mirror of https://github.com/apache/lucene.git
SOLR-14260: SolrJ pluggable ConnectionSocketFactory in HttpClientUtil
see SocketFactoryRegistryProvider Fixes #1261
This commit is contained in:
parent
a31ecd2eb8
commit
d1601f6fdf
|
@ -61,7 +61,10 @@ New Features
|
||||||
Improvements
|
Improvements
|
||||||
---------------------
|
---------------------
|
||||||
* SOLR-14316: Remove unchecked type conversion warning in JavaBinCodec's readMapEntry's equals() method
|
* SOLR-14316: Remove unchecked type conversion warning in JavaBinCodec's readMapEntry's equals() method
|
||||||
(Aroop Ganguly, Tomás Fernández Löbbe, Noble Paul, Anshum Gupta)
|
(Aroop Ganguly, Tomás Fernández Löbbe, Noble Paul, Anshum Gupta)
|
||||||
|
|
||||||
|
* SOLR-14260: Make SolrJ ConnectionSocketFactory pluggable via SocketFactoryRegistryProvider setting on HttpClientUtil
|
||||||
|
(Andy Throgmorton via David Smiley)
|
||||||
|
|
||||||
Optimizations
|
Optimizations
|
||||||
---------------------
|
---------------------
|
||||||
|
|
|
@ -95,9 +95,9 @@ public class UpdateShardHandler implements SolrInfoBean {
|
||||||
private int connectionTimeout = HttpClientUtil.DEFAULT_CONNECT_TIMEOUT;
|
private int connectionTimeout = HttpClientUtil.DEFAULT_CONNECT_TIMEOUT;
|
||||||
|
|
||||||
public UpdateShardHandler(UpdateShardHandlerConfig cfg) {
|
public UpdateShardHandler(UpdateShardHandlerConfig cfg) {
|
||||||
updateOnlyConnectionManager = new InstrumentedPoolingHttpClientConnectionManager(HttpClientUtil.getSchemaRegisteryProvider().getSchemaRegistry());
|
updateOnlyConnectionManager = new InstrumentedPoolingHttpClientConnectionManager(HttpClientUtil.getSocketFactoryRegistryProvider().getSocketFactoryRegistry());
|
||||||
recoveryOnlyConnectionManager = new InstrumentedPoolingHttpClientConnectionManager(HttpClientUtil.getSchemaRegisteryProvider().getSchemaRegistry());
|
recoveryOnlyConnectionManager = new InstrumentedPoolingHttpClientConnectionManager(HttpClientUtil.getSocketFactoryRegistryProvider().getSocketFactoryRegistry());
|
||||||
defaultConnectionManager = new InstrumentedPoolingHttpClientConnectionManager(HttpClientUtil.getSchemaRegisteryProvider().getSchemaRegistry());
|
defaultConnectionManager = new InstrumentedPoolingHttpClientConnectionManager(HttpClientUtil.getSocketFactoryRegistryProvider().getSocketFactoryRegistry());
|
||||||
ModifiableSolrParams clientParams = new ModifiableSolrParams();
|
ModifiableSolrParams clientParams = new ModifiableSolrParams();
|
||||||
if (cfg != null ) {
|
if (cfg != null ) {
|
||||||
updateOnlyConnectionManager.setMaxTotal(cfg.getMaxUpdateConnections());
|
updateOnlyConnectionManager.setMaxTotal(cfg.getMaxUpdateConnections());
|
||||||
|
|
|
@ -71,7 +71,7 @@ public class SSLMigrationTest extends AbstractFullDistribZkTestBase {
|
||||||
runner.stop();
|
runner.stop();
|
||||||
}
|
}
|
||||||
|
|
||||||
HttpClientUtil.setSchemaRegistryProvider(sslConfig.buildClientSchemaRegistryProvider());
|
