SOLR-8970: Change SSLTestConfig to use a keystore file that is included as a resource in the test-framework jar so users subclassing SolrTestCaseJ4 don't need to preserve magic paths

(cherry picked from commit 76063648ae)
This commit is contained in:
Chris Hostetter 2016-05-11 16:28:07 -07:00
parent 84ffc4d690
commit 1d7094c931
4 changed files with 91 additions and 13 deletions

View File

@ -172,6 +172,9 @@ Bug Fixes
* SOLR-9093: Fix NullPointerException in TopGroupsShardResponseProcessor. (Christine Poerschke) * SOLR-9093: Fix NullPointerException in TopGroupsShardResponseProcessor. (Christine Poerschke)
* SOLR-8970: Change SSLTestConfig to use a keystore file that is included as a resource in the
test-framework jar so users subclassing SolrTestCaseJ4 don't need to preserve magic paths (hossman)
Optimizations Optimizations
---------------------- ----------------------
* SOLR-8722: Don't force a full ZkStateReader refresh on every Overseer operation. * SOLR-8722: Don't force a full ZkStateReader refresh on every Overseer operation.

View File

@ -38,9 +38,15 @@
</target> </target>
<target name="compile-core" depends="resolve, compile-solr-core, compile-test-framework"> <target name="compile-core" depends="resolve, compile-solr-core, compile-test-framework">
<!-- TODO: why does test-framework override compile-core to use this special classpath? -->
<compile srcdir="${src.dir}" destdir="${build.dir}/classes/java"> <compile srcdir="${src.dir}" destdir="${build.dir}/classes/java">
<classpath refid="test.base.classpath"/> <classpath refid="test.base.classpath"/>
</compile> </compile>
<!-- Copy the resources folder (if existent) -->
<copy todir="${build.dir}/classes/java">
<fileset dir="${resources.dir}" erroronmissingdir="no"/>
</copy>
</target> </target>
<!-- redefine the clover setup, because we dont want to run clover for the test-framework --> <!-- redefine the clover setup, because we dont want to run clover for the test-framework -->

