[Kerberos] Use canonical host name (#32588)

The Apache Http components support for Spnego scheme
uses canonical name by default.
Also when resolving host name, on centos by default
there are other aliases so adding them to the
DelegationPermission.

Closes#32498

Author: bizybot

x-pack/qa/kerberos-tests/build.gradle

@@ -41,7 +41,7 @@ Object httpPrincipal = new Object() {
     @Override
     String toString() {
         InetAddress resolvedAddress = InetAddress.getByName('127.0.0.1')
-        return "HTTP/" + resolvedAddress.getHostName()
+        return "HTTP/" + resolvedAddress.getCanonicalHostName()
     }
 }
 

x-pack/qa/kerberos-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosAuthenticationIT.java

@@ -112,7 +112,7 @@ public void testSoDoesNotFailWithNoTests() {
     protected HttpHost buildHttpHost(String host, int port) {
         try {
             InetAddress inetAddress = InetAddress.getByName(host);
-            return super.buildHttpHost(inetAddress.getHostName(), port);
+            return super.buildHttpHost(inetAddress.getCanonicalHostName(), port);
         } catch (UnknownHostException e) {
             assumeNoException("failed to resolve host [" + host + "]", e);
         }

x-pack/qa/kerberos-tests/src/test/resources/plugin-security.policy

@@ -1,4 +1,7 @@
 grant {
   permission javax.security.auth.AuthPermission "doAsPrivileged";
   permission javax.security.auth.kerberos.DelegationPermission "\"HTTP/[email protected]\" \"krbtgt/[email protected]\"";
+  permission javax.security.auth.kerberos.DelegationPermission "\"HTTP/[email protected]\" \"krbtgt/[email protected]\"";
+  permission javax.security.auth.kerberos.DelegationPermission "\"HTTP/[email protected]\" \"krbtgt/[email protected]\"";
+  permission javax.security.auth.kerberos.DelegationPermission "\"HTTP/[email protected]\" \"krbtgt/[email protected]\"";
 };