Disable specific locales for tests in fips mode (#38938)

* Disable specific locales for tests in fips mode

The Bouncy Castle FIPS provider that we use for running our tests
in fips mode has an issue with locale sensitive handling of Dates as
described in bcgit/bc-java#405

This causes certificate validation to fail if any given test that
includes some form of certificate validation happens to run in one
of the locales. This manifested earlier in #33081 which was
handled insufficiently in #33299

This change ensures that the problematic 3 locales

* th-TH
* ja-JP-u-ca-japanese-x-lvariant-JP
* th-TH-u-nu-thai-x-lvariant-TH

will not be used when running our tests in a FIPS 140 JVM. It also
reverts #33299

Author: jkakavas

test/framework/src/main/java/org/elasticsearch/test/ESTestCase.java

@@ -327,6 +327,16 @@ public static void restoreContentType() {
         Requests.INDEX_CONTENT_TYPE = XContentType.JSON;
     }
 
+    @BeforeClass
+    public static void ensureSupportedLocale() {
+        if (isUnusableLocale()) {
+            Logger logger = LogManager.getLogger(ESTestCase.class);
+            logger.warn("Attempting to run tests in an unusable locale in a FIPS JVM. Certificate expiration validation will fail, " +
+                "switching to English. See: https://github.com/bcgit/bc-java/issues/405");
+            Locale.setDefault(Locale.ENGLISH);
+        }
+    }
+
     @Before
     public final void before()  {
         logger.info("{}before test", getTestParamsForLogging());
@@ -1419,6 +1429,12 @@ public TestAnalysis(IndexAnalyzers indexAnalyzers,
         }
     }
 
+    private static boolean isUnusableLocale() {
+        return inFipsJvm() && (Locale.getDefault().toLanguageTag().equals("th-TH")
+            || Locale.getDefault().toLanguageTag().equals("ja-JP-u-ca-japanese-x-lvariant-JP")
+            || Locale.getDefault().toLanguageTag().equals("th-TH-u-nu-thai-x-lvariant-TH"));
+    }
+
     public static boolean inFipsJvm() {
         return Security.getProviders()[0].getName().toLowerCase(Locale.ROOT).contains("fips");
     }

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java

@@ -5,15 +5,11 @@
  */
 package org.elasticsearch.xpack.core.ssl;
 
-import org.apache.logging.log4j.Logger;
-import org.apache.logging.log4j.LogManager;
 import org.elasticsearch.test.ESTestCase;
 import org.hamcrest.Description;
 import org.hamcrest.TypeSafeMatcher;
-import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.Before;
-import org.junit.BeforeClass;
 
 import javax.net.ssl.X509ExtendedTrustManager;
 
@@ -32,7 +28,6 @@
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
-import java.util.Locale;
 import java.util.Map;
 import java.util.Objects;
 import java.util.regex.Pattern;
@@ -45,34 +40,6 @@ public class RestrictedTrustManagerTests extends ESTestCase {
     private int numberOfClusters;
     private int numberOfNodes;
 
-    private static Locale restoreLocale;
-
-    @BeforeClass
-    public static void ensureSupportedLocale() throws Exception {
-        Logger logger = LogManager.getLogger(RestrictedTrustManagerTests.class);
-        if (isUnusableLocale()) {
-            // See: https://github.com/elastic/elasticsearch/issues/33081
-            logger.warn("Attempting to run RestrictedTrustManagerTests tests in an unusable locale in a FIPS JVM. Certificate expiration " +
-                "validation will fail, switching to English");
-            restoreLocale = Locale.getDefault();
-            Locale.setDefault(Locale.ENGLISH);
-        }
-    }
-
-    private static boolean isUnusableLocale() {
-        return inFipsJvm() && (Locale.getDefault().toLanguageTag().equals("th-TH")
-            || Locale.getDefault().toLanguageTag().equals("ja-JP-u-ca-japanese-x-lvariant-JP")
-            || Locale.getDefault().toLanguageTag().equals("th-TH-u-nu-thai-x-lvariant-TH"));
-    }
-
-    @AfterClass
-    public static void restoreLocale() throws Exception {
-        if (restoreLocale != null) {
-            Locale.setDefault(restoreLocale);
-            restoreLocale = null;
-        }
-    }
-
     @Before
     public void readCertificates() throws GeneralSecurityException, IOException {
 

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlTestCase.java

@@ -53,7 +53,7 @@ private static boolean isTurkishLocale() {
     }
 
     @AfterClass
-    public static void restoreLocale() throws Exception {
+    public static void restoreLocale() {
         if (restoreLocale != null) {
             Locale.setDefault(restoreLocale);
             restoreLocale = null;

x-pack/qa/evil-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTestCase.java

@@ -98,7 +98,7 @@ public static void setupKerberos() throws Exception {
     }
 
     @AfterClass
-    public static void restoreLocale() throws Exception {
+    public static void restoreLocale() {
         if (restoreLocale != null) {
             Locale.setDefault(restoreLocale);
             restoreLocale = null;