From e2fb46a51e128143c5895fe876ee11b895786c38 Mon Sep 17 00:00:00 2001 From: Mark Robert Miller Date: Thu, 17 Apr 2014 23:20:27 +0000 Subject: [PATCH] SOLR-5776: Enabled SSL tests can easily exhaust random generator entropy and block. git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1588388 13f79535-47bb-0310-9956-ffa450edef68 --- solr/CHANGES.txt | 3 +++ .../solrj/embedded/JettySolrRunner.java | 3 +++ .../solr/client/solrj/embedded/SSLConfig.java | 9 ++++++++ .../solr/cloud/BasicDistributedZk2Test.java | 2 -- .../solr/cloud/BasicDistributedZkTest.java | 2 -- .../cloud/ChaosMonkeyNothingIsSafeTest.java | 2 -- .../cloud/FullSolrCloudDistribCmdsTest.java | 3 --- .../apache/solr/cloud/SSLMigrationTest.java | 2 +- .../solr/cloud/UnloadDistributedZkTest.java | 2 -- .../org/apache/solr/update/PeerSyncTest.java | 2 -- .../client/solrj/SolrExampleBinaryTest.java | 2 -- .../solr/client/solrj/SolrExampleTests.java | 2 -- .../solr/client/solrj/SolrExampleXMLTest.java | 2 -- .../solr/client/solrj/TestBatchUpdate.java | 2 -- .../solrj/embedded/SolrExampleJettyTest.java | 2 -- .../SolrExampleStreamingBinaryTest.java | 2 -- .../java/org/apache/solr/SolrTestCaseJ4.java | 2 +- .../org/apache/solr/util/SSLTestConfig.java | 23 ++++++++++++++++--- 18 files changed, 37 insertions(+), 30 deletions(-) diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt index 62db0ecf7ee..402326959de 100644 --- a/solr/CHANGES.txt +++ b/solr/CHANGES.txt @@ -82,6 +82,9 @@ Other Changes * SOLR-5868: HttpClient should be configured to use ALLOW_ALL_HOSTNAME hostname verifier to simplify SSL setup. (Steve Davids via Mark Miller) + +* SOLR-5776: Enabled SSL tests can easily exhaust random generator entropy and + block. (Mark Miller, hossman, Steve Davids) ================== 4.9.0 ================== diff --git a/solr/core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java b/solr/core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java index bc298e90596..ae4c641d4c5 100644 --- a/solr/core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java +++ b/solr/core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java @@ -358,6 +358,9 @@ public class JettySolrRunner { if (null != sslConfig.getTrustStorePassword()) { sslcontext.setTrustStorePassword(sslConfig.getTrustStorePassword()); } + if (null != sslConfig.getSecureRandomAlgorithm()) { + sslcontext.setSecureRandomAlgorithm(sslConfig.getSecureRandomAlgorithm()); + } sslcontext.setNeedClientAuth(sslConfig.isClientAuthMode()); } else { boolean jettySsl = Boolean.getBoolean(System.getProperty("tests.jettySsl")); diff --git a/solr/core/src/java/org/apache/solr/client/solrj/embedded/SSLConfig.java b/solr/core/src/java/org/apache/solr/client/solrj/embedded/SSLConfig.java index 2b0bcbf3e46..66a2a0d881b 100644 --- a/solr/core/src/java/org/apache/solr/client/solrj/embedded/SSLConfig.java +++ b/solr/core/src/java/org/apache/solr/client/solrj/embedded/SSLConfig.java @@ -25,6 +25,7 @@ public class SSLConfig { private String keyStorePassword; private String trustStore; private String trustStorePassword; + private String secureRandomAlgorithm; public SSLConfig(boolean useSSL, boolean clientAuth, String keyStore, String keyStorePassword, String trustStore, String trustStorePassword) { this.useSsl = useSSL; @@ -43,6 +44,10 @@ public class SSLConfig { this.clientAuth = clientAuth; } + public void setSecureRandomAlgorithm(String secureRandomAlgorithm) { + this.secureRandomAlgorithm = secureRandomAlgorithm; + } + public boolean isSSLMode() { return useSsl; } @@ -66,4 +71,8 @@ public class SSLConfig { public String getTrustStorePassword() { return trustStorePassword; } + + public String getSecureRandomAlgorithm() { + return secureRandomAlgorithm; + } } diff --git a/solr/core/src/test/org/apache/solr/cloud/BasicDistributedZk2Test.java b/solr/core/src/test/org/apache/solr/cloud/BasicDistributedZk2Test.java index 18df162669e..feb9d5e3deb 100644 --- a/solr/core/src/test/org/apache/solr/cloud/BasicDistributedZk2Test.java +++ b/solr/core/src/test/org/apache/solr/cloud/BasicDistributedZk2Test.java @@ -26,7 +26,6 @@ import java.util.regex.Pattern; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.BasicResponseHandler; -import org.apache.solr.SolrTestCaseJ4.SuppressSSL; import org.apache.solr.client.solrj.SolrQuery; import org.apache.solr.client.solrj.SolrServer; import org.apache.solr.client.solrj.SolrServerException; @@ -50,7 +49,6 @@ import org.apache.solr.util.AbstractSolrTestCase; * This test simply does a bunch of basic things in solrcloud mode and asserts things * work as expected. */ -@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776") public class BasicDistributedZk2Test extends AbstractFullDistribZkTestBase { private static final String SHARD2 = "shard2"; private static final String SHARD1 = "shard1"; diff --git a/solr/core/src/test/org/apache/solr/cloud/BasicDistributedZkTest.java b/solr/core/src/test/org/apache/solr/cloud/BasicDistributedZkTest.java index 4169c480c5f..05e3cc28d04 100644 --- a/solr/core/src/test/org/apache/solr/cloud/BasicDistributedZkTest.java +++ b/solr/core/src/test/org/apache/solr/cloud/BasicDistributedZkTest.java @@ -38,7 +38,6 @@ import java.util.concurrent.atomic.AtomicInteger; import org.apache.commons.lang.StringUtils; import org.apache.lucene.util.LuceneTestCase.Slow; import org.apache.solr.JSONTestUtil; -import org.apache.solr.SolrTestCaseJ4.SuppressSSL; import org.apache.solr.client.solrj.SolrQuery; import org.apache.solr.client.solrj.SolrRequest; import org.apache.solr.client.solrj.SolrServer; @@ -77,7 +76,6 @@ import org.junit.BeforeClass; * work as expected. */ @Slow -@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776") public class BasicDistributedZkTest extends AbstractFullDistribZkTestBase { private static final String DEFAULT_COLLECTION = "collection1"; diff --git a/solr/core/src/test/org/apache/solr/cloud/ChaosMonkeyNothingIsSafeTest.java b/solr/core/src/test/org/apache/solr/cloud/ChaosMonkeyNothingIsSafeTest.java index 9f2d84ca7a8..523c5a6c61b 100644 --- a/solr/core/src/test/org/apache/solr/cloud/ChaosMonkeyNothingIsSafeTest.java +++ b/solr/core/src/test/org/apache/solr/cloud/ChaosMonkeyNothingIsSafeTest.java @@ -25,7 +25,6 @@ import java.util.concurrent.atomic.AtomicInteger; import org.apache.http.client.HttpClient; import org.apache.lucene.util.LuceneTestCase.Slow; -import org.apache.solr.SolrTestCaseJ4.SuppressSSL; import org.apache.solr.client.solrj.SolrQuery; import org.apache.solr.client.solrj.SolrServer; import org.apache.solr.client.solrj.impl.CloudSolrServer; @@ -46,7 +45,6 @@ import org.slf4j.LoggerFactory; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakLingering; @Slow -@SuppressSSL @ThreadLeakLingering(linger = 60000) public class ChaosMonkeyNothingIsSafeTest extends AbstractFullDistribZkTestBase { private static final int FAIL_TOLERANCE = 20; diff --git a/solr/core/src/test/org/apache/solr/cloud/FullSolrCloudDistribCmdsTest.java b/solr/core/src/test/org/apache/solr/cloud/FullSolrCloudDistribCmdsTest.java index 1963432e9dd..aca8b6ba341 100644 --- a/solr/core/src/test/org/apache/solr/cloud/FullSolrCloudDistribCmdsTest.java +++ b/solr/core/src/test/org/apache/solr/cloud/FullSolrCloudDistribCmdsTest.java @@ -21,9 +21,7 @@ import java.io.IOException; import java.util.ArrayList; import java.util.List; -import org.apache.lucene.util.LuceneTestCase.BadApple; import org.apache.lucene.util.LuceneTestCase.Slow; -import org.apache.solr.SolrTestCaseJ4.SuppressSSL; import org.apache.solr.client.solrj.SolrQuery; import org.apache.solr.client.solrj.SolrServer; import org.apache.solr.client.solrj.SolrServerException; @@ -49,7 +47,6 @@ import org.junit.BeforeClass; * Super basic testing, no shard restarting or anything. */ @Slow -@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776") public class FullSolrCloudDistribCmdsTest extends AbstractFullDistribZkTestBase { @BeforeClass diff --git a/solr/core/src/test/org/apache/solr/cloud/SSLMigrationTest.java b/solr/core/src/test/org/apache/solr/cloud/SSLMigrationTest.java index d833472f6d3..a95be564193 100644 --- a/solr/core/src/test/org/apache/solr/cloud/SSLMigrationTest.java +++ b/solr/core/src/test/org/apache/solr/cloud/SSLMigrationTest.java @@ -47,7 +47,7 @@ import org.apache.lucene.util.LuceneTestCase.Slow; * off in the cluster. */ @Slow -@SuppressSSL +@SuppressSSL // tests starts with SSL off public class SSLMigrationTest extends AbstractFullDistribZkTestBase { @Override diff --git a/solr/core/src/test/org/apache/solr/cloud/UnloadDistributedZkTest.java b/solr/core/src/test/org/apache/solr/cloud/UnloadDistributedZkTest.java index f66bee70ebc..ddaded8f8f1 100644 --- a/solr/core/src/test/org/apache/solr/cloud/UnloadDistributedZkTest.java +++ b/solr/core/src/test/org/apache/solr/cloud/UnloadDistributedZkTest.java @@ -24,7 +24,6 @@ import java.util.concurrent.SynchronousQueue; import java.util.concurrent.ThreadPoolExecutor; import java.util.concurrent.TimeUnit; -import org.apache.solr.SolrTestCaseJ4.SuppressSSL; import org.apache.lucene.util.LuceneTestCase.Slow; import org.apache.solr.client.solrj.SolrQuery; import org.apache.solr.client.solrj.SolrServer; @@ -46,7 +45,6 @@ import org.junit.BeforeClass; * work as expected. */ @Slow -@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776") public class UnloadDistributedZkTest extends BasicDistributedZkTest { @BeforeClass diff --git a/solr/core/src/test/org/apache/solr/update/PeerSyncTest.java b/solr/core/src/test/org/apache/solr/update/PeerSyncTest.java index e4810bb5f6a..fcdc968d4ec 100644 --- a/solr/core/src/test/org/apache/solr/update/PeerSyncTest.java +++ b/solr/core/src/test/org/apache/solr/update/PeerSyncTest.java @@ -21,7 +21,6 @@ import java.io.IOException; import java.util.Arrays; import org.apache.solr.BaseDistributedSearchTestCase; -import org.apache.solr.SolrTestCaseJ4.SuppressSSL; import org.apache.solr.client.solrj.SolrServer; import org.apache.solr.client.solrj.SolrServerException; import org.apache.solr.client.solrj.request.QueryRequest; @@ -32,7 +31,6 @@ import org.apache.solr.common.util.StrUtils; import static org.apache.solr.update.processor.DistributingUpdateProcessorFactory.DISTRIB_UPDATE_PARAM; import static org.apache.solr.update.processor.DistributedUpdateProcessor.DistribPhase; -@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776") public class PeerSyncTest extends BaseDistributedSearchTestCase { private static int numVersions = 100; // number of versions to use when syncing private final String FROM_LEADER = DistribPhase.FROMLEADER.toString(); diff --git a/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleBinaryTest.java b/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleBinaryTest.java index b7f83abcb6a..9cb548bf4f1 100644 --- a/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleBinaryTest.java +++ b/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleBinaryTest.java @@ -17,7 +17,6 @@ package org.apache.solr.client.solrj; -import org.apache.solr.SolrTestCaseJ4.SuppressSSL; import org.apache.solr.client.solrj.SolrExampleTests; import org.apache.solr.client.solrj.SolrServer; import org.apache.solr.client.solrj.impl.BinaryRequestWriter; @@ -31,7 +30,6 @@ import org.junit.BeforeClass; * A subclass of SolrExampleTests that explicitly uses the binary * codec for communication. */ -@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776") public class SolrExampleBinaryTest extends SolrExampleTests { @BeforeClass public static void beforeTest() throws Exception { diff --git a/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleTests.java b/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleTests.java index b4945f6f038..b2502cac8d1 100644 --- a/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleTests.java +++ b/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleTests.java @@ -32,7 +32,6 @@ import com.google.common.collect.Maps; import junit.framework.Assert; import org.apache.lucene.util.TestUtil; -import org.apache.solr.SolrTestCaseJ4.SuppressSSL; import org.apache.solr.client.solrj.embedded.EmbeddedSolrServer; import org.apache.solr.client.solrj.impl.BinaryResponseParser; import org.apache.solr.client.solrj.impl.ConcurrentUpdateSolrServer; @@ -70,7 +69,6 @@ import org.slf4j.LoggerFactory; * * @since solr 1.3 */ -@SuppressSSL abstract public class SolrExampleTests extends SolrExampleTestsBase { private static Logger log = LoggerFactory.getLogger(SolrExampleTests.class); diff --git a/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleXMLTest.java b/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleXMLTest.java index 7be420d9ca4..e161f94458b 100644 --- a/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleXMLTest.java +++ b/solr/solrj/src/test/org/apache/solr/client/solrj/SolrExampleXMLTest.java @@ -17,7 +17,6 @@ package org.apache.solr.client.solrj; -import org.apache.solr.SolrTestCaseJ4.SuppressSSL; import org.apache.solr.client.solrj.impl.HttpSolrServer; import org.apache.solr.client.solrj.impl.XMLResponseParser; import org.apache.solr.client.solrj.request.RequestWriter; @@ -28,7 +27,6 @@ import org.junit.BeforeClass; * A subclass of SolrExampleTests that explicitly uses the xml codec for * communication. */ -@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776") public class SolrExampleXMLTest extends SolrExampleTests { @BeforeClass public static void beforeTest() throws Exception { diff --git a/solr/solrj/src/test/org/apache/solr/client/solrj/TestBatchUpdate.java b/solr/solrj/src/test/org/apache/solr/client/solrj/TestBatchUpdate.java index 38c83228ec2..c5f46a18ab9 100644 --- a/solr/solrj/src/test/org/apache/solr/client/solrj/TestBatchUpdate.java +++ b/solr/solrj/src/test/org/apache/solr/client/solrj/TestBatchUpdate.java @@ -17,7 +17,6 @@ package org.apache.solr.client.solrj; import org.apache.solr.SolrJettyTestBase; -import org.apache.solr.SolrTestCaseJ4.SuppressSSL; import org.apache.solr.client.solrj.beans.Field; import org.apache.solr.client.solrj.impl.BinaryRequestWriter; import org.apache.solr.client.solrj.impl.HttpSolrServer; @@ -37,7 +36,6 @@ import java.util.Iterator; * @since solr 1.4 * */ -@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776") public class TestBatchUpdate extends SolrJettyTestBase { @BeforeClass diff --git a/solr/solrj/src/test/org/apache/solr/client/solrj/embedded/SolrExampleJettyTest.java b/solr/solrj/src/test/org/apache/solr/client/solrj/embedded/SolrExampleJettyTest.java index 43e77da089e..50bce7ea4c9 100644 --- a/solr/solrj/src/test/org/apache/solr/client/solrj/embedded/SolrExampleJettyTest.java +++ b/solr/solrj/src/test/org/apache/solr/client/solrj/embedded/SolrExampleJettyTest.java @@ -17,7 +17,6 @@ package org.apache.solr.client.solrj.embedded; -import org.apache.solr.SolrTestCaseJ4.SuppressSSL; import org.apache.solr.client.solrj.SolrExampleTests; import org.apache.solr.client.solrj.impl.HttpSolrServer; import org.apache.solr.util.ExternalPaths; @@ -31,7 +30,6 @@ import org.junit.Test; * rather then open a real connection? * */ -@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776") public class SolrExampleJettyTest extends SolrExampleTests { @BeforeClass diff --git a/solr/solrj/src/test/org/apache/solr/client/solrj/embedded/SolrExampleStreamingBinaryTest.java b/solr/solrj/src/test/org/apache/solr/client/solrj/embedded/SolrExampleStreamingBinaryTest.java index 8e58811fbd1..2e0a7c58411 100644 --- a/solr/solrj/src/test/org/apache/solr/client/solrj/embedded/SolrExampleStreamingBinaryTest.java +++ b/solr/solrj/src/test/org/apache/solr/client/solrj/embedded/SolrExampleStreamingBinaryTest.java @@ -17,7 +17,6 @@ package org.apache.solr.client.solrj.embedded; * limitations under the License. */ -import org.apache.solr.SolrTestCaseJ4.SuppressSSL; import org.apache.lucene.util.LuceneTestCase.Slow; import org.apache.solr.client.solrj.SolrServer; import org.apache.solr.client.solrj.impl.BinaryRequestWriter; @@ -25,7 +24,6 @@ import org.apache.solr.client.solrj.impl.BinaryResponseParser; import org.apache.solr.client.solrj.impl.ConcurrentUpdateSolrServer; @Slow -@SuppressSSL(bugUrl = "https://issues.apache.org/jira/browse/SOLR-5776") public class SolrExampleStreamingBinaryTest extends SolrExampleStreamingTest { @Override diff --git a/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java b/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java index 651a2667eb8..7e55c60f77d 100644 --- a/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java +++ b/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java @@ -238,7 +238,7 @@ public abstract class SolrTestCaseJ4 extends LuceneTestCase { return new SSLTestConfig(); } - final boolean trySsl = random().nextBoolean(); + final boolean trySsl = true;//random().nextBoolean(); boolean trySslClientAuth = random().nextBoolean(); if (Constants.MAC_OS_X) { trySslClientAuth = false; diff --git a/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java b/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java index 3d8492791fa..1c4b0269de4 100644 --- a/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java +++ b/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java @@ -22,6 +22,7 @@ import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import java.security.UnrecoverableKeyException; import javax.net.ssl.SSLContext; @@ -51,7 +52,7 @@ public class SSLTestConfig extends SSLConfig { } public SSLTestConfig(boolean useSSL, boolean clientAuth) { - super(useSSL, clientAuth, TEST_KEYSTORE_PATH, TEST_KEYSTORE_PASSWORD, TEST_KEYSTORE_PATH, TEST_KEYSTORE_PASSWORD); + this(useSSL, clientAuth, TEST_KEYSTORE_PATH, TEST_KEYSTORE_PASSWORD, TEST_KEYSTORE_PATH, TEST_KEYSTORE_PASSWORD); } public SSLTestConfig(boolean useSSL, boolean clientAuth, String keyStore, String keyStorePassword, String trustStore, String trustStorePassword) { @@ -73,10 +74,11 @@ public class SSLTestConfig extends SSLConfig { */ protected SSLContext buildSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException { - + return SSLContexts.custom() .loadKeyMaterial(buildKeyStore(getKeyStore(), getKeyStorePassword()), getKeyStorePassword().toCharArray()) - .loadTrustMaterial(buildKeyStore(getTrustStore(), getTrustStorePassword()), new TrustSelfSignedStrategy()).build(); + .loadTrustMaterial(buildKeyStore(getTrustStore(), getTrustStorePassword()), new TrustSelfSignedStrategy()) + .setSecureRandom(new NullSecureRandom()).build(); } @@ -118,4 +120,19 @@ public class SSLTestConfig extends SSLConfig { System.clearProperty("javax.net.ssl.trustStorePassword"); } + /** + * We use this to avoid SecureRandom blocking issues due to too many + * instances or not enough random entropy. Tests do not need secure SSL. + */ + private static class NullSecureRandom extends SecureRandom { + public byte[] generateSeed(int numBytes) { + return new byte[0]; + } + + synchronized public void nextBytes(byte[] bytes) { + } + + synchronized public void setSeed(byte[] seed) { + } + } } \ No newline at end of file