Mailing-List: contact commits-help@lucene.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@lucene.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: sarowe@apache.org
To: commits@lucene.apache.org
Date: Sat, 21 May 2016 19:07:45 -0000
Message-Id: <bccc0be51b6b402ebc743df0a1fb0cba@git.apache.org>
In-Reply-To: <04f81cac89f0447290e9c2da167c821f@git.apache.org>
References: <04f81cac89f0447290e9c2da167c821f@git.apache.org>
Subject: [4/5] lucene-solr:branch_6_0: SOLR-9068 / SOLR-5776: replace
 NullSecureRandom w/ NotSecurePsuedoRandom
archived-at: Sat, 21 May 2016 19:07:44 -0000

SOLR-9068 / SOLR-5776: replace NullSecureRandom w/ NotSecurePsuedoRandom

(cherry picked from commit ac0e73a521a66fc37638e884ab386b0173f79b0f)


Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/fb9b7dcf
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/fb9b7dcf
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/fb9b7dcf

Branch: refs/heads/branch_6_0
Commit: fb9b7dcfbdb1ecf57cb0dfc3d2d722a96b471874
Parents: d866ae7
Author: Chris Hostetter <hossman@apache.org>
Authored: Fri May 6 22:46:10 2016 -0700
Committer: Steve Rowe <sarowe@apache.org>
Committed: Sat May 21 13:06:00 2016 -0400

----------------------------------------------------------------------
 .../org/apache/solr/util/SSLTestConfig.java     | 88 +++++---------------
 1 file changed, 23 insertions(+), 65 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/fb9b7dcf/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
----------------------------------------------------------------------
diff --git a/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java b/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
index 9c31fc2..c89ed66 100644
--- a/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
+++ b/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
@@ -43,8 +43,6 @@ import org.apache.solr.client.solrj.impl.HttpClientUtil;
 import org.apache.solr.client.solrj.impl.HttpClientConfigurer;
 import org.apache.solr.common.params.SolrParams;
 
-import org.apache.lucene.util.Constants;
-
 import org.eclipse.jetty.util.resource.Resource;
 import org.eclipse.jetty.util.security.CertificateUtils;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
@@ -98,7 +96,7 @@ public class SSLTestConfig extends SSLConfig {
     assert isSSLMode();
     
     SSLContextBuilder builder = SSLContexts.custom();
-    builder.setSecureRandom(NullSecureRandom.INSTANCE);
+    builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
     
     // NOTE: KeyStore & TrustStore are swapped because they are from configured from server perspective...
     // we are a client - our keystore contains the keys the server trusts, and vice versa
@@ -127,7 +125,7 @@ public class SSLTestConfig extends SSLConfig {
     assert isSSLMode();
     
     SSLContextBuilder builder = SSLContexts.custom();
-    builder.setSecureRandom(NullSecureRandom.INSTANCE);
+    builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
     
     builder.loadKeyMaterial(buildKeyStore(getKeyStore(), getKeyStorePassword()), getKeyStorePassword().toCharArray());
 
@@ -263,93 +261,53 @@ public class SSLTestConfig extends SSLConfig {
   }
 
   /**
-   * A mocked up instance of SecureRandom that always does the minimal amount of work to generate 
-   * "random" numbers.  This is to prevent blocking issues that arise in platform default 
+   * A mocked up instance of SecureRandom that just uses {@link Random} under the covers.
+   * This is to prevent blocking issues that arise in platform default 
    * SecureRandom instances due to too many instances / not enough random entropy.  
    * Tests do not need secure SSL.
    */
-  private static class NullSecureRandom extends SecureRandom {
-
+  private static class NotSecurePsuedoRandom extends SecureRandom {
+    public static final SecureRandom INSTANCE = new NotSecurePsuedoRandom();
+    private static final Random RAND = new Random(42);
+    
     /** 
-     * The one and only instance that should be used, specific impl may vary based on platform 
-     * @see Constants#SUN_OS
-     * @see <a href="https://issues.apache.org/jira/browse/SOLR-9068">SOLR-9068</a>
+     * Helper method that can be used to fill an array with non-zero data.
+     * (Attempted workarround of Solaris SSL Padding bug: SOLR-9068)
      */
-    public static final SecureRandom INSTANCE = Constants.SUN_OS
-      ? new NullSecureRandom(NullSecureRandomSpi.PSUEDO_RAND_INSTANCE)
-      : new NullSecureRandom(NullSecureRandomSpi.NULL_INSTANCE);
-
-    /** A source of psuedo random data if needed */
-    private static final Random RAND = new Random(42);
+    private static final byte[] fillData(byte[] data) {
+      RAND.nextBytes(data);
+      return data;
+    }
     
-    /** SPI base class for all NullSecureRandom instances */
-    private static class NullSecureRandomSpi extends SecureRandomSpi {
-      private NullSecureRandomSpi() {
-        /* NOOP */
-      }
-      /** 
-       * Helper method that can be used to fill an array with non-zero data.
-       * Default impl is No-Op
-       */
-      public byte[] fillData(byte[] data) {
-        return data; /* NOOP */
-      }
+    /** SPI Used to init all instances */
+    private static final SecureRandomSpi NOT_SECURE_SPI = new SecureRandomSpi() {
       /** returns a new byte[] filled with static data */
-      @Override
       public byte[] engineGenerateSeed(int numBytes) {
         return fillData(new byte[numBytes]);
       }
       /** fills the byte[] with static data */
-      @Override
       public void engineNextBytes(byte[] bytes) {
         fillData(bytes);
       }
       /** NOOP */
-      @Override
       public void engineSetSeed(byte[] seed) { /* NOOP */ }
-      
-      /** Instance to use on platforms w/SSLEngines that work fine when SecureRandom returns constant bytes */
-      public static final NullSecureRandomSpi NULL_INSTANCE = new NullSecureRandomSpi();
-
-      /** 
-       * Instance to use on platforms that need at least psuedo-random data for the SSLEngine to not break
-       * (Attempted workarround of Solaris SSL Padding bug: SOLR-9068)
-       */
-      public static final NullSecureRandomSpi PSUEDO_RAND_INSTANCE = new NullSecureRandomSpi() {
-        /** 
-         * Fill with Psuedo-Random data.
-         * (Attempted workarround of Solaris SSL Padding bug: SOLR-9068)
-         */
-        @Override
-        public byte[] fillData(byte[] data) {
-          RAND.nextBytes(data);
-          return data;
-        }
-      };
-    }
+    };
     
-    private NullSecureRandom(NullSecureRandomSpi spi) {
-      super(spi, null);
-      this.spi = spi;
+    private NotSecurePsuedoRandom() {
+      super(NOT_SECURE_SPI, null) ;
     }
     
-    private NullSecureRandomSpi spi;
-    
-    /** fills a new byte[] with data from SPI */
-    @Override
+    /** returns a new byte[] filled with static data */
     public byte[] generateSeed(int numBytes) {
-      return spi.fillData(new byte[numBytes]);
+      return fillData(new byte[numBytes]);
     }
-    /** fills the byte[] with data from SPI */
-    @Override
+    /** fills the byte[] with static data */
     synchronized public void nextBytes(byte[] bytes) {
-      spi.fillData(bytes);
+      fillData(bytes);
     }
     /** NOOP */
-    @Override
     synchronized public void setSeed(byte[] seed) { /* NOOP */ }
     /** NOOP */
-    @Override
     synchronized public void setSeed(long seed) { /* NOOP */ }
     
   }