mirror of https://github.com/apache/lucene.git
SOLR-9068 / SOLR-5776: Alternate (psuedo random) NullSecureRandom for Constants.SUN_OS
(cherry picked from commit a5586d29b2
)
Conflicts:
solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
This commit is contained in:
parent
4d15b9fa08
commit
7e2f9f506d
|
@ -17,6 +17,7 @@
|
|||
package org.apache.solr.util;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.Random;
|
||||
import java.security.KeyManagementException;
|
||||
import java.security.KeyStore;
|
||||
import java.security.KeyStoreException;
|
||||
|
@ -41,6 +42,9 @@ import org.apache.solr.client.solrj.embedded.SSLConfig;
|
|||
import org.apache.solr.client.solrj.impl.HttpClientUtil;
|
||||
import org.apache.solr.client.solrj.impl.HttpClientConfigurer;
|
||||
import org.apache.solr.common.params.SolrParams;
|
||||
|
||||
import org.apache.lucene.util.Constants;
|
||||
|
||||
import org.eclipse.jetty.util.resource.Resource;
|
||||
import org.eclipse.jetty.util.security.CertificateUtils;
|
||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
|
@ -265,33 +269,87 @@ public class SSLTestConfig extends SSLConfig {
|
|||
* Tests do not need secure SSL.
|
||||
*/
|
||||
private static class NullSecureRandom extends SecureRandom {
|
||||
public static final SecureRandom INSTANCE = new NullSecureRandom();
|
||||
|
||||
/** SPI Used to init all instances */
|
||||
private static final SecureRandomSpi NULL_SPI = new SecureRandomSpi() {
|
||||
/** NOOP: returns new uninitialized byte[] */
|
||||
/**
|
||||
* The one and only instance that should be used, specific impl may vary based on platform
|
||||
* @see Constants#SUN_OS
|
||||
* @see <a href="https://issues.apache.org/jira/browse/SOLR-9068">SOLR-9068</a>
|
||||
*/
|
||||
public static final SecureRandom INSTANCE = Constants.SUN_OS
|
||||
? new NullSecureRandom(NullSecureRandomSpi.PSUEDO_RAND_INSTANCE)
|
||||
: new NullSecureRandom(NullSecureRandomSpi.NULL_INSTANCE);
|
||||
|
||||
/** A source of psuedo random data if needed */
|
||||
private static final Random RAND = new Random(42);
|
||||
|
||||
/** SPI base class for all NullSecureRandom instances */
|
||||
private static class NullSecureRandomSpi extends SecureRandomSpi {
|
||||
private NullSecureRandomSpi() {
|
||||
/* NOOP */
|
||||
}
|
||||
/**
|
||||
* Helper method that can be used to fill an array with non-zero data.
|
||||
* Default impl is No-Op
|
||||
*/
|
||||
public byte[] fillData(byte[] data) {
|
||||
return data; /* NOOP */
|
||||
}
|
||||
/** returns a new byte[] filled with static data */
|
||||
@Override
|
||||
public byte[] engineGenerateSeed(int numBytes) {
|
||||
return new byte[numBytes];
|
||||
return fillData(new byte[numBytes]);
|
||||
}
|
||||
/** fills the byte[] with static data */
|
||||
@Override
|
||||
public void engineNextBytes(byte[] bytes) {
|
||||
fillData(bytes);
|
||||
}
|
||||
/** NOOP */
|
||||
public void engineNextBytes(byte[] bytes) { /* NOOP */ }
|
||||
/** NOOP */
|
||||
@Override
|
||||
public void engineSetSeed(byte[] seed) { /* NOOP */ }
|
||||
};
|
||||
|
||||
private NullSecureRandom() {
|
||||
super(NULL_SPI, null) ;
|
||||
/** Instance to use on platforms w/SSLEngines that work fine when SecureRandom returns constant bytes */
|
||||
public static final NullSecureRandomSpi NULL_INSTANCE = new NullSecureRandomSpi();
|
||||
|
||||
/**
|
||||
* Instance to use on platforms that need at least psuedo-random data for the SSLEngine to not break
|
||||
* (Attempted workarround of Solaris SSL Padding bug: SOLR-9068)
|
||||
*/
|
||||
public static final NullSecureRandomSpi PSUEDO_RAND_INSTANCE = new NullSecureRandomSpi() {
|
||||
/**
|
||||
* Fill with Psuedo-Random data.
|
||||
* (Attempted workarround of Solaris SSL Padding bug: SOLR-9068)
|
||||
*/
|
||||
@Override
|
||||
public byte[] fillData(byte[] data) {
|
||||
RAND.nextBytes(data);
|
||||
return data;
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
/** NOOP: returns new uninitialized byte[] */
|
||||
private NullSecureRandom(NullSecureRandomSpi spi) {
|
||||
super(spi, null);
|
||||
this.spi = spi;
|
||||
}
|
||||
|
||||
private NullSecureRandomSpi spi;
|
||||
|
||||
/** fills a new byte[] with data from SPI */
|
||||
@Override
|
||||
public byte[] generateSeed(int numBytes) {
|
||||
return new byte[numBytes];
|
||||
return spi.fillData(new byte[numBytes]);
|
||||
}
|
||||
/** fills the byte[] with data from SPI */
|
||||
@Override
|
||||
synchronized public void nextBytes(byte[] bytes) {
|
||||
spi.fillData(bytes);
|
||||
}
|
||||
/** NOOP */
|
||||
synchronized public void nextBytes(byte[] bytes) { /* NOOP */ }
|
||||
/** NOOP */
|
||||
@Override
|
||||
synchronized public void setSeed(byte[] seed) { /* NOOP */ }
|
||||
/** NOOP */
|
||||
@Override
|
||||
synchronized public void setSeed(long seed) { /* NOOP */ }
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue