mirror of https://github.com/apache/lucene.git
SOLR-8970: Change SSLTestConfig to use a keystore file that is included as a resource in the test-framework jar so users subclassing SolrTestCaseJ4 don't need to preserve magic paths
(cherry picked from commit 76063648ae
)
This commit is contained in:
parent
84ffc4d690
commit
1d7094c931
|
@ -172,6 +172,9 @@ Bug Fixes
|
||||||
|
|
||||||
* SOLR-9093: Fix NullPointerException in TopGroupsShardResponseProcessor. (Christine Poerschke)
|
* SOLR-9093: Fix NullPointerException in TopGroupsShardResponseProcessor. (Christine Poerschke)
|
||||||
|
|
||||||
|
* SOLR-8970: Change SSLTestConfig to use a keystore file that is included as a resource in the
|
||||||
|
test-framework jar so users subclassing SolrTestCaseJ4 don't need to preserve magic paths (hossman)
|
||||||
|
|
||||||
Optimizations
|
Optimizations
|
||||||
----------------------
|
----------------------
|
||||||
* SOLR-8722: Don't force a full ZkStateReader refresh on every Overseer operation.
|
* SOLR-8722: Don't force a full ZkStateReader refresh on every Overseer operation.
|
||||||
|
|
|
@ -38,9 +38,15 @@
|
||||||
</target>
|
</target>
|
||||||
|
|
||||||
<target name="compile-core" depends="resolve, compile-solr-core, compile-test-framework">
|
<target name="compile-core" depends="resolve, compile-solr-core, compile-test-framework">
|
||||||
|
<!-- TODO: why does test-framework override compile-core to use this special classpath? -->
|
||||||
<compile srcdir="${src.dir}" destdir="${build.dir}/classes/java">
|
<compile srcdir="${src.dir}" destdir="${build.dir}/classes/java">
|
||||||
<classpath refid="test.base.classpath"/>
|
<classpath refid="test.base.classpath"/>
|
||||||
</compile>
|
</compile>
|
||||||
|
|
||||||
|
<!-- Copy the resources folder (if existent) -->
|
||||||
|
<copy todir="${build.dir}/classes/java">
|
||||||
|
<fileset dir="${resources.dir}" erroronmissingdir="no"/>
|
||||||
|
</copy>
|
||||||
</target>
|
</target>
|
||||||
|
|
||||||
<!-- redefine the clover setup, because we dont want to run clover for the test-framework -->
|
<!-- redefine the clover setup, because we dont want to run clover for the test-framework -->
|
||||||
|
|
|
@ -27,6 +27,7 @@ import java.security.SecureRandomSpi;
|
||||||
import java.security.UnrecoverableKeyException;
|
import java.security.UnrecoverableKeyException;
|
||||||
|
|
||||||
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.SSLContext;
|
||||||
|
import java.net.MalformedURLException;
|
||||||
|
|
||||||
import org.apache.http.conn.scheme.Scheme;
|
import org.apache.http.conn.scheme.Scheme;
|
||||||
import org.apache.http.conn.scheme.SchemeRegistry;
|
import org.apache.http.conn.scheme.SchemeRegistry;
|
||||||
|
@ -47,24 +48,92 @@ import org.eclipse.jetty.util.resource.Resource;
|
||||||
import org.eclipse.jetty.util.security.CertificateUtils;
|
import org.eclipse.jetty.util.security.CertificateUtils;
|
||||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* An {@link SSLConfig} that supports reading key/trust store information directly from resource
|
||||||
|
* files provided with the Solr test-framework classes
|
||||||
|
*/
|
||||||
public class SSLTestConfig extends SSLConfig {
|
public class SSLTestConfig extends SSLConfig {
|
||||||
|
|
||||||
|
/** @deprecated No longer used except by {@link #setSSLSystemProperties} */
|
||||||
