SOLR-5776: Enabled SSL tests can easily exhaust random generator entropy and block.

git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1588388 13f79535-47bb-0310-9956-ffa450edef68
2014-04-17 23:20:27 +00:00 · 2014-04-17 23:20:27 +00:00 · e2fb46a51e
parent c8bf11d202
commit e2fb46a51e
18 changed files with 37 additions and 30 deletions
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@ -82,6 +82,9 @@ Other Changes

 * SOLR-5868: HttpClient should be configured to use ALLOW_ALL_HOSTNAME hostname
  verifier to simplify SSL setup. (Steve Davids via Mark Miller)
+  
+* SOLR-5776: Enabled SSL tests can easily exhaust random generator entropy and
+  block. (Mark Miller, hossman, Steve Davids)

 ==================  4.9.0 ==================

--- a/solr/core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java
+++ b/solr/core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java
@ -358,6 +358,9 @@ public class JettySolrRunner {
      if (null != sslConfig.getTrustStorePassword()) {
        sslcontext.setTrustStorePassword(sslConfig.getTrustStorePassword());
      }
+      if (null != sslConfig.getSecureRandomAlgorithm()) {
+        sslcontext.setSecureRandomAlgorithm(sslConfig.getSecureRandomAlgorithm());
+      }
      sslcontext.setNeedClientAuth(sslConfig.isClientAuthMode());
    } else {
      boolean jettySsl = Boolean.getBoolean(System.getProperty("tests.jettySsl"));
--- a/solr/core/src/java/org/apache/solr/client/solrj/embedded/SSLConfig.java
+++ b/solr/core/src/java/org/apache/solr/client/solrj/embedded/SSLConfig.java
@ -25,6 +25,7 @@ public class SSLConfig {
  private String keyStorePassword;
  private String trustStore;
  private String trustStorePassword;
+  private String secureRandomAlgorithm;
  
  public SSLConfig(boolean useSSL, boolean clientAuth, String keyStore, String keyStorePassword, String trustStore, String trustStorePassword) {
    this.useSsl = useSSL;
@ -43,6 +44,10 @@ public class SSLConfig {
    this.clientAuth = clientAuth;
  }
  
+  public void setSecureRandomAlgorithm(String secureRandomAlgorithm) {
+    this.secureRandomAlgorithm = secureRandomAlgorithm;
+  }
+  
  public boolean isSSLMode() {
    return useSsl;
  }
@ -66,4 +71,8 @@ public class SSLConfig {
  public String getTrustStorePassword() {
    return trustStorePassword;
  }
+
+  public String getSecureRandomAlgorithm() {
+    return secureRandomAlgorithm;
+  }
 }
--- a/solr/core/src/test/org/apache/solr/cloud/BasicDistributedZk2Test.java
+++ b/solr/core/src/test/org/apache/solr/cloud/BasicDistributedZk2Test.java
@ -26,7 +26,6 @@ import java.util.regex.Pattern;

 import org.apache.http.client.methods.HttpGet;
 import org.apache.http.impl.client.BasicResponseHandler;
-import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
 import org.apache.solr.client.solrj.SolrQuery;
 import org.apache.solr.client.solrj.SolrServer;
 import org.apache.solr.client.solrj.SolrServerException;
@ -50,7 +49,6 @@ import org.apache.solr.util.AbstractSolrTestCase;
 * This test simply does a bunch of basic things in solrcloud mode and asserts things
 * work as expected.
 */
-@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776")
 public class BasicDistributedZk2Test extends AbstractFullDistribZkTestBase {
  private static final String SHARD2 = "shard2";
  private static final String SHARD1 = "shard1";
--- a/solr/core/src/test/org/apache/solr/cloud/BasicDistributedZkTest.java
+++ b/solr/core/src/test/org/apache/solr/cloud/BasicDistributedZkTest.java
@ -38,7 +38,6 @@ import java.util.concurrent.atomic.AtomicInteger;
 import org.apache.commons.lang.StringUtils;
 import org.apache.lucene.util.LuceneTestCase.Slow;
 import org.apache.solr.JSONTestUtil;
-import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
 import org.apache.solr.client.solrj.SolrQuery;
 import org.apache.solr.client.solrj.SolrRequest;
 import org.apache.solr.client.solrj.SolrServer;
@ -77,7 +76,6 @@ import org.junit.BeforeClass;
 * work as expected.
 */
@Slow 
-@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776")
 public class BasicDistributedZkTest extends AbstractFullDistribZkTestBase {
  
