lucene-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hoss...@apache.org
Subject [1/2] lucene-solr:master: SOLR-9068 / SOLR-5776: replace NullSecureRandom w/ NotSecurePsuedoRandom
Date Sat, 07 May 2016 05:57:57 GMT
Repository: lucene-solr
Updated Branches:
  refs/heads/branch_6x 7e2f9f506 -> 7144984e1
  refs/heads/master a5586d29b -> ac0e73a52


SOLR-9068 / SOLR-5776: replace NullSecureRandom w/ NotSecurePsuedoRandom


Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/ac0e73a5
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/ac0e73a5
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/ac0e73a5

Branch: refs/heads/master
Commit: ac0e73a521a66fc37638e884ab386b0173f79b0f
Parents: a5586d2
Author: Chris Hostetter <hossman@apache.org>
Authored: Fri May 6 22:46:10 2016 -0700
Committer: Chris Hostetter <hossman@apache.org>
Committed: Fri May 6 22:46:10 2016 -0700

----------------------------------------------------------------------
 .../org/apache/solr/util/SSLTestConfig.java     | 88 +++++---------------
 1 file changed, 23 insertions(+), 65 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/ac0e73a5/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
----------------------------------------------------------------------
diff --git a/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java b/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
index 16981ce..0525890 100644
--- a/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
+++ b/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
@@ -44,8 +44,6 @@ import org.apache.solr.client.solrj.impl.HttpClientUtil;
 import org.apache.solr.client.solrj.impl.HttpClientUtil.SchemaRegistryProvider;
 import org.apache.solr.client.solrj.impl.SolrHttpClientBuilder;
 
-import org.apache.lucene.util.Constants;
-
 import org.eclipse.jetty.util.resource.Resource;
 import org.eclipse.jetty.util.security.CertificateUtils;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
@@ -101,7 +99,7 @@ public class SSLTestConfig extends SSLConfig {
     assert isSSLMode();
     
     SSLContextBuilder builder = SSLContexts.custom();
-    builder.setSecureRandom(NullSecureRandom.INSTANCE);
+    builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
     
     // NOTE: KeyStore & TrustStore are swapped because they are from configured from
server perspective...
     // we are a client - our keystore contains the keys the server trusts, and vice versa
@@ -130,7 +128,7 @@ public class SSLTestConfig extends SSLConfig {
     assert isSSLMode();
     
     SSLContextBuilder builder = SSLContexts.custom();
-    builder.setSecureRandom(NullSecureRandom.INSTANCE);
+    builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
     
     builder.loadKeyMaterial(buildKeyStore(getKeyStore(), getKeyStorePassword()), getKeyStorePassword().toCharArray());
 
@@ -263,93 +261,53 @@ public class SSLTestConfig extends SSLConfig {
   }
 
   /**
-   * A mocked up instance of SecureRandom that always does the minimal amount of work to
generate 
-   * "random" numbers.  This is to prevent blocking issues that arise in platform default

+   * A mocked up instance of SecureRandom that just uses {@link Random} under the covers.
+   * This is to prevent blocking issues that arise in platform default 
    * SecureRandom instances due to too many instances / not enough random entropy.  
    * Tests do not need secure SSL.
    */
-  private static class NullSecureRandom extends SecureRandom {
-
+  private static class NotSecurePsuedoRandom extends SecureRandom {
+    public static final SecureRandom INSTANCE = new NotSecurePsuedoRandom();
+    private static final Random RAND = new Random(42);
+    
     /** 
-     * The one and only instance that should be used, specific impl may vary based on platform

-     * @see Constants#SUN_OS
-     * @see <a href="https://issues.apache.org/jira/browse/SOLR-9068">SOLR-9068</a>
+     * Helper method that can be used to fill an array with non-zero data.
+     * (Attempted workarround of Solaris SSL Padding bug: SOLR-9068)
      */
-    public static final SecureRandom INSTANCE = Constants.SUN_OS
-      ? new NullSecureRandom(NullSecureRandomSpi.PSUEDO_RAND_INSTANCE)
-      : new NullSecureRandom(NullSecureRandomSpi.NULL_INSTANCE);
-
-    /** A source of psuedo random data if needed */
-    private static final Random RAND = new Random(42);
+    private static final byte[] fillData(byte[] data) {
+      RAND.nextBytes(data);
+      return data;
+    }
     
-    /** SPI base class for all NullSecureRandom instances */
-    private static class NullSecureRandomSpi extends SecureRandomSpi {
-      private NullSecureRandomSpi() {
-        /* NOOP */
-      }
-      /** 
-       * Helper method that can be used to fill an array with non-zero data.
-       * Default impl is No-Op
-       */
-      public byte[] fillData(byte[] data) {
-        return data; /* NOOP */
-      }
+    /** SPI Used to init all instances */
+    private static final SecureRandomSpi NOT_SECURE_SPI = new SecureRandomSpi() {
       /** returns a new byte[] filled with static data */
-      @Override
       public byte[] engineGenerateSeed(int numBytes) {
         return fillData(new byte[numBytes]);
       }
       /** fills the byte[] with static data */
-      @Override
       public void engineNextBytes(byte[] bytes) {
         fillData(bytes);
       }
       /** NOOP */
-      @Override
       public void engineSetSeed(byte[] seed) { /* NOOP */ }
-      
-      /** Instance to use on platforms w/SSLEngines that work fine when SecureRandom returns
constant bytes */
-      public static final NullSecureRandomSpi NULL_INSTANCE = new NullSecureRandomSpi();
-
-      /** 
-       * Instance to use on platforms that need at least psuedo-random data for the SSLEngine
to not break
-       * (Attempted workarround of Solaris SSL Padding bug: SOLR-9068)
-       */
-      public static final NullSecureRandomSpi PSUEDO_RAND_INSTANCE = new NullSecureRandomSpi()
{
-        /** 
-         * Fill with Psuedo-Random data.
-         * (Attempted workarround of Solaris SSL Padding bug: SOLR-9068)
-         */
-        @Override
-        public byte[] fillData(byte[] data) {
-          RAND.nextBytes(data);
-          return data;
-        }
-      };
-    }
+    };
     
-    private NullSecureRandom(NullSecureRandomSpi spi) {
-      super(spi, null);
-      this.spi = spi;
+    private NotSecurePsuedoRandom() {
+      super(NOT_SECURE_SPI, null) ;
     }
     
-    private NullSecureRandomSpi spi;
-    
-    /** fills a new byte[] with data from SPI */
-    @Override
+    /** returns a new byte[] filled with static data */
     public byte[] generateSeed(int numBytes) {
-      return spi.fillData(new byte[numBytes]);
+      return fillData(new byte[numBytes]);
     }
-    /** fills the byte[] with data from SPI */
-    @Override
+    /** fills the byte[] with static data */
     synchronized public void nextBytes(byte[] bytes) {
-      spi.fillData(bytes);
+      fillData(bytes);
     }
     /** NOOP */
-    @Override
     synchronized public void setSeed(byte[] seed) { /* NOOP */ }
     /** NOOP */
-    @Override
     synchronized public void setSeed(long seed) { /* NOOP */ }
     
   }


Mime
View raw message