SOLR-9068 / SOLR-5776: Alternate (psuedo random) NullSecureRandom for Constants.SUN_OS

(cherry picked from commit a5586d29b2)

Conflicts:
	solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
This commit is contained in:
Chris Hostetter 2016-05-06 15:17:11 -07:00
parent 4d15b9fa08
commit 7e2f9f506d
1 changed files with 73 additions and 15 deletions

View File

@ -17,6 +17,7 @@
package org.apache.solr.util; package org.apache.solr.util;
import java.io.File; import java.io.File;
import java.util.Random;
import java.security.KeyManagementException; import java.security.KeyManagementException;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.KeyStoreException; import java.security.KeyStoreException;
@ -41,6 +42,9 @@ import org.apache.solr.client.solrj.embedded.SSLConfig;
import org.apache.solr.client.solrj.impl.HttpClientUtil; import org.apache.solr.client.solrj.impl.HttpClientUtil;
import org.apache.solr.client.solrj.impl.HttpClientConfigurer; import org.apache.solr.client.solrj.impl.HttpClientConfigurer;
import org.apache.solr.common.params.SolrParams; import org.apache.solr.common.params.SolrParams;
import org.apache.lucene.util.Constants;
import org.eclipse.jetty.util.resource.Resource; import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.security.CertificateUtils; import org.eclipse.jetty.util.security.CertificateUtils;
import org.eclipse.jetty.util.ssl.SslContextFactory; import org.eclipse.jetty.util.ssl.SslContextFactory;
@ -265,33 +269,87 @@ public class SSLTestConfig extends SSLConfig {
* Tests do not need secure SSL. * Tests do not need secure SSL.
*/ */
private static class NullSecureRandom extends SecureRandom { private static class NullSecureRandom extends SecureRandom {
public static final SecureRandom INSTANCE = new NullSecureRandom();
/** SPI Used to init all instances */ /**
private static final SecureRandomSpi NULL_SPI = new SecureRandomSpi() { * The one and only instance that should be used, specific impl may vary based on platform
/** NOOP: returns new uninitialized byte[] */ * @see Constants#SUN_OS
* @see <a href="https://issues.apache.org/jira/browse/SOLR-9068">SOLR-9068</a>
*/
public static final SecureRandom INSTANCE = Constants.SUN_OS
? new NullSecureRandom(NullSecureRandomSpi.PSUEDO_RAND_INSTANCE)
: new NullSecureRandom(NullSecureRandomSpi.NULL_INSTANCE);
/** A source of psuedo random data if needed */
private static final Random RAND = new Random(42);
/** SPI base class for all NullSecureRandom instances */
private static class NullSecureRandomSpi extends SecureRandomSpi {
private NullSecureRandomSpi() {
/* NOOP */
}
/**
* Helper method that can be used to fill an array with non-zero data.
* Default impl is No-Op
*/
public byte[] fillData(byte[] data) {
return data; /* NOOP */
}
/** returns a new byte[] filled with static data */
@Override
public byte[] engineGenerateSeed(int numBytes) { public byte[] engineGenerateSeed(int numBytes) {
return new byte[numBytes]; return fillData(new byte[numBytes]);
}
/** fills the byte[] with static data */
@Override
public void engineNextBytes(byte[] bytes) {
fillData(bytes);
} }
/** NOOP */ /** NOOP */
public void engineNextBytes(byte[] bytes) { /* NOOP */ } @Override
/** NOOP */
public void engineSetSeed(byte[] seed) { /* NOOP */ } public void engineSetSeed(byte[] seed) { /* NOOP */ }
};
private NullSecureRandom() { /** Instance to use on platforms w/SSLEngines that work fine when SecureRandom returns constant bytes */
super(NULL_SPI, null) ; public static final NullSecureRandomSpi NULL_INSTANCE = new NullSecureRandomSpi();
/**
* Instance to use on platforms that need at least psuedo-random data for the SSLEngine to not break
* (Attempted workarround of Solaris SSL Padding bug: SOLR-9068)
*/
public static final NullSecureRandomSpi PSUEDO_RAND_INSTANCE = new NullSecureRandomSpi() {
/**
* Fill with Psuedo-Random data.
* (Attempted workarround of Solaris SSL Padding bug: SOLR-9068)
*/
@Override
public byte[] fillData(byte[] data) {
RAND.nextBytes(data);
return data;
}
};
} }
/** NOOP: returns new uninitialized byte[] */ private NullSecureRandom(NullSecureRandomSpi spi) {
super(spi, null);
this.spi = spi;
}
private NullSecureRandomSpi spi;
/** fills a new byte[] with data from SPI */
@Override
public byte[] generateSeed(int numBytes) { public byte[] generateSeed(int numBytes) {
return new byte[numBytes]; return spi.fillData(new byte[numBytes]);
}
/** fills the byte[] with data from SPI */
@Override
synchronized public void nextBytes(byte[] bytes) {
spi.fillData(bytes);
} }
/** NOOP */ /** NOOP */
synchronized public void nextBytes(byte[] bytes) { /* NOOP */ } @Override
/** NOOP */
synchronized public void setSeed(byte[] seed) { /* NOOP */ } synchronized public void setSeed(byte[] seed) { /* NOOP */ }
/** NOOP */ /** NOOP */
@Override
synchronized public void setSeed(long seed) { /* NOOP */ } synchronized public void setSeed(long seed) { /* NOOP */ }
} }