HttpClientUtil.setSocketFactoryRegistryProvider(sslConfig.buildClientSocketFactoryRegistryProvider());
|
||||||
for(int i = 0; i < this.jettys.size(); i++) {
|
for(int i = 0; i < this.jettys.size(); i++) {
|
||||||
JettySolrRunner runner = jettys.get(i);
|
JettySolrRunner runner = jettys.get(i);
|
||||||
JettyConfig config = JettyConfig.builder()
|
JettyConfig config = JettyConfig.builder()
|
||||||
|
|
|
@ -87,13 +87,13 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 {
|
||||||
public void before() {
|
public void before() {
|
||||||
// undo the randomization of our super class
|
// undo the randomization of our super class
|
||||||
log.info("NOTE: This Test ignores the randomized SSL & clientAuth settings selected by base class");
|
log.info("NOTE: This Test ignores the randomized SSL & clientAuth settings selected by base class");
|
||||||
HttpClientUtil.resetHttpClientBuilder(); // also resets SchemaRegistryProvider
|
HttpClientUtil.resetHttpClientBuilder(); // also resets SocketFactoryRegistryProvider
|
||||||
Http2SolrClient.resetSslContextFactory();
|
Http2SolrClient.resetSslContextFactory();
|
||||||
System.clearProperty(ZkStateReader.URL_SCHEME);
|
System.clearProperty(ZkStateReader.URL_SCHEME);
|
||||||
}
|
}
|
||||||
@After
|
@After
|
||||||
public void after() {
|
public void after() {
|
||||||
HttpClientUtil.resetHttpClientBuilder(); // also resets SchemaRegistryProvider
|
HttpClientUtil.resetHttpClientBuilder(); // also resets SocketFactoryRegistryProvider
|
||||||
Http2SolrClient.resetSslContextFactory();
|
Http2SolrClient.resetSslContextFactory();
|
||||||
System.clearProperty(ZkStateReader.URL_SCHEME);
|
System.clearProperty(ZkStateReader.URL_SCHEME);
|
||||||
SSLContext.setDefault(DEFAULT_SSL_CONTEXT);
|
SSLContext.setDefault(DEFAULT_SSL_CONTEXT);
|
||||||
|
@ -101,7 +101,7 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 {
|
||||||
|
|
||||||
public void testNoSsl() throws Exception {
|
public void testNoSsl() throws Exception {
|
||||||
final SSLTestConfig sslConfig = new SSLTestConfig(false, false);
|
final SSLTestConfig sslConfig = new SSLTestConfig(false, false);
|
||||||
HttpClientUtil.setSchemaRegistryProvider(sslConfig.buildClientSchemaRegistryProvider());
|
HttpClientUtil.setSocketFactoryRegistryProvider(sslConfig.buildClientSocketFactoryRegistryProvider());
|
||||||
Http2SolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
|
Http2SolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
|
||||||
System.setProperty(ZkStateReader.URL_SCHEME, "http");
|
System.setProperty(ZkStateReader.URL_SCHEME, "http");
|
||||||
checkClusterWithNodeReplacement(sslConfig);
|
checkClusterWithNodeReplacement(sslConfig);
|
||||||
|
@ -112,7 +112,7 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 {
|
||||||
// but we test it anyway for completeness of sanity checking the behavior of code that looks at those
|
// but we test it anyway for completeness of sanity checking the behavior of code that looks at those
|
||||||
// options.
|
// options.
