lucene-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From markrmil...@apache.org
Subject svn commit: r1588314 - in /lucene/dev/branches/branch_4x: ./ solr/ solr/solrj/ solr/solrj/src/java/org/apache/solr/client/solrj/impl/ solr/solrj/src/test/org/apache/solr/client/solrj/impl/ solr/test-framework/ solr/test-framework/src/java/org/apache/so...
Date Thu, 17 Apr 2014 17:30:17 GMT
Author: markrmiller
Date: Thu Apr 17 17:30:16 2014
New Revision: 1588314

URL: http://svn.apache.org/r1588314
Log:
SOLR-5868: HttpClient should be configured to use ALLOW_ALL_HOSTNAME hostname verifier to
simplify SSL setup.

Modified:
    lucene/dev/branches/branch_4x/   (props changed)
    lucene/dev/branches/branch_4x/solr/   (props changed)
    lucene/dev/branches/branch_4x/solr/CHANGES.txt   (contents, props changed)
    lucene/dev/branches/branch_4x/solr/solrj/   (props changed)
    lucene/dev/branches/branch_4x/solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientConfigurer.java
    lucene/dev/branches/branch_4x/solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java
    lucene/dev/branches/branch_4x/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpClientUtilTest.java
    lucene/dev/branches/branch_4x/solr/test-framework/   (props changed)
    lucene/dev/branches/branch_4x/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java

Modified: lucene/dev/branches/branch_4x/solr/CHANGES.txt
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?rev=1588314&r1=1588313&r2=1588314&view=diff
==============================================================================
--- lucene/dev/branches/branch_4x/solr/CHANGES.txt (original)
+++ lucene/dev/branches/branch_4x/solr/CHANGES.txt Thu Apr 17 17:30:16 2014
@@ -20,6 +20,9 @@ See the tutorial at http://lucene.apache
 
 $Id$
 
+* SOLR-5868: HttpClient should be configured to use ALLOW_ALL_HOSTNAME hostname
+  verifier to simplify SSL setup. (Steve Davids via Mark Miller)
+
 ==================  4.9.0 ==================
 
 Versions of Major Components

Modified: lucene/dev/branches/branch_4x/solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientConfigurer.java
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientConfigurer.java?rev=1588314&r1=1588313&r2=1588314&view=diff
==============================================================================
--- lucene/dev/branches/branch_4x/solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientConfigurer.java
(original)
+++ lucene/dev/branches/branch_4x/solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientConfigurer.java
Thu Apr 17 17:30:16 2014
@@ -17,6 +17,8 @@ package org.apache.solr.client.solrj.imp
  * limitations under the License.
  */
 
+
+import org.apache.http.conn.ssl.SSLSocketFactory;
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.solr.common.params.SolrParams;
 
@@ -69,5 +71,28 @@ public class HttpClientConfigurer {
       HttpClientUtil.setAllowCompression(httpClient,
           config.getBool(HttpClientUtil.PROP_ALLOW_COMPRESSION));
     }
+    
+    boolean sslCheckPeerName = toBooleanDefaultIfNull(
+        toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), true);
+    if(sslCheckPeerName == false) {
+      HttpClientUtil.setHostNameVerifier(httpClient, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+    }
+  }
+  
+  public static boolean toBooleanDefaultIfNull(Boolean bool, boolean valueIfNull) {
+    if (bool == null) {
+      return valueIfNull;
+    }
+    return bool.booleanValue() ? true : false;
+  }
+  
+  public static Boolean toBooleanObject(String str) {
+    if ("true".equalsIgnoreCase(str)) {
+      return Boolean.TRUE;
+    } else if ("false".equalsIgnoreCase(str)) {
+      return Boolean.FALSE;
+    }
+    // no match
+    return null;
   }
 }

Modified: lucene/dev/branches/branch_4x/solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java?rev=1588314&r1=1588313&r2=1588314&view=diff
==============================================================================
--- lucene/dev/branches/branch_4x/solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java
(original)
+++ lucene/dev/branches/branch_4x/solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java
Thu Apr 17 17:30:16 2014
@@ -34,6 +34,9 @@ import org.apache.http.auth.UsernamePass
 import org.apache.http.client.HttpClient;
 import org.apache.http.client.params.ClientParamBean;
 import org.apache.http.conn.ClientConnectionManager;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.conn.ssl.X509HostnameVerifier;
 import org.apache.http.entity.HttpEntityWrapper;
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.http.impl.client.DefaultHttpRequestRetryHandler;
@@ -75,6 +78,8 @@ public class HttpClientUtil {
   // Basic auth password 
   public static final String PROP_BASIC_AUTH_PASS = "httpBasicAuthPassword";
   
+  public static final String SYS_PROP_CHECK_PEER_NAME = "solr.ssl.checkPeerName";
+  
   private static final Logger logger = LoggerFactory
       .getLogger(HttpClientUtil.class);
   
@@ -255,6 +260,15 @@ public class HttpClientUtil {
     new ClientParamBean(httpClient.getParams()).setHandleRedirects(followRedirects);
   }
 
