This is an automated email from the ASF dual-hosted git repository. jdyer pushed a commit to branch feature/SOLR-17516-c in repository https://gitbox.apache.org/repos/asf/solr.git
commit 87bf82db3e9458c465e7339b8caa40069f128cde Author: jdyer1 <[email protected]> AuthorDate: Thu Oct 31 08:51:43 2024 -0500 Use Self Signed Cert-Friendy SSL Context in Integration Test --- .../client/solrj/impl/HttpJdkSolrClientTest.java | 82 +-------------------- .../impl/LBHttp2SolrClientIntegrationTest.java | 55 ++++++++++++++ .../solr/client/solrj/impl/MockTrustManager.java | 84 ++++++++++++++++++++++ 3 files changed, 140 insertions(+), 81 deletions(-) diff --git a/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpJdkSolrClientTest.java b/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpJdkSolrClientTest.java index 698658a8528..1ae5c9dadfc 100644 --- a/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpJdkSolrClientTest.java +++ b/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpJdkSolrClientTest.java @@ -20,10 +20,7 @@ package org.apache.solr.client.solrj.impl; import java.io.IOException; import java.net.CookieHandler; import java.net.CookieManager; -import java.net.Socket; import java.net.http.HttpClient; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.Collections; import java.util.Objects; @@ -31,13 +28,7 @@ import java.util.Set; import java.util.concurrent.ExecutorService; import java.util.concurrent.TimeUnit; import java.util.stream.Collectors; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLEngine; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509ExtendedTrustManager; import org.apache.lucene.util.NamedThreadFactory; -import org.apache.solr.SolrTestCaseJ4; import org.apache.solr.client.solrj.ResponseParser; import org.apache.solr.client.solrj.SolrClient; import org.apache.solr.client.solrj.SolrQuery; @@ -48,34 +39,11 @@ import org.apache.solr.client.solrj.response.SolrPingResponse; import org.apache.solr.common.params.CommonParams; import org.apache.solr.common.params.MapSolrParams; import org.apache.solr.common.util.ExecutorUtil; -import org.apache.solr.util.SSLTestConfig; import org.junit.After; -import org.junit.BeforeClass; import org.junit.Test; public class HttpJdkSolrClientTest extends HttpSolrClientTestBase { - private static SSLContext allTrustingSslContext; - - @BeforeClass - public static void beforeClass() { - try { - KeyManagerFactory keyManagerFactory = - KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); - SSLTestConfig stc = SolrTestCaseJ4.sslConfig; - keyManagerFactory.init(stc.defaultKeyStore(), stc.defaultKeyStorePassword().toCharArray()); - - SSLContext sslContext = SSLContext.getInstance("SSL"); - sslContext.init( - keyManagerFactory.getKeyManagers(), - new TrustManager[] