From 0834f70aaae759ab947671d44569f5b2ca2bddef Mon Sep 17 00:00:00 2001
From: Ioannis Kakavas <ioannis@elastic.co>
Date: Fri, 31 Aug 2018 12:56:53 +0300
Subject: [PATCH 1/3] Disable Thai locale for RestrictedTrustManagerTest

Disable thai locale as Certificate expiration validation fails due
to the date format in a FIPS 140 JVM.
Added the locale switching logic here instead of subclassing
ESTestCase as these are the only tests that fail for that local and
JVM combination.

Resolves #33081
---
 .../core/ssl/RestrictedTrustManagerTests.java | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java
index c1a39582e4fc0..c3ee9d6a5818a 100644
--- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java
+++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java
@@ -5,12 +5,17 @@
  */
 package org.elasticsearch.xpack.core.ssl;
 
+import org.apache.logging.log4j.Logger;
+import org.elasticsearch.common.logging.Loggers;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.test.ESTestCase;
 import org.hamcrest.Description;
 import org.hamcrest.TypeSafeMatcher;
+import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.Before;
+import org.junit.BeforeClass;
+
 import javax.net.ssl.X509ExtendedTrustManager;
 
 import java.io.IOException;
@@ -28,6 +33,7 @@
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Objects;
 import java.util.regex.Pattern;
@@ -40,6 +46,32 @@ public class RestrictedTrustManagerTests extends ESTestCase {
     private int numberOfClusters;
     private int numberOfNodes;
 
+    private static Locale restoreLocale;
+
+    @BeforeClass
+    public static void ensureSupportedLocale() throws Exception {
+        Logger logger = Loggers.getLogger(RestrictedTrustManagerTests.class);
+        if (isThaiLocale() && inFipsJvm()) {
+            // See: https://github.com/elastic/elasticsearch/issues/33081
+            logger.warn("Attempting to run RestrictedTrustManagerTests tests on Thai locale in a FIPS JVM. Certificate expiration " +
+                "validation will fail, switching to English");
+            restoreLocale = Locale.getDefault();
+            Locale.setDefault(Locale.ENGLISH);
+        }
+    }
+
+    private static boolean isThaiLocale() {
+        return Locale.getDefault().toLanguageTag().equals("th-TH-u-nu-thai-x-lvariant-TH");
+    }
+
+    @AfterClass
+    public static void restoreLocale() throws Exception {
+        if (restoreLocale != null) {
+            Locale.setDefault(restoreLocale);
+            restoreLocale = null;
+        }
+    }
+
     @Before
     public void readCertificates() throws GeneralSecurityException, IOException {
 

From b70a707f2528d4fe973d389a3375e95552f439a4 Mon Sep 17 00:00:00 2001
From: Ioannis Kakavas <ioannis@elastic.co>
Date: Fri, 31 Aug 2018 13:16:26 +0300
Subject: [PATCH 2/3] Disable ALL Thai locales

---
 .../xpack/core/ssl/RestrictedTrustManagerTests.java           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java
index c3ee9d6a5818a..6551d7f432e50 100644
--- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java
+++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java
@@ -53,7 +53,7 @@ public static void ensureSupportedLocale() throws Exception {
         Logger logger = Loggers.getLogger(RestrictedTrustManagerTests.class);
         if (isThaiLocale() && inFipsJvm()) {
             // See: https://github.com/elastic/elasticsearch/issues/33081
-            logger.warn("Attempting to run RestrictedTrustManagerTests tests on Thai locale in a FIPS JVM. Certificate expiration " +
+            logger.warn("Attempting to run RestrictedTrustManagerTests tests on a Thai locale in a FIPS JVM. Certificate expiration " +
                 "validation will fail, switching to English");
             restoreLocale = Locale.getDefault();
             Locale.setDefault(Locale.ENGLISH);
@@ -61,7 +61,7 @@ public static void ensureSupportedLocale() throws Exception {
     }
 
     private static boolean isThaiLocale() {
-        return Locale.getDefault().toLanguageTag().equals("th-TH-u-nu-thai-x-lvariant-TH");
+        return Locale.getDefault().getLanguage().equals(new Locale("th").getLanguage());
     }
 
     @AfterClass

From b74be5f42df31cd85f5b715754e2ea327761df97 Mon Sep 17 00:00:00 2001
From: Ioannis Kakavas <ioannis@elastic.co>
Date: Tue, 11 Sep 2018 10:10:45 +0300
Subject: [PATCH 3/3] Change to check specific language tags

---
 .../xpack/core/ssl/RestrictedTrustManagerTests.java    | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java
index 6551d7f432e50..24dc2d9847a7d 100644
--- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java
+++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java
@@ -51,17 +51,19 @@ public class RestrictedTrustManagerTests extends ESTestCase {
     @BeforeClass
     public static void ensureSupportedLocale() throws Exception {
         Logger logger = Loggers.getLogger(RestrictedTrustManagerTests.class);
-        if (isThaiLocale() && inFipsJvm()) {
+        if (isUnusableLocale()) {
             // See: https://github.com/elastic/elasticsearch/issues/33081
-            logger.warn("Attempting to run RestrictedTrustManagerTests tests on a Thai locale in a FIPS JVM. Certificate expiration " +
+            logger.warn("Attempting to run RestrictedTrustManagerTests tests in an unusable locale in a FIPS JVM. Certificate expiration " +
                 "validation will fail, switching to English");
             restoreLocale = Locale.getDefault();
             Locale.setDefault(Locale.ENGLISH);
         }
     }
 
-    private static boolean isThaiLocale() {
-        return Locale.getDefault().getLanguage().equals(new Locale("th").getLanguage());
+    private static boolean isUnusableLocale() {
+        return inFipsJvm() && (Locale.getDefault().toLanguageTag().equals("th-TH")
+            || Locale.getDefault().toLanguageTag().equals("ja-JP-u-ca-japanese-x-lvariant-JP")
+            || Locale.getDefault().toLanguageTag().equals("th-TH-u-nu-thai-x-lvariant-TH"));
     }
 
     @AfterClass