mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-05 20:48:22 +00:00
9e529d9d58
Ensure our tests can run in a FIPS JVM JKS keystores cannot be used in a FIPS JVM as attempting to use one in order to init a KeyManagerFactory or a TrustManagerFactory is not allowed.( JKS keystore algorithms for private key encryption are not FIPS 140 approved) This commit replaces JKS keystores in our tests with the corresponding PEM encoded key and certificates both for key and trust configurations. Whenever it's not possible to refactor the test, i.e. when we are testing that we can load a JKS keystore, etc. we attempt to mute the test when we are running in FIPS 140 JVM. Testing for the JVM is naive and is based on the name of the security provider as we would control the testing infrastrtucture and so this would be reliable enough. Other cases of tests being muted are the ones that involve custom TrustStoreManagers or KeyStoreManagers, null TLS Ciphers and the SAMLAuthneticator class as we cannot sign XML documents in the way we were doing. SAMLAuthenticator tests in a FIPS JVM can be reenabled with precomputed and signed SAML messages at a later stage. IT will be covered in a subsequent PR
98 lines
3.5 KiB
Groovy
98 lines
3.5 KiB
Groovy
/*
|
|
* Licensed to Elasticsearch under one or more contributor
|
|
* license agreements. See the NOTICE file distributed with
|
|
* this work for additional information regarding copyright
|
|
* ownership. Elasticsearch licenses this file to you under
|
|
* the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing,
|
|
* software distributed under the License is distributed on an
|
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
* KIND, either express or implied. See the License for the
|
|
* specific language governing permissions and limitations
|
|
* under the License.
|
|
*/
|
|
|
|
import org.elasticsearch.gradle.precommit.PrecommitTasks
|
|
|
|
apply plugin: 'elasticsearch.build'
|
|
apply plugin: 'nebula.maven-base-publish'
|
|
apply plugin: 'nebula.maven-scm'
|
|
|
|
targetCompatibility = JavaVersion.VERSION_1_7
|
|
sourceCompatibility = JavaVersion.VERSION_1_7
|
|
|
|
group = 'org.elasticsearch.client'
|
|
archivesBaseName = 'elasticsearch-rest-client'
|
|
|
|
publishing {
|
|
publications {
|
|
nebula {
|
|
artifactId = archivesBaseName
|
|
}
|
|
}
|
|
}
|
|
|
|
dependencies {
|
|
compile "org.apache.httpcomponents:httpclient:${versions.httpclient}"
|
|
compile "org.apache.httpcomponents:httpcore:${versions.httpcore}"
|
|
compile "org.apache.httpcomponents:httpasyncclient:${versions.httpasyncclient}"
|
|
compile "org.apache.httpcomponents:httpcore-nio:${versions.httpcore}"
|
|
compile "commons-codec:commons-codec:${versions.commonscodec}"
|
|
compile "commons-logging:commons-logging:${versions.commonslogging}"
|
|
|
|
testCompile "org.elasticsearch.client:test:${version}"
|
|
testCompile "com.carrotsearch.randomizedtesting:randomizedtesting-runner:${versions.randomizedrunner}"
|
|
testCompile "junit:junit:${versions.junit}"
|
|
testCompile "org.hamcrest:hamcrest-all:${versions.hamcrest}"
|
|
testCompile "org.elasticsearch:securemock:${versions.securemock}"
|
|
testCompile "org.elasticsearch:mocksocket:${versions.mocksocket}"
|
|
}
|
|
|
|
forbiddenApisMain {
|
|
//client does not depend on server, so only jdk and http signatures should be checked
|
|
signaturesURLs = [PrecommitTasks.getResource('/forbidden/jdk-signatures.txt'),
|
|
PrecommitTasks.getResource('/forbidden/http-signatures.txt')]
|
|
}
|
|
|
|
forbiddenPatterns {
|
|
exclude '**/*.der'
|
|
}
|
|
|
|
forbiddenApisTest {
|
|
//we are using jdk-internal instead of jdk-non-portable to allow for com.sun.net.httpserver.* usage
|
|
bundledSignatures -= 'jdk-non-portable'
|
|
bundledSignatures += 'jdk-internal'
|
|
//client does not depend on server, so only jdk signatures should be checked
|
|
signaturesURLs = [PrecommitTasks.getResource('/forbidden/jdk-signatures.txt'),
|
|
PrecommitTasks.getResource('/forbidden/http-signatures.txt')]
|
|
}
|
|
|
|
// JarHell is part of es server, which we don't want to pull in
|
|
// TODO: Not anymore. Now in :libs:core
|
|
jarHell.enabled=false
|
|
|
|
namingConventions {
|
|
testClass = 'org.elasticsearch.client.RestClientTestCase'
|
|
//we don't have integration tests
|
|
skipIntegTestInDisguise = true
|
|
}
|
|
|
|
thirdPartyAudit.excludes = [
|
|
//commons-logging optional dependencies
|
|
'org.apache.avalon.framework.logger.Logger',
|
|
'org.apache.log.Hierarchy',
|
|
'org.apache.log.Logger',
|
|
'org.apache.log4j.Category',
|
|
'org.apache.log4j.Level',
|
|
'org.apache.log4j.Logger',
|
|
'org.apache.log4j.Priority',
|
|
//commons-logging provided dependencies
|
|
'javax.servlet.ServletContextEvent',
|
|
'javax.servlet.ServletContextListener'
|
|
]
|