|
||||||
final SSLTestConfig sslConfig = new SSLTestConfig(false, true);
|
final SSLTestConfig sslConfig = new SSLTestConfig(false, true);
|
||||||
HttpClientUtil.setSchemaRegistryProvider(sslConfig.buildClientSchemaRegistryProvider());
|
HttpClientUtil.setSocketFactoryRegistryProvider(sslConfig.buildClientSocketFactoryRegistryProvider());
|
||||||
Http2SolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
|
Http2SolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
|
||||||
System.setProperty(ZkStateReader.URL_SCHEME, "http");
|
System.setProperty(ZkStateReader.URL_SCHEME, "http");
|
||||||
checkClusterWithNodeReplacement(sslConfig);
|
checkClusterWithNodeReplacement(sslConfig);
|
||||||
|
@ -120,7 +120,7 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 {
|
||||||
|
|
||||||
public void testSslAndNoClientAuth() throws Exception {
|
public void testSslAndNoClientAuth() throws Exception {
|
||||||
final SSLTestConfig sslConfig = new SSLTestConfig(true, false);
|
final SSLTestConfig sslConfig = new SSLTestConfig(true, false);
|
||||||
HttpClientUtil.setSchemaRegistryProvider(sslConfig.buildClientSchemaRegistryProvider());
|
HttpClientUtil.setSocketFactoryRegistryProvider(sslConfig.buildClientSocketFactoryRegistryProvider());
|
||||||
Http2SolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
|
Http2SolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
|
||||||
System.setProperty(ZkStateReader.URL_SCHEME, "https");
|
System.setProperty(ZkStateReader.URL_SCHEME, "https");
|
||||||
checkClusterWithNodeReplacement(sslConfig);
|
checkClusterWithNodeReplacement(sslConfig);
|
||||||
|
@ -131,7 +131,7 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 {
|
||||||
|
|
||||||
final SSLTestConfig sslConfig = new SSLTestConfig(true, true);
|
final SSLTestConfig sslConfig = new SSLTestConfig(true, true);
|
||||||
|
|
||||||
HttpClientUtil.setSchemaRegistryProvider(sslConfig.buildClientSchemaRegistryProvider());
|
HttpClientUtil.setSocketFactoryRegistryProvider(sslConfig.buildClientSocketFactoryRegistryProvider());
|
||||||
Http2SolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
|
Http2SolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
|
||||||
System.setProperty(ZkStateReader.URL_SCHEME, "https");
|
System.setProperty(ZkStateReader.URL_SCHEME, "https");
|
||||||
checkClusterWithNodeReplacement(sslConfig);
|
checkClusterWithNodeReplacement(sslConfig);
|
||||||
|
@ -140,7 +140,7 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 {
|
||||||
// commented out on: 17-Feb-2019 @LuceneTestCase.BadApple(bugUrl="https://issues.apache.org/jira/browse/SOLR-12028") // 2-Aug-2018
|
// commented out on: 17-Feb-2019 @LuceneTestCase.BadApple(bugUrl="https://issues.apache.org/jira/browse/SOLR-12028") // 2-Aug-2018
|
||||||
public void testSslWithCheckPeerName() throws Exception {
|
public void testSslWithCheckPeerName() throws Exception {
|
||||||
final SSLTestConfig sslConfig = new SSLTestConfig(true, false, true);
|
final SSLTestConfig sslConfig = new SSLTestConfig(true, false, true);
|
||||||
HttpClientUtil.setSchemaRegistryProvider(sslConfig.buildClientSchemaRegistryProvider());
|
HttpClientUtil.setSocketFactoryRegistryProvider(sslConfig.buildClientSocketFactoryRegistryProvider());
|
||||||
Http2SolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
|
Http2SolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
|
||||||
System.setProperty(ZkStateReader.URL_SCHEME, "https");
|
System.setProperty(ZkStateReader.URL_SCHEME, "https");
|
||||||
checkClusterWithNodeReplacement(sslConfig);
|
checkClusterWithNodeReplacement(sslConfig);
|
||||||
|
@ -185,7 +185,7 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 {
|
||||||
// NOTE: first initialize the cluster w/o peer name checks, which means our server will use
|
// NOTE: first initialize the cluster w/o peer name checks, which means our server will use
|
||||||
// certs with a bogus hostname/ip and clients shouldn't care...
|
// certs with a bogus hostname/ip and clients shouldn't care...
|
||||||
final SSLTestConfig sslConfig = new SSLTestConfig(true, false, false);
|
final SSLTestConfig sslConfig = new SSLTestConfig(true, false, false);
|
||||||
HttpClientUtil.setSchemaRegistryProvider(sslConfig.buildClientSchemaRegistryProvider());
|
HttpClientUtil.setSocketFactoryRegistryProvider(sslConfig.buildClientSocketFactoryRegistryProvider());
|
||||||
Http2SolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
|
Http2SolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
|
||||||
System.setProperty(ZkStateReader.URL_SCHEME, "https");
|
System.setProperty(ZkStateReader.URL_SCHEME, "https");
|
||||||
final JettyConfig config = JettyConfig.builder().withSSLConfig(sslConfig.buildServerSSLConfig()).build();
|
final JettyConfig config = JettyConfig.builder().withSSLConfig(sslConfig.buildServerSSLConfig()).build();
|
||||||
|
|
|
@ -100,12 +100,12 @@ public class HttpClientUtil {
|
||||||
public static final String PROP_BASIC_AUTH_PASS = "httpBasicAuthPassword";
|
public static final String PROP_BASIC_AUTH_PASS = "httpBasicAuthPassword";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* System property consulted to determine if the default {@link SchemaRegistryProvider}
|
* System property consulted to determine if the default {@link SocketFactoryRegistryProvider}
|
||||||
* will require hostname validation of SSL Certificates. The default behavior is to enforce
|
* will require hostname validation of SSL Certificates. The default behavior is to enforce
|
||||||
* peer name validation.
|
* peer name validation.
|
||||||
* <p>
|
* <p>
|
||||||
* This property will have no effect if {@link #setSchemaRegistryProvider} is used to override
|
* This property will have no effect if {@link #setSocketFactoryRegistryProvider} is used to override
|
||||||
* the default {@link SchemaRegistryProvider}
|
* the default {@link SocketFactoryRegistryProvider}
|
||||||
* </p>
|
* </p>
|
||||||
*/
|
*/
|
||||||
public static final String SYS_PROP_CHECK_PEER_NAME = "solr.ssl.checkPeerName";
|
public static final String SYS_PROP_CHECK_PEER_NAME = "solr.ssl.checkPeerName";
|
||||||
|
@ -132,6 +132,12 @@ public class HttpClientUtil {
|
||||||
*/
|
*/
|
||||||
public static final String SYS_PROP_HTTP_CLIENT_BUILDER_FACTORY = "solr.httpclient.builder.factory";
|
public static final String SYS_PROP_HTTP_CLIENT_BUILDER_FACTORY = "solr.httpclient.builder.factory";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A Java system property to select the {@linkplain SocketFactoryRegistryProvider} used for
|
||||||
|
* configuring the Apache HTTP clients.
|
||||||
|
*/
|
||||||
|
public static final String SYS_PROP_SOCKET_FACTORY_REGISTRY_PROVIDER = "solr.httpclient.socketFactory.registry.provider";
|
||||||
|
|
||||||
static final DefaultHttpRequestRetryHandler NO_RETRY = new DefaultHttpRequestRetryHandler(
|
static final DefaultHttpRequestRetryHandler NO_RETRY = new DefaultHttpRequestRetryHandler(
|
||||||
0, false);
|
0, false);
|
||||||
|
|
||||||
|
@ -139,7 +145,7 @@ public class HttpClientUtil {
|
||||||
|
|
||||||
private static SolrHttpClientContextBuilder httpClientRequestContextBuilder = new SolrHttpClientContextBuilder();
|
private static SolrHttpClientContextBuilder httpClientRequestContextBuilder = new SolrHttpClientContextBuilder();
|
||||||
|
|
||||||
private static volatile SchemaRegistryProvider schemaRegistryProvider;
|
private static volatile SocketFactoryRegistryProvider socketFactoryRegistryProvider;
|
||||||
private static volatile String cookiePolicy;
|
private static volatile String cookiePolicy;
|
||||||
private static final List<HttpRequestInterceptor> interceptors = new CopyOnWriteArrayList<>();
|
private static final List<HttpRequestInterceptor> interceptors = new CopyOnWriteArrayList<>();
|
||||||
|
|
||||||
|
@ -147,6 +153,17 @@ public class HttpClientUtil {
|
||||||
static {
|
static {
|
||||||
resetHttpClientBuilder();
|
resetHttpClientBuilder();
|
||||||
|
|
||||||
|
// Configure the SocketFactoryRegistryProvider if user has specified the provider type.
|
||||||
|
String socketFactoryRegistryProviderClassName = System.getProperty(SYS_PROP_SOCKET_FACTORY_REGISTRY_PROVIDER);
|
||||||
|
if (socketFactoryRegistryProviderClassName != null) {
|
||||||
|
log.debug("Using " + socketFactoryRegistryProviderClassName);
|
||||||
|
try {
|
||||||
|
socketFactoryRegistryProvider = (SocketFactoryRegistryProvider)Class.forName(socketFactoryRegistryProviderClassName).getConstructor().newInstance();
|
||||||
|
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException | InvocationTargetException | NoSuchMethodException e) {
|
||||||
|
throw new RuntimeException("Unable to instantiate Solr SocketFactoryRegistryProvider", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Configure the HttpClientBuilder if user has specified the factory type.
|
// Configure the HttpClientBuilder if user has specified the factory type.
|
||||||
String factoryClassName = System.getProperty(SYS_PROP_HTTP_CLIENT_BUILDER_FACTORY);
|
String factoryClassName = System.getProperty(SYS_PROP_HTTP_CLIENT_BUILDER_FACTORY);
|
||||||
if (factoryClassName != null) {
|
if (factoryClassName != null) {
|
||||||
|
@ -160,9 +177,9 @@ public class HttpClientUtil {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static abstract class SchemaRegistryProvider {
|
public static abstract class SocketFactoryRegistryProvider {
|
||||||
/** Must be non-null */
|
/** Must be non-null */
|
||||||
public abstract Registry<ConnectionSocketFactory> getSchemaRegistry();
|
public abstract Registry<ConnectionSocketFactory> getSocketFactoryRegistry();
|
||||||
}
|
}
|
||||||
|
|
||||||
private static class DynamicInterceptor implements HttpRequestInterceptor {
|
private static class DynamicInterceptor implements HttpRequestInterceptor {
|
||||||
|
@ -198,8 +215,8 @@ public class HttpClientUtil {
|
||||||
/**
|
/**
|
||||||
* @see #SYS_PROP_CHECK_PEER_NAME
|
* @see #SYS_PROP_CHECK_PEER_NAME
|
||||||
*/
|
*/
|
||||||
public static void setSchemaRegistryProvider(SchemaRegistryProvider newRegistryProvider) {
|
public static void setSocketFactoryRegistryProvider(SocketFactoryRegistryProvider newRegistryProvider) {
|
||||||
schemaRegistryProvider = newRegistryProvider;
|
socketFactoryRegistryProvider = newRegistryProvider;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static SolrHttpClientBuilder getHttpClientBuilder() {
|
public static SolrHttpClientBuilder getHttpClientBuilder() {
|
||||||
|
@ -209,18 +226,18 @@ public class HttpClientUtil {
|
||||||
/**
|
/**
|
||||||
* @see #SYS_PROP_CHECK_PEER_NAME
|
* @see #SYS_PROP_CHECK_PEER_NAME
|
||||||
*/
|
*/
|
||||||
public static SchemaRegistryProvider getSchemaRegisteryProvider() {
|
public static SocketFactoryRegistryProvider getSocketFactoryRegistryProvider() {
|
||||||
return schemaRegistryProvider;
|
return socketFactoryRegistryProvider;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void resetHttpClientBuilder() {
|
public static void resetHttpClientBuilder() {
|
||||||
schemaRegistryProvider = new DefaultSchemaRegistryProvider();
|
socketFactoryRegistryProvider = new DefaultSocketFactoryRegistryProvider();
|
||||||
httpClientBuilder = SolrHttpClientBuilder.create();
|
httpClientBuilder = SolrHttpClientBuilder.create();
|
||||||
}
|
}
|
||||||
|
|
||||||
private static final class DefaultSchemaRegistryProvider extends SchemaRegistryProvider {
|
private static final class DefaultSocketFactoryRegistryProvider extends SocketFactoryRegistryProvider {
|
||||||
@Override
|
@Override
|
||||||
public Registry<ConnectionSocketFactory> getSchemaRegistry() {
|
public Registry<ConnectionSocketFactory> getSocketFactoryRegistry() {
|
||||||
// this mimics PoolingHttpClientConnectionManager's default behavior,
|
// this mimics PoolingHttpClientConnectionManager's default behavior,
|
||||||
// except that we explicitly use SSLConnectionSocketFactory.getSystemSocketFactory()
|
// except that we explicitly use SSLConnectionSocketFactory.getSystemSocketFactory()
|
||||||
// to pick up the system level default SSLContext (where javax.net.ssl.* properties
|
// to pick up the system level default SSLContext (where javax.net.ssl.* properties
|
||||||
|
@ -258,7 +275,7 @@ public class HttpClientUtil {
|
||||||
|
|
||||||
/** test usage subject to change @lucene.experimental */
|
/** test usage subject to change @lucene.experimental */
|
||||||
static PoolingHttpClientConnectionManager createPoolingConnectionManager() {
|
static PoolingHttpClientConnectionManager createPoolingConnectionManager() {
|
||||||
return new PoolingHttpClientConnectionManager(schemaRegistryProvider.getSchemaRegistry());
