From c3185b5489c58402e1a011c0fea720ac4dec7f30 Mon Sep 17 00:00:00 2001 From: Shalin Shekhar Mangar Date: Sun, 26 Apr 2015 12:44:20 +0000 Subject: [PATCH] SOLR-4839: Separate jetty and client specific SSL properties git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1676102 13f79535-47bb-0310-9956-ffa450edef68 --- solr/bin/solr | 28 +++++++++++++++++++++------- solr/bin/solr.cmd | 21 +++++++++++++++------ solr/bin/solr.in.cmd | 14 +++++++++++++- solr/bin/solr.in.sh | 17 +++++++++++++---- solr/server/etc/jetty-ssl.xml | 12 ++++++------ 5 files changed, 68 insertions(+), 24 deletions(-) diff --git a/solr/bin/solr b/solr/bin/solr index c773d97b81f..13ec07913d7 100755 --- a/solr/bin/solr +++ b/solr/bin/solr @@ -136,16 +136,30 @@ fi exit 1 } -# URL scheme for contacting Solr +# Select HTTP OR HTTPS related configurations SOLR_URL_SCHEME=http -if [ -n "$SOLR_SSL_OPTS" ]; then - SOLR_URL_SCHEME=https -fi - -# Which Jetty module to use - either HTTPS or HTTP SOLR_JETTY_CONFIG=() -if [ -n "$SOLR_SSL_OPTS" ]; then +SOLR_SSL_OPTS="" +if [ -n "$SOLR_SSL_KEY_STORE" ]; then SOLR_JETTY_CONFIG+=("--module=https") + SOLR_URL_SCHEME=https + SOLR_SSL_OPTS=" -Dsolr.jetty.keystore=$SOLR_SSL_KEY_STORE \ + -Dsolr.jetty.keystore.password=$SOLR_SSL_KEY_STORE_PASSWORD \ + -Dsolr.jetty.truststore=$SOLR_SSL_TRUST_STORE \ + -Dsolr.jetty.truststore.password=$SOLR_SSL_TRUST_STORE_PASSWORD \ + -Dsolr.jetty.ssl.needClientAuth=$SOLR_SSL_NEED_CLIENT_AUTH \ + -Dsolr.jetty.ssl.wantClientAuth=$SOLR_SSL_WANT_CLIENT_AUTH" + if [ -n "$SOLR_SSL_CLIENT_KEY_STORE" ]; then + SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStore=$SOLR_SSL_CLIENT_KEY_STORE \ + -Djavax.net.ssl.keyStorePassword=$SOLR_SSL_CLIENT_KEY_STORE_PASSWORD \ + -Djavax.net.ssl.trustStore=$SOLR_SSL_CLIENT_TRUST_STORE \ + -Djavax.net.ssl.trustStorePassword=$SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD" + else + SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStore=$SOLR_SSL_KEY_STORE \ + -Djavax.net.ssl.keyStorePassword=$SOLR_SSL_KEY_STORE_PASSWORD \ + -Djavax.net.ssl.trustStore=$SOLR_SSL_TRUST_STORE \ + -Djavax.net.ssl.trustStorePassword=$SOLR_SSL_TRUST_STORE_PASSWORD" + fi else SOLR_JETTY_CONFIG+=("--module=http") fi diff --git a/solr/bin/solr.cmd b/solr/bin/solr.cmd index 6fb4940bca8..6305c80ead1 100644 --- a/solr/bin/solr.cmd +++ b/solr/bin/solr.cmd @@ -36,14 +36,23 @@ REM command line args IF "%SOLR_INCLUDE%"=="" set "SOLR_INCLUDE=%SOLR_TIP%\bin\solr.in.cmd" IF EXIST "%SOLR_INCLUDE%" CALL "%SOLR_INCLUDE%" -REM URL scheme for contacting Solr +REM Select HTTP OR HTTPS related configurations set SOLR_URL_SCHEME=http -IF DEFINED SOLR_SSL_OPTS set SOLR_URL_SCHEME=https -IF NOT DEFINED SOLR_SSL_OPTS set SOLR_SSL_OPTS= - -REM Which Jetty module to use - either HTTPS or HTTP set "SOLR_JETTY_CONFIG=--module=http" -IF NOT "%SOLR_SSL_OPTS%"=="" set "SOLR_JETTY_CONFIG=--module=http" +set "SOLR_SSL_OPTS= " +IF DEFINED SOLR_SSL_KEY_STORE ( + set "SOLR_JETTY_CONFIG=--module=https" + set SOLR_URL_SCHEME=https + set "SCRIPT_ERROR=Solr server directory %SOLR_SERVER_DIR% not found!" + set "SOLR_SSL_OPTS=-Dsolr.jetty.keystore=%SOLR_SSL_KEY_STORE% -Dsolr.jetty.keystore.password=%SOLR_SSL_KEY_STORE_PASSWORD% -Dsolr.jetty.truststore=%SOLR_SSL_TRUST_STORE% -Dsolr.jetty.truststore.password=%SOLR_SSL_TRUST_STORE_PASSWORD% -Dsolr.jetty.ssl.needClientAuth=%SOLR_SSL_NEED_CLIENT_AUTH% -Dsolr.jetty.ssl.wantClientAuth=%SOLR_SSL_WANT_CLIENT_AUTH%" + IF DEFINED SOLR_SSL_CLIENT_KEY_STORE ( + set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStore=%SOLR_SSL_CLIENT_KEY_STORE% -Djavax.net.ssl.keyStorePassword=%SOLR_SSL_CLIENT_KEY_STORE_PASSWORD% -Djavax.net.ssl.trustStore=%SOLR_SSL_CLIENT_TRUST_STORE% -Djavax.net.ssl.trustStorePassword=%SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD%" + ) ELSE ( + set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStore=%SOLR_SSL_KEY_STORE% -Djavax.net.ssl.keyStorePassword=%SOLR_SSL_KEY_STORE_PASSWORD% -Djavax.net.ssl.trustStore=%SOLR_SSL_TRUST_STORE% -Djavax.net.ssl.trustStorePassword=%SOLR_SSL_TRUST_STORE_PASSWORD%" + ) +) ELSE ( + set SOLR_SSL_OPTS= +) REM Verify Java is available IF DEFINED SOLR_JAVA_HOME set "JAVA_HOME=%SOLR_JAVA_HOME%" diff --git a/solr/bin/solr.in.cmd b/solr/bin/solr.in.cmd index c9cb6b6e92c..9bdcde814b2 100644 --- a/solr/bin/solr.in.cmd +++ b/solr/bin/solr.in.cmd @@ -82,4 +82,16 @@ REM set SOLR_PORT=8983 REM Uncomment to set SSL-related system properties REM Be sure to update the paths to the correct keystore for your environment -REM set SOLR_SSL_OPTS=-Djavax.net.ssl.keyStore=etc/solr-ssl.keystore.jks -Djavax.net.ssl.keyStorePassword=secret -Djavax.net.ssl.trustStore=etc/solr-ssl.keystore.jks -Djavax.net.ssl.trustStorePassword=secret \ No newline at end of file +REM set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks +REM set SOLR_SSL_KEY_STORE_PASSWORD=secret +REM set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks +REM set SOLR_SSL_TRUST_STORE_PASSWORD=secret +REM set SOLR_SSL_NEED_CLIENT_AUTH=false +REM set SOLR_SSL_WANT_CLIENT_AUTH=false + +REM Uncomment if you want to override previously defined SSL values for HTTP client +REM otherwise keep them commented and the above values will automatically be set for HTTP clients +REM set SOLR_SSL_CLIENT_KEY_STORE= +REM set SOLR_SSL_CLIENT_KEY_STORE_PASSWORD= +REM setSOLR_SSL_CLIENT_TRUST_STORE= +REM setSOLR_SSL_CLIENT_TRUST_STORE_PASSWORD= \ No newline at end of file diff --git a/solr/bin/solr.in.sh b/solr/bin/solr.in.sh index 6d6590bf147..04a45004f30 100644 --- a/solr/bin/solr.in.sh +++ b/solr/bin/solr.in.sh @@ -97,7 +97,16 @@ ENABLE_REMOTE_JMX_OPTS="false" # Uncomment to set SSL-related system properties # Be sure to update the paths to the correct keystore for your environment -#SOLR_SSL_OPTS="-Djavax.net.ssl.keyStore=etc/solr-ssl.keystore.jks \ -#-Djavax.net.ssl.keyStorePassword=secret \ -#-Djavax.net.ssl.trustStore=etc/solr-ssl.keystore.jks \ -#-Djavax.net.ssl.trustStorePassword=secret" \ No newline at end of file +#SOLR_SSL_KEY_STORE=/home/shalin/work/oss/shalin-lusolr/solr/server/etc/solr-ssl.keystore.jks +#SOLR_SSL_KEY_STORE_PASSWORD=secret +#SOLR_SSL_TRUST_STORE=/home/shalin/work/oss/shalin-lusolr/solr/server/etc/solr-ssl.keystore.jks +#SOLR_SSL_TRUST_STORE_PASSWORD=secret +#SOLR_SSL_NEED_CLIENT_AUTH=false +#SOLR_SSL_WANT_CLIENT_AUTH=false + +# Uncomment if you want to override previously defined SSL values for HTTP client +# otherwise keep them commented and the above values will automatically be set for HTTP clients +#SOLR_SSL_CLIENT_KEY_STORE= +#SOLR_SSL_CLIENT_KEY_STORE_PASSWORD= +#SOLR_SSL_CLIENT_TRUST_STORE= +#SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD= \ No newline at end of file diff --git a/solr/server/etc/jetty-ssl.xml b/solr/server/etc/jetty-ssl.xml index d15df153186..fe61160c046 100644 --- a/solr/server/etc/jetty-ssl.xml +++ b/solr/server/etc/jetty-ssl.xml @@ -7,12 +7,12 @@ - - - - - - + + + + + + SSL_RSA_WITH_DES_CBC_SHA