  private static final String DEFAULT_COLLECTION = "collection1";
--- a/solr/core/src/test/org/apache/solr/cloud/ChaosMonkeyNothingIsSafeTest.java
+++ b/solr/core/src/test/org/apache/solr/cloud/ChaosMonkeyNothingIsSafeTest.java
@ -25,7 +25,6 @@ import java.util.concurrent.atomic.AtomicInteger;

 import org.apache.http.client.HttpClient;
 import org.apache.lucene.util.LuceneTestCase.Slow;
-import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
 import org.apache.solr.client.solrj.SolrQuery;
 import org.apache.solr.client.solrj.SolrServer;
 import org.apache.solr.client.solrj.impl.CloudSolrServer;
@ -46,7 +45,6 @@ import org.slf4j.LoggerFactory;
 import com.carrotsearch.randomizedtesting.annotations.ThreadLeakLingering;

@Slow
-@SuppressSSL
@ThreadLeakLingering(linger = 60000)
 public class ChaosMonkeyNothingIsSafeTest extends AbstractFullDistribZkTestBase {
  private static final int FAIL_TOLERANCE = 20;
--- a/solr/core/src/test/org/apache/solr/cloud/FullSolrCloudDistribCmdsTest.java
+++ b/solr/core/src/test/org/apache/solr/cloud/FullSolrCloudDistribCmdsTest.java
@ -21,9 +21,7 @@ import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;

-import org.apache.lucene.util.LuceneTestCase.BadApple;
 import org.apache.lucene.util.LuceneTestCase.Slow;
-import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
 import org.apache.solr.client.solrj.SolrQuery;
 import org.apache.solr.client.solrj.SolrServer;
 import org.apache.solr.client.solrj.SolrServerException;
@ -49,7 +47,6 @@ import org.junit.BeforeClass;
 * Super basic testing, no shard restarting or anything.
 */
@Slow
-@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776")
 public class FullSolrCloudDistribCmdsTest extends AbstractFullDistribZkTestBase {
  
  @BeforeClass
--- a/solr/core/src/test/org/apache/solr/cloud/SSLMigrationTest.java
+++ b/solr/core/src/test/org/apache/solr/cloud/SSLMigrationTest.java
@ -47,7 +47,7 @@ import org.apache.lucene.util.LuceneTestCase.Slow;
 * off in the cluster.
 */
@Slow
-@SuppressSSL
+@SuppressSSL // tests starts with SSL off
 public class SSLMigrationTest extends AbstractFullDistribZkTestBase {
  
  @Override
--- a/solr/core/src/test/org/apache/solr/cloud/UnloadDistributedZkTest.java
+++ b/solr/core/src/test/org/apache/solr/cloud/UnloadDistributedZkTest.java
@ -24,7 +24,6 @@ import java.util.concurrent.SynchronousQueue;
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;

-import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
 import org.apache.lucene.util.LuceneTestCase.Slow;
 import org.apache.solr.client.solrj.SolrQuery;
 import org.apache.solr.client.solrj.SolrServer;
@ -46,7 +45,6 @@ import org.junit.BeforeClass;
 * work as expected.
 */
@Slow
-@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776")
 public class UnloadDistributedZkTest extends BasicDistributedZkTest {
  
  @BeforeClass
--- a/solr/core/src/test/org/apache/solr/update/PeerSyncTest.java
+++ b/solr/core/src/test/org/apache/solr/update/PeerSyncTest.java
@ -21,7 +21,6 @@ import java.io.IOException;
 import java.util.Arrays;

 import org.apache.solr.BaseDistributedSearchTestCase;
-import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
 import org.apache.solr.client.solrj.SolrServer;
 import org.apache.solr.client.solrj.SolrServerException;
 import org.apache.solr.client.solrj.request.QueryRequest;
@ -32,7 +31,6 @@ import org.apache.solr.common.util.StrUtils;
 import static org.apache.solr.update.processor.DistributingUpdateProcessorFactory.DISTRIB_UPDATE_PARAM;
 import static org.apache.solr.update.processor.DistributedUpdateProcessor.DistribPhase;

-@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776")
 public class PeerSyncTest extends BaseDistributedSearchTestCase {
  private static int numVersions = 100;  // number of versions to use when syncing
  private final String FROM_LEADER = DistribPhase.FROMLEADER.toString();
--- a/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleBinaryTest.java
+++ b/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleBinaryTest.java
@ -17,7 +17,6 @@

 package org.apache.solr.client.solrj;

-import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
 import org.apache.solr.client.solrj.SolrExampleTests;
 import org.apache.solr.client.solrj.SolrServer;
 import org.apache.solr.client.solrj.impl.BinaryRequestWriter;
@ -31,7 +30,6 @@ import org.junit.BeforeClass;
 * A subclass of SolrExampleTests that explicitly uses the binary 
 * codec for communication. 
 */
-@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776")
 public class SolrExampleBinaryTest extends SolrExampleTests {
  @BeforeClass
  public static void beforeTest() throws Exception {
--- a/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleTests.java
+++ b/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleTests.java
@ -32,7 +32,6 @@ import com.google.common.collect.Maps;
 import junit.framework.Assert;

 import org.apache.lucene.util.TestUtil;
-import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
 import org.apache.solr.client.solrj.embedded.EmbeddedSolrServer;
 import org.apache.solr.client.solrj.impl.BinaryResponseParser;
 import org.apache.solr.client.solrj.impl.ConcurrentUpdateSolrServer;
@ -70,7 +69,6 @@ import org.slf4j.LoggerFactory;
 *
 * @since solr 1.3
 */
-@SuppressSSL
 abstract public class SolrExampleTests extends SolrExampleTestsBase
 {
  private static Logger log = LoggerFactory.getLogger(SolrExampleTests.class);
--- a/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleXMLTest.java
+++ b/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleXMLTest.java
@ -17,7 +17,6 @@

 package org.apache.solr.client.solrj;

-import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
 import org.apache.solr.client.solrj.impl.HttpSolrServer;
 import org.apache.solr.client.solrj.impl.XMLResponseParser;
 import org.apache.solr.client.solrj.request.RequestWriter;
@ -28,7 +27,6 @@ import org.junit.BeforeClass;
 * A subclass of SolrExampleTests that explicitly uses the xml codec for
 * communication.
 */
-@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776")
 public class SolrExampleXMLTest extends SolrExampleTests {
  @BeforeClass
  public static void beforeTest() throws Exception {
--- a/solr/solrj/src/test/org/apache/solr/client/solrj/TestBatchUpdate.java
+++ b/solr/solrj/src/test/org/apache/solr/client/solrj/TestBatchUpdate.java
@ -17,7 +17,6 @@
 package org.apache.solr.client.solrj;

 import org.apache.solr.SolrJettyTestBase;
-import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
 import org.apache.solr.client.solrj.beans.Field;
 import org.apache.solr.client.solrj.impl.BinaryRequestWriter;
 import org.apache.solr.client.solrj.impl.HttpSolrServer;
@ -37,7 +36,6 @@ import java.util.Iterator;
 * @since solr 1.4
 *
 */
-@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776")
 public class TestBatchUpdate extends SolrJettyTestBase {

  @BeforeClass
--- a/solr/solrj/src/test/org/apache/solr/client/solrj/embedded/SolrExampleJettyTest.java
+++ b/solr/solrj/src/test/org/apache/solr/client/solrj/embedded/SolrExampleJettyTest.java
@ -17,7 +17,6 @@

 package org.apache.solr.client.solrj.embedded;

