diff --git a/libs/core/src/main/java/org/elasticsearch/jdk/JarHell.java b/libs/core/src/main/java/org/elasticsearch/jdk/JarHell.java index f3eddbbfd5568..3f0aabcea199c 100644 --- a/libs/core/src/main/java/org/elasticsearch/jdk/JarHell.java +++ b/libs/core/src/main/java/org/elasticsearch/jdk/JarHell.java @@ -12,6 +12,7 @@ import org.elasticsearch.core.SuppressForbidden; import java.io.IOException; +import java.lang.Runtime.Version; import java.net.MalformedURLException; import java.net.URISyntaxException; import java.net.URL; @@ -224,39 +225,19 @@ private static void checkManifest(Manifest manifest, Path jar) { // give a nice error if jar requires a newer java version String targetVersion = manifest.getMainAttributes().getValue("X-Compile-Target-JDK"); if (targetVersion != null) { - checkVersionFormat(targetVersion); checkJavaVersion(jar.toString(), targetVersion); } } - public static void checkVersionFormat(String targetVersion) { - if (JavaVersion.isValid(targetVersion) == false) { - throw new IllegalStateException( - String.format( - Locale.ROOT, - "version string must be a sequence of nonnegative decimal integers separated by \".\"'s and may have " - + "leading zeros but was %s", - targetVersion - ) - ); - } - } - /** * Checks that the java specification version {@code targetVersion} * required by {@code resource} is compatible with the current installation. */ public static void checkJavaVersion(String resource, String targetVersion) { - JavaVersion version = JavaVersion.parse(targetVersion); - if (JavaVersion.current().compareTo(version) < 0) { + Version version = Version.parse(targetVersion); + if (Runtime.version().compareTo(version) < 0) { throw new IllegalStateException( - String.format( - Locale.ROOT, - "%s requires Java %s:, your system: %s", - resource, - targetVersion, - JavaVersion.current().toString() - ) + String.format(Locale.ROOT, "%s requires Java %s:, your system: %s", resource, targetVersion, Runtime.version().toString()) ); } } diff --git a/libs/core/src/main/java/org/elasticsearch/jdk/JavaVersion.java b/libs/core/src/main/java/org/elasticsearch/jdk/JavaVersion.java deleted file mode 100644 index 6c0de1c320dbc..0000000000000 --- a/libs/core/src/main/java/org/elasticsearch/jdk/JavaVersion.java +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0 and the Server Side Public License, v 1; you may not use this file except - * in compliance with, at your election, the Elastic License 2.0 or the Server - * Side Public License, v 1. - */ - -package org.elasticsearch.jdk; - -import java.math.BigInteger; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; -import java.util.Objects; -import java.util.stream.Collectors; - -public class JavaVersion implements Comparable { - - private final List version; - private final String prePart; - - public List getVersion() { - return version; - } - - private JavaVersion(List version, String prePart) { - this.prePart = prePart; - if (version.size() >= 2 && version.get(0) == 1 && version.get(1) == 8) { - // for Java 8 there is ambiguity since both 1.8 and 8 are supported, - // so we rewrite the former to the latter - version = new ArrayList<>(version.subList(1, version.size())); - } - this.version = Collections.unmodifiableList(version); - } - - /** - * Parses the Java version as it can be retrieved as the value of java.version or - * java.specification.version according to JEP 223. - * - * @param value The version String - */ - public static JavaVersion parse(String value) { - Objects.requireNonNull(value); - String prePart = null; - if (isValid(value) == false) { - throw new IllegalArgumentException("Java version string [" + value + "] could not be parsed."); - } - List version = new ArrayList<>(); - String[] parts = value.split("-"); - String[] numericComponents; - if (parts.length == 1) { - numericComponents = value.split("\\."); - } else if (parts.length == 2) { - numericComponents = parts[0].split("\\."); - prePart = parts[1]; - } else { - throw new IllegalArgumentException("Java version string [" + value + "] could not be parsed."); - } - - for (String component : numericComponents) { - version.add(Integer.valueOf(component)); - } - return new JavaVersion(version, prePart); - } - - public static boolean isValid(String value) { - return value.matches("^0*[0-9]+(\\.[0-9]+)*(-[a-zA-Z0-9]+)?$"); - } - - private static final JavaVersion CURRENT = parse(System.getProperty("java.specification.version")); - - public static JavaVersion current() { - return CURRENT; - } - - @Override - public int compareTo(JavaVersion o) { - int len = Math.max(version.size(), o.version.size()); - for (int i = 0; i < len; i++) { - int d = (i < version.size() ? version.get(i) : 0); - int s = (i < o.version.size() ? o.version.get(i) : 0); - if (s < d) return 1; - if (s > d) return -1; - } - if (prePart != null && o.prePart == null) { - return -1; - } else if (prePart == null && o.prePart != null) { - return 1; - } else if (prePart != null && o.prePart != null) { - return comparePrePart(prePart, o.prePart); - } - return 0; - } - - private int comparePrePart(String leftPrePart, String rightPrePart) { - if (leftPrePart.matches("\\d+")) { - return rightPrePart.matches("\\d+") ? (new BigInteger(leftPrePart)).compareTo(new BigInteger(rightPrePart)) : -1; - } else { - return rightPrePart.matches("\\d+") ? 1 : leftPrePart.compareTo(rightPrePart); - } - } - - @Override - public boolean equals(Object o) { - if (o == null || o.getClass() != getClass()) { - return false; - } - return compareTo((JavaVersion) o) == 0; - } - - @Override - public int hashCode() { - return version.hashCode(); - } - - @Override - public String toString() { - final String versionString = version.stream().map(v -> Integer.toString(v)).collect(Collectors.joining(".")); - return prePart != null ? versionString + "-" + prePart : versionString; - } -} diff --git a/libs/core/src/test/java/org/elasticsearch/jdk/JarHellTests.java b/libs/core/src/test/java/org/elasticsearch/jdk/JarHellTests.java index db82ded6fb6cc..1806fb7b37295 100644 --- a/libs/core/src/test/java/org/elasticsearch/jdk/JarHellTests.java +++ b/libs/core/src/test/java/org/elasticsearch/jdk/JarHellTests.java @@ -13,6 +13,7 @@ import org.elasticsearch.test.ESTestCase; import java.io.IOException; +import java.lang.Runtime.Version; import java.net.URL; import java.nio.file.Files; import java.nio.file.Path; @@ -27,6 +28,9 @@ import java.util.zip.ZipEntry; import java.util.zip.ZipOutputStream; +import static org.hamcrest.Matchers.containsString; +import static org.hamcrest.Matchers.equalTo; + public class JarHellTests extends ESTestCase { URL makeJar(Path dir, String name, Manifest manifest, String... files) throws IOException { @@ -132,25 +136,21 @@ public void testXmlBeansLeniency() throws Exception { public void testRequiredJDKVersionTooOld() throws Exception { Path dir = createTempDir(); - List current = JavaVersion.current().getVersion(); + List current = Runtime.version().version(); List target = new ArrayList<>(current.size()); for (int i = 0; i < current.size(); i++) { target.add(current.get(i) + 1); } - JavaVersion targetVersion = JavaVersion.parse(Strings.collectionToDelimitedString(target, ".")); + Version targetVersion = Version.parse(Strings.collectionToDelimitedString(target, ".")); Manifest manifest = new Manifest(); Attributes attributes = manifest.getMainAttributes(); attributes.put(Attributes.Name.MANIFEST_VERSION, "1.0.0"); attributes.put(new Attributes.Name("X-Compile-Target-JDK"), targetVersion.toString()); Set jars = Collections.singleton(makeJar(dir, "foo.jar", manifest, "Foo.class")); - try { - JarHell.checkJarHell(jars, logger::debug); - fail("did not get expected exception"); - } catch (IllegalStateException e) { - assertTrue(e.getMessage().contains("requires Java " + targetVersion.toString())); - assertTrue(e.getMessage().contains("your system: " + JavaVersion.current().toString())); - } + var e = expectThrows(IllegalStateException.class, () -> JarHell.checkJarHell(jars, logger::debug)); + assertThat(e.getMessage(), containsString("requires Java " + targetVersion)); + assertThat(e.getMessage(), containsString("your system: " + Runtime.version().toString())); } public void testBadJDKVersionInJar() throws Exception { @@ -160,18 +160,8 @@ public void testBadJDKVersionInJar() throws Exception { attributes.put(Attributes.Name.MANIFEST_VERSION, "1.0.0"); attributes.put(new Attributes.Name("X-Compile-Target-JDK"), "bogus"); Set jars = Collections.singleton(makeJar(dir, "foo.jar", manifest, "Foo.class")); - try { - JarHell.checkJarHell(jars, logger::debug); - fail("did not get expected exception"); - } catch (IllegalStateException e) { - assertTrue( - e.getMessage() - .equals( - "version string must be a sequence of nonnegative decimal integers separated " - + "by \".\"'s and may have leading zeros but was bogus" - ) - ); - } + var e = expectThrows(IllegalArgumentException.class, () -> JarHell.checkJarHell(jars, logger::debug)); + assertThat(e.getMessage(), equalTo("Invalid version string: 'bogus'")); } public void testRequiredJDKVersionIsOK() throws Exception { @@ -184,24 +174,10 @@ public void testRequiredJDKVersionIsOK() throws Exception { JarHell.checkJarHell(jars, logger::debug); } - public void testValidVersions() { - String[] versions = new String[] { "1.7", "1.7.0", "0.1.7", "1.7.0.80" }; - for (String version : versions) { - try { - JarHell.checkVersionFormat(version); - } catch (IllegalStateException e) { - fail(version + " should be accepted as a valid version format"); - } - } - } - public void testInvalidVersions() { String[] versions = new String[] { "", "1.7.0_80", "1.7." }; for (String version : versions) { - try { - JarHell.checkVersionFormat(version); - fail("\"" + version + "\"" + " should be rejected as an invalid version format"); - } catch (IllegalStateException e) {} + expectThrows(IllegalArgumentException.class, () -> JarHell.checkJavaVersion("foo", version)); } } diff --git a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslConfigurationLoader.java b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslConfigurationLoader.java index 0bed81106c67b..b81b036605f81 100644 --- a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslConfigurationLoader.java +++ b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslConfigurationLoader.java @@ -8,8 +8,6 @@ package org.elasticsearch.common.ssl; -import org.elasticsearch.jdk.JavaVersion; - import java.nio.file.Path; import java.security.KeyStore; import java.util.Arrays; @@ -66,48 +64,6 @@ public abstract class SslConfigurationLoader { : Arrays.asList("TLSv1.2", "TLSv1.1") ); - private static final List JDK11_CIPHERS = List.of( - // TLSv1.3 cipher has PFS, AEAD, hardware support - "TLS_AES_256_GCM_SHA384", - "TLS_AES_128_GCM_SHA256", - - // PFS, AEAD, hardware support - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - - // PFS, AEAD, hardware support - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - - // PFS, hardware support - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", - - // PFS, hardware support - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", - - // PFS, hardware support - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", - - // PFS, hardware support - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", - - // AEAD, hardware support - "TLS_RSA_WITH_AES_256_GCM_SHA384", - "TLS_RSA_WITH_AES_128_GCM_SHA256", - - // hardware support - "TLS_RSA_WITH_AES_256_CBC_SHA256", - "TLS_RSA_WITH_AES_128_CBC_SHA256", - - // hardware support - "TLS_RSA_WITH_AES_256_CBC_SHA", - "TLS_RSA_WITH_AES_128_CBC_SHA" - ); - private static final List JDK12_CIPHERS = List.of( // TLSv1.3 cipher has PFS, AEAD, hardware support "TLS_AES_256_GCM_SHA384", @@ -157,9 +113,7 @@ public abstract class SslConfigurationLoader { "TLS_RSA_WITH_AES_128_CBC_SHA" ); - static final List DEFAULT_CIPHERS = JavaVersion.current().compareTo(JavaVersion.parse("12")) > -1 - ? JDK12_CIPHERS - : JDK11_CIPHERS; + static final List DEFAULT_CIPHERS = JDK12_CIPHERS; private static final char[] EMPTY_PASSWORD = new char[0]; private final String settingPrefix; diff --git a/libs/ssl-config/src/test/java/org/elasticsearch/common/ssl/SslConfigurationLoaderTests.java b/libs/ssl-config/src/test/java/org/elasticsearch/common/ssl/SslConfigurationLoaderTests.java index 5c2f24acd42ba..bf5f3d0696cbc 100644 --- a/libs/ssl-config/src/test/java/org/elasticsearch/common/ssl/SslConfigurationLoaderTests.java +++ b/libs/ssl-config/src/test/java/org/elasticsearch/common/ssl/SslConfigurationLoaderTests.java @@ -11,7 +11,6 @@ import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.test.ESTestCase; import java.nio.file.Path; @@ -27,7 +26,6 @@ import static org.hamcrest.Matchers.hasItem; import static org.hamcrest.Matchers.instanceOf; import static org.hamcrest.Matchers.is; -import static org.hamcrest.Matchers.not; import static org.hamcrest.Matchers.notNullValue; public class SslConfigurationLoaderTests extends ESTestCase { @@ -223,16 +221,8 @@ public void testLoadKeysFromJKS() { } public void testChaCha20InCiphersOnJdk12Plus() { - assumeTrue("Test is only valid on JDK 12+ JVM", JavaVersion.current().compareTo(JavaVersion.parse("12")) > -1); assertThat(SslConfigurationLoader.DEFAULT_CIPHERS, hasItem("TLS_CHACHA20_POLY1305_SHA256")); assertThat(SslConfigurationLoader.DEFAULT_CIPHERS, hasItem("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256")); assertThat(SslConfigurationLoader.DEFAULT_CIPHERS, hasItem("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256")); } - - public void testChaCha20NotInCiphersOnPreJdk12() { - assumeTrue("Test is only valid on pre JDK 12 JVM", JavaVersion.current().compareTo(JavaVersion.parse("12")) < 0); - assertThat(SslConfigurationLoader.DEFAULT_CIPHERS, not(hasItem("TLS_CHACHA20_POLY1305_SHA256"))); - assertThat(SslConfigurationLoader.DEFAULT_CIPHERS, not(hasItem("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"))); - assertThat(SslConfigurationLoader.DEFAULT_CIPHERS, not(hasItem("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"))); - } } diff --git a/modules/lang-painless/src/test/java/org/elasticsearch/painless/ArrayTests.java b/modules/lang-painless/src/test/java/org/elasticsearch/painless/ArrayTests.java index 004a0f0bd99b3..4a93a4dc68669 100644 --- a/modules/lang-painless/src/test/java/org/elasticsearch/painless/ArrayTests.java +++ b/modules/lang-painless/src/test/java/org/elasticsearch/painless/ArrayTests.java @@ -9,7 +9,6 @@ package org.elasticsearch.painless; import org.apache.lucene.util.Constants; -import org.elasticsearch.jdk.JavaVersion; import org.hamcrest.Matcher; import java.lang.invoke.MethodHandle; @@ -31,11 +30,7 @@ protected String valueCtorCall(String valueType, int size) { @Override protected Matcher outOfBoundsExceptionMessageMatcher(int index, int size) { - if (JavaVersion.current().compareTo(JavaVersion.parse("11")) < 0) { - return equalTo(Integer.toString(index)); - } else { - return equalTo("Index " + Integer.toString(index) + " out of bounds for length " + Integer.toString(size)); - } + return equalTo("Index " + Integer.toString(index) + " out of bounds for length " + Integer.toString(size)); } public void testArrayLengthHelper() throws Throwable { diff --git a/modules/reindex/src/test/java/org/elasticsearch/reindex/ReindexRestClientSslTests.java b/modules/reindex/src/test/java/org/elasticsearch/reindex/ReindexRestClientSslTests.java index ab41e16f12beb..dc25fa2d2830f 100644 --- a/modules/reindex/src/test/java/org/elasticsearch/reindex/ReindexRestClientSslTests.java +++ b/modules/reindex/src/test/java/org/elasticsearch/reindex/ReindexRestClientSslTests.java @@ -26,7 +26,6 @@ import org.elasticsearch.env.Environment; import org.elasticsearch.env.TestEnvironment; import org.elasticsearch.index.reindex.RemoteInfo; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.mocksocket.MockHttpServer; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.watcher.ResourceWatcherService; @@ -95,7 +94,7 @@ public static void shutdownHttpServer() { } private static SSLContext buildServerSslContext() throws Exception { - final SSLContext sslContext = SSLContext.getInstance(isHttpsServerBrokenWithTLSv13() ? "TLSv1.2" : "TLS"); + final SSLContext sslContext = SSLContext.getInstance("TLS"); final char[] password = "http-password".toCharArray(); final Path cert = PathUtils.get(ReindexRestClientSslTests.class.getResource("http/http.crt").toURI()); @@ -116,9 +115,6 @@ public void testClientFailsWithUntrustedCertificate() throws IOException { assumeFalse("https://github.com/elastic/elasticsearch/issues/49094", inFipsJvm()); final List threads = new ArrayList<>(); final Settings.Builder builder = Settings.builder().put("path.home", createTempDir()); - if (isHttpsServerBrokenWithTLSv13()) { - builder.put("reindex.ssl.supported_protocols", "TLSv1.2"); - } final Settings settings = builder.build(); final Environment environment = TestEnvironment.newEnvironment(settings); final ReindexSslConfig ssl = new ReindexSslConfig(settings, environment, mock(ResourceWatcherService.class)); @@ -133,9 +129,6 @@ public void testClientSucceedsWithCertificateAuthorities() throws IOException { final Settings.Builder builder = Settings.builder() .put("path.home", createTempDir()) .putList("reindex.ssl.certificate_authorities", ca.toString()); - if (isHttpsServerBrokenWithTLSv13()) { - builder.put("reindex.ssl.supported_protocols", "TLSv1.2"); - } final Settings settings = builder.build(); final Environment environment = TestEnvironment.newEnvironment(settings); final ReindexSslConfig ssl = new ReindexSslConfig(settings, environment, mock(ResourceWatcherService.class)); @@ -149,9 +142,6 @@ public void testClientSucceedsWithVerificationDisabled() throws IOException { assumeFalse("Cannot disable verification in FIPS JVM", inFipsJvm()); final List threads = new ArrayList<>(); final Settings.Builder builder = Settings.builder().put("path.home", createTempDir()).put("reindex.ssl.verification_mode", "NONE"); - if (isHttpsServerBrokenWithTLSv13()) { - builder.put("reindex.ssl.supported_protocols", "TLSv1.2"); - } final Settings settings = builder.build(); final Environment environment = TestEnvironment.newEnvironment(settings); final ReindexSslConfig ssl = new ReindexSslConfig(settings, environment, mock(ResourceWatcherService.class)); @@ -172,9 +162,6 @@ public void testClientPassesClientCertificate() throws IOException { .put("reindex.ssl.certificate", cert) .put("reindex.ssl.key", key) .put("reindex.ssl.key_passphrase", "client-password"); - if (isHttpsServerBrokenWithTLSv13()) { - builder.put("reindex.ssl.supported_protocols", "TLSv1.2"); - } final Settings settings = builder.build(); AtomicReference clientCertificates = new AtomicReference<>(); handler = https -> { @@ -226,12 +213,4 @@ public void configure(HttpsParameters params) { params.setWantClientAuth(true); } } - - /** - * Checks whether the JVM this test is run under is affected by JDK-8254967, which causes these - * tests to fail if a TLSv1.3 SSLContext is used. - */ - private static boolean isHttpsServerBrokenWithTLSv13() { - return JavaVersion.current().compareTo(JavaVersion.parse("16.0.0")) < 0; - } } diff --git a/modules/transport-netty4/src/test/java/org/elasticsearch/transport/netty4/SimpleNetty4TransportTests.java b/modules/transport-netty4/src/test/java/org/elasticsearch/transport/netty4/SimpleNetty4TransportTests.java index 23ab2f54543bd..53ea7f33299c3 100644 --- a/modules/transport-netty4/src/test/java/org/elasticsearch/transport/netty4/SimpleNetty4TransportTests.java +++ b/modules/transport-netty4/src/test/java/org/elasticsearch/transport/netty4/SimpleNetty4TransportTests.java @@ -20,7 +20,6 @@ import org.elasticsearch.core.internal.io.IOUtils; import org.elasticsearch.core.internal.net.NetUtils; import org.elasticsearch.indices.breaker.NoneCircuitBreakerService; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.test.transport.MockTransportService; import org.elasticsearch.test.transport.StubbableTransport; import org.elasticsearch.transport.AbstractSimpleTransportTestCase; @@ -96,10 +95,7 @@ public void testConnectException() throws UnknownHostException { } public void testDefaultKeepAliveSettings() throws IOException { - assumeTrue( - "setting default keepalive options not supported on this platform", - (IOUtils.LINUX || IOUtils.MAC_OS_X) && JavaVersion.current().compareTo(JavaVersion.parse("11")) >= 0 - ); + assumeTrue("setting default keepalive options not supported on this platform", (IOUtils.LINUX || IOUtils.MAC_OS_X)); try ( MockTransportService serviceC = buildService("TS_C", Version.CURRENT, Settings.EMPTY); MockTransportService serviceD = buildService("TS_D", Version.CURRENT, Settings.EMPTY) diff --git a/plugins/discovery-azure-classic/src/internalClusterTest/java/org/elasticsearch/discovery/azure/classic/AzureDiscoveryClusterFormationTests.java b/plugins/discovery-azure-classic/src/internalClusterTest/java/org/elasticsearch/discovery/azure/classic/AzureDiscoveryClusterFormationTests.java index 2588b6f06bf1e..1b72da1313003 100644 --- a/plugins/discovery-azure-classic/src/internalClusterTest/java/org/elasticsearch/discovery/azure/classic/AzureDiscoveryClusterFormationTests.java +++ b/plugins/discovery-azure-classic/src/internalClusterTest/java/org/elasticsearch/discovery/azure/classic/AzureDiscoveryClusterFormationTests.java @@ -22,7 +22,6 @@ import org.elasticsearch.core.SuppressForbidden; import org.elasticsearch.discovery.DiscoveryModule; import org.elasticsearch.env.Environment; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.mocksocket.MockHttpServer; import org.elasticsearch.node.Node; import org.elasticsearch.plugin.discovery.azure.classic.AzureDiscoveryPlugin; @@ -43,9 +42,7 @@ import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; -import java.security.AccessController; import java.security.KeyStore; -import java.security.PrivilegedAction; import java.util.Arrays; import java.util.Collection; import java.util.Collections; @@ -258,29 +255,11 @@ private static SSLContext getSSLContext() throws Exception { kmf.init(ks, passphrase); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(ks); - SSLContext ssl = SSLContext.getInstance(getProtocol()); + SSLContext ssl = SSLContext.getInstance("TLS"); ssl.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); return ssl; } - /** - * The {@link HttpsServer} in the JDK has issues with TLSv1.3 when running in a JDK prior to - * 12.0.1 so we pin to TLSv1.2 when running on an earlier JDK - */ - private static String getProtocol() { - if (JavaVersion.current().compareTo(JavaVersion.parse("12")) < 0) { - return "TLSv1.2"; - } else { - JavaVersion full = AccessController.doPrivileged( - (PrivilegedAction) () -> JavaVersion.parse(System.getProperty("java.version")) - ); - if (full.compareTo(JavaVersion.parse("12.0.1")) < 0) { - return "TLSv1.2"; - } - } - return "TLS"; - } - @AfterClass public static void stopHttpd() throws IOException { try { diff --git a/plugins/ingest-attachment/src/main/java/org/elasticsearch/ingest/attachment/TikaImpl.java b/plugins/ingest-attachment/src/main/java/org/elasticsearch/ingest/attachment/TikaImpl.java index 4fe5e568d12a8..a9530cf8c5b62 100644 --- a/plugins/ingest-attachment/src/main/java/org/elasticsearch/ingest/attachment/TikaImpl.java +++ b/plugins/ingest-attachment/src/main/java/org/elasticsearch/ingest/attachment/TikaImpl.java @@ -20,7 +20,6 @@ import org.elasticsearch.core.PathUtils; import org.elasticsearch.core.SuppressForbidden; import org.elasticsearch.jdk.JarHell; -import org.elasticsearch.jdk.JavaVersion; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -157,14 +156,6 @@ static PermissionCollection getRestrictedPermissions() { perms.add(new RuntimePermission("accessClassInPackage.sun.java2d.cmm.kcms")); // xmlbeans, use by POI, needs to get the context classloader perms.add(new RuntimePermission("getClassLoader")); - // ZipFile needs accessDeclaredMembers on JDK 10; cf. https://bugs.openjdk.java.net/browse/JDK-8187485 - if (JavaVersion.current().compareTo(JavaVersion.parse("10")) >= 0) { - if (JavaVersion.current().compareTo(JavaVersion.parse("11")) < 0) { - // TODO remove this and from plugin-security.policy when JDK 11 is the only one we support - // this is needed pre 11, but it's fixed in 11 : https://bugs.openjdk.java.net/browse/JDK-8187485 - perms.add(new RuntimePermission("accessDeclaredMembers")); - } - } perms.setReadOnly(); return perms; } diff --git a/plugins/repository-hdfs/src/test/java/org/elasticsearch/repositories/hdfs/HdfsTests.java b/plugins/repository-hdfs/src/test/java/org/elasticsearch/repositories/hdfs/HdfsTests.java index 7b557ecaa45c6..f85ae51d5417d 100644 --- a/plugins/repository-hdfs/src/test/java/org/elasticsearch/repositories/hdfs/HdfsTests.java +++ b/plugins/repository-hdfs/src/test/java/org/elasticsearch/repositories/hdfs/HdfsTests.java @@ -15,7 +15,6 @@ import org.elasticsearch.client.internal.Client; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.repositories.RepositoriesService; import org.elasticsearch.repositories.RepositoryException; @@ -38,7 +37,6 @@ protected Collection> getPlugins() { } public void testSimpleWorkflow() { - assumeFalse("https://github.com/elastic/elasticsearch/issues/31498", JavaVersion.current().equals(JavaVersion.parse("11"))); Client client = client(); AcknowledgedResponse putRepositoryResponse = client.admin() diff --git a/plugins/transport-nio/src/test/java/org/elasticsearch/transport/nio/SimpleNioTransportTests.java b/plugins/transport-nio/src/test/java/org/elasticsearch/transport/nio/SimpleNioTransportTests.java index 6c15e36f5047d..39356429e7e60 100644 --- a/plugins/transport-nio/src/test/java/org/elasticsearch/transport/nio/SimpleNioTransportTests.java +++ b/plugins/transport-nio/src/test/java/org/elasticsearch/transport/nio/SimpleNioTransportTests.java @@ -20,7 +20,6 @@ import org.elasticsearch.core.internal.io.IOUtils; import org.elasticsearch.core.internal.net.NetUtils; import org.elasticsearch.indices.breaker.NoneCircuitBreakerService; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.test.transport.MockTransportService; import org.elasticsearch.test.transport.StubbableTransport; import org.elasticsearch.transport.AbstractSimpleTransportTestCase; @@ -99,10 +98,7 @@ public void testConnectException() throws UnknownHostException { } public void testDefaultKeepAliveSettings() throws IOException { - assumeTrue( - "setting default keepalive options not supported on this platform", - (IOUtils.LINUX || IOUtils.MAC_OS_X) && JavaVersion.current().compareTo(JavaVersion.parse("11")) >= 0 - ); + assumeTrue("setting default keepalive options not supported on this platform", (IOUtils.LINUX || IOUtils.MAC_OS_X)); try ( MockTransportService serviceC = buildService("TS_C", Version.CURRENT, Settings.EMPTY); MockTransportService serviceD = buildService("TS_D", Version.CURRENT, Settings.EMPTY); diff --git a/server/src/internalClusterTest/java/org/elasticsearch/search/aggregations/bucket/DateHistogramIT.java b/server/src/internalClusterTest/java/org/elasticsearch/search/aggregations/bucket/DateHistogramIT.java index 145f2c18ed666..9e12cd129bdb2 100644 --- a/server/src/internalClusterTest/java/org/elasticsearch/search/aggregations/bucket/DateHistogramIT.java +++ b/server/src/internalClusterTest/java/org/elasticsearch/search/aggregations/bucket/DateHistogramIT.java @@ -19,7 +19,6 @@ import org.elasticsearch.index.mapper.DateFieldMapper; import org.elasticsearch.index.query.MatchNoneQueryBuilder; import org.elasticsearch.index.query.QueryBuilders; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.script.Script; import org.elasticsearch.script.ScriptType; @@ -356,9 +355,6 @@ public void testSingleValued_timeZone_epoch() throws Exception { ZonedDateTime expectedKey = keyIterator.next(); String bucketKey = bucket.getKeyAsString(); String expectedBucketName = Long.toString(expectedKey.toInstant().toEpochMilli() / millisDivider); - if (JavaVersion.current().getVersion().get(0) == 8 && bucket.getKeyAsString().endsWith(".0")) { - expectedBucketName = expectedBucketName + ".0"; - } assertThat(bucketKey, equalTo(expectedBucketName)); assertThat(((ZonedDateTime) bucket.getKey()), equalTo(expectedKey)); assertThat(bucket.getDocCount(), equalTo(1L)); @@ -1462,11 +1458,7 @@ public void testRewriteTimeZone_EpochMillisFormat() throws InterruptedException, assertSearchResponse(response); Histogram histo = response.getAggregations().get("histo"); assertThat(histo.getBuckets().size(), equalTo(1)); - if (JavaVersion.current().getVersion().get(0) == 8 && histo.getBuckets().get(0).getKeyAsString().endsWith(".0")) { - assertThat(histo.getBuckets().get(0).getKeyAsString(), equalTo("1477954800000.0")); - } else { - assertThat(histo.getBuckets().get(0).getKeyAsString(), equalTo("1477954800000")); - } + assertThat(histo.getBuckets().get(0).getKeyAsString(), equalTo("1477954800000")); assertThat(histo.getBuckets().get(0).getDocCount(), equalTo(1L)); response = client().prepareSearch(index) diff --git a/server/src/internalClusterTest/java/org/elasticsearch/search/query/SearchQueryIT.java b/server/src/internalClusterTest/java/org/elasticsearch/search/query/SearchQueryIT.java index 27ab3d18bdde1..14aad52d17d84 100644 --- a/server/src/internalClusterTest/java/org/elasticsearch/search/query/SearchQueryIT.java +++ b/server/src/internalClusterTest/java/org/elasticsearch/search/query/SearchQueryIT.java @@ -44,7 +44,6 @@ import org.elasticsearch.indices.IndicesService; import org.elasticsearch.indices.TermsLookup; import org.elasticsearch.indices.analysis.AnalysisModule.AnalysisProvider; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.plugins.AnalysisPlugin; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.rest.RestStatus; @@ -1764,7 +1763,6 @@ public void testRangeQueryWithTimeZone() throws Exception { * on "Configuring IDEs And Running Tests". */ public void testRangeQueryWithLocaleMapping() throws Exception { - assumeTrue("need java 9 for testing ", JavaVersion.current().compareTo(JavaVersion.parse("9")) >= 0); assert ("SPI,COMPAT".equals(System.getProperty("java.locale.providers"))) : "`-Djava.locale.providers=SPI,COMPAT` needs to be set"; assertAcked( diff --git a/server/src/main/java/org/elasticsearch/bootstrap/BootstrapChecks.java b/server/src/main/java/org/elasticsearch/bootstrap/BootstrapChecks.java index 27f16b6a46f74..b6391fbd7f931 100644 --- a/server/src/main/java/org/elasticsearch/bootstrap/BootstrapChecks.java +++ b/server/src/main/java/org/elasticsearch/bootstrap/BootstrapChecks.java @@ -20,7 +20,6 @@ import org.elasticsearch.core.SuppressForbidden; import org.elasticsearch.discovery.DiscoveryModule; import org.elasticsearch.index.IndexModule; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.monitor.jvm.JvmInfo; import org.elasticsearch.monitor.process.ProcessProbe; import org.elasticsearch.node.NodeValidationException; @@ -36,8 +35,6 @@ import java.util.List; import java.util.Locale; import java.util.function.Predicate; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import java.util.stream.Collectors; import java.util.stream.Stream; @@ -207,7 +204,6 @@ static List checks() { checks.add(new OnErrorCheck()); checks.add(new OnOutOfMemoryErrorCheck()); checks.add(new EarlyAccessCheck()); - checks.add(new G1GCCheck()); checks.add(new AllPermissionCheck()); checks.add(new DiscoveryConfiguredCheck()); return Collections.unmodifiableList(checks); @@ -663,60 +659,6 @@ String javaVersion() { } - /** - * Bootstrap check for versions of HotSpot that are known to have issues that can lead to index corruption when G1GC is enabled. - */ - static class G1GCCheck implements BootstrapCheck { - - @Override - public BootstrapCheckResult check(BootstrapContext context) { - if ("Oracle Corporation".equals(jvmVendor()) && isJava8() && isG1GCEnabled()) { - final String jvmVersion = jvmVersion(); - // HotSpot versions on Java 8 match this regular expression; note that this changes with Java 9 after JEP-223 - final Pattern pattern = Pattern.compile("(\\d+)\\.