View File

@ -27,6 +27,7 @@ import java.security.SecureRandomSpi;
import java.security.UnrecoverableKeyException; import java.security.UnrecoverableKeyException;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
import java.net.MalformedURLException;
import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry; import org.apache.http.conn.scheme.SchemeRegistry;
@ -47,24 +48,92 @@ import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.security.CertificateUtils; import org.eclipse.jetty.util.security.CertificateUtils;
import org.eclipse.jetty.util.ssl.SslContextFactory; import org.eclipse.jetty.util.ssl.SslContextFactory;
/**
* An {@link SSLConfig} that supports reading key/trust store information directly from resource
* files provided with the Solr test-framework classes
*/
public class SSLTestConfig extends SSLConfig { public class SSLTestConfig extends SSLConfig {
/** @deprecated No longer used except by {@link #setSSLSystemProperties} */
public static File TEST_KEYSTORE = ExternalPaths.SERVER_HOME == null ? null public static File TEST_KEYSTORE = ExternalPaths.SERVER_HOME == null ? null
: new File(ExternalPaths.SERVER_HOME, "../etc/test/solrtest.keystore"); : new File(ExternalPaths.SERVER_HOME, "../etc/test/solrtest.keystore");
/** @deprecated No longer used except by {@link #setSSLSystemProperties} */
private static String TEST_KEYSTORE_PATH = TEST_KEYSTORE != null private static String TEST_KEYSTORE_PATH = TEST_KEYSTORE != null
&& TEST_KEYSTORE.exists() ? TEST_KEYSTORE.getAbsolutePath() : null; && TEST_KEYSTORE.exists() ? TEST_KEYSTORE.getAbsolutePath() : null;
private static String TEST_KEYSTORE_PASSWORD = "secret";
private static final String TEST_KEYSTORE_RESOURCE = "SSLTestConfig.testing.keystore";
private static final String TEST_KEYSTORE_PASSWORD = "secret";
private final Resource keyStore;
private final Resource trustStore;
/** Creates an SSLTestConfig that does not use SSL or client authentication */
public SSLTestConfig() { public SSLTestConfig() {
this(false, false); this(false, false);
} }
/**
* Create an SSLTestConfig based on a few caller specified options. As needed,
* keystore/truststore information will be pulled from a hardocded resource file provided
* by the solr test-framework.
*
* @param useSSL - wether SSL should be required.
* @param clientAuth - whether client authentication should be required.
*/
public SSLTestConfig(boolean useSSL, boolean clientAuth) { public SSLTestConfig(boolean useSSL, boolean clientAuth) {
this(useSSL, clientAuth, TEST_KEYSTORE_PATH, TEST_KEYSTORE_PASSWORD, TEST_KEYSTORE_PATH, TEST_KEYSTORE_PASSWORD); super(useSSL, clientAuth, null, TEST_KEYSTORE_PASSWORD, null, TEST_KEYSTORE_PASSWORD);
trustStore = keyStore = Resource.newClassPathResource(TEST_KEYSTORE_RESOURCE);
if (null == keyStore || ! keyStore.exists() ) {
throw new IllegalStateException("Unable to locate keystore resource file in classpath: "
+ TEST_KEYSTORE_RESOURCE);
}
} }
/**
* Create an SSLTestConfig using explicit paths for files
* @deprecated - use {@link SSLConfig} directly
*/
@Deprecated
public SSLTestConfig(boolean useSSL, boolean clientAuth, String keyStore, String keyStorePassword, String trustStore, String trustStorePassword) { public SSLTestConfig(boolean useSSL, boolean clientAuth, String keyStore, String keyStorePassword, String trustStore, String trustStorePassword) {
super(useSSL, clientAuth, keyStore, keyStorePassword, trustStore, trustStorePassword); super(useSSL, clientAuth, keyStore, keyStorePassword, trustStore, trustStorePassword);
this.keyStore = tryNewResource(keyStore, "KeyStore");
this.trustStore = tryNewResource(trustStore, "TrustStore");
}
/**
* Helper utility for building resources from arbitrary user input paths/urls
* if input is null, returns null; otherwise attempts to build Resource and verifies that Resource exists.
*/
private static final Resource tryNewResource(String userInput, String type) {
if (null == userInput) {
return null;
}
Resource result;
try {
result = Resource.newResource(userInput);
} catch (MalformedURLException e) {
throw new IllegalArgumentException("Can't build " + type + " Resource: " + e.getMessage(), e);
}
if (! result.exists()) {
throw new IllegalArgumentException(type + " Resource does not exist " + result.getName());
}
return result;
}
/** NOTE: This method is meaningless unless you explicitly provide paths when constructing this instance
* @see #SSLTestConfig(boolean,boolean,String,String,String,String)
*/
@Override
public String getKeyStore() {
return super.getKeyStore();
}
/** NOTE: This method is meaningless unless you explicitly provide paths when constructing this instance
* @see #SSLTestConfig(boolean,boolean,String,String,String,String)
*/
@Override
public String getTrustStore() {
return super.getTrustStore();
} }
/** /**
@ -100,10 +169,10 @@ public class SSLTestConfig extends SSLConfig {
// NOTE: KeyStore & TrustStore are swapped because they are from configured from server perspective... // NOTE: KeyStore & TrustStore are swapped because they are from configured from server perspective...
// we are a client - our keystore contains the keys the server trusts, and vice versa // we are a client - our keystore contains the keys the server trusts, and vice versa
builder.loadTrustMaterial(buildKeyStore(getKeyStore(), getKeyStorePassword()), new TrustSelfSignedStrategy()).build(); builder.loadTrustMaterial(buildKeyStore(keyStore, getKeyStorePassword()), new TrustSelfSignedStrategy()).build();
if (isClientAuthMode()) { if (isClientAuthMode()) {
builder.loadKeyMaterial(buildKeyStore(getTrustStore(), getTrustStorePassword()), getTrustStorePassword().toCharArray()); builder.loadKeyMaterial(buildKeyStore(trustStore, getTrustStorePassword()), getTrustStorePassword().toCharArray());
} }
@ -127,10 +196,10 @@ public class SSLTestConfig extends SSLConfig {
SSLContextBuilder builder = SSLContexts.custom(); SSLContextBuilder builder = SSLContexts.custom();
builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE); builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
builder.loadKeyMaterial(buildKeyStore(getKeyStore(), getKeyStorePassword()), getKeyStorePassword().toCharArray()); builder.loadKeyMaterial(buildKeyStore(keyStore, getKeyStorePassword()), getKeyStorePassword().toCharArray());
if (isClientAuthMode()) { if (isClientAuthMode()) {
builder.loadTrustMaterial(buildKeyStore(getTrustStore(), getTrustStorePassword()), new TrustSelfSignedStrategy()).build(); builder.loadTrustMaterial(buildKeyStore(trustStore, getTrustStorePassword()), new TrustSelfSignedStrategy()).build();
} }
@ -161,11 +230,11 @@ public class SSLTestConfig extends SSLConfig {
/** /**
* Constructs a KeyStore using the specified filename and password * Constructs a KeyStore using the specified filename and password
*/ */
protected static KeyStore buildKeyStore(String keyStoreLocation, String password) { protected static KeyStore buildKeyStore(Resource resource, String password) {
try { try {
return CertificateUtils.getKeyStore(Resource.newResource(keyStoreLocation), "JKS", null, password); return CertificateUtils.getKeyStore(resource, "JKS", null, password);
} catch (Exception ex) { } catch (Exception ex) {
throw new IllegalStateException("Unable to build KeyStore from file: " + keyStoreLocation, ex); throw new IllegalStateException("Unable to build KeyStore from resource: " + resource.getName(), ex);
} }
} }