Disable specific locales for tests in fips mode

The Bouncy Castle FIPS provider that we use for running our tests in fips mode has an issue with locale sensitive handling of Dates as described in bcgit/bc-java#405 This causes certificate validation to fail if any given test that includes some form of certificate validation happens to run in one of the locales. This manifested earlier in elastic#33081 which was handled insufficiently in elastic#33299 This change ensures that the problematic 3 locales * th-TH * ja-JP-u-ca-japanese-x-lvariant-JP * th-TH-u-nu-thai-x-lvariant-TH will not be used when running our tests in a FIPS 140 JVM. It also reverts elastic#33299
jkakavas · Feb 15, 2019 · db1512b · db1512b
1 parent 3f1125f
commit db1512b
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 33 deletions.
diff --git a/test/framework/src/main/java/org/elasticsearch/test/ESTestCase.java b/test/framework/src/main/java/org/elasticsearch/test/ESTestCase.java
@@ -193,6 +193,8 @@ public abstract class ESTestCase extends LuceneTestCase {
 
     private static final Collection<String> nettyLoggedLeaks = new ArrayList<>();
 
+    private static Locale restoreLocale;
+
     @AfterClass
     public static void resetPortCounter() {
         portGenerator.set(0);
@@ -327,6 +329,26 @@ public static void restoreContentType() {
         Requests.INDEX_CONTENT_TYPE = XContentType.JSON;
     }
 
+    @BeforeClass
+    public static void ensureSupportedLocale() {
+        if (isUnusableLocale()) {
+            // See: https://github.com/bcgit/bc-java/issues/405
+            Logger logger = LogManager.getLogger(ESTestCase.class);
+            logger.warn("Attempting to run tests in an unusable locale in a FIPS JVM. Certificate expiration validation will fail, " +
+                "switching to English");
+            restoreLocale = Locale.getDefault();
+            Locale.setDefault(Locale.ENGLISH);
+        }
+    }
+
+    @AfterClass
+    public static void restoreLocale() {
+        if (restoreLocale != null) {
+            Locale.setDefault(restoreLocale);
+            restoreLocale = null;
+        }
+    }
+
     @Before
     public final void before()  {
         logger.info("{}before test", getTestParamsForLogging());
@@ -1419,6 +1441,12 @@ public TestAnalysis(IndexAnalyzers indexAnalyzers,
         }
     }
 
+    private static boolean isUnusableLocale() {
+        return inFipsJvm() && (Locale.getDefault().toLanguageTag().equals("th-TH")
+            || Locale.getDefault().toLanguageTag().equals("ja-JP-u-ca-japanese-x-lvariant-JP")
+            || Locale.getDefault().toLanguageTag().equals("th-TH-u-nu-thai-x-lvariant-TH"));
+    }
+
     public static boolean inFipsJvm() {
         return Security.getProviders()[0].getName().toLowerCase(Locale.ROOT).contains("fips");
     }

diff --git a/...ugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java b/...ugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java
@@ -5,15 +5,11 @@
  */
 package org.elasticsearch.xpack.core.ssl;
 
-import org.apache.logging.log4j.Logger;
-import org.apache.logging.log4j.LogManager;
 import org.elasticsearch.test.ESTestCase;
 import org.hamcrest.Description;
 import org.hamcrest.TypeSafeMatcher;
-import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.Before;
-import org.junit.BeforeClass;
 
 import javax.net.ssl.X509ExtendedTrustManager;
 
@@ -32,7 +28,6 @@
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
-import java.util.Locale;
 import java.util.Map;
 import java.util.Objects;
 import java.util.regex.Pattern;
@@ -45,34 +40,6 @@ public class RestrictedTrustManagerTests extends ESTestCase {
     private int numberOfClusters;
     private int numberOfNodes;
 
-    private static Locale restoreLocale;
-
-    @BeforeClass
-    public static void ensureSupportedLocale() throws Exception {
-        Logger logger = LogManager.getLogger(RestrictedTrustManagerTests.class);
-        if (isUnusableLocale()) {
-            // See: https://github.com/elastic/elasticsearch/issues/33081
-            logger.warn("Attempting to run RestrictedTrustManagerTests tests in an unusable locale in a FIPS JVM. Certificate expiration " +
-                "validation will fail, switching to English");
-            restoreLocale = Locale.getDefault();
-            Locale.setDefault(Locale.ENGLISH);
-        }
-    }
-
-    private static boolean isUnusableLocale() {
-        return inFipsJvm() && (Locale.getDefault().toLanguageTag().equals("th-TH")
-            || Locale.getDefault().toLanguageTag().equals("ja-JP-u-ca-japanese-x-lvariant-JP")
-            || Locale.getDefault().toLanguageTag().equals("th-TH-u-nu-thai-x-lvariant-TH"));
-    }
-
-    @AfterClass
-    public static void restoreLocale() throws Exception {
-        if (restoreLocale != null) {
-            Locale.setDefault(restoreLocale);
-            restoreLocale = null;
-        }
-    }
-
     @Before
     public void readCertificates() throws GeneralSecurityException, IOException {