Use PEM files instead of a JKS for key material (#49625) (#49701)

jkakavas · web-flow · commit a59b7e07f15e · 2019-11-29T09:43:55.000+02:00
So that the tests can also run in a FIPS 140 JVM, where using a JKS keystore is not allowed. Resolves: #49261
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloaderTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloaderTests.java
@@ -509,16 +509,19 @@ void reloadSSLContext(SSLConfiguration configuration) {
     }
 
     private Settings.Builder baseKeystoreSettings(Path tempDir, MockSecureSettings secureSettings) throws IOException {
-        final Path keystorePath = tempDir.resolve("testclient.jks");
-        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), keystorePath);
+        final Path keyPath = tempDir.resolve("testclient.pem");
+        final Path certPath = tempDir.resolve("testclientcert.crt"); // testclient.crt filename already used in #testPEMTrustReloadException
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem"), keyPath);
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"), certPath);
 
         if (secureSettings == null) {
             secureSettings = new MockSecureSettings();
         }
-        secureSettings.setString("xpack.security.transport.ssl.keystore.secure_password", "testnode");
+        secureSettings.setString("xpack.security.transport.ssl.secure_key_passphrase", "testnode");
 
         return Settings.builder()
-            .put("xpack.security.transport.ssl.keystore.path", keystorePath.toString())
+            .put("xpack.security.transport.ssl.key", keyPath.toString())
+            .put("xpack.security.transport.ssl.certificate", certPath.toString())
             .setSecureSettings(secureSettings);
     }
 
