diff --git a/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java b/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java index 16981ceeeca..052589064fd 100644 --- a/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java +++ b/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java @@ -44,8 +44,6 @@ import org.apache.solr.client.solrj.impl.HttpClientUtil; import org.apache.solr.client.solrj.impl.HttpClientUtil.SchemaRegistryProvider; import org.apache.solr.client.solrj.impl.SolrHttpClientBuilder; -import org.apache.lucene.util.Constants; - import org.eclipse.jetty.util.resource.Resource; import org.eclipse.jetty.util.security.CertificateUtils; import org.eclipse.jetty.util.ssl.SslContextFactory; @@ -101,7 +99,7 @@ public class SSLTestConfig extends SSLConfig { assert isSSLMode(); SSLContextBuilder builder = SSLContexts.custom(); - builder.setSecureRandom(NullSecureRandom.INSTANCE); + builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE); // NOTE: KeyStore & TrustStore are swapped because they are from configured from server perspective... // we are a client - our keystore contains the keys the server trusts, and vice versa @@ -130,7 +128,7 @@ public class SSLTestConfig extends SSLConfig { assert isSSLMode(); SSLContextBuilder builder = SSLContexts.custom(); - builder.setSecureRandom(NullSecureRandom.INSTANCE); + builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE); builder.loadKeyMaterial(buildKeyStore(getKeyStore(), getKeyStorePassword()), getKeyStorePassword().toCharArray()); @@ -263,93 +261,53 @@ public class SSLTestConfig extends SSLConfig { } /** - * A mocked up instance of SecureRandom that always does the minimal amount of work to generate - * "random" numbers. This is to prevent blocking issues that arise in platform default + * A mocked up instance of SecureRandom that just uses {@link Random} under the covers. + * This is to prevent blocking issues that arise in platform default * SecureRandom instances due to too many instances / not enough random entropy. * Tests do not need secure SSL. */ - private static class NullSecureRandom extends SecureRandom { - - /** - * The one and only instance that should be used, specific impl may vary based on platform - * @see Constants#SUN_OS - * @see SOLR-9068 - */ - public static final SecureRandom INSTANCE = Constants.SUN_OS - ? new NullSecureRandom(NullSecureRandomSpi.PSUEDO_RAND_INSTANCE) - : new NullSecureRandom(NullSecureRandomSpi.NULL_INSTANCE); - - /** A source of psuedo random data if needed */ + private static class NotSecurePsuedoRandom extends SecureRandom { + public static final SecureRandom INSTANCE = new NotSecurePsuedoRandom(); private static final Random RAND = new Random(42); - /** SPI base class for all NullSecureRandom instances */ - private static class NullSecureRandomSpi extends SecureRandomSpi { - private NullSecureRandomSpi() { - /* NOOP */ - } - /** - * Helper method that can be used to fill an array with non-zero data. - * Default impl is No-Op - */ - public byte[] fillData(byte[] data) { - return data; /* NOOP */ - } + /** + * Helper method that can be used to fill an array with non-zero data. + * (Attempted workarround of Solaris SSL Padding bug: SOLR-9068) + */ + private static final byte[] fillData(byte[] data) { + RAND.nextBytes(data); + return data; + } + + /** SPI Used to init all instances */ + private static final SecureRandomSpi NOT_SECURE_SPI = new SecureRandomSpi() { /** returns a new byte[] filled with static data */ - @Override public byte[] engineGenerateSeed(int numBytes) { return fillData(new byte[numBytes]); } /** fills the byte[] with static data */ - @Override public void engineNextBytes(byte[] bytes) { fillData(bytes); } /** NOOP */ - @Override public void engineSetSeed(byte[] seed) { /* NOOP */ } - - /** Instance to use on platforms w/SSLEngines that work fine when SecureRandom returns constant bytes */ - public static final NullSecureRandomSpi NULL_INSTANCE = new NullSecureRandomSpi(); - - /** - * Instance to use on platforms that need at least psuedo-random data for the SSLEngine to not break - * (Attempted workarround of Solaris SSL Padding bug: SOLR-9068) - */ - public static final NullSecureRandomSpi PSUEDO_RAND_INSTANCE = new NullSecureRandomSpi() { - /** - * Fill with Psuedo-Random data. - * (Attempted workarround of Solaris SSL Padding bug: SOLR-9068) - */ - @Override - public byte[] fillData(byte[] data) { - RAND.nextBytes(data); - return data; - } - }; + }; + + private NotSecurePsuedoRandom() { + super(NOT_SECURE_SPI, null) ; } - private NullSecureRandom(NullSecureRandomSpi spi) { - super(spi, null); - this.spi = spi; - } - - private NullSecureRandomSpi spi; - - /** fills a new byte[] with data from SPI */ - @Override + /** returns a new byte[] filled with static data */ public byte[] generateSeed(int numBytes) { - return spi.fillData(new byte[numBytes]); + return fillData(new byte[numBytes]); } - /** fills the byte[] with data from SPI */ - @Override + /** fills the byte[] with static data */ synchronized public void nextBytes(byte[] bytes) { - spi.fillData(bytes); + fillData(bytes); } /** NOOP */ - @Override synchronized public void setSeed(byte[] seed) { /* NOOP */ } /** NOOP */ - @Override synchronized public void setSeed(long seed) { /* NOOP */ } }