(\\d+)-b\\d+"); - final Matcher matcher = pattern.matcher(jvmVersion); - final boolean matches = matcher.matches(); - assert matches : jvmVersion; - final int major = Integer.parseInt(matcher.group(1)); - final int update = Integer.parseInt(matcher.group(2)); - // HotSpot versions for Java 8 have major version 25, the bad versions are all versions prior to update 40 - if (major == 25 && update < 40) { - final String message = String.format( - Locale.ROOT, - "JVM version [%s] can cause data corruption when used with G1GC; upgrade to at least Java 8u40", - jvmVersion - ); - return BootstrapCheckResult.failure(message); - } - } - return BootstrapCheckResult.success(); - } - - // visible for testing - String jvmVendor() { - return Constants.JVM_VENDOR; - } - - // visible for testing - boolean isG1GCEnabled() { - assert "Oracle Corporation".equals(jvmVendor()); - return JvmInfo.jvmInfo().useG1GC().equals("true"); - } - - // visible for testing - String jvmVersion() { - assert "Oracle Corporation".equals(jvmVendor()); - return Constants.JVM_VERSION; - } - - // visible for testing - boolean isJava8() { - assert "Oracle Corporation".equals(jvmVendor()); - return JavaVersion.current().equals(JavaVersion.parse("1.8")); - } - - } - static class AllPermissionCheck implements BootstrapCheck { @Override diff --git a/server/src/main/java/org/elasticsearch/indices/recovery/RecoverySettings.java b/server/src/main/java/org/elasticsearch/indices/recovery/RecoverySettings.java index 122c3fc4df2e5..c3e4097141669 100644 --- a/server/src/main/java/org/elasticsearch/indices/recovery/RecoverySettings.java +++ b/server/src/main/java/org/elasticsearch/indices/recovery/RecoverySettings.java @@ -27,7 +27,6 @@ import org.elasticsearch.core.Releasable; import org.elasticsearch.core.Releasables; import org.elasticsearch.core.TimeValue; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.monitor.os.OsProbe; import org.elasticsearch.node.NodeRoleSettings; @@ -58,17 +57,6 @@ public class RecoverySettings { Property.NodeScope ); - /** - * Undocumented setting, used to override the current JVM version in tests - **/ - // package private for tests - static final Setting JAVA_VERSION_OVERRIDING_TEST_SETTING = new Setting<>( - "recovery_settings.java_version_override", - settings -> JavaVersion.current().toString(), - JavaVersion::parse, - Property.NodeScope - ); - /** * Disk's write bandwidth allocated for this node. This bandwidth is expressed for write operations that have the default block size of * {@link #DEFAULT_CHUNK_SIZE}. @@ -224,11 +212,6 @@ private static Setting factorSetting(String key, Setting operato * an assumption here that the size of the instance is correlated with I/O resources. That is we are assuming that the * larger the instance, the more disk and networking capacity it has available. */ - final JavaVersion javaVersion = JAVA_VERSION_OVERRIDING_TEST_SETTING.get(s); - if (javaVersion.compareTo(JavaVersion.parse("14")) < 0) { - // prior to JDK 14, the JDK did not take into consideration container memory limits when reporting total system memory - return DEFAULT_MAX_BYTES_PER_SEC.getStringRep(); - } final ByteSizeValue totalPhysicalMemory = TOTAL_PHYSICAL_MEMORY_OVERRIDING_TEST_SETTING.get(s); final ByteSizeValue maxBytesPerSec; if (totalPhysicalMemory.compareTo(new ByteSizeValue(4, ByteSizeUnit.GB)) <= 0) { diff --git a/server/src/main/java/org/elasticsearch/plugins/PluginInfo.java b/server/src/main/java/org/elasticsearch/plugins/PluginInfo.java index de73e968a7af9..9d851c4141f8a 100644 --- a/server/src/main/java/org/elasticsearch/plugins/PluginInfo.java +++ b/server/src/main/java/org/elasticsearch/plugins/PluginInfo.java @@ -181,7 +181,7 @@ public static PluginInfo readFromProperties(final Path path) throws IOException if (javaVersionString == null) { throw new IllegalArgumentException("property [java.version] is missing for plugin [" + name + "]"); } - JarHell.checkVersionFormat(javaVersionString); + JarHell.checkJavaVersion("plugin " + name, javaVersionString); final String extendedString = propsMap.remove("extended.plugins"); final List extendedPlugins; diff --git a/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java b/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java index 463a49326660b..6b92a949dc54e 100644 --- a/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java +++ b/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java @@ -28,7 +28,6 @@ import java.util.Arrays; import java.util.Collections; import java.util.List; -import java.util.Locale; import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicLong; import java.util.concurrent.atomic.AtomicReference; @@ -641,81 +640,6 @@ String javaVersion() { } - public void testG1GCCheck() throws NodeValidationException { - final AtomicBoolean isG1GCEnabled = new AtomicBoolean(true); - final AtomicBoolean isJava8 = new AtomicBoolean(true); - final AtomicReference jvmVersion = new AtomicReference<>( - String.format(Locale.ROOT, "25.%d-b%d", randomIntBetween(0, 39), randomIntBetween(1, 128)) - ); - final BootstrapChecks.G1GCCheck g1GCCheck = new BootstrapChecks.G1GCCheck() { - - @Override - String jvmVendor() { - return "Oracle Corporation"; - } - - @Override - boolean isG1GCEnabled() { - return isG1GCEnabled.get(); - } - - @Override - String jvmVersion() { - return jvmVersion.get(); - } - - @Override - boolean isJava8() { - return isJava8.get(); - } - - }; - - final NodeValidationException e = expectThrows( - NodeValidationException.class, - () -> BootstrapChecks.check(emptyContext, true, Collections.singletonList(g1GCCheck)) - ); - assertThat( - e.getMessage(), - containsString( - "JVM version [" + jvmVersion.get() + "] can cause data corruption when used with G1GC; upgrade to at least Java 8u40" - ) - ); - - // if G1GC is disabled, nothing should happen - isG1GCEnabled.set(false); - BootstrapChecks.check(emptyContext, true, Collections.singletonList(g1GCCheck)); - - // if on or after update 40, nothing should happen independent of whether or not G1GC is enabled - isG1GCEnabled.set(randomBoolean()); - jvmVersion.set(String.format(Locale.ROOT, "25.%d-b%d", randomIntBetween(40, 112), randomIntBetween(1, 128))); - BootstrapChecks.check(emptyContext, true, Collections.singletonList(g1GCCheck)); - - final BootstrapChecks.G1GCCheck nonOracleCheck = new BootstrapChecks.G1GCCheck() { - - @Override - String jvmVendor() { - return randomAlphaOfLength(8); - } - - }; - - // if not on an Oracle JVM, nothing should happen - BootstrapChecks.check(emptyContext, true, Collections.singletonList(nonOracleCheck)); - - final BootstrapChecks.G1GCCheck nonJava8Check = new BootstrapChecks.G1GCCheck() { - - @Override - boolean isJava8() { - return false; - } - - }; - - // if not Java 8, nothing should happen - BootstrapChecks.check(emptyContext, true, Collections.singletonList(nonJava8Check)); - } - public void testAllPermissionCheck() throws NodeValidationException { final AtomicBoolean isAllPermissionGranted = new AtomicBoolean(true); final BootstrapChecks.AllPermissionCheck allPermissionCheck = new BootstrapChecks.AllPermissionCheck() { diff --git a/server/src/test/java/org/elasticsearch/bootstrap/JavaVersionTests.java b/server/src/test/java/org/elasticsearch/bootstrap/JavaVersionTests.java deleted file mode 100644 index c5279b0747555..0000000000000 --- a/server/src/test/java/org/elasticsearch/bootstrap/JavaVersionTests.java +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0 and the Server Side Public License, v 1; you may not use this file except - * in compliance with, at your election, the Elastic License 2.0 or the Server - * Side Public License, v 1. - */ - -package org.elasticsearch.bootstrap; - -import org.elasticsearch.jdk.JavaVersion; -import org.elasticsearch.test.ESTestCase; - -import java.util.List; - -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; - -public class JavaVersionTests extends ESTestCase { - public void testParse() { - JavaVersion javaVersion = JavaVersion.parse("1.7.0"); - List version = javaVersion.getVersion(); - assertThat(version.size(), is(3)); - assertThat(version.get(0), is(1)); - assertThat(version.get(1), is(7)); - assertThat(version.get(2), is(0)); - - JavaVersion javaVersionEarlyAccess = JavaVersion.parse("14.0.1-ea"); - List version14 = javaVersionEarlyAccess.getVersion(); - assertThat(version14.size(), is(3)); - assertThat(version14.get(0), is(14)); - assertThat(version14.get(1), is(0)); - assertThat(version14.get(2), is(1)); - - JavaVersion javaVersionOtherPrePart = JavaVersion.parse("13.2.4-somethingElseHere"); - List version13 = javaVersionOtherPrePart.getVersion(); - assertThat(version13.size(), is(3)); - assertThat(version13.get(0), is(13)); - assertThat(version13.get(1), is(2)); - assertThat(version13.get(2), is(4)); - - JavaVersion javaVersionNumericPrePart = JavaVersion.parse("13.2.4-something124443"); - List version11 = javaVersionNumericPrePart.getVersion(); - assertThat(version11.size(), is(3)); - assertThat(version11.get(0), is(13)); - assertThat(version11.get(1), is(2)); - assertThat(version11.get(2), is(4)); - } - - public void testParseInvalidVersions() { - final IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> JavaVersion.parse("11.2-something-else")); - assertThat(e.getMessage(), equalTo("Java version string [11.2-something-else] could not be parsed.")); - final IllegalArgumentException e1 = expectThrows(IllegalArgumentException.class, () -> JavaVersion.parse("11.0.")); - assertThat(e1.getMessage(), equalTo("Java version string [11.0.] could not be parsed.")); - final IllegalArgumentException e2 = expectThrows(IllegalArgumentException.class, () -> JavaVersion.parse("11.a.3")); - assertThat(e2.getMessage(), equalTo("Java version string [11.a.3] could not be parsed.")); - } - - public void testToString() { - JavaVersion javaVersion170 = JavaVersion.parse("1.7.0"); - assertThat(javaVersion170.toString(), is("1.7.0")); - JavaVersion javaVersion9 = JavaVersion.parse("9"); - assertThat(javaVersion9.toString(), is("9")); - JavaVersion javaVersion11 = JavaVersion.parse("11.0.1-something09random"); - assertThat(javaVersion11.toString(), is("11.0.1-something09random")); - JavaVersion javaVersion12 = JavaVersion.parse("12.2-2019"); - assertThat(javaVersion12.toString(), is("12.2-2019")); - JavaVersion javaVersion13ea = JavaVersion.parse("13.1-ea"); - assertThat(javaVersion13ea.toString(), is("13.1-ea")); - } - - public void testCompare() { - JavaVersion onePointSix = JavaVersion.parse("1.6"); - JavaVersion onePointSeven = JavaVersion.parse("1.7"); - JavaVersion onePointSevenPointZero = JavaVersion.parse("1.7.0"); - JavaVersion onePointSevenPointOne = JavaVersion.parse("1.7.1"); - JavaVersion onePointSevenPointTwo = JavaVersion.parse("1.7.2"); - JavaVersion onePointSevenPointOnePointOne = JavaVersion.parse("1.7.1.1"); - JavaVersion onePointSevenPointTwoPointOne = JavaVersion.parse("1.7.2.1"); - JavaVersion thirteen = JavaVersion.parse("13"); - JavaVersion thirteenPointTwoPointOne = JavaVersion.parse("13.2.1"); - JavaVersion thirteenPointTwoPointOneTwoThousand = JavaVersion.parse("13.2.1-2000"); - JavaVersion thirteenPointTwoPointOneThreeThousand = JavaVersion.parse("13.2.1-3000"); - JavaVersion thirteenPointTwoPointOneA = JavaVersion.parse("13.2.1-aaa"); - JavaVersion thirteenPointTwoPointOneB = JavaVersion.parse("13.2.1-bbb"); - JavaVersion fourteen = JavaVersion.parse("14"); - JavaVersion fourteenPointTwoPointOne = JavaVersion.parse("14.2.1"); - JavaVersion fourteenPointTwoPointOneEarlyAccess = JavaVersion.parse("14.2.1-ea"); - - assertTrue(onePointSix.compareTo(onePointSeven) < 0); - assertTrue(onePointSeven.compareTo(onePointSix) > 0); - assertTrue(onePointSix.compareTo(onePointSix) == 0); - assertTrue(onePointSeven.compareTo(onePointSevenPointZero) == 