|
return new PoolingHttpClientConnectionManager(socketFactoryRegistryProvider.getSocketFactoryRegistry());
|
||||||
}
|
}
|
||||||
|
|
||||||
public static CloseableHttpClient createClient(SolrParams params, PoolingHttpClientConnectionManager cm) {
|
public static CloseableHttpClient createClient(SolrParams params, PoolingHttpClientConnectionManager cm) {
|
||||||
|
|
|
@ -20,7 +20,7 @@ import javax.net.ssl.HostnameVerifier;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
import org.apache.solr.SolrTestCase;
|
import org.apache.solr.SolrTestCase;
|
||||||
import org.apache.solr.client.solrj.impl.HttpClientUtil.SchemaRegistryProvider;
|
import org.apache.solr.client.solrj.impl.HttpClientUtil.SocketFactoryRegistryProvider;
|
||||||
|
|
||||||
import org.apache.commons.lang3.reflect.FieldUtils;
|
import org.apache.commons.lang3.reflect.FieldUtils;
|
||||||
import org.apache.http.conn.socket.ConnectionSocketFactory;
|
import org.apache.http.conn.socket.ConnectionSocketFactory;
|
||||||
|
@ -50,26 +50,26 @@ public class HttpClientUtilTest extends SolrTestCase {
|
||||||
public void testSSLSystemProperties() throws IOException {
|
public void testSSLSystemProperties() throws IOException {
|
||||||
|
|
||||||
assertNotNull("HTTPS scheme could not be created using system defaults",
|
assertNotNull("HTTPS scheme could not be created using system defaults",
|
||||||
HttpClientUtil.getSchemaRegisteryProvider().getSchemaRegistry().lookup("https"));
|
HttpClientUtil.getSocketFactoryRegistryProvider().getSocketFactoryRegistry().lookup("https"));
|
||||||
|
|
||||||
assertSSLHostnameVerifier(DefaultHostnameVerifier.class, HttpClientUtil.getSchemaRegisteryProvider());
|
assertSSLHostnameVerifier(DefaultHostnameVerifier.class, HttpClientUtil.getSocketFactoryRegistryProvider());
|
||||||
|
|
||||||
System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME, "true");
|
System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME, "true");
|
||||||
resetHttpClientBuilder();
|
resetHttpClientBuilder();
|
||||||
assertSSLHostnameVerifier(DefaultHostnameVerifier.class, HttpClientUtil.getSchemaRegisteryProvider());
|
assertSSLHostnameVerifier(DefaultHostnameVerifier.class, HttpClientUtil.getSocketFactoryRegistryProvider());
|
||||||
|
|
||||||
System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME, "");
|
System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME, "");
|
||||||
resetHttpClientBuilder();
|
resetHttpClientBuilder();
|
||||||
assertSSLHostnameVerifier(DefaultHostnameVerifier.class, HttpClientUtil.getSchemaRegisteryProvider());
|
assertSSLHostnameVerifier(DefaultHostnameVerifier.class, HttpClientUtil.getSocketFactoryRegistryProvider());
|
||||||
|
|
||||||
System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME, "false");
|
System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME, "false");
|
||||||
resetHttpClientBuilder();
|
resetHttpClientBuilder();
|
||||||
assertSSLHostnameVerifier(NoopHostnameVerifier.class, HttpClientUtil.getSchemaRegisteryProvider());
|
assertSSLHostnameVerifier(NoopHostnameVerifier.class, HttpClientUtil.getSocketFactoryRegistryProvider());
|
||||||
}
|
}
|
||||||
|
|
||||||
private void assertSSLHostnameVerifier(Class<? extends HostnameVerifier> expected,
|
private void assertSSLHostnameVerifier(Class<? extends HostnameVerifier> expected,
|
||||||
SchemaRegistryProvider provider) {
|
SocketFactoryRegistryProvider provider) {
|
||||||
ConnectionSocketFactory socketFactory = provider.getSchemaRegistry().lookup("https");
|
ConnectionSocketFactory socketFactory = provider.getSocketFactoryRegistry().lookup("https");
|
||||||
assertNotNull("unable to lookup https", socketFactory);
|
assertNotNull("unable to lookup https", socketFactory);
|
||||||