public static File TEST_KEYSTORE = ExternalPaths.SERVER_HOME == null ? null
|
public static File TEST_KEYSTORE = ExternalPaths.SERVER_HOME == null ? null
|
||||||
: new File(ExternalPaths.SERVER_HOME, "../etc/test/solrtest.keystore");
|
: new File(ExternalPaths.SERVER_HOME, "../etc/test/solrtest.keystore");
|
||||||
|
|
||||||
|
/** @deprecated No longer used except by {@link #setSSLSystemProperties} */
|
||||||
private static String TEST_KEYSTORE_PATH = TEST_KEYSTORE != null
|
private static String TEST_KEYSTORE_PATH = TEST_KEYSTORE != null
|
||||||
&& TEST_KEYSTORE.exists() ? TEST_KEYSTORE.getAbsolutePath() : null;
|
&& TEST_KEYSTORE.exists() ? TEST_KEYSTORE.getAbsolutePath() : null;
|
||||||
private static String TEST_KEYSTORE_PASSWORD = "secret";
|
|
||||||
|
private static final String TEST_KEYSTORE_RESOURCE = "SSLTestConfig.testing.keystore";
|
||||||
|
private static final String TEST_KEYSTORE_PASSWORD = "secret";
|
||||||
|
|
||||||
|
private final Resource keyStore;
|
||||||
|
private final Resource trustStore;
|
||||||
|
|
||||||
|
/** Creates an SSLTestConfig that does not use SSL or client authentication */
|
||||||
public SSLTestConfig() {
|
public SSLTestConfig() {
|
||||||
this(false, false);
|
this(false, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create an SSLTestConfig based on a few caller specified options. As needed,
|
||||||
|
* keystore/truststore information will be pulled from a hardocded resource file provided
|
||||||
|
* by the solr test-framework.
|
||||||
|
*
|
||||||
|
* @param useSSL - wether SSL should be required.
|
||||||
|
* @param clientAuth - whether client authentication should be required.
|
||||||
|
*/
|
||||||
public SSLTestConfig(boolean useSSL, boolean clientAuth) {
|
public SSLTestConfig(boolean useSSL, boolean clientAuth) {
|
||||||
this(useSSL, clientAuth, TEST_KEYSTORE_PATH, TEST_KEYSTORE_PASSWORD, TEST_KEYSTORE_PATH, TEST_KEYSTORE_PASSWORD);
|
super(useSSL, clientAuth, null, TEST_KEYSTORE_PASSWORD, null, TEST_KEYSTORE_PASSWORD);
|
||||||
|
trustStore = keyStore = Resource.newClassPathResource(TEST_KEYSTORE_RESOURCE);
|
||||||
|
if (null == keyStore || ! keyStore.exists() ) {
|
||||||
|
throw new IllegalStateException("Unable to locate keystore resource file in classpath: "
|
||||||
|
+ TEST_KEYSTORE_RESOURCE);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create an SSLTestConfig using explicit paths for files
|
||||||
|
* @deprecated - use {@link SSLConfig} directly
|
||||||
|
*/
|
||||||
|
@Deprecated
|
||||||
public SSLTestConfig(boolean useSSL, boolean clientAuth, String keyStore, String keyStorePassword, String trustStore, String trustStorePassword) {
|
public SSLTestConfig(boolean useSSL, boolean clientAuth, String keyStore, String keyStorePassword, String trustStore, String trustStorePassword) {
|
||||||
super(useSSL, clientAuth, keyStore, keyStorePassword, trustStore, trustStorePassword);
|
super(useSSL, clientAuth, keyStore, keyStorePassword, trustStore, trustStorePassword);
|
||||||
|
this.keyStore = tryNewResource(keyStore, "KeyStore");
|
||||||
|
this.trustStore = tryNewResource(trustStore, "TrustStore");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Helper utility for building resources from arbitrary user input paths/urls
|
||||||
|
* if input is null, returns null; otherwise attempts to build Resource and verifies that Resource exists.
