[CI] Several SamlRealmTests tests fail in 6.8

[csoulios]

Build scan: https://gradle-enterprise.elastic.co/s/be2jkrewk46uo

Repro line:

Several failures:

./gradlew ':x-pack:plugin:security:unitTest' -Dtests.seed=F9455121989F4E62 -Dtests.class=org.elasticsearch.xpack.security.authc.saml.SamlRealmTests -Dtests.method="testCreateEncryptionCredentialFromKeyStore" -Dtests.security.manager=true -Dtests.locale=cs-CZ -Dtests.timezone=Chile/Continental -Dcompiler.java=11 -Druntime.java=8

./gradlew ':x-pack:plugin:security:unitTest' -Dtests.seed=F9455121989F4E62 -Dtests.class=org.elasticsearch.xpack.security.authc.saml.SamlRealmTests -Dtests.method="testCreateSigningCredentialFromKeyStoreSuccessScenarios" -Dtests.security.manager=true -Dtests.locale=cs-CZ -Dtests.timezone=Chile/Continental -Dcompiler.java=11 -Druntime.java=8

./gradlew ':x-pack:plugin:security:unitTest' -Dtests.seed=F9455121989F4E62 -Dtests.class=org.elasticsearch.xpack.security.authc.saml.SamlRealmTests -Dtests.method="testCreateSigningCredentialFromKeyStoreFailureScenarios" -Dtests.security.manager=true -Dtests.locale=cs-CZ -Dtests.timezone=Chile/Continental -Dcompiler.java=11 -Druntime.java=8

Reproduces locally?: Yes

Applicable branches: 6.8

Failure history:
https://build-stats.elastic.co/app/kibana#/discover?_g=(refreshInterval:(pause:!t,value:0),time:(from:'2021-06-30T21:00:00.000Z',mode:absolute,to:'2021-07-31T20:59:59.999Z'))&_a=(columns:!(branch),index:e58bf320-7efd-11e8-bf69-63c8ef516157,interval:auto,query:(language:lucene,query:'class:%22org.elasticsearch.xpack.security.authc.saml.SamlRealmTests%22'),sort:!(time,desc))

Failure excerpt:

