From 17596f750cf0f6d1b35e4b9870218b180d4f8ede Mon Sep 17 00:00:00 2001 From: Andriy Redko Date: Fri, 10 Mar 2023 16:43:24 -0500 Subject: [PATCH] OpenSSLTest is not using the OpenSSL Provider (#2301) (#2533) * OpenSSLTest is not using the OpenSSL Provider * Enable OpenSSLTest on Windows * Extracted OpenSSL test into separate task to eliminate mess with system properties (cherry picked from commit d14143d315174a23a6ad215b71bd938a16c182ab) Signed-off-by: Andriy Redko --- build.gradle | 33 ++++++++++++++++++- .../opensearch/security/ssl/OpenSSLTest.java | 1 - .../org/opensearch/security/ssl/SSLTest.java | 4 +-- 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/build.gradle b/build.gradle index 3d9b8bdb07..798c513cb6 100644 --- a/build.gradle +++ b/build.gradle @@ -55,6 +55,7 @@ plugins { id 'com.netflix.nebula.ospackage' version "11.0.0" id "org.gradle.test-retry" version "1.5.2" id "com.github.spotbugs" version "5.0.13" + id "com.google.osdetector" version "1.7.1" } allprojects { @@ -106,6 +107,7 @@ test { include '**/*.class' filter { excludeTestsMatching "org.opensearch.security.sanity.tests.*" + excludeTestsMatching "org.opensearch.security.ssl.OpenSSL*" } maxParallelForks = 8 jvmArgs += "-Xmx3072m" @@ -133,13 +135,37 @@ test { } } +//add new task that runs OpenSSL tests +task opensslTest(type: Test) { + include '**/OpenSSL*.class' + retry { + failOnPassedAfterRetry = false + maxRetries = 5 + } + jacoco { + excludes = [ + "com.sun.jndi.dns.*", + "com.sun.security.sasl.gsskerb.*", + "java.sql.*", + "javax.script.*", + "org.jcp.xml.dsig.internal.dom.*", + "sun.nio.cs.ext.*", + "sun.security.ec.*", + "sun.security.jgss.*", + "sun.security.pkcs11.*", + "sun.security.smartcardio.*", + "sun.util.resources.provider.*" + ] + } +} + task copyExtraTestResources(dependsOn: testClasses) { copy { from 'src/test/resources' into 'build/testrun/test/src/test/resources' } } -tasks.test.dependsOn(copyExtraTestResources) +tasks.test.dependsOn(copyExtraTestResources, opensslTest) jacoco { reportsDirectory = file("$buildDir/reports/jacoco") @@ -367,6 +393,11 @@ dependencies { testImplementation 'org.junit.jupiter:junit-jupiter:5.8.2' testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.2' testImplementation "org.opensearch:common-utils:${common_utils_version}" + // Only osx-x86_64, osx-aarch_64, linux-x86_64, linux-aarch_64, windows-x86_64 are available + if (osdetector.classifier in ["osx-x86_64", "osx-aarch_64", "linux-x86_64", "linux-aarch_64", "windows-x86_64"]) { + testImplementation "io.netty:netty-tcnative-classes:2.0.54.Final" + testImplementation "io.netty:netty-tcnative-boringssl-static:2.0.54.Final:${osdetector.classifier}" + } // JUnit build requirement testCompileOnly 'org.apiguardian:apiguardian-api:1.0.0' // Kafka test execution diff --git a/src/test/java/org/opensearch/security/ssl/OpenSSLTest.java b/src/test/java/org/opensearch/security/ssl/OpenSSLTest.java index 7acf219f5c..e34a066dab 100644 --- a/src/test/java/org/opensearch/security/ssl/OpenSSLTest.java +++ b/src/test/java/org/opensearch/security/ssl/OpenSSLTest.java @@ -65,7 +65,6 @@ public static void restoreNettyDefaultAllocator() { @Before public void setup() { - Assume.assumeFalse(PlatformDependent.isWindows()); allowOpenSSL = true; } diff --git a/src/test/java/org/opensearch/security/ssl/SSLTest.java b/src/test/java/org/opensearch/security/ssl/SSLTest.java index fc04dfdb5f..9604d66a77 100644 --- a/src/test/java/org/opensearch/security/ssl/SSLTest.java +++ b/src/test/java/org/opensearch/security/ssl/SSLTest.java @@ -79,9 +79,9 @@ public void testHttps() throws Exception { .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE, allowOpenSSL) .put("plugins.security.ssl.http.clientauth_mode", "REQUIRE") .putList(SSLConfigConstants.SECURITY_SSL_HTTP_ENABLED_PROTOCOLS, "TLSv1.1","TLSv1.2") - .putList(SSLConfigConstants.SECURITY_SSL_HTTP_ENABLED_CIPHERS, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256") + .putList(SSLConfigConstants.SECURITY_SSL_HTTP_ENABLED_CIPHERS, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256") .putList(SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENABLED_PROTOCOLS, "TLSv1.1","TLSv1.2") - .putList(SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENABLED_CIPHERS, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256") + .putList(SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENABLED_CIPHERS, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256") .put("plugins.security.ssl.http.keystore_filepath", FileHelper. getAbsoluteFilePathFromClassPath("ssl/node-0-keystore.jks")) .put("plugins.security.ssl.http.truststore_filepath", FileHelper. getAbsoluteFilePathFromClassPath("ssl/truststore.jks")) .build();