|
||||||
|
*/
|
||||||
|
private static final Resource tryNewResource(String userInput, String type) {
|
||||||
|
if (null == userInput) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
Resource result;
|
||||||
|
try {
|
||||||
|
result = Resource.newResource(userInput);
|
||||||
|
} catch (MalformedURLException e) {
|
||||||
|
throw new IllegalArgumentException("Can't build " + type + " Resource: " + e.getMessage(), e);
|
||||||
|
}
|
||||||
|
if (! result.exists()) {
|
||||||
|
throw new IllegalArgumentException(type + " Resource does not exist " + result.getName());
|
||||||
|
}
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** NOTE: This method is meaningless unless you explicitly provide paths when constructing this instance
|
||||||
|
* @see #SSLTestConfig(boolean,boolean,String,String,String,String)
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public String getKeyStore() {
|
||||||
|
return super.getKeyStore();
|
||||||
|
}
|
||||||
|
/** NOTE: This method is meaningless unless you explicitly provide paths when constructing this instance
|
||||||
|
* @see #SSLTestConfig(boolean,boolean,String,String,String,String)
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public String getTrustStore() {
|
||||||
|
return super.getTrustStore();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -100,10 +169,10 @@ public class SSLTestConfig extends SSLConfig {
|
||||||
|
|
||||||
// NOTE: KeyStore & TrustStore are swapped because they are from configured from server perspective...
|
// NOTE: KeyStore & TrustStore are swapped because they are from configured from server perspective...
|
||||||
// we are a client - our keystore contains the keys the server trusts, and vice versa
|
// we are a client - our keystore contains the keys the server trusts, and vice versa
|
||||||
builder.loadTrustMaterial(buildKeyStore(getKeyStore(), getKeyStorePassword()), new TrustSelfSignedStrategy()).build();
|
builder.loadTrustMaterial(buildKeyStore(keyStore, getKeyStorePassword()), new TrustSelfSignedStrategy()).build();
|
||||||
|
|
||||||
if (isClientAuthMode()) {
|
if (isClientAuthMode()) {
|
||||||
builder.loadKeyMaterial(buildKeyStore(getTrustStore(), getTrustStorePassword()), getTrustStorePassword().toCharArray());
|
builder.loadKeyMaterial(buildKeyStore(trustStore, getTrustStorePassword()), getTrustStorePassword().toCharArray());
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -127,10 +196,10 @@ public class SSLTestConfig extends SSLConfig {
|
||||||
SSLContextBuilder builder = SSLContexts.custom();
|
SSLContextBuilder builder = SSLContexts.custom();
|
||||||
builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
|
builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
|
||||||
|
|
||||||
builder.loadKeyMaterial(buildKeyStore(getKeyStore(), getKeyStorePassword()), getKeyStorePassword().toCharArray());
|
builder.loadKeyMaterial(buildKeyStore(keyStore, getKeyStorePassword()), getKeyStorePassword().toCharArray());
|
||||||
|
|
||||||
if (isClientAuthMode()) {
|
if (isClientAuthMode()) {
|
||||||
builder.loadTrustMaterial(buildKeyStore(getTrustStore(), getTrustStorePassword()), new TrustSelfSignedStrategy()).build();
|
builder.loadTrustMaterial(buildKeyStore(trustStore, getTrustStorePassword()), new TrustSelfSignedStrategy()).build();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -161,11 +230,11 @@ public class SSLTestConfig extends SSLConfig {
|
||||||
/**
|
/**
|
||||||
* Constructs a KeyStore using the specified filename and password
|
* Constructs a KeyStore using the specified filename and password
|
||||||
*/
|
*/
|
||||||
protected static KeyStore buildKeyStore(String keyStoreLocation, String password) {
|
protected static KeyStore buildKeyStore(Resource resource, String password) {
|
||||||
try {
|
try {
|
||||||
return CertificateUtils.getKeyStore(Resource.newResource(keyStoreLocation), "JKS", null, password);
|
return CertificateUtils.getKeyStore(resource, "JKS", null, password);
|
||||||
} catch (Exception ex) {
|
} catch (Exception ex) {
|
||||||
throw new IllegalStateException("Unable to build KeyStore from file: " + keyStoreLocation, ex);
|
throw new IllegalStateException("Unable to build KeyStore from resource: " + resource.getName(), ex);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Binary file not shown.
Loading…
Reference in New Issue