UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
-                                    new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
+                                    new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))));
-                assertNotNull(response.getEntity());
+            assertNotNull(response.getEntity());
-                assertTrue(EntityUtils.toString(response.getEntity()).contains("cluster_name"));
+            assertTrue(EntityUtils.toString(response.getEntity()).contains("cluster_name"));
-            }
         }
     }
 

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java

@@ -137,12 +137,11 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
             } else {
                 path = "/_xpack/security/role/" + Strings.arrayToCommaDelimitedString(rolesToClear) + "/_clear_cache";
             }
-            try (Response response = getRestClient().performRequest("POST", path,
+            Response response = getRestClient().performRequest("POST", path,
                     new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
                             UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
-                                    new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
+                                    new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))));
-                assertThat(response.getStatusLine().getStatusCode(), is(RestStatus.OK.getStatus()));
+            assertThat(response.getStatusLine().getStatusCode(), is(RestStatus.OK.getStatus()));
-            }
         } else {
             securityClient.prepareClearRolesCache().names(rolesToClear).get();
         }

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/LicensingTests.java

@@ -185,10 +185,9 @@ public class LicensingTests extends SecurityIntegTestCase {
     }
 
     public void testRestAuthenticationByLicenseType() throws Exception {
-        try (Response response = getRestClient().performRequest("GET", "/")) {
+        Response response = getRestClient().performRequest("GET", "/");
-            // the default of the licensing tests is basic
+        // the default of the licensing tests is basic
-            assertThat(response.getStatusLine().getStatusCode(), is(200));
+        assertThat(response.getStatusLine().getStatusCode(), is(200));
-        }
 
         // generate a new license with a mode that enables auth
         OperationMode mode = randomFrom(OperationMode.GOLD, OperationMode.TRIAL, OperationMode.PLATINUM, OperationMode.STANDARD);

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginTests.java

@@ -41,11 +41,10 @@ public class SecurityPluginTests extends SecurityIntegTestCase {
         }
 
         logger.info("executing authorized request to /_xpack infos");
-        try (Response response = getRestClient().performRequest("GET", "/_xpack",
+        Response response = getRestClient().performRequest("GET", "/_xpack",
                 new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
                         basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
-                                new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
+                                new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))));
-            assertThat(response.getStatusLine().getStatusCode(), is(OK.getStatus()));
+        assertThat(response.getStatusLine().getStatusCode(), is(OK.getStatus()));
-        }
     }
 }

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RunAsIntegTests.java

@@ -140,13 +140,12 @@ public class RunAsIntegTests extends SecurityIntegTestCase {
         }
 
         // but when running as a different user it should work
-        try (Response response = getRestClient().performRequest("GET", "/_nodes",
+        Response response = getRestClient().performRequest("GET", "/_nodes",
                 new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
                         UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
                                 SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD))),
-                new BasicHeader(AuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME))) {
+                new BasicHeader(AuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME));
-            assertThat(response.getStatusLine().getStatusCode(), is(200));
+        assertThat(response.getStatusLine().getStatusCode(), is(200));
-        }
     }
 
     public void testEmptyUserImpersonationHeader() throws Exception {

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiOptionalClientAuthTests.java

@@ -5,12 +5,11 @@
  */
 package org.elasticsearch.xpack.security.authc.pki;
 
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.message.BasicHeader;
+import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
 import org.elasticsearch.client.Response;
 import org.elasticsearch.client.ResponseException;
 import org.elasticsearch.client.RestClient;
-import org.elasticsearch.client.SSLSocketFactoryHttpConfigCallback;
 import org.elasticsearch.client.transport.TransportClient;
 import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
@@ -79,8 +78,8 @@ public class PkiOptionalClientAuthTests extends SecurityIntegTestCase {
     }
 
     public void testRestClientWithoutClientCertificate() throws Exception {
-        SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(getSSLContext());
+        SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(getSSLContext());
-        try (RestClient restClient = createRestClient(new SSLSocketFactoryHttpConfigCallback(sslConnectionSocketFactory), "https")) {
+        try (RestClient restClient = createRestClient(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy), "https")) {
             try {
                 restClient.performRequest("GET", "_nodes");
                 fail("request should have failed");
@@ -88,12 +87,11 @@ public class PkiOptionalClientAuthTests extends SecurityIntegTestCase {
                 assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
             }
 
-            try (Response response = restClient.performRequest("GET", "_nodes",
+            Response response = restClient.performRequest("GET", "_nodes",
                     new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
                             UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
-                                    new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
+                                    new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))));
-                assertThat(response.getStatusLine().getStatusCode(), is(200));
+            assertThat(response.getStatusLine().getStatusCode(), is(200));
-            }
         }
     }
 

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutClientAuthenticationTests.java

@@ -6,12 +6,11 @@
 package org.elasticsearch.xpack.security.authc.pki;
 
 
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.message.BasicHeader;
+import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.client.Response;
 import org.elasticsearch.client.RestClient;
-import org.elasticsearch.client.SSLSocketFactoryHttpConfigCallback;
 import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
@@ -78,14 +77,13 @@ public class PkiWithoutClientAuthenticationTests extends SecurityIntegTestCase {
     public void testThatHttpWorks() throws Exception {
         SSLContext sc = SSLContext.getInstance("SSL");
         sc.init(null, trustAllCerts, new SecureRandom());
-        SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sc);
+        SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(sc);
-        try (RestClient restClient =  createRestClient(new SSLSocketFactoryHttpConfigCallback(sslConnectionSocketFactory), "https")) {
+        try (RestClient restClient = createRestClient(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy), "https")) {
-            try (Response response = restClient.performRequest("GET", "/_nodes",
+            Response response = restClient.performRequest("GET", "/_nodes",
                     new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
                             UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
-                                    new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
+                                    new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))));
-                assertThat(response.getStatusLine().getStatusCode(), is(200));
+            assertThat(response.getStatusLine().getStatusCode(), is(200));
-            }
         }
     }
 }

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutSSLTests.java

@@ -41,11 +41,10 @@ public class PkiWithoutSSLTests extends SecurityIntegTestCase {
     }
 
     public void testThatHttpWorks() throws Exception {
-        try (Response response = getRestClient().performRequest("GET", "/_nodes",
+        Response response = getRestClient().performRequest("GET", "/_nodes",
                 new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
                         UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
-                                new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
+                                new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))));
-            assertThat(response.getStatusLine().getStatusCode(), is(200));
+        assertThat(response.getStatusLine().getStatusCode(), is(200));
-        }
     }
 }

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java

@@ -52,23 +52,22 @@ public class RestAuthenticateActionTests extends SecurityIntegTestCase {
     }
 
     public void testAuthenticateApi() throws Exception {
-        try (Response response = getRestClient().performRequest(
+        Response response = getRestClient().performRequest("GET", "/_xpack/security/_authenticate",
-                "GET", "/_xpack/security/_authenticate",
                 new BasicHeader("Authorization", basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
-                        new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
+                        new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))));
-            assertThat(response.getStatusLine().getStatusCode(), is(200));
+        assertThat(response.getStatusLine().getStatusCode(), is(200));
-            ObjectPath objectPath = ObjectPath.createFromXContent(XContentFactory.xContent(XContentType.JSON),
+        ObjectPath objectPath = ObjectPath.createFromXContent(XContentFactory.xContent(XContentType.JSON),
-                    EntityUtils.toString(response.getEntity()));
+                EntityUtils.toString(response.getEntity()));
-            assertThat(objectPath.evaluate("username").toString(), equalTo(SecuritySettingsSource.DEFAULT_USER_NAME));
+        assertThat(objectPath.evaluate("username").toString(), equalTo(SecuritySettingsSource.DEFAULT_USER_NAME));
-            @SuppressWarnings("unchecked")
+        @SuppressWarnings("unchecked")
-            List<String> roles = (List<String>) objectPath.evaluate("roles");
+        List<String> roles = (List<String>) objectPath.evaluate("roles");
-            assertThat(roles.size(), is(1));
+        assertThat(roles.size(), is(1));
-            assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE));
+        assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE));
-        }
     }
 
     public void testAuthenticateApiWithoutAuthentication() throws Exception {
-        try (Response response = getRestClient().performRequest("GET", "/_xpack/security/_authenticate")) {
+        try {
+            Response response = getRestClient().performRequest("GET", "/_xpack/security/_authenticate");
             if (anonymousEnabled) {
                 assertThat(response.getStatusLine().getStatusCode(), is(200));
                 ObjectPath objectPath = ObjectPath.createFromXContent(XContentFactory.xContent(XContentType.JSON),

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java

@@ -6,14 +6,14 @@
 package org.elasticsearch.xpack.security.transport.ssl;
 
 import org.apache.http.conn.ssl.NoopHostnameVerifier;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.message.BasicHeader;
+import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
 import org.apache.http.ssl.SSLContexts;
 import org.apache.http.util.EntityUtils;
 import org.elasticsearch.ElasticsearchException;
+import org.elasticsearch.ExceptionsHelper;
 import org.elasticsearch.client.Response;
 import org.elasticsearch.client.RestClient;
-import org.elasticsearch.client.SSLSocketFactoryHttpConfigCallback;
 import org.elasticsearch.client.transport.TransportClient;
 import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
@@ -31,11 +31,13 @@ import javax.net.ssl.SSLHandshakeException;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.security.cert.CertPathBuilderException;
 
 import static org.elasticsearch.test.SecuritySettingsSource.getSSLSettingsForStore;
 import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.instanceOf;
 
 public class SslClientAuthTests extends SecurityIntegTestCase {
     @Override
@@ -57,14 +59,14 @@ public class SslClientAuthTests extends SecurityIntegTestCase {
     }
 
     public void testThatHttpFailsWithoutSslClientAuth() throws IOException {
-        SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
+        SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(SSLContexts.createDefault(), NoopHostnameVerifier.INSTANCE);
-                SSLContexts.createDefault(),
+        try (RestClient restClient = createRestClient(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy), "https")) {
-                NoopHostnameVerifier.INSTANCE);
-        try (RestClient restClient = createRestClient(new SSLSocketFactoryHttpConfigCallback(socketFactory), "https")) {
             restClient.performRequest("GET", "/");
             fail("Expected SSLHandshakeException");
         } catch (SSLHandshakeException e) {
-            assertThat(e.getMessage(), containsString("unable to find valid certification path to requested target"));
+            Throwable t = ExceptionsHelper.unwrap(e, CertPathBuilderException.class);
+            assertThat(t, instanceOf(CertPathBuilderException.class));
+            assertThat(t.getMessage(), containsString("unable to find valid certification path to requested target"));
         }
     }
 
@@ -73,19 +75,16 @@ public class SslClientAuthTests extends SecurityIntegTestCase {
                 .put(getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks", "testclient"))
                 .build();
         ClientSSLService sslService = new ClientSSLService(settings, null, new Global(settings), null);
-        SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
+        SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(sslService.sslContext(), NoopHostnameVerifier.INSTANCE);
-                sslService.sslContext(),
+        try (RestClient restClient = createRestClient(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy), "https")) {
-                NoopHostnameVerifier.INSTANCE);
+            Response response = restClient.performRequest("GET", "/",
-        try (RestClient restClient = createRestClient(new SSLSocketFactoryHttpConfigCallback(socketFactory), "https")) {
+                    new BasicHeader("Authorization", basicAuthHeaderValue(transportClientUsername(), transportClientPassword())));
-            try (Response response = restClient.performRequest("GET", "/",
+            assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
-                    new BasicHeader("Authorization", basicAuthHeaderValue(transportClientUsername(), transportClientPassword())))) {
+            assertThat(EntityUtils.toString(response.getEntity()), containsString("You Know, for Search"));
-                assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
-                assertThat(EntityUtils.toString(response.getEntity()), containsString("You Know, for Search"));
-            }
         }
     }
 
-    public void testThatTransportWorksWithoutSslClientAuth() throws Exception {
+    public void testThatTransportWorksWithoutSslClientAuth() throws IOException {
         // specify an arbitrary keystore, that does not include the certs needed to connect to the transport protocol
         Path store = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.jks");
 

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserIntegTests.java

@@ -5,6 +5,7 @@
  */
 package org.elasticsearch.xpack.security.user;
 
+import org.apache.http.util.EntityUtils;
 import org.elasticsearch.client.Response;
 import org.elasticsearch.client.ResponseException;
 import org.elasticsearch.common.network.NetworkModule;
@@ -49,12 +50,12 @@ public class AnonymousUserIntegTests extends SecurityIntegTestCase {
             if (authorizationExceptionsEnabled) {
                 assertThat(statusCode, is(403));
                 assertThat(response.getHeader("WWW-Authenticate"), nullValue());
-                assertThat(e.getResponseBody(), containsString("security_exception"));
+                assertThat(EntityUtils.toString(response.getEntity()), containsString("security_exception"));
             } else {
                 assertThat(statusCode, is(401));
                 assertThat(response.getHeader("WWW-Authenticate"), notNullValue());
                 assertThat(response.getHeader("WWW-Authenticate"), containsString("Basic"));
-                assertThat(e.getResponseBody(), containsString("security_exception"));
+                assertThat(EntityUtils.toString(response.getEntity()), containsString("security_exception"));
             }
         }
     }

elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatcherSettingsFilterTests.java

@@ -24,7 +24,6 @@ import org.junit.After;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.Map;
 
 import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
@@ -69,17 +68,15 @@ public class WatcherSettingsFilterTests extends AbstractWatcherIntegrationTestCa
         } else {
             headers = new Header[0];
         }
-        try (Response response = getRestClient().performRequest("GET", "/_nodes/settings",
+        Response response = getRestClient().performRequest("GET", "/_nodes/settings", headers);
-                Collections.emptyMap(), null, headers)) {
+        Map<String, Object> responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map();
-            Map<String, Object> responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map();
+        Map<String, Object> nodes = (Map<String, Object>) responseMap.get("nodes");
-            Map<String, Object> nodes = (Map<String, Object>) responseMap.get("nodes");
+        for (Object node : nodes.values()) {
-            for (Object node : nodes.values()) {
+            Map<String, Object> settings = (Map<String, Object>) ((Map<String, Object>) node).get("settings");
-                Map<String, Object> settings = (Map<String, Object>) ((Map<String, Object>) node).get("settings");
+            assertThat(XContentMapValues.extractValue("xpack.notification.email.account._email.smtp.user", settings),
-                assertThat(XContentMapValues.extractValue("xpack.notification.email.account._email.smtp.user", settings),
+                    is((Object) "_user"));
-                        is((Object) "_user"));
+            assertThat(XContentMapValues.extractValue("xpack.notification.email.account._email.smtp.password", settings),
-                assertThat(XContentMapValues.extractValue("xpack.notification.email.account._email.smtp.password", settings),
+                    nullValue());
-                        nullValue());
-            }
         }
     }
 }