assertTrue("socketFactory is not an SSLConnectionSocketFactory: " + socketFactory.getClass(),
|
assertTrue("socketFactory is not an SSLConnectionSocketFactory: " + socketFactory.getClass(),
|
||||||
socketFactory instanceof SSLConnectionSocketFactory);
|
socketFactory instanceof SSLConnectionSocketFactory);
|
||||||
|
|
|
@ -302,8 +302,8 @@ public abstract class SolrTestCaseJ4 extends SolrTestCase {
|
||||||
newRandomConfig();
|
newRandomConfig();
|
||||||
|
|
||||||
sslConfig = buildSSLConfig();
|
sslConfig = buildSSLConfig();
|
||||||
// based on randomized SSL config, set SchemaRegistryProvider appropriately
|
// based on randomized SSL config, set SocketFactoryRegistryProvider appropriately
|
||||||
HttpClientUtil.setSchemaRegistryProvider(sslConfig.buildClientSchemaRegistryProvider());
|
HttpClientUtil.setSocketFactoryRegistryProvider(sslConfig.buildClientSocketFactoryRegistryProvider());
|
||||||
Http2SolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
|
Http2SolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
|
||||||
if(isSSLMode()) {
|
if(isSSLMode()) {
|
||||||
// SolrCloud tests should usually clear this
|
// SolrCloud tests should usually clear this
|
||||||
|
|
|
@ -39,7 +39,7 @@ import org.apache.http.ssl.SSLContexts;
|
||||||
import org.apache.lucene.util.Constants;
|
import org.apache.lucene.util.Constants;
|
||||||
import org.apache.solr.client.solrj.embedded.SSLConfig;
|
import org.apache.solr.client.solrj.embedded.SSLConfig;
|
||||||
import org.apache.solr.client.solrj.impl.HttpClientUtil;
|
import org.apache.solr.client.solrj.impl.HttpClientUtil;
|
||||||
import org.apache.solr.client.solrj.impl.HttpClientUtil.SchemaRegistryProvider;
|
import org.apache.solr.client.solrj.impl.HttpClientUtil.SocketFactoryRegistryProvider;
|
||||||
import org.eclipse.jetty.util.resource.Resource;
|
import org.eclipse.jetty.util.resource.Resource;
|
||||||
import org.eclipse.jetty.util.security.CertificateUtils;
|
import org.eclipse.jetty.util.security.CertificateUtils;
|
||||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||||
|
@ -47,7 +47,7 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||||
import com.carrotsearch.randomizedtesting.RandomizedTest;
|
import com.carrotsearch.randomizedtesting.RandomizedTest;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* An SSLConfig that provides {@link SSLConfig} and {@link SchemaRegistryProvider} for both clients and servers
|
* An SSLConfig that provides {@link SSLConfig} and {@link SocketFactoryRegistryProvider} for both clients and servers
|
||||||
* that supports reading key/trust store information directly from resource files provided with the
|
* that supports reading key/trust store information directly from resource files provided with the
|
||||||
* Solr test-framework classes
|
* Solr test-framework classes
|
||||||
*/
|
*/
|
||||||
|
@ -134,17 +134,17 @@ public class SSLTestConfig {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a {@link SchemaRegistryProvider} for HTTP <b>clients</b> to use when communicating with servers
|
* Creates a {@link SocketFactoryRegistryProvider} for HTTP <b>clients</b> to use when communicating with servers
|
||||||
* which have been configured based on the settings of this object. When {@link #isSSLMode} is true, this
|
* which have been configured based on the settings of this object. When {@link #isSSLMode} is true, this
|
||||||
* <code>SchemaRegistryProvider</code> will <i>only</i> support HTTPS (no HTTP scheme) using the
|
* <code>SocketFactoryRegistryProvider</code> will <i>only</i> support HTTPS (no HTTP scheme) using the
|
||||||
* appropriate certs. When {@link #isSSLMode} is false, <i>only</i> HTTP (no HTTPS scheme) will be
|
* appropriate certs. When {@link #isSSLMode} is false, <i>only</i> HTTP (no HTTPS scheme) will be
|
||||||
* supported.