+  public static void setHostNameVerifier(DefaultHttpClient httpClient,
+      X509HostnameVerifier hostNameVerifier) {
+    Scheme httpsScheme = httpClient.getConnectionManager().getSchemeRegistry().get("https");
+    if (httpsScheme != null) {
+      SSLSocketFactory sslSocketFactory = (SSLSocketFactory) httpsScheme.getSchemeSocketFactory();
+      sslSocketFactory.setHostnameVerifier(hostNameVerifier);
+    }
+  }
+  
   private static class UseCompressionRequestInterceptor implements
       HttpRequestInterceptor {
     

Modified: lucene/dev/branches/branch_4x/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpClientUtilTest.java
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpClientUtilTest.java?rev=1588314&r1=1588313&r2=1588314&view=diff
==============================================================================
--- lucene/dev/branches/branch_4x/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpClientUtilTest.java
(original)
+++ lucene/dev/branches/branch_4x/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpClientUtilTest.java
Thu Apr 17 17:30:16 2014
@@ -17,17 +17,23 @@
 package org.apache.solr.client.solrj.impl;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
 
 import java.util.concurrent.atomic.AtomicInteger;
 
 import org.apache.http.auth.AuthScope;
 import org.apache.http.client.HttpClient;
 import org.apache.http.client.params.ClientPNames;
-import org.apache.http.impl.conn.PoolingClientConnectionManager;
+import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
+import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.conn.ssl.X509HostnameVerifier;
 import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.conn.PoolingClientConnectionManager;
 import org.apache.http.params.HttpConnectionParams;
 import org.apache.solr.common.params.ModifiableSolrParams;
 import org.apache.solr.common.params.SolrParams;
+import org.apache.solr.util.SSLTestConfig;
 import org.junit.Test;
 
 public class HttpClientUtilTest {
@@ -90,4 +96,35 @@ public class HttpClientUtilTest {
 
   }
   
+  @Test
+  @SuppressWarnings("deprecation")
+  public void testSSLSystemProperties() {
+    try {
+      SSLTestConfig.setSSLSystemProperties();
+      assertNotNull("HTTPS scheme could not be created using the javax.net.ssl.* system properties.",

+          HttpClientUtil.createClient(null).getConnectionManager().getSchemeRegistry().get("https"));
+      
+      System.clearProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME);
+      assertEquals(BrowserCompatHostnameVerifier.class, getHostnameVerifier(HttpClientUtil.createClient(null)).getClass());
+      
+      System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME, "true");
+      assertEquals(BrowserCompatHostnameVerifier.class, getHostnameVerifier(HttpClientUtil.createClient(null)).getClass());
+      
+      System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME, "");
+      assertEquals(BrowserCompatHostnameVerifier.class, getHostnameVerifier(HttpClientUtil.createClient(null)).getClass());
+      
+      System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME, "false");
+      assertEquals(AllowAllHostnameVerifier.class, getHostnameVerifier(HttpClientUtil.createClient(null)).getClass());
+    } finally {
+      SSLTestConfig.clearSSLSystemProperties();
+      System.clearProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME);
+    }
+  }
+  
+  @SuppressWarnings("deprecation")
+  private X509HostnameVerifier getHostnameVerifier(HttpClient client) {
+    return ((SSLSocketFactory) client.getConnectionManager().getSchemeRegistry()
+        .get("https").getSchemeSocketFactory()).getHostnameVerifier();
+  }
+  
 }

Modified: lucene/dev/branches/branch_4x/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java?rev=1588314&r1=1588313&r2=1588314&view=diff
==============================================================================
--- lucene/dev/branches/branch_4x/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
(original)
+++ lucene/dev/branches/branch_4x/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
Thu Apr 17 17:30:16 2014
@@ -109,10 +109,18 @@ public class SSLTestConfig extends SSLCo
     }
   }
   
-  public static void cleanStatics() {
-    DEFAULT_CONFIGURER = null;
-    TEST_KEYSTORE = null;
-    TEST_KEYSTORE_PASSWORD = null;
-    TEST_KEYSTORE_PATH = null;
+  public static void setSSLSystemProperties() {
+    System.setProperty("javax.net.ssl.keyStore", TEST_KEYSTORE_PATH);
+    System.setProperty("javax.net.ssl.keyStorePassword", TEST_KEYSTORE_PASSWORD);
+    System.setProperty("javax.net.ssl.trustStore", TEST_KEYSTORE_PATH);
+    System.setProperty("javax.net.ssl.trustStorePassword", TEST_KEYSTORE_PASSWORD);
   }
+  
+  public static void clearSSLSystemProperties() {
+    System.clearProperty("javax.net.ssl.keyStore");
+    System.clearProperty("javax.net.ssl.keyStorePassword");
+    System.clearProperty("javax.net.ssl.trustStore");
+    System.clearProperty("javax.net.ssl.trustStorePassword");
+  }
+  
 }
\ No newline at end of file



Mime
View raw message