Skip to content

Commit

Permalink
Adjust reload keystore test to pass in FIPS (#56889) (#56941)
Browse files Browse the repository at this point in the history
In KeystoreWrapper class we determine if the error to decrypt a
given keystore is caused by a wrong password based on the exception
that the SunJCE implementation of AES is
throwing(AEADBadTagException). Other implementations from other
Security Providers fail with a different exception and as such we
cannot differentiate between a corrupted file and a wrong password
in a foolproof way.
As in other tests such as in
KeyStoreWrapperTests#testDecryptKeyStoreWithWrongPassword
we handle this by matching both possible exception messages.
  • Loading branch information
jkakavas authored May 19, 2020
1 parent c8b462b commit cc1cfb3
Showing 1 changed file with 3 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,9 @@ setup:
- is_true: nodes
- is_true: cluster_name
- match: { nodes.$node_id.reload_exception.type: "security_exception" }
- match: { nodes.$node_id.reload_exception.reason: "Provided keystore password was incorrect" }
- match: { nodes.$node_id.reload_exception.reason:
/^(Provided\skeystore\spassword\swas\sincorrect|
Keystore\shas\sbeen\scorrupted\sor\stampered\swith)$/ }

---
"node_reload_secure_settings test correct(empty) password":
Expand Down

0 comments on commit cc1cfb3

Please sign in to comment.