Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance integration tests for SSL/TLS scenarios #54396

Open
jportner opened this issue Jan 9, 2020 · 1 comment
Open

Enhance integration tests for SSL/TLS scenarios #54396

jportner opened this issue Jan 9, 2020 · 1 comment
Labels
chore Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@jportner
Copy link
Contributor

jportner commented Jan 9, 2020
edited

We don't currently have optimal coverage for various SSL/TLS scenarios with our current integration tests. We added some in #53810, but this gap is exacerbated now that we support loading certificates/keys from PKCS#12 keystores. We should do the following:

  1. Refactor existing integration tests to use Jest integration tests
  2. Add extra tests to increase our coverage

Various permutations of scenarios are:

[Kibana | Elasticsearch] HTTP connection, testing [client cert authentication | server cert trust] using [PEM | PKCS12]-formatted cert, signed by [root CA | intermediate CA]

We should test the success and failure cases of each of these scenarios.

We should also test different types of certs including:

  • Combinations of SAN and CN, with different values (IP address, FQDN)
  • Attributes (such as CA:FALSE/CA:TRUE and others)
  • Key types (RSA, ECC)

We should also change our tests to dynamically generate certificates instead of using hard-coded certs. https://github.com/MatthiasValvekens/certomancer might be a good tool to use for this.
@jportner jportner added chore Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! labels Jan 9, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@exalate-issue-sync exalate-issue-sync bot added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort labels Aug 5, 2021
@exalate-issue-sync exalate-issue-sync bot added loe:medium Medium Level of Effort and removed loe:small Small Level of Effort labels Sep 29, 2021
@exalate-issue-sync exalate-issue-sync bot added loe:small Small Level of Effort and removed loe:medium Medium Level of Effort labels Feb 14, 2022
@legrego legrego removed EnableJiraSync loe:small Small Level of Effort impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. labels Aug 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
chore Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@legrego @jportner @elasticmachine