Suite: org.elasticsearch.xpack.security.authc.saml.SamlRealmTests
  1> [2021-07-16T04:56:02,878][INFO ][o.e.x.s.a.s.SamlRealmTests] [testCreateEncryptionCredentialFromKeyStore] before test
  1> [2021-07-16T04:56:02,897][INFO ][o.e.x.s.a.s.SamlRealmTests] [testCreateEncryptionCredentialFromKeyStore] after test
  2> REPRODUCE WITH: ./gradlew ':x-pack:plugin:security:unitTest' -Dtests.seed=F9455121989F4E62 -Dtests.class=org.elasticsearch.xpack.security.authc.saml.SamlRealmTests -Dtests.method="testCreateEncryptionCredentialFromKeyStore" -Dtests.security.manager=true -Dtests.locale=cs-CZ -Dtests.timezone=Chile/Continental -Dcompiler.java=11 -Druntime.java=8
ERROR   0.03s J14 | SamlRealmTests.testCreateEncryptionCredentialFromKeyStore <<< FAILURES!
   > Throwable #1: java.security.KeyStoreException: Key protection  algorithm not found: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
   > 	at __randomizedtesting.SeedInfo.seed([F9455121989F4E62:AD30F35E8E6F4558]:0)
   > 	at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:677)
   > 	at sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:577)
   > 	at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
   > 	at org.elasticsearch.xpack.security.authc.saml.SamlRealmTests.testCreateEncryptionCredentialFromKeyStore(SamlRealmTests.java:415)
   > 	at java.lang.Thread.run(Thread.java:748)
   > Caused by: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
   > 	at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:921)
   > 	at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:614)
   > 	... 40 more
   > Caused by: java.security.NoSuchAlgorithmException: unrecognized algorithm name: PBEWithSHA1AndDESede
   > 	at sun.security.x509.AlgorithmId.get(AlgorithmId.java:448)
   > 	at sun.security.pkcs12.PKCS12KeyStore.mapPBEAlgorithmToOID(PKCS12KeyStore.java:938)
   > 	at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:895)
   > 	... 41 more
  1> [2021-07-16T04:56:02,912][INFO ][o.e.x.s.a.s.SamlRealmTests] [testAttributeSelectionWithRegex] before test
  1> [2021-07-16T04:56:02,920][INFO ][o.e.x.s.a.s.SamlRealmTests] [testAttributeSelectionWithRegex] after test
  1> [2021-07-16T04:56:02,922][INFO ][o.e.x.s.a.s.SamlRealmTests] [testNonMatchingPrincipalPatternThrowsSamlException] before test
  1> [2021-07-16T04:56:02,964][INFO ][o.e.x.s.a.s.SamlRealmTests] [testNonMatchingPrincipalPatternThrowsSamlException] after test
  1> [2021-07-16T04:56:02,966][INFO ][o.e.x.s.a.s.SamlRealmTests] [testCreateSigningCredentialFromKeyStoreSuccessScenarios] before test
  1> [2021-07-16T04:56:02,976][INFO ][o.e.x.s.a.s.SamlRealmTests] [testCreateSigningCredentialFromKeyStoreSuccessScenarios] after test
  2> REPRODUCE WITH: ./gradlew ':x-pack:plugin:security:unitTest' -Dtests.seed=F9455121989F4E62 -Dtests.class=org.elasticsearch.xpack.security.authc.saml.SamlRealmTests -Dtests.method="testCreateSigningCredentialFromKeyStoreSuccessScenarios" -Dtests.security.manager=true -Dtests.locale=cs-CZ -Dtests.timezone=Chile/Continental -Dcompiler.java=11 -Druntime.java=8
ERROR   0.01s J14 | SamlRealmTests.testCreateSigningCredentialFromKeyStoreSuccessScenarios <<< FAILURES!
   > Throwable #1: java.security.KeyStoreException: Key protection  algorithm not found: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
   > 	at __randomizedtesting.SeedInfo.seed([F9455121989F4E62:E3B03A935DDCB284]:0)
   > 	at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:677)
   > 	at sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:577)
   > 	at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
   > 	at org.elasticsearch.xpack.security.authc.saml.SamlRealmTests.testCreateSigningCredentialFromKeyStoreSuccessScenarios(SamlRealmTests.java:461)
   > 	at java.lang.Thread.run(Thread.java:748)
   > Caused by: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
   > 	at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:921)
   > 	at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:614)
   > 	... 40 more
   > Caused by: java.security.NoSuchAlgorithmException: unrecognized algorithm name: PBEWithSHA1AndDESede
   > 	at sun.security.x509.AlgorithmId.get(AlgorithmId.java:448)
   > 	at sun.security.pkcs12.PKCS12KeyStore.mapPBEAlgorithmToOID(PKCS12KeyStore.java:938)
   > 	at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:895)
   > 	... 41 more
  1> [2021-07-16T04:56:02,980][INFO ][o.e.x.s.a.s.SamlRealmTests] [testReadIdpMetadataFromFile] before test
  1> [2021-07-16T04:56:03,024][INFO ][o.e.x.s.a.s.SamlRealmTests] [testReadIdpMetadataFromFile] Ignoring setting [xpack.security.authc.realms.my-saml.idp.metadata.http.refresh] because the IdP metadata is being loaded from a file
  1> [2021-07-16T04:56:03,086][INFO ][o.o.s.m.r.i.AbstractReloadingMetadataResolver] [testReadIdpMetadataFromFile] Metadata Resolver FilesystemMetadataResolver my-saml: New metadata successfully loaded for '/dev/shm/elastic+elasticsearch+6.8+periodic+java-matrix/x-pack/plugin/security/build/resources/test/org/elasticsearch/xpack/security/authc/saml/idp1.xml'
  1> [2021-07-16T04:56:03,086][INFO ][o.o.s.m.r.i.AbstractReloadingMetadataResolver] [testReadIdpMetadataFromFile] Metadata Resolver FilesystemMetadataResolver my-saml: Next refresh cycle for metadata provider '/dev/shm/elastic+elasticsearch+6.8+periodic+java-matrix/x-pack/plugin/security/build/resources/test/org/elasticsearch/xpack/security/authc/saml/idp1.xml' will occur on '2021-07-17T08:56:03.086Z' ('2021-07-17T08:56:03.086Z' local time)
  1> [2021-07-16T04:56:03,101][INFO ][o.e.x.s.a.s.SamlRealmTests] [testReadIdpMetadataFromFile] after test
  1> [2021-07-16T04:56:03,104][INFO ][o.e.x.s.a.s.SamlRealmTests] [testReadIdpMetadataFromHttps] before test
  1> [2021-07-16T04:56:03,136][INFO ][o.e.t.h.MockWebServer    ] [testReadIdpMetadataFromHttps] bound HTTP mock server to [127.0.0.1:41493]
  1> [2021-07-16T04:56:03,477][INFO ][o.o.s.m.r.i.AbstractReloadingMetadataResolver] [testReadIdpMetadataFromHttps] Metadata Resolver PrivilegedHTTPMetadataResolver my-saml: New metadata successfully loaded for 'https://localhost:41493'
  1> [2021-07-16T04:56:03,478][INFO ][o.o.s.m.r.i.AbstractReloadingMetadataResolver] [testReadIdpMetadataFromHttps] Metadata Resolver PrivilegedHTTPMetadataResolver my-saml: Next refresh cycle for metadata provider 'https://localhost:41493' will occur on '2021-07-16T08:56:06.477Z' ('2021-07-16T08:56:06.477Z' local time)
  1> [2021-07-16T04:56:06,492][INFO ][o.o.s.m.r.i.AbstractReloadingMetadataResolver] [[Timer-1]] Metadata Resolver PrivilegedHTTPMetadataResolver my-saml: New metadata successfully loaded for 'https://localhost:41493'
  1> [2021-07-16T04:56:06,493][INFO ][o.o.s.m.r.i.AbstractReloadingMetadataResolver] [[Timer-1]] Metadata Resolver PrivilegedHTTPMetadataResolver my-saml: Next refresh cycle for metadata provider 'https://localhost:41493' will occur on '2021-07-16T08:56:09.492Z' ('2021-07-16T08:56:09.492Z' local time)
  1> [2021-07-16T04:56:07,583][INFO ][o.e.x.s.a.s.SamlRealmTests] [testReadIdpMetadataFromHttps] after test
  1> [2021-07-16T04:56:07,585][INFO ][o.e.x.s.a.s.SamlRealmTests] [testCreateCredentialFromPemFiles] before test
  1> [2021-07-16T04:56:07,602][INFO ][o.e.x.s.a.s.SamlRealmTests] [testCreateCredentialFromPemFiles] after test
  1> [2021-07-16T04:56:07,609][INFO ][o.e.x.s.a.s.SamlRealmTests] [testBuildLogoutRequest] before test
  1> [2021-07-16T04:56:07,630][INFO ][o.e.x.s.a.s.SamlRealmTests] [testBuildLogoutRequest] after test
  1> [2021-07-16T04:56:07,632][INFO ][o.e.x.s.a.s.SamlRealmTests] [testCorrectRealmSelected] before test
  1> [2021-07-16T04:56:07,637][INFO ][o.e.x.s.a.s.SamlRealmTests] [testCorrectRealmSelected] after test
  1> [2021-07-16T04:56:07,639][INFO ][o.e.x.s.a.s.SamlRealmTests] [testAuthenticateWithAuthorizingRealm] before test
  1> [2021-07-16T04:56:07,651][INFO ][o.e.x.s.a.s.SamlRealmTests] [testAuthenticateWithAuthorizingRealm] after test
  1> [2021-07-16T04:56:07,653][INFO ][o.e.x.s.a.s.SamlRealmTests] [testMissingPrincipalSettingThrowsSettingsException] before test
  1> [2021-07-16T04:56:07,656][INFO ][o.e.x.s.a.s.SamlRealmTests] [testMissingPrincipalSettingThrowsSettingsException] after test
  1> [2021-07-16T04:56:07,658][INFO ][o.e.x.s.a.s.SamlRealmTests] [testSettingPatternWithoutAttributeThrowsSettingsException] before test
  1> [2021-07-16T04:56:07,662][INFO ][o.e.x.s.a.s.SamlRealmTests] [testSettingPatternWithoutAttributeThrowsSettingsException] after test
  1> [2021-07-16T04:56:07,664][INFO ][o.e.x.s.a.s.SamlRealmTests] [testCreateSigningCredentialFromKeyStoreFailureScenarios] before test
  1> [2021-07-16T04:56:07,677][INFO ][o.e.x.s.a.s.SamlRealmTests] [testCreateSigningCredentialFromKeyStoreFailureScenarios] after test
  2> REPRODUCE WITH: ./gradlew ':x-pack:plugin:security:unitTest' -Dtests.seed=F9455121989F4E62 -Dtests.class=org.elasticsearch.xpack.security.authc.saml.SamlRealmTests -Dtests.method="testCreateSigningCredentialFromKeyStoreFailureScenarios" -Dtests.security.manager=true -Dtests.locale=cs-CZ -Dtests.timezone=Chile/Continental -Dcompiler.java=11 -Druntime.java=8
ERROR   0.02s J14 | SamlRealmTests.testCreateSigningCredentialFromKeyStoreFailureScenarios <<< FAILURES!
   > Throwable #1: java.security.KeyStoreException: Key protection  algorithm not found: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
   > 	at __randomizedtesting.SeedInfo.seed([F9455121989F4E62:8F685475721C8F01]:0)
   > 	at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:677)
   > 	at sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:577)
   > 	at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
   > 	at org.elasticsearch.xpack.security.authc.saml.SamlRealmTests.testCreateSigningCredentialFromKeyStoreFailureScenarios(SamlRealmTests.java:508)
   > 	at java.lang.Thread.run(Thread.java:748)
   > Caused by: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
   > 	at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:921)
   > 	at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:614)
   > 	... 40 more
   > Caused by: java.security.NoSuchAlgorithmException: unrecognized algorithm name: PBEWithSHA1AndDESede
   > 	at sun.security.x509.AlgorithmId.get(AlgorithmId.java:448)
   > 	at sun.security.pkcs12.PKCS12KeyStore.mapPBEAlgorithmToOID(PKCS12KeyStore.java:938)
   > 	at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:895)
   > 	... 41 more
  1> [2021-07-16T04:56:07,682][INFO ][o.e.x.s.a.s.SamlRealmTests] [testAuthenticateWithRoleMapping] before test
  1> [2021-07-16T04:56:07,687][INFO ][o.e.x.s.a.s.SamlRealmTests] [testAuthenticateWithRoleMapping] after test
  2> NOTE: leaving temporary files on disk at: /dev/shm/elastic+elasticsearch+6.8+periodic+java-matrix/x-pack/plugin/security/build/testrun/unitTest/J14/temp/org.elasticsearch.xpack.security.authc.saml.SamlRealmTests_F9455121989F4E62-001
  2> NOTE: test params are: codec=Asserting(Lucene70): {}, docValues:{}, maxPointsInLeafNode=1641, maxMBSortInHeap=6.7862312423124225, sim=RandomSimilarity(queryNorm=true): {}, locale=cs-CZ, timezone=Chile/Continental
  2> NOTE: Linux 4.18.0-305.7.1.el8_4.x86_64 amd64/AdoptOpenJDK 1.8.0_292 (64-bit)/cpus=32,threads=1,free=281401312,total=514850816
  2> NOTE: All tests run in this JVM: [FieldPermissionsTests, BCryptTests, LegacyDocumentLevelSecurityTests, TransportSetEnabledActionTests, TransportPutRoleActionTests, PkiRealmBootstrapCheckTests, SecurityNetty4HttpServerTransportTests, RestInvalidateTokenActionTests, LdapMetaDataResolverTests, SecurityContextTests, SecurityFeatureSetTests, SecurityPluginTests, SecuritySettingsTests, SecurityTests, SecurityActionFilterTests, PutRoleBuilderTests, TransportDeleteRoleActionTests, InternalRealmsTests, RealmSettingsTests, RealmsTests, FileRealmTests, LdapSessionFactoryTests, SamlAuthnRequestBuilderTests, SamlMetadataCommandTests, SamlRealmTests]
Completed [152/205] on J14 in 4.87s, 14 tests, 3 errors <<< FAILURES!

