Fix tests

Signed-off-by: Andrey Pleskach <[email protected]>
willyborankin · Aug 25, 2024 · 9b5af97 · 9b5af97
1 parent 6f6b34c
commit 9b5af97
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 13 deletions.
diff --git a/src/test/java/org/opensearch/security/ssl/OpenSearchSecuritySSLPluginTest.java b/src/test/java/org/opensearch/security/ssl/OpenSearchSecuritySSLPluginTest.java
@@ -9,6 +9,7 @@
 package org.opensearch.security.ssl;
 
 import java.io.IOException;
+import java.nio.file.Path;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
@@ -26,6 +27,7 @@
 import org.opensearch.common.network.NetworkModule;
 import org.opensearch.common.settings.ClusterSettings;
 import org.opensearch.common.settings.Settings;
+import org.opensearch.env.Environment;
 import org.opensearch.http.HttpServerTransport;
 import org.opensearch.http.netty4.ssl.SecureNetty4HttpServerTransport;
 import org.opensearch.plugins.SecureHttpTransportSettingsProvider;
@@ -55,17 +57,17 @@ public class OpenSearchSecuritySSLPluginTest extends AbstractSecurityUnitTest {
     private SecureTransportSettingsProvider secureTransportSettingsProvider;
     private ClusterSettings clusterSettings;
 
+    private Path esFolder;
+
     @Before
     public void setUp() {
+        esFolder = FileHelper.getAbsoluteFilePathFromClassPath("ssl/kirk-keystore.jks").getParent().getParent();
         settings = Settings.builder()
+            .put(Environment.PATH_HOME_SETTING.getKey(), esFolder)
             .put(
                 SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_FILEPATH,
                 FileHelper.getAbsoluteFilePathFromClassPath("ssl/kirk-keystore.jks")
             )
-            .put(
-                SSLConfigConstants.SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH,
-                FileHelper.getAbsoluteFilePathFromClassPath("ssl/root-ca.pem")
-            )
             .put(
                 SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_FILEPATH,
                 FileHelper.getAbsoluteFilePathFromClassPath("ssl/truststore.jks")
@@ -116,7 +118,7 @@ public Optional<SSLEngine> buildSecureHttpServerEngine(Settings settings, HttpSe
 
     @Test
     public void testRegisterSecureHttpTransport() throws IOException {
-        try (OpenSearchSecuritySSLPlugin plugin = new OpenSearchSecuritySSLPlugin(settings, null, false)) {
+        try (OpenSearchSecuritySSLPlugin plugin = new OpenSearchSecuritySSLPlugin(settings, esFolder, false)) {
             final Map<String, Supplier<HttpServerTransport>> transports = plugin.getSecureHttpTransports(
                 settings,
                 MOCK_POOL,
@@ -140,7 +142,7 @@ public void testRegisterSecureHttpTransport() throws IOException {
 
     @Test
     public void testRegisterSecureTransport() throws IOException {
-        try (OpenSearchSecuritySSLPlugin plugin = new OpenSearchSecuritySSLPlugin(settings, null, false)) {
+        try (OpenSearchSecuritySSLPlugin plugin = new OpenSearchSecuritySSLPlugin(settings, esFolder, false)) {
             final Map<String, Supplier<Transport>> transports = plugin.getSecureTransports(
                 settings,
                 MOCK_POOL,
@@ -165,7 +167,7 @@ public void testRegisterSecureTransportWithDeprecatedSecuirtyPluginSettings() th
             .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION, false)
             .build();
 
-        try (OpenSearchSecuritySSLPlugin plugin = new OpenSearchSecuritySSLPlugin(deprecated, null, false)) {
+        try (OpenSearchSecuritySSLPlugin plugin = new OpenSearchSecuritySSLPlugin(deprecated, esFolder, false)) {
             final Map<String, Supplier<Transport>> transports = plugin.getSecureTransports(
                 deprecated,
                 MOCK_POOL,
@@ -190,7 +192,7 @@ public void testRegisterSecureTransportWithNetworkModuleSettings() throws IOExce
             .put(NetworkModule.TRANSPORT_SSL_ENFORCE_HOSTNAME_VERIFICATION_KEY, false)
             .build();
 
-        try (OpenSearchSecuritySSLPlugin plugin = new OpenSearchSecuritySSLPlugin(migrated, null, false)) {
+        try (OpenSearchSecuritySSLPlugin plugin = new OpenSearchSecuritySSLPlugin(migrated, esFolder, false)) {
             final Map<String, Supplier<Transport>> transports = plugin.getSecureTransports(
                 migrated,
                 MOCK_POOL,
@@ -229,7 +231,7 @@ public void testRegisterSecureTransportWithDuplicateSettings() throws IOExceptio
                 .put(NetworkModule.TRANSPORT_SSL_ENFORCE_HOSTNAME_VERIFICATION_KEY, false)
                 .build();
 
-            try (OpenSearchSecuritySSLPlugin plugin = new OpenSearchSecuritySSLPlugin(migrated, null, false)) {
+            try (OpenSearchSecuritySSLPlugin plugin = new OpenSearchSecuritySSLPlugin(migrated, esFolder, false)) {
                 final Map<String, Supplier<Transport>> transports = plugin.getSecureTransports(
                     migrated,
                     MOCK_POOL,

diff --git a/src/test/java/org/opensearch/security/ssl/SSLTest.java b/src/test/java/org/opensearch/security/ssl/SSLTest.java
@@ -568,7 +568,7 @@ public void testHttpsAndNodeSSLFailedCipher() throws Exception {
             Assert.fail();
         } catch (Exception e1) {
             Throwable e = ExceptionUtils.getRootCause(e1);
-            Assert.assertTrue(e.toString(), e.toString().contains("no valid cipher"));
+            Assert.assertTrue(e.toString(), e.toString().contains("No valid cipher"));
         }
     }
 

diff --git a/src/test/java/org/opensearch/security/ssl/SecuritySSLReloadCertsActionTests.java b/src/test/java/org/opensearch/security/ssl/SecuritySSLReloadCertsActionTests.java
@@ -147,9 +147,12 @@ public void testSSLReloadFail_InvalidDNAndDate() throws Exception {
         RestHelper.HttpResponse reloadCertsResponse = rh.executePutRequest(RELOAD_TRANSPORT_CERTS_ENDPOINT, null);
         assertThat(reloadCertsResponse.getStatusCode(), is(500));
         assertThat(
-            "OpenSearchSecurityException[Error while initializing transport SSL layer from PEM: java.lang.Exception: "
-                + "New Certs do not have valid Issuer DN, Subject DN or SAN.]; nested: Exception[New Certs do not have valid Issuer DN, Subject DN or SAN.];",
-            is(DefaultObjectMapper.readTree(reloadCertsResponse.getBody()).get("error").get("root_cause").get(0).get("reason").asText())
+            DefaultObjectMapper.readTree(reloadCertsResponse.getBody()).get("error").get("root_cause").get(0).get("reason").asText(),
+            is(
+                "java.security.cert.CertificateException: "
+                    + "New certificates do not have valid Subject DNs. Current Subject DNs [CN=node-1.example.com,OU=SSL,O=Test,L=Test,C=DE] "
+                    + "new Subject DNs [CN=node-2.example.com,OU=SSL,O=Test,L=Test,C=DE]"
+            )
         );
     }