Skip to content

Add tests for errors thrown by Security Providers#67259

Merged
jkakavas merged 7 commits intoelastic:masterfrom
jkakavas:hasher-tests
Jan 14, 2021
Merged

Add tests for errors thrown by Security Providers#67259
jkakavas merged 7 commits intoelastic:masterfrom
jkakavas:hasher-tests

Conversation

@jkakavas
Copy link
Copy Markdown
Contributor

@jkakavas jkakavas commented Jan 11, 2021

We handled the exceptions thrown by Security Providers in the case
of short encryption keys in #65464 and this commit adds a couple
of tests to validate that the appropriate exceptions are thrown
when encryption keys derived from short passwords are in use, in
FIPS 140-2 mode.

@jkakavas
Add tests for errors thrown by Security Providers
489b342 
We handled the exceptions thrown by Security Providers in the case
of short encryption keys in elastic#65464 and this commit adds a couple
of tests to validate that the appropriate exceptions are thrown
when encryption keys derived from short passwords are in use, in
FIPS 140-2 mode.
@jkakavas
unused import
72c97e3
@jkakavas jkakavas added >test Issues or PRs that are addressing/adding tests v8.0.0 v7.11.1 :Security/FIPS Running ES in FIPS 140-2 mode labels Jan 11, 2021
@jkakavas jkakavas requested a review from BigPandaToo January 11, 2021 15:38
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Jan 11, 2021
@elasticmachine
Copy link
Copy Markdown
Collaborator

elasticmachine commented Jan 11, 2021

Pinging @elastic/es-security (Team:Security)

BigPandaToo
BigPandaToo reviewed Jan 11, 2021
View reviewed changes
...tools/keystore-cli/src/test/java/org/elasticsearch/common/settings/KeyStoreWrapperTests.java
public void testDecryptKeyStoreWithShortPasswordInFips() throws Exception {
assumeTrue("This should run only in FIPS mode", inFipsJvm());
KeyStoreWrapper keystore = KeyStoreWrapper.create();
keystore.save(env.configFile(), "alongenoughpassword".toCharArray());
Copy link
Copy Markdown
Contributor

@BigPandaToo BigPandaToo Jan 11, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SHould we add the save when trying to save keystore with a short pwd?

Copy link
Copy Markdown
Contributor Author

@jkakavas jkakavas Jan 11, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These both use the same code ( KeystoreWrapper#createCipher ) so I considered coverage sufficient. No objections to add one more test if you think it's useful though

Copy link
Copy Markdown
Contributor

@BigPandaToo BigPandaToo Jan 11, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Leaving it up to you.
LGTM otherwise

@jkakavas
Copy link
Copy Markdown
Contributor Author

jkakavas commented Jan 13, 2021

@elasticmachine update branch

@jkakavas
Copy link
Copy Markdown
Contributor Author

jkakavas commented Jan 14, 2021

@elasticmachine update branch

@jkakavas jkakavas merged commit a37122d into elastic:master Jan 14, 2021
@jkakavas jkakavas mentioned this pull request Jan 15, 2021
Merged
jkakavas added a commit to jkakavas/elasticsearch that referenced this pull request Jan 15, 2021
@jkakavas
Add tests for errors thrown by Security Providers (elastic#67259)
e2f933f 
We handled the exceptions thrown by Security Providers in the case
of short encryption keys in elastic#65464 and this commit adds a couple
of tests to validate that the appropriate exceptions are thrown
when encryption keys derived from short passwords are in use, in
FIPS 140-2 mode.
@jkakavas jkakavas mentioned this pull request Jan 15, 2021
Merged
jkakavas added a commit to jkakavas/elasticsearch that referenced this pull request Jan 15, 2021
@jkakavas
Add tests for errors thrown by Security Providers (elastic#67259)
7b9e0b0 
We handled the exceptions thrown by Security Providers in the case
of short encryption keys in elastic#65464 and this commit adds a couple
of tests to validate that the appropriate exceptions are thrown
when encryption keys derived from short passwords are in use, in
FIPS 140-2 mode.
jkakavas added a commit that referenced this pull request Jan 15, 2021
@jkakavas
Add tests for errors thrown by Security Providers (#67259) (#67557)
f92e5d4 
We handled the exceptions thrown by Security Providers in the case
of short encryption keys in #65464 and this commit adds a couple
of tests to validate that the appropriate exceptions are thrown
when encryption keys derived from short passwords are in use, in
FIPS 140-2 mode.
jkakavas added a commit that referenced this pull request Jan 15, 2021
@jkakavas
Add tests for errors thrown by Security Providers (#67259) (#67556)
dac72db 
We handled the exceptions thrown by Security Providers in the case
of short encryption keys in #65464 and this commit adds a couple
of tests to validate that the appropriate exceptions are thrown
when encryption keys derived from short passwords are in use, in
FIPS 140-2 mode.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@BigPandaToo BigPandaToo BigPandaToo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

:Security/FIPS Running ES in FIPS 140-2 mode Team:Security Meta label for security team >test Issues or PRs that are addressing/adding tests v7.11.1 v8.0.0-alpha1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jkakavas @elasticmachine @BigPandaToo @jakelandis