-import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
 import org.apache.solr.client.solrj.SolrExampleTests;
 import org.apache.solr.client.solrj.impl.HttpSolrServer;
 import org.apache.solr.util.ExternalPaths;
@ -31,7 +30,6 @@ import org.junit.Test;
 * rather then open a real connection?
 * 
 */
-@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776")
 public class SolrExampleJettyTest extends SolrExampleTests {

  @BeforeClass
--- a/solr/solrj/src/test/org/apache/solr/client/solrj/embedded/SolrExampleStreamingBinaryTest.java
+++ b/solr/solrj/src/test/org/apache/solr/client/solrj/embedded/SolrExampleStreamingBinaryTest.java
@ -17,7 +17,6 @@ package org.apache.solr.client.solrj.embedded;
 * limitations under the License.
 */

-import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
 import org.apache.lucene.util.LuceneTestCase.Slow;
 import org.apache.solr.client.solrj.SolrServer;
 import org.apache.solr.client.solrj.impl.BinaryRequestWriter;
@ -25,7 +24,6 @@ import org.apache.solr.client.solrj.impl.BinaryResponseParser;
 import org.apache.solr.client.solrj.impl.ConcurrentUpdateSolrServer;

@Slow
-@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776")
 public class SolrExampleStreamingBinaryTest extends SolrExampleStreamingTest {

  @Override
--- a/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java
+++ b/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java
@ -238,7 +238,7 @@ public abstract class SolrTestCaseJ4 extends LuceneTestCase {
      return new SSLTestConfig();
    }
    
-    final boolean trySsl = random().nextBoolean();
+    final boolean trySsl = true;//random().nextBoolean();
    boolean trySslClientAuth = random().nextBoolean();
    if (Constants.MAC_OS_X) {
      trySslClientAuth = false;
--- a/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
+++ b/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
@ -22,6 +22,7 @@ import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.security.UnrecoverableKeyException;

 import javax.net.ssl.SSLContext;
@ -51,7 +52,7 @@ public class SSLTestConfig extends SSLConfig {
  }
  
  public SSLTestConfig(boolean useSSL, boolean clientAuth) {
-    super(useSSL, clientAuth, TEST_KEYSTORE_PATH, TEST_KEYSTORE_PASSWORD, TEST_KEYSTORE_PATH, TEST_KEYSTORE_PASSWORD);
+    this(useSSL, clientAuth, TEST_KEYSTORE_PATH, TEST_KEYSTORE_PASSWORD, TEST_KEYSTORE_PATH, TEST_KEYSTORE_PASSWORD);
  }
 
  public SSLTestConfig(boolean useSSL, boolean clientAuth, String keyStore, String keyStorePassword, String trustStore, String trustStorePassword) {
@ -73,10 +74,11 @@ public class SSLTestConfig extends SSLConfig {
   */
  protected SSLContext buildSSLContext() throws KeyManagementException, 
    UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
-    
+
    return SSLContexts.custom()
        .loadKeyMaterial(buildKeyStore(getKeyStore(), getKeyStorePassword()), getKeyStorePassword().toCharArray())
-        .loadTrustMaterial(buildKeyStore(getTrustStore(), getTrustStorePassword()), new TrustSelfSignedStrategy()).build();
+        .loadTrustMaterial(buildKeyStore(getTrustStore(), getTrustStorePassword()), new TrustSelfSignedStrategy())
+        .setSecureRandom(new NullSecureRandom()).build();
  }
  
  
@ -118,4 +120,19 @@ public class SSLTestConfig extends SSLConfig {
    System.clearProperty("javax.net.ssl.trustStorePassword");
  }
  
+  /**
+   * We use this to avoid SecureRandom blocking issues due to too many
+   * instances or not enough random entropy. Tests do not need secure SSL.
+   */
+  private static class NullSecureRandom extends SecureRandom {
+    public byte[] generateSeed(int numBytes) {
+      return new byte[0];
+    }
+    
+    synchronized public void nextBytes(byte[] bytes) {
+    }
+    
+    synchronized public void setSeed(byte[] seed) {
+    }
+  }
 }