0); - assertTrue(onePointSevenPointOnePointOne.compareTo(onePointSevenPointOne) > 0); - assertTrue(onePointSevenPointTwo.compareTo(onePointSevenPointTwoPointOne) < 0); - assertTrue(thirteen.compareTo(thirteenPointTwoPointOne) < 0); - assertTrue(thirteen.compareTo(fourteen) < 0); - assertTrue(thirteenPointTwoPointOneThreeThousand.compareTo(thirteenPointTwoPointOneTwoThousand) > 0); - assertTrue(thirteenPointTwoPointOneThreeThousand.compareTo(thirteenPointTwoPointOneThreeThousand) == 0); - assertTrue(thirteenPointTwoPointOneA.compareTo(thirteenPointTwoPointOneA) == 0); - assertTrue(thirteenPointTwoPointOneA.compareTo(thirteenPointTwoPointOneB) < 0); - assertTrue(thirteenPointTwoPointOneA.compareTo(thirteenPointTwoPointOneThreeThousand) > 0); - assertTrue(fourteenPointTwoPointOneEarlyAccess.compareTo(fourteenPointTwoPointOne) < 0); - assertTrue(fourteenPointTwoPointOneEarlyAccess.compareTo(fourteen) > 0); - - } - - public void testValidVersions() { - String[] versions = new String[] { "1.7", "1.7.0", "0.1.7", "1.7.0.80", "12-ea", "13.0.2.3-ea", "14-something", "11.0.2-21002" }; - for (String version : versions) { - assertTrue(JavaVersion.isValid(version)); - } - } - - public void testInvalidVersions() { - String[] versions = new String[] { "", "1.7.0_80", "1.7.", "11.2-something-else" }; - for (String version : versions) { - assertFalse(JavaVersion.isValid(version)); - } - } - - public void testJava8Compat() { - assertEquals(JavaVersion.parse("1.8"), JavaVersion.parse("8")); - } -} diff --git a/server/src/test/java/org/elasticsearch/common/LocalTimeOffsetTests.java b/server/src/test/java/org/elasticsearch/common/LocalTimeOffsetTests.java index 9e7c0d094a62b..47996c7d77905 100644 --- a/server/src/test/java/org/elasticsearch/common/LocalTimeOffsetTests.java +++ b/server/src/test/java/org/elasticsearch/common/LocalTimeOffsetTests.java @@ -11,7 +11,6 @@ import org.elasticsearch.common.LocalTimeOffset.Gap; import org.elasticsearch.common.LocalTimeOffset.Overlap; import org.elasticsearch.common.time.DateFormatter; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.test.ESTestCase; import java.time.Instant; @@ -254,11 +253,8 @@ public void testKnownMovesBackToPreviousDay() { assertKnownMovesBacktoPreviousDay("America/Moncton", "2005-10-29T03:01:00"); assertKnownMovesBacktoPreviousDay("America/St_Johns", "2010-11-07T02:31:00"); assertKnownMovesBacktoPreviousDay("Canada/Newfoundland", "2010-11-07T02:31:00"); - if (JavaVersion.current().compareTo(JavaVersion.parse("11")) > 0) { - // Added in java 12 - assertKnownMovesBacktoPreviousDay("Pacific/Guam", "1969-01-25T13:01:00"); - assertKnownMovesBacktoPreviousDay("Pacific/Saipan", "1969-01-25T13:01:00"); - } + assertKnownMovesBacktoPreviousDay("Pacific/Guam", "1969-01-25T13:01:00"); + assertKnownMovesBacktoPreviousDay("Pacific/Saipan", "1969-01-25T13:01:00"); } private void assertKnownMovesBacktoPreviousDay(String zone, String time) { diff --git a/server/src/test/java/org/elasticsearch/index/mapper/DateFieldMapperTests.java b/server/src/test/java/org/elasticsearch/index/mapper/DateFieldMapperTests.java index 7ad83ef301b9e..fb59a1d2693c6 100644 --- a/server/src/test/java/org/elasticsearch/index/mapper/DateFieldMapperTests.java +++ b/server/src/test/java/org/elasticsearch/index/mapper/DateFieldMapperTests.java @@ -15,7 +15,6 @@ import org.elasticsearch.common.time.DateUtils; import org.elasticsearch.index.mapper.DateFieldMapper.DateFieldType; import org.elasticsearch.index.termvectors.TermVectorsService; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.search.DocValueFormat; import org.elasticsearch.xcontent.XContentBuilder; @@ -173,8 +172,6 @@ public void testChangeFormat() throws IOException { } public void testChangeLocale() throws IOException { - assumeTrue("need java 9 for testing ", JavaVersion.current().compareTo(JavaVersion.parse("9")) >= 0); - DocumentMapper mapper = createDocumentMapper( fieldMapping(b -> b.field("type", "date").field("format", "E, d MMM yyyy HH:mm:ss Z").field("locale", "de")) ); diff --git a/server/src/test/java/org/elasticsearch/indices/recovery/RecoverySettingsTests.java b/server/src/test/java/org/elasticsearch/indices/recovery/RecoverySettingsTests.java index 3dfa135b4d8d1..a3edbe5e648f3 100644 --- a/server/src/test/java/org/elasticsearch/indices/recovery/RecoverySettingsTests.java +++ b/server/src/test/java/org/elasticsearch/indices/recovery/RecoverySettingsTests.java @@ -16,7 +16,6 @@ import org.elasticsearch.common.unit.ByteSizeValue; import org.elasticsearch.core.Nullable; import org.elasticsearch.core.Releasable; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.test.ESTestCase; import java.util.ArrayList; @@ -32,7 +31,6 @@ import static org.elasticsearch.indices.recovery.RecoverySettings.INDICES_RECOVERY_MAX_CONCURRENT_SNAPSHOT_FILE_DOWNLOADS; import static org.elasticsearch.indices.recovery.RecoverySettings.INDICES_RECOVERY_MAX_CONCURRENT_SNAPSHOT_FILE_DOWNLOADS_PER_NODE; import static org.elasticsearch.indices.recovery.RecoverySettings.INDICES_RECOVERY_USE_SNAPSHOTS_SETTING; -import static org.elasticsearch.indices.recovery.RecoverySettings.JAVA_VERSION_OVERRIDING_TEST_SETTING; import static org.elasticsearch.indices.recovery.RecoverySettings.NODE_BANDWIDTH_RECOVERY_DISK_READ_SETTING; import static org.elasticsearch.indices.recovery.RecoverySettings.NODE_BANDWIDTH_RECOVERY_DISK_WRITE_SETTING; import static org.elasticsearch.indices.recovery.RecoverySettings.NODE_BANDWIDTH_RECOVERY_NETWORK_SETTING; @@ -305,27 +303,13 @@ public void testMaxBytesPerSecOnDataNodeWithAvailableBandwidths() { ); } - public void testDefaultMaxBytesPerSecOnColdOrFrozenNodeWithOldJvm() { - assertThat( - "Data nodes with only cold/frozen data roles have a default 40mb rate limit on Java version prior to 14", - nodeRecoverySettings().withRoles(randomFrom(Set.of("data_cold"), Set.of("data_frozen"), Set.of("data_cold", "data_frozen"))) - .withJavaVersion(randomFrom("8", "9", "11")) - .withRandomMemory() - .build() - .getMaxBytesPerSec(), - equalTo(DEFAULT_MAX_BYTES_PER_SEC) - ); - } - public void testDefaultMaxBytesPerSecOnColdOrFrozenNode() { final Set dataRoles = randomFrom(Set.of("data_cold"), Set.of("data_frozen"), Set.of("data_cold", "data_frozen")); - final String recentVersion = JavaVersion.current().compareTo(JavaVersion.parse("14")) < 0 ? "14" : null; { assertThat( "Dedicated cold/frozen data nodes with <= 4GB of RAM have a default 40mb rate limit", nodeRecoverySettings().withRoles(dataRoles) .withMemory(ByteSizeValue.ofBytes(randomLongBetween(1L, ByteSizeUnit.GB.toBytes(4L)))) - .withJavaVersion(recentVersion) .build() .getMaxBytesPerSec(), equalTo(new ByteSizeValue(40, ByteSizeUnit.MB)) @@ -336,7 +320,6 @@ public void testDefaultMaxBytesPerSecOnColdOrFrozenNode() { "Dedicated cold/frozen data nodes with 4GB < RAM <= 8GB have a default 60mb rate limit", nodeRecoverySettings().withRoles(dataRoles) .withMemory(ByteSizeValue.ofBytes(randomLongBetween(ByteSizeUnit.GB.toBytes(4L) + 1L, ByteSizeUnit.GB.toBytes(8L)))) - .withJavaVersion(recentVersion) .build() .getMaxBytesPerSec(), equalTo(new ByteSizeValue(60, ByteSizeUnit.MB)) @@ -347,7 +330,6 @@ public void testDefaultMaxBytesPerSecOnColdOrFrozenNode() { "Dedicated cold/frozen data nodes with 8GB < RAM <= 16GB have a default 90mb rate limit", nodeRecoverySettings().withRoles(dataRoles) .withMemory(ByteSizeValue.ofBytes(randomLongBetween(ByteSizeUnit.GB.toBytes(8L) + 1L, ByteSizeUnit.GB.toBytes(16L)))) - .withJavaVersion(recentVersion) .build() .getMaxBytesPerSec(), equalTo(new ByteSizeValue(90, ByteSizeUnit.MB)) @@ -358,7 +340,6 @@ public void testDefaultMaxBytesPerSecOnColdOrFrozenNode() { "Dedicated cold/frozen data nodes with 16GB < RAM <= 32GB have a default 90mb rate limit", nodeRecoverySettings().withRoles(dataRoles) .withMemory(ByteSizeValue.ofBytes(randomLongBetween(ByteSizeUnit.GB.toBytes(16L) + 1L, ByteSizeUnit.GB.toBytes(32L)))) - .withJavaVersion(recentVersion) .build() .getMaxBytesPerSec(), equalTo(new ByteSizeValue(125, ByteSizeUnit.MB)) @@ -369,7 +350,6 @@ public void testDefaultMaxBytesPerSecOnColdOrFrozenNode() { "Dedicated cold/frozen data nodes with RAM > 32GB have a default 250mb rate limit", nodeRecoverySettings().withRoles(dataRoles) .withMemory(ByteSizeValue.ofBytes(randomLongBetween(ByteSizeUnit.GB.toBytes(32L) + 1L, ByteSizeUnit.TB.toBytes(4L)))) - .withJavaVersion(recentVersion) .build() .getMaxBytesPerSec(), equalTo(new ByteSizeValue(250, ByteSizeUnit.MB)) @@ -382,7 +362,6 @@ public void testMaxBytesPerSecOnColdOrFrozenNodeWithIndicesRecoveryMaxBytesPerSe assertThat( "Dedicated cold/frozen data nodes should use the defined rate limit when set", nodeRecoverySettings().withRoles(randomFrom(Set.of("data_cold"), Set.of("data_frozen"), Set.of("data_cold", "data_frozen"))) - .withJavaVersion(JavaVersion.current().compareTo(JavaVersion.parse("14")) < 0 ? "14" : null) .withMemory(ByteSizeValue.ofBytes(randomLongBetween(1L, ByteSizeUnit.TB.toBytes(4L)))) .withIndicesRecoveryMaxBytesPerSec(random) .build() @@ -425,7 +404,6 @@ private static class NodeRecoverySettings { private Set roles; private ByteSizeValue physicalMemory; - private @Nullable String javaVersion; private @Nullable ByteSizeValue networkBandwidth; private @Nullable ByteSizeValue diskReadBandwidth; private @Nullable ByteSizeValue diskWriteBandwidth; @@ -452,11 +430,6 @@ NodeRecoverySettings withRandomMemory() { return withMemory(ByteSizeValue.ofBytes(randomLongBetween(ByteSizeUnit.GB.toBytes(1L), ByteSizeUnit.TB.toBytes(4L)))); } - NodeRecoverySettings withJavaVersion(String javaVersion) { - this.javaVersion = javaVersion; - return this; - } - NodeRecoverySettings withIndicesRecoveryMaxBytesPerSec(ByteSizeValue indicesRecoveryMaxBytesPerSec) { this.indicesRecoveryMaxBytesPerSec = Objects.requireNonNull(indicesRecoveryMaxBytesPerSec); return this; @@ -509,9 +482,6 @@ RecoverySettings build() { if (roles.isEmpty() == false) { settings.putList(NODE_ROLES_SETTING.getKey(), new ArrayList<>(roles)); } - if (javaVersion != null) { - settings.put(JAVA_VERSION_OVERRIDING_TEST_SETTING.getKey(), javaVersion); - } if (indicesRecoveryMaxBytesPerSec != null) { settings.put(INDICES_RECOVERY_MAX_BYTES_PER_SEC_SETTING.getKey(), indicesRecoveryMaxBytesPerSec); } diff --git a/server/src/test/java/org/elasticsearch/monitor/jvm/JvmInfoTests.java b/server/src/test/java/org/elasticsearch/monitor/jvm/JvmInfoTests.java index db29f1a7d08f1..74dda255af443 100644 --- a/server/src/test/java/org/elasticsearch/monitor/jvm/JvmInfoTests.java +++ b/server/src/test/java/org/elasticsearch/monitor/jvm/JvmInfoTests.java @@ -9,7 +9,6 @@ package org.elasticsearch.monitor.jvm; import org.apache.lucene.util.Constants; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.test.ESTestCase; public class JvmInfoTests extends ESTestCase { @@ -28,15 +27,13 @@ public void testUseG1GC() { private boolean isG1GCEnabled() { final String argline = System.getProperty("tests.jvm.argline"); final boolean g1GCEnabled = flagIsEnabled(argline, "UseG1GC"); - // for JDK 9 the default collector when no collector is specified is G1 GC - final boolean versionIsAtLeastJava9 = JavaVersion.current().compareTo(JavaVersion.parse("9")) >= 0; final boolean noOtherCollectorSpecified = argline == null || (flagIsEnabled(argline, "UseParNewGC") == false && flagIsEnabled(argline, "UseParallelGC") == false && flagIsEnabled(argline, "UseParallelOldGC") == false && flagIsEnabled(argline, "UseSerialGC") == false && flagIsEnabled(argline, "UseConcMarkSweepGC") == false); - return g1GCEnabled || (versionIsAtLeastJava9 && noOtherCollectorSpecified); + return g1GCEnabled || noOtherCollectorSpecified; } private boolean flagIsEnabled(String argline, String flag) { diff --git a/server/src/test/java/org/elasticsearch/plugins/IndexStorePluginTests.java b/server/src/test/java/org/elasticsearch/plugins/IndexStorePluginTests.java index f335b29c49c82..7d695a238f242 100644 --- a/server/src/test/java/org/elasticsearch/plugins/IndexStorePluginTests.java +++ b/server/src/test/java/org/elasticsearch/plugins/IndexStorePluginTests.java @@ -14,7 +14,6 @@ import org.elasticsearch.index.IndexModule; import org.elasticsearch.index.store.FsDirectoryFactory; import org.elasticsearch.indices.recovery.RecoveryState; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.node.MockNode; import org.elasticsearch.test.ESTestCase; @@ -110,25 +109,16 @@ public void testDuplicateIndexStoreFactories() { IllegalStateException.class, () -> new MockNode(settings, Arrays.asList(BarStorePlugin.class, FooStorePlugin.class)) ); - if (JavaVersion.current().compareTo(JavaVersion.parse("9")) >= 0) { - assertThat( - e, - hasToString( - matches( - "java.lang.IllegalStateException: Duplicate key store \\(attempted merging values " - + "org.elasticsearch.index.store.FsDirectoryFactory@[\\w\\d]+ " - + "and org.elasticsearch.index.store.FsDirectoryFactory@[\\w\\d]+\\)" - ) - ) - ); - } else { - assertThat( - e, - hasToString( - matches("java.lang.IllegalStateException: Duplicate key org.elasticsearch.index.store.FsDirectoryFactory@[\\w\\d]+") + assertThat( + e, + hasToString( + matches( + "java.lang.IllegalStateException: Duplicate key store \\(attempted merging values " + + "org.elasticsearch.index.store.FsDirectoryFactory@[\\w\\d]+ " + + "and org.elasticsearch.index.store.FsDirectoryFactory@[\\w\\d]+\\)" ) - ); - } + ) + ); } public void testDuplicateIndexStoreRecoveryStateFactories() { @@ -137,18 +127,6 @@ public void testDuplicateIndexStoreRecoveryStateFactories() { IllegalStateException.class, () -> new MockNode(settings, Arrays.asList(FooCustomRecoveryStore.class, BarCustomRecoveryStore.class)) ); - if (JavaVersion.current().compareTo(JavaVersion.parse("9")) >= 0) { - assertThat(e.getMessage(), containsString("Duplicate key recovery-type")); - } else { - assertThat( - e, - hasToString( - matches( - "java.lang.IllegalStateException: Duplicate key " - + "org.elasticsearch.plugins.IndexStorePluginTests$RecoveryFactory@[\\w\\d]+" - ) - ) - ); - } + assertThat(e.getMessage(), containsString("Duplicate key recovery-type")); } } diff --git a/server/src/test/java/org/elasticsearch/plugins/PluginInfoTests.java b/server/src/test/java/org/elasticsearch/plugins/PluginInfoTests.java index 1fa6ea6b96392..4ff0f9eceead3 100644 --- a/server/src/test/java/org/elasticsearch/plugins/PluginInfoTests.java +++ b/server/src/test/java/org/elasticsearch/plugins/PluginInfoTests.java @@ -119,14 +119,8 @@ public void testReadFromPropertiesBadJavaVersionFormat() throws Exception { "version", "1.0" ); - IllegalStateException e = expectThrows(IllegalStateException.class, () -> PluginInfo.readFromProperties(pluginDir)); - assertThat( - e.getMessage(), - equalTo( - "version string must be a sequence of nonnegative decimal integers separated" - + " by \".\"'s and may have leading zeros but was 1.7.0_80" - ) - ); + IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> PluginInfo.readFromProperties(pluginDir)); + assertThat(e.getMessage(), equalTo("Invalid version string: '1.7.0_80'")); } public void testReadFromPropertiesBogusElasticsearchVersion() throws Exception { diff --git a/server/src/test/java/org/elasticsearch/plugins/PluginsServiceTests.java b/server/src/test/java/org/elasticsearch/plugins/PluginsServiceTests.java index f6af0aa4fc71c..e6d756f11c88d 100644 --- a/server/src/test/java/org/elasticsearch/plugins/PluginsServiceTests.java +++ b/server/src/test/java/org/elasticsearch/plugins/PluginsServiceTests.java @@ -1014,7 +1014,7 @@ public void testIncompatibleJavaVersion() throws Exception { "desc", "1.0", Version.CURRENT, - "1000000.0", + "1000", "FakePlugin", Collections.emptyList(), false, diff --git a/test/framework/src/main/java/org/elasticsearch/test/junit/listeners/ReproduceInfoPrinter.java b/test/framework/src/main/java/org/elasticsearch/test/junit/listeners/ReproduceInfoPrinter.java index 024eb08094e2c..4c8fc4016f0b7 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/junit/listeners/ReproduceInfoPrinter.java +++ b/test/framework/src/main/java/org/elasticsearch/test/junit/listeners/ReproduceInfoPrinter.java @@ -14,7 +14,6 @@ import org.apache.lucene.util.Constants; import org.elasticsearch.common.Strings; import org.elasticsearch.core.SuppressForbidden; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.test.ESIntegTestCase; import org.elasticsearch.test.ESTestCase; import org.junit.internal.AssumptionViolatedException; @@ -169,7 +168,7 @@ private ReproduceErrorMessageBuilder appendESProperties() { appendOpt("tests.locale", Locale.getDefault().toLanguageTag()); appendOpt("tests.timezone", TimeZone.getDefault().getID()); appendOpt("tests.distribution", System.getProperty("tests.distribution")); - appendOpt("runtime.java", Integer.toString(JavaVersion.current().getVersion().get(0))); + appendOpt("runtime.java", Integer.toString(Runtime.version().feature())); appendOpt("license.key", System.getProperty("licence.key")); appendOpt(ESTestCase.FIPS_SYSPROP, System.getProperty(ESTestCase.FIPS_SYSPROP)); return this; diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackSettings.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackSettings.java index 2d48db3dc6eb1..0f65ab9c33c17 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackSettings.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackSettings.java @@ -13,7 +13,6 @@ import org.elasticsearch.common.settings.Setting.Property; import org.elasticsearch.common.ssl.SslClientAuthenticationMode; import org.elasticsearch.common.ssl.SslVerificationMode; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.xpack.core.security.SecurityField; import org.elasticsearch.xpack.core.security.authc.support.Hasher; import org.elasticsearch.xpack.core.ssl.SSLConfigurationSettings; @@ -153,33 +152,6 @@ private XPackSettings() { Property.NodeScope ); - /* - * SSL settings. These are the settings that are specifically registered for SSL. Many are private as we do not explicitly use them - * but instead parse based on a prefix (eg *.ssl.*) - */ - private static final List JDK11_CIPHERS = List.of( - "TLS_AES_256_GCM_SHA384", - "TLS_AES_128_GCM_SHA256", // TLSv1.3 cipher has PFS, AEAD, hardware support - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", // PFS, AEAD, hardware support - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", // PFS, AEAD, hardware support - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", // PFS, hardware support - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", // PFS, hardware support - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", // PFS, hardware support - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", // PFS, hardware support - "TLS_RSA_WITH_AES_256_GCM_SHA384", - "TLS_RSA_WITH_AES_128_GCM_SHA256", // AEAD, hardware support - "TLS_RSA_WITH_AES_256_CBC_SHA256", - "TLS_RSA_WITH_AES_128_CBC_SHA256", // hardware support - "TLS_RSA_WITH_AES_256_CBC_SHA", - "TLS_RSA_WITH_AES_128_CBC_SHA" - ); // hardware support - private static final List JDK12_CIPHERS = List.of( "TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", // TLSv1.3 cipher has PFS, AEAD, hardware support @@ -206,9 +178,7 @@ private XPackSettings() { "TLS_RSA_WITH_AES_128_CBC_SHA" ); // hardware support - public static final List DEFAULT_CIPHERS = JavaVersion.current().compareTo(JavaVersion.parse("12")) > -1 - ? JDK12_CIPHERS - : JDK11_CIPHERS; + public static final List DEFAULT_CIPHERS = JDK12_CIPHERS; /* * Do not allow insecure hashing algorithms to be used for password hashing diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/XPackSettingsTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/XPackSettingsTests.java index 5ca431fcb149d..7e558e022dcbe 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/XPackSettingsTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/XPackSettingsTests.java @@ -8,7 +8,6 @@ import org.elasticsearch.Build; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.test.ESTestCase; import java.security.NoSuchAlgorithmException; @@ -21,7 +20,6 @@ import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasItem; import static org.hamcrest.Matchers.hasSize; -import static org.hamcrest.Matchers.not; public class XPackSettingsTests extends ESTestCase { @@ -31,19 +29,11 @@ public void testDefaultSSLCiphers() { } public void testChaCha20InCiphersOnJdk12Plus() { - assumeTrue("Test is only valid on JDK 12+ JVM", JavaVersion.current().compareTo(JavaVersion.parse("12")) > -1); assertThat(XPackSettings.DEFAULT_CIPHERS, hasItem("TLS_CHACHA20_POLY1305_SHA256")); assertThat(XPackSettings.DEFAULT_CIPHERS, hasItem("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256")); assertThat(XPackSettings.DEFAULT_CIPHERS, hasItem("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256")); } - public void testChaCha20NotInCiphersOnPreJdk12() { - assumeTrue("Test is only valid on pre JDK 12 JVM", JavaVersion.current().compareTo(JavaVersion.parse("12")) < 0); - assertThat(XPackSettings.DEFAULT_CIPHERS, not(hasItem("TLS_CHACHA20_POLY1305_SHA256"))); - assertThat(XPackSettings.DEFAULT_CIPHERS, not(hasItem("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"))); - assertThat(XPackSettings.DEFAULT_CIPHERS, not(hasItem("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"))); - } - public void testPasswordHashingAlgorithmSettingValidation() { final boolean isPBKDF2Available = isSecretkeyFactoryAlgoAvailable("PBKDF2WithHMACSHA512"); final String pbkdf2Algo = randomFrom("PBKDF2_10000", "PBKDF2"); diff --git a/x-pack/plugin/monitoring/src/internalClusterTest/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterSslIT.java b/x-pack/plugin/monitoring/src/internalClusterTest/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterSslIT.java index 6634f8293dddd..179c6106037da 100644 --- a/x-pack/plugin/monitoring/src/internalClusterTest/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterSslIT.java +++ b/x-pack/plugin/monitoring/src/internalClusterTest/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterSslIT.java @@ -6,8 +6,6 @@ */ package org.elasticsearch.xpack.monitoring.exporter.http; -import com.sun.net.httpserver.HttpsServer; - import org.elasticsearch.action.ActionFuture; import org.elasticsearch.action.admin.cluster.settings.ClusterUpdateSettingsRequest; import org.elasticsearch.action.admin.cluster.settings.ClusterUpdateSettingsResponse; @@ -15,7 +13,6 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.ssl.SslVerificationMode; import org.elasticsearch.env.TestEnvironment; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.test.ESIntegTestCase; import org.elasticsearch.test.ESIntegTestCase.Scope; import org.elasticsearch.test.http.MockWebServer; @@ -31,9 +28,6 @@ import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.util.List; import java.util.Locale; import javax.net.ssl.SSLContext; @@ -104,7 +98,7 @@ private MockWebServer buildWebServer() throws IOException { .put("xpack.transport.security.ssl.certificate", cert) .put("xpack.transport.security.ssl.key", key) .put("xpack.transport.security.ssl.key_passphrase", "testnode") - .putList("xpack.transport.security.ssl.supported_protocols", getProtocols()) + .putList("xpack.transport.security.ssl.supported_protocols", XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS) .put(globalSettings) .build(); @@ -195,22 +189,4 @@ private void clearPersistentSettings(String... names) { updateSettings.persistentSettings(builder.build()); client().admin().cluster().updateSettings(updateSettings).actionGet(); } - - /** - * The {@link HttpsServer} in the JDK has issues with TLSv1.3 when running in a JDK prior to - * 12.0.1 so we pin to TLSv1.2 when running on an earlier JDK - */ - private static List getProtocols() { - if (JavaVersion.current().compareTo(JavaVersion.parse("12")) < 0) { - return List.of("TLSv1.2"); - } else { - JavaVersion full = AccessController.doPrivileged( - (PrivilegedAction) () -> JavaVersion.parse(System.getProperty("java.version")) - ); - if (full.compareTo(JavaVersion.parse("12.0.1")) < 0) { - return List.of("TLSv1.2"); - } - } - return XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS; - } } diff --git a/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/ssl/SslClientAuthenticationTests.java b/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/ssl/SslClientAuthenticationTests.java index 88e413b05aaff..038bb9c2c0079 100644 --- a/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/ssl/SslClientAuthenticationTests.java +++ b/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/ssl/SslClientAuthenticationTests.java @@ -20,7 +20,6 @@ import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.ssl.SslClientAuthenticationMode; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.test.SecurityIntegTestCase; import org.elasticsearch.xpack.core.XPackSettings; import org.elasticsearch.xpack.core.ssl.CertParsingUtils; @@ -30,8 +29,6 @@ import java.io.InputStream; import java.io.UncheckedIOException; import java.nio.file.Path; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.security.SecureRandom; import java.security.cert.CertPathBuilderException; import java.util.HashSet; @@ -89,7 +86,7 @@ protected Settings nodeSettings(int nodeOrdinal, Settings otherSettings) { // Due to the TLSv1.3 bug with session resumption when client authentication is not // used, we need to set the protocols since we disabled client auth for transport // to avoid failures on pre 11.0.3 JDKs. See #getProtocols - .putList("xpack.security.transport.ssl.supported_protocols", getProtocols()) + .putList("xpack.security.transport.ssl.supported_protocols", XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS) .put("xpack.security.http.ssl.enabled", true) .put("xpack.security.http.ssl.client_authentication", SslClientAuthenticationMode.REQUIRED) .build(); @@ -161,19 +158,4 @@ private byte[] toByteArray(InputStream is) throws IOException { } return baos.toByteArray(); } - - /** - * TLSv1.3 when running in a JDK prior to 11.0.3 has a race condition when multiple simultaneous connections are established. See - * JDK-8213202. This issue is not triggered when using client authentication, which we do by default for transport connections. - * However if client authentication is turned off and TLSv1.3 is used on the affected JVMs then we will hit this issue. - */ - private static List getProtocols() { - JavaVersion full = AccessController.doPrivileged( - (PrivilegedAction) () -> JavaVersion.parse(System.getProperty("java.version")) - ); - if (full.compareTo(JavaVersion.parse("11.0.3")) < 0) { - return List.of("TLSv1.2"); - } - return XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS; - } } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlRealmTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlRealmTests.java index 8fafa495e6144..4f80caffd5c31 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlRealmTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlRealmTests.java @@ -6,8 +6,6 @@ */ package org.elasticsearch.xpack.security.authc.saml; -import com.sun.net.httpserver.HttpsServer; - import org.apache.logging.log4j.message.ParameterizedMessage; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.PlainActionFuture; @@ -19,7 +17,6 @@ import org.elasticsearch.core.Tuple; import org.elasticsearch.env.Environment; import org.elasticsearch.env.TestEnvironment; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.license.MockLicenseState; import org.elasticsearch.test.http.MockResponse; import org.elasticsearch.test.http.MockWebServer; @@ -58,10 +55,8 @@ import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; -import java.security.AccessController; import java.security.KeyStore; import java.security.PrivateKey; -import java.security.PrivilegedAction; import java.security.PrivilegedActionException; import java.security.PublicKey; import java.security.cert.Certificate; @@ -150,7 +145,7 @@ public void testReadIdpMetadataFromHttps() throws Exception { "xpack.security.http.ssl.certificate_authorities", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt") ) - .putList("xpack.security.http.ssl.supported_protocols", getProtocols()) + .putList("xpack.security.http.ssl.supported_protocols", XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS) .put("path.home", createTempDir()) .setSecureSettings(mockSecureSettings) .build(); @@ -884,22 +879,4 @@ private void assertIdp1MetadataParsedCorrectly(EntityDescriptor descriptor) { assertEquals(SAMLConstants.SAML2_POST_BINDING_URI, ssoServices.get(0).getBinding()); assertEquals(SAMLConstants.SAML2_REDIRECT_BINDING_URI, ssoServices.get(1).getBinding()); } - - /** - * The {@link HttpsServer} in the JDK has issues with TLSv1.3 when running in a JDK prior to - * 12.0.1 so we pin to TLSv1.2 when running on an earlier JDK - */ - private static List getProtocols() { - if (JavaVersion.current().compareTo(JavaVersion.parse("12")) < 0) { - return List.of("TLSv1.2"); - } else { - JavaVersion full = AccessController.doPrivileged( - (PrivilegedAction) () -> JavaVersion.parse(System.getProperty("java.version")) - ); - if (full.compareTo(JavaVersion.parse("12.0.1")) < 0) { - return List.of("TLSv1.2"); - } - } - return XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS; - } } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/nio/SSLDriverTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/nio/SSLDriverTests.java index 3edf9fa793d5b..98374c84f3615 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/nio/SSLDriverTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/nio/SSLDriverTests.java @@ -6,7 +6,6 @@ */ package org.elasticsearch.xpack.security.transport.nio; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.nio.FlushOperation; import org.elasticsearch.nio.InboundChannelBuffer; import org.elasticsearch.nio.Page; @@ -31,7 +30,6 @@ import javax.net.ssl.SSLException; import javax.net.ssl.TrustManager; -import static org.hamcrest.Matchers.anyOf; import static org.hamcrest.Matchers.is; public class SSLDriverTests extends ESTestCase { @@ -172,18 +170,11 @@ public void testHandshakeFailureBecauseProtocolMismatch() throws Exception { serverProtocols = new String[] { "TLSv1.2" }; clientProtocols = new String[] { "TLSv1.1" }; expectedMessageMatcher = is("org.bouncycastle.tls.TlsFatalAlert: protocol_version(70)"); - } else if (JavaVersion.current().compareTo(JavaVersion.parse("16")) >= 0) { + } else { // JDK16 https://jdk.java.net/16/release-notes does not permit protocol TLSv1.1 OOB serverProtocols = new String[] { "TLSv1.3" }; clientProtocols = new String[] { "TLSv1.2" }; expectedMessageMatcher = is("The client supported protocol versions [TLSv1.2] are not accepted by server preferences [TLS13]"); - } else { - serverProtocols = new String[] { "TLSv1.2" }; - clientProtocols = new String[] { "TLSv1.1" }; - expectedMessageMatcher = anyOf( - is("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)"), - is("The client supported protocol versions [TLSv1.1] are not accepted by server preferences [TLS12]") - ); } serverEngine.setEnabledProtocols(serverProtocols); @@ -236,10 +227,7 @@ public void testHandshakeFailureBecauseNoCiphers() throws Exception { } public void testCloseDuringHandshakeJDK11() throws Exception { - assumeTrue( - "this tests ssl engine for JDK11", - JavaVersion.current().compareTo(JavaVersion.parse("11")) >= 0 && inFipsJvm() == false - ); + assumeTrue("this tests ssl engine for JDK11", inFipsJvm() == false); SSLContext sslContext = getSSLContext(); SSLDriver clientDriver = getDriver(sslContext.createSSLEngine(), true); SSLDriver serverDriver = getDriver(sslContext.createSSLEngine(), false); @@ -276,39 +264,6 @@ public void testCloseDuringHandshakeJDK11() throws Exception { serverDriver.read(networkReadBuffer, applicationBuffer); } - public void testCloseDuringHandshakePreJDK11() throws Exception { - assumeTrue("this tests ssl engine for pre-JDK11", JavaVersion.current().compareTo(JavaVersion.parse("11")) < 0); - SSLContext sslContext = getSSLContext(); - SSLDriver clientDriver = getDriver(sslContext.createSSLEngine(), true); - SSLDriver serverDriver = getDriver(sslContext.createSSLEngine(), false); - - clientDriver.init(); - serverDriver.init(); - - assertTrue(clientDriver.getOutboundBuffer().hasEncryptedBytesToFlush()); - sendHandshakeMessages(clientDriver, serverDriver); - sendHandshakeMessages(serverDriver, clientDriver); - - assertFalse(clientDriver.readyForApplicationData()); - assertFalse(serverDriver.readyForApplicationData()); - - serverDriver.initiateClose(); - assertTrue(serverDriver.getOutboundBuffer().hasEncryptedBytesToFlush()); - assertFalse(serverDriver.isClosed()); - sendNonApplicationWrites(serverDriver); - // We are immediately fully closed due to SSLEngine inconsistency - assertTrue(serverDriver.isClosed()); - // This should not throw exception yet as the SSLEngine will not UNWRAP data while attempting to WRAP - clientDriver.read(networkReadBuffer, applicationBuffer); - sendNonApplicationWrites(clientDriver); - SSLException sslException = expectThrows(SSLException.class, () -> clientDriver.read(networkReadBuffer, applicationBuffer)); - assertEquals("Received close_notify during handshake", sslException.getMessage()); - assertTrue(clientDriver.getOutboundBuffer().hasEncryptedBytesToFlush()); - sendNonApplicationWrites(clientDriver); - serverDriver.read(networkReadBuffer, applicationBuffer); - assertTrue(clientDriver.isClosed()); - } - private void failedCloseAlert(SSLDriver sendDriver, SSLDriver receiveDriver, List messages) throws SSLException { assertTrue(sendDriver.getOutboundBuffer().hasEncryptedBytesToFlush()); assertFalse(sendDriver.isClosed()); diff --git a/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/expression/function/scalar/datetime/NamedDateTimeProcessorTests.java b/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/expression/function/scalar/datetime/NamedDateTimeProcessorTests.java index 5e5452dbfbcdb..c4bb7e4b5bf72 100644 --- a/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/expression/function/scalar/datetime/NamedDateTimeProcessorTests.java +++ b/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/expression/function/scalar/datetime/NamedDateTimeProcessorTests.java @@ -8,7 +8,6 @@ import org.elasticsearch.common.Strings; import org.elasticsearch.common.io.stream.Writeable.Reader; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.xpack.sql.AbstractSqlWireSerializingTestCase; import org.elasticsearch.xpack.sql.expression.function.scalar.datetime.NamedDateTimeProcessor.NameExtractor; import org.junit.Assume; @@ -47,7 +46,7 @@ protected ZoneId instanceZoneId(NamedDateTimeProcessor instance) { } public void testValidDayNamesInUTC() { - assumeJava9PlusAndCompatLocaleProviderSetting(); + assumeCompatLocaleProviderSetting(); NamedDateTimeProcessor proc = new NamedDateTimeProcessor(NameExtractor.DAY_NAME, UTC); assertEquals("Thursday", proc.process(dateTime(0L))); assertEquals("Saturday", proc.process(dateTime(-64164233612338L))); @@ -60,7 +59,7 @@ public void testValidDayNamesInUTC() { } public void testValidDayNamesWithNonUTCTimeZone() { - assumeJava9PlusAndCompatLocaleProviderSetting(); + assumeCompatLocaleProviderSetting(); NamedDateTimeProcessor proc = new NamedDateTimeProcessor(NameExtractor.DAY_NAME, ZoneId.of("GMT-10:00")); assertEquals("Wednesday", proc.process(dateTime(0))); assertEquals("Friday", proc.process(dateTime(-64164233612338L))); @@ -74,7 +73,7 @@ public void testValidDayNamesWithNonUTCTimeZone() { } public void testValidMonthNamesInUTC() { - assumeJava9PlusAndCompatLocaleProviderSetting(); + assumeCompatLocaleProviderSetting(); NamedDateTimeProcessor proc = new NamedDateTimeProcessor(NameExtractor.MONTH_NAME, UTC); assertEquals("January", proc.process(dateTime(0))); assertEquals("September", proc.process(dateTime(-64165813612338L))); @@ -87,7 +86,7 @@ public void testValidMonthNamesInUTC() { } public void testValidMonthNamesWithNonUTCTimeZone() { - assumeJava9PlusAndCompatLocaleProviderSetting(); + assumeCompatLocaleProviderSetting(); NamedDateTimeProcessor proc = new NamedDateTimeProcessor(NameExtractor.MONTH_NAME, ZoneId.of("GMT-03:00")); assertEquals("December", proc.process(dateTime(0))); assertEquals("August", proc.process(dateTime(-64165813612338L))); // GMT: Tuesday, September 1, -0064 2:53:07.662 AM @@ -107,11 +106,7 @@ public void testValidMonthNamesWithNonUTCTimeZone() { * * Related infra issue: https://github.com/elastic/elasticsearch/issues/33796 */ - private void assumeJava9PlusAndCompatLocaleProviderSetting() { - // at least Java 9 - if (JavaVersion.current().compareTo(JavaVersion.parse("9")) < 0) { - return; - } + private void assumeCompatLocaleProviderSetting() { String beforeJava9CompatibleLocale = System.getProperty("java.locale.providers"); // and COMPAT setting needs to be first on the list boolean isBeforeJava9Compatible = beforeJava9CompatibleLocale != null diff --git a/x-pack/plugin/watcher/src/internalClusterTest/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookHttpsIntegrationTests.java b/x-pack/plugin/watcher/src/internalClusterTest/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookHttpsIntegrationTests.java index f60b23eff9d70..0b5d20ffb7b4e 100644 --- a/x-pack/plugin/watcher/src/internalClusterTest/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookHttpsIntegrationTests.java +++ b/x-pack/plugin/watcher/src/internalClusterTest/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookHttpsIntegrationTests.java @@ -6,13 +6,10 @@ */ package org.elasticsearch.xpack.watcher.actions.webhook; -import com.sun.net.httpserver.HttpsServer; - import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; import org.elasticsearch.index.query.QueryBuilders; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.test.http.MockResponse; import org.elasticsearch.test.http.MockWebServer; import org.elasticsearch.xpack.core.XPackSettings; @@ -32,9 +29,6 @@ import org.junit.Before; import java.nio.file.Path; -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.util.List; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures; import static org.elasticsearch.xpack.watcher.client.WatchSourceBuilders.watchBuilder; @@ -60,7 +54,7 @@ protected Settings nodeSettings(int nodeOrdinal, Settings otherSettings) { .put("xpack.http.ssl.key", keyPath) .put("xpack.http.ssl.certificate", certPath) .put("xpack.http.ssl.keystore.password", "testnode") - .putList("xpack.http.ssl.supported_protocols", getProtocols()) + .putList("xpack.http.ssl.supported_protocols", XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS) .build(); } @@ -142,22 +136,4 @@ public void testHttpsAndBasicAuth() throws Exception { assertThat(webServer.requests().get(0).getBody(), equalTo("{key=value}")); assertThat(webServer.requests().get(0).getHeader("Authorization"), equalTo("Basic X3VzZXJuYW1lOl9wYXNzd29yZA==")); } - - /** - * The {@link HttpsServer} in the JDK has issues with TLSv1.3 when running in a JDK prior to - * 12.0.1 so we pin to TLSv1.2 when running on an earlier JDK - */ - private static List getProtocols() { - if (JavaVersion.current().compareTo(JavaVersion.parse("12")) < 0) { - return List.of("TLSv1.2"); - } else { - JavaVersion full = AccessController.doPrivileged( - (PrivilegedAction) () -> JavaVersion.parse(System.getProperty("java.version")) - ); - if (full.compareTo(JavaVersion.parse("12.0.1")) < 0) { - return List.of("TLSv1.2"); - } - } - return XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS; - } } diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/common/http/HttpClientTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/common/http/HttpClientTests.java index b77e63e79464f..8126152159e58 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/common/http/HttpClientTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/common/http/HttpClientTests.java @@ -6,8 +6,6 @@ */ package org.elasticsearch.xpack.watcher.common.http; -import com.sun.net.httpserver.HttpsServer; - import org.apache.http.HttpHeaders; import org.apache.http.HttpHost; import org.apache.http.client.ClientProtocolException; @@ -27,7 +25,6 @@ import org.elasticsearch.core.Tuple; import org.elasticsearch.env.Environment; import org.elasticsearch.env.TestEnvironment; -import org.elasticsearch.jdk.JavaVersion; import org.elasticsearch.mocksocket.MockServerSocket; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.http.MockResponse; @@ -50,12 +47,9 @@ import java.net.URI; import java.nio.charset.StandardCharsets; import java.nio.file.Path; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Arrays; import java.util.Collections; import java.util.HashSet; -import java.util.List; import java.util.Locale; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; @@ -206,7 +200,7 @@ public void testHttps() throws Exception { .put("xpack.security.http.ssl.enabled", true) .put("xpack.security.http.ssl.key", keyPath) .put("xpack.security.http.ssl.certificate", certPath) - .putList("xpack.security.http.ssl.supported_protocols", getProtocols()) + .putList("xpack.security.http.ssl.supported_protocols", XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS) .setSecureSettings(secureSettings) .build(); @@ -236,7 +230,7 @@ public void testHttpsDisableHostnameVerification() throws Exception { .put("xpack.security.http.ssl.enabled", true) .put("xpack.security.http.ssl.key", keyPath) .put("xpack.security.http.ssl.certificate", certPath) - .putList("xpack.security.http.ssl.supported_protocols", getProtocols()) + .putList("xpack.security.http.ssl.supported_protocols", XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS) .setSecureSettings(secureSettings) .build(); @@ -254,7 +248,7 @@ public void testHttpsClientAuth() throws Exception { .put(environment.settings()) .put("xpack.http.ssl.key", keyPath) .put("xpack.http.ssl.certificate", certPath) - .putList("xpack.http.ssl.supported_protocols", getProtocols()) + .putList("xpack.http.ssl.supported_protocols", XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS) .setSecureSettings(secureSettings) .build(); @@ -396,7 +390,7 @@ public void testProxyCanHaveDifferentSchemeThanRequest() throws Exception { .put("xpack.http.ssl.key", keyPath) .put("xpack.http.ssl.certificate", certPath) .put("xpack.security.http.ssl.enabled", false) - .putList("xpack.security.http.ssl.supported_protocols", getProtocols()) + .putList("xpack.security.http.ssl.supported_protocols", XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS) .setSecureSettings(serverSecureSettings) .build(); TestsSSLService sslService = new TestsSSLService(TestEnvironment.newEnvironment(serverSettings)); @@ -411,7 +405,7 @@ public void testProxyCanHaveDifferentSchemeThanRequest() throws Exception { .put(HttpSettings.PROXY_PORT.getKey(), proxyServer.getPort()) .put(HttpSettings.PROXY_SCHEME.getKey(), "https") .put("xpack.http.ssl.certificate_authorities", trustedCertPath) - .putList("xpack.security.http.ssl.supported_protocols", getProtocols()) + .putList("xpack.security.http.ssl.supported_protocols", XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS) .put("xpack.security.http.ssl.enabled", false) .build(); @@ -832,22 +826,4 @@ public static ClusterService mockClusterService() { private String getWebserverUri() { return String.format(Locale.ROOT, "http://%s:%s", webServer.getHostName(), webServer.getPort()); } - - /** - * The {@link HttpsServer} in the JDK has issues with TLSv1.3 when running in a JDK prior to - * 12.0.1 so we pin to TLSv1.2 when running on an earlier JDK - */ - private static List getProtocols() { - if (JavaVersion.current().compareTo(JavaVersion.parse("12")) < 0) { - return List.of("TLSv1.2"); - } else { - JavaVersion full = AccessController.doPrivileged( - (PrivilegedAction) () -> JavaVersion.parse(System.getProperty("java.version")) - ); - if (full.compareTo(JavaVersion.parse("12.0.1")) < 0) { - return List.of("TLSv1.2"); - } - } - return XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS; - } }