ZOOKEEPER-4889: Fallback to DIGEST-MD5 auth mech should be disabled in Fips mode

[anmolnar]

Disable DIGEST-MD5 mech in Fips mode. I had to modify lots of unit tests, because fips mode is enabled by default on the master branch and unit tests heavily rely on using DIGEST-MD5 for Sasl authentication.

Scary number of files, but mostly refactoring in the tests.

[anmolnar]

We should have a common base class for SASL auth tests.

[eolivelli]

Perfect !

Lgtm

[symat]

LGTM

shouldn't we mention this to the documentation somewhere?
(I don't think this would really be a backward compatibility issue, as I guess noone is considering digest MD5 in a FIPS environment - yet still this is a change in the current behaviour)

[anmolnar]

LGTM

shouldn't we mention this to the documentation somewhere? (I don't think this would really be a backward compatibility issue, as I guess noone is considering digest MD5 in a FIPS environment - yet still this is a change in the current behaviour)

That's very good point. You submitted a bit fast, but let me create an addendum patch.
It also needs to be backported to other branches branch-3.9 and branch-3.8, I'm not sure what to do with the addendum in this case, can I just backport in a single patch?

[anmolnar]

@eolivelli @symat Please see the addendum here: #2214

[anmolnar]

shouldn't we mention this to the documentation somewhere? (I don't think this would really be a backward compatibility issue, as I guess noone is considering digest MD5 in a FIPS environment - yet still this is a change in the current behaviour)

It's not about consideration, FIPS doesn't allow using MD5 anywhere in the running code. If ever the code runs on that code patch, runtime exception will be thrown and JVM halts. This change is backward compatible.

[anmolnar]

I've backported the patch to branch-3.9, will open separate PR for branch-3.8.