Enable testing in FIPS140 JVM

client/rest/src/test/java/org/elasticsearch/client/RestClientBuilderIntegTests.java

@@ -107,6 +107,8 @@ private RestClient buildRestClient() {
     private static SSLContext getSslContext() throws Exception {
         SSLContext sslContext = SSLContext.getInstance("TLS");
         try (InputStream certFile = RestClientBuilderIntegTests.class.getResourceAsStream("/test.crt")) {
+            // Build a keystore of default type programmatically since we can't use JKS keystores to
+            // init a KeyManagerFactory in FIPS 140 JVMs.
             KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
             keyStore.load(null, "password".toCharArray());
             CertificateFactory certFactory = CertificateFactory.getInstance("X.509");

plugins/discovery-azure-classic/src/test/java/org/elasticsearch/discovery/azure/classic/AzureDiscoveryClusterFormationTests.java

@@ -40,6 +40,8 @@
 import org.elasticsearch.transport.TcpTransport;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.rules.ExternalResource;
 
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
@@ -87,6 +89,14 @@ protected Collection<Class<? extends Plugin>> nodePlugins() {
 
     private static Path keyStoreFile;
 
+    @ClassRule
+    public static final ExternalResource MUTE_IN_FIPS_JVM = new ExternalResource() {
+        @Override
+        protected void before() {
+            assumeFalse("Can't run in a FIPS JVM because none if the supported Keystore types can be used", inFipsJvm());
+        }
+    };
+
     @BeforeClass
     public static void setupKeyStore() throws IOException {
         Path tempDir = createTempDir();
@@ -99,9 +109,6 @@ public static void setupKeyStore() throws IOException {
 
     @Override
     protected Settings nodeSettings(int nodeOrdinal) {
-        if (inFipsJvm()) {
-            return Settings.EMPTY;
-        }
         Path resolve = logDir.resolve(Integer.toString(nodeOrdinal));
         try {
             Files.createDirectory(resolve);
@@ -137,9 +144,6 @@ protected Path nodeConfigPath(int nodeOrdinal) {
      */
     @BeforeClass
     public static void startHttpd() throws Exception {
-        if (inFipsJvm()) {
-            return;
-        }
         logDir = createTempDir();
         SSLContext sslContext = getSSLContext();
         httpsServer = MockHttpServer.createHttps(new InetSocketAddress(InetAddress.getLoopbackAddress().getHostAddress(), 0), 0);
@@ -265,9 +269,6 @@ private static SSLContext getSSLContext() throws Exception {
 
     @AfterClass
     public static void stopHttpd() throws IOException {
-        if (inFipsJvm()) {
-            return;
-        }
         for (int i = 0; i < internalCluster().size(); i++) {
             // shut them all down otherwise we get spammed with connection refused exceptions
             internalCluster().stopRandomDataNode();
@@ -278,7 +279,6 @@ public static void stopHttpd() throws IOException {
     }
 
     public void testJoin() throws ExecutionException, InterruptedException {
-        assumeFalse("Can't run in a FIPS JVM because none if the supported Keystore types can be used", inFipsJvm());
         // only wait for the cluster to form
         ensureClusterSizeConsistency();
         // add one more node and wait for it to join

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloaderTests.java

@@ -449,7 +449,6 @@ private void validateSSLConfigurationIsReloaded(Settings settings, Environment e
             @Override
             void reloadSSLContext(SSLConfiguration configuration) {
                 super.reloadSSLContext(configuration);
-                reloadLatch.countDown();
             }
         };
         // Baseline checks