HEARTBEAT J3 PID(228855@elasticsearch-ci-immutable-centos-8-1626420739959392139): 2021-07-16T08:56:08, stalled for 10.4s at: HasherTests.testPBKDF2FamilySelfGenerated
HEARTBEAT J9 PID(228865@elasticsearch-ci-immutable-centos-8-1626420739959392139): 2021-07-16T08:56:14, stalled for 10.9s at: FieldLevelSecurityTests.testMSearchApi
HEARTBEAT J5 PID(228923@elasticsearch-ci-immutable-centos-8-1626420739959392139): 2021-07-16T08:56:22, stalled for 10.7s at: LicensingTests.testSecurityActionsByLicenseType
HEARTBEAT J2 PID(228863@elasticsearch-ci-immutable-centos-8-1626420739959392139): 2021-07-16T08:56:32, stalled for 11.5s at: TokenServiceTests.testKeyExchange
HEARTBEAT J2 PID(228863@elasticsearch-ci-immutable-centos-8-1626420739959392139): 2021-07-16T08:56:42, stalled for 21.6s at: TokenServiceTests.testKeyExchange
HEARTBEAT J1 PID(228968@elasticsearch-ci-immutable-centos-8-1626420739959392139): 2021-07-16T08:56:48, stalled for 10.3s at: TokenAuthIntegTests.testInvalidateAllTokensForUser
HEARTBEAT J6 PID(229002@elasticsearch-ci-immutable-centos-8-1626420739959392139): 2021-07-16T08:57:08, stalled for 11.4s at: DocumentLevelSecurityRandomTests.testDuelWithAliasFilters
HEARTBEAT J1 PID(228968@elasticsearch-ci-immutable-centos-8-1626420739959392139): 2021-07-16T08:57:22, stalled for 10.5s at: TokenAuthIntegTests.testInvalidateAllTokensForRealm
Tests with failures:
  - org.elasticsearch.xpack.security.authc.saml.SamlRealmTests.testCreateEncryptionCredentialFromKeyStore
  - org.elasticsearch.xpack.security.authc.saml.SamlRealmTests.testCreateSigningCredentialFromKeyStoreSuccessScenarios
  - org.elasticsearch.xpack.security.authc.saml.SamlRealmTests.testCreateSigningCredentialFromKeyStoreFailureScenarios

Probably this ticket is the same as #75379 but includes more failed tests

Also, it looks like tests fail after #75324 was merged to 6.8

[elasticmachine]

Pinging @elastic/es-security (Team:Security)