|
* supported.
|
||||||
*/
|
*/
|
||||||
public SchemaRegistryProvider buildClientSchemaRegistryProvider() {
|
public SocketFactoryRegistryProvider buildClientSocketFactoryRegistryProvider() {
|
||||||
if (isSSLMode()) {
|
if (isSSLMode()) {
|
||||||
SSLConnectionSocketFactory sslConnectionFactory = buildClientSSLConnectionSocketFactory();
|
SSLConnectionSocketFactory sslConnectionFactory = buildClientSSLConnectionSocketFactory();
|
||||||
assert null != sslConnectionFactory;
|
assert null != sslConnectionFactory;
|
||||||
return new SSLSchemaRegistryProvider(sslConnectionFactory);
|
return new SSLSocketFactoryRegistryProvider(sslConnectionFactory);
|
||||||
} else {
|
} else {
|
||||||
return HTTP_ONLY_SCHEMA_PROVIDER;
|
return HTTP_ONLY_SCHEMA_PROVIDER;
|
||||||
}
|
}
|
||||||
|
@ -268,23 +268,23 @@ public class SSLTestConfig {
|
||||||
return sslConnectionFactory;
|
return sslConnectionFactory;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** A SchemaRegistryProvider that only knows about SSL using a specified SSLConnectionSocketFactory */
|
/** A SocketFactoryRegistryProvider that only knows about SSL using a specified SSLConnectionSocketFactory */
|
||||||
private static class SSLSchemaRegistryProvider extends SchemaRegistryProvider {
|
private static class SSLSocketFactoryRegistryProvider extends SocketFactoryRegistryProvider {
|
||||||
private final SSLConnectionSocketFactory sslConnectionFactory;
|
private final SSLConnectionSocketFactory sslConnectionFactory;
|
||||||
public SSLSchemaRegistryProvider(SSLConnectionSocketFactory sslConnectionFactory) {
|
public SSLSocketFactoryRegistryProvider(SSLConnectionSocketFactory sslConnectionFactory) {
|
||||||
this.sslConnectionFactory = sslConnectionFactory;
|
this.sslConnectionFactory = sslConnectionFactory;
|
||||||
}
|
}
|
||||||
@Override
|
@Override
|
||||||
public Registry<ConnectionSocketFactory> getSchemaRegistry() {
|
public Registry<ConnectionSocketFactory> getSocketFactoryRegistry() {
|
||||||
return RegistryBuilder.<ConnectionSocketFactory>create()
|
return RegistryBuilder.<ConnectionSocketFactory>create()
|
||||||
.register("https", sslConnectionFactory).build();
|
.register("https", sslConnectionFactory).build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/** A SchemaRegistryProvider that only knows about HTTP */
|
/** A SocketFactoryRegistryProvider that only knows about HTTP */
|
||||||
private static final SchemaRegistryProvider HTTP_ONLY_SCHEMA_PROVIDER = new SchemaRegistryProvider() {
|
private static final SocketFactoryRegistryProvider HTTP_ONLY_SCHEMA_PROVIDER = new SocketFactoryRegistryProvider() {
|
||||||
@Override
|
@Override
|
||||||
public Registry<ConnectionSocketFactory> getSchemaRegistry() {
|
public Registry<ConnectionSocketFactory> getSocketFactoryRegistry() {
|
||||||
return RegistryBuilder.<ConnectionSocketFactory>create()
|
return RegistryBuilder.<ConnectionSocketFactory>create()
|
||||||
.register("http", PlainConnectionSocketFactory.getSocketFactory()).build();
|
.register("http", PlainConnectionSocketFactory.getSocketFactory()).build();
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue