Fix ADRealmTests in FIPS 140 JVMs (#47437) (#47506)

The changes introduced in #47179 made it so that we could try to
build an SSLContext with verification mode set to None, which is
not allowed in FIPS 140 JVMs. This commit address that
This commit is contained in:
Ioannis Kakavas 2019-10-03 17:14:26 +03:00 committed by GitHub
parent 510d7d84b2
commit fd6a585009
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions

View File

@ -533,12 +533,12 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
.put(getFullSettingKey(realmIdentifier.getName(), ActiveDirectorySessionFactorySettings.AD_DOMAIN_NAME_SETTING), .put(getFullSettingKey(realmIdentifier.getName(), ActiveDirectorySessionFactorySettings.AD_DOMAIN_NAME_SETTING),
"ad.test.elasticsearch.com") "ad.test.elasticsearch.com")
.put(getFullSettingKey(realmIdentifier, DnRoleMapperSettings.USE_UNMAPPED_GROUPS_AS_ROLES_SETTING), true); .put(getFullSettingKey(realmIdentifier, DnRoleMapperSettings.USE_UNMAPPED_GROUPS_AS_ROLES_SETTING), true);
if (randomBoolean()) { if (inFipsJvm()) {
builder.put(getFullSettingKey(realmIdentifier, SSLConfigurationSettings.VERIFICATION_MODE_SETTING_REALM), builder.put(getFullSettingKey(realmIdentifier, SSLConfigurationSettings.VERIFICATION_MODE_SETTING_REALM),
VerificationMode.CERTIFICATE); VerificationMode.CERTIFICATE);
} else { } else {
builder.put(getFullSettingKey(realmIdentifier, SSLConfigurationSettings.VERIFICATION_MODE_SETTING_REALM), builder.put(getFullSettingKey(realmIdentifier, SSLConfigurationSettings.VERIFICATION_MODE_SETTING_REALM),
VerificationMode.NONE); randomBoolean() ? VerificationMode.CERTIFICATE : VerificationMode.NONE);
} }
return builder.put(extraSettings).build(); return builder.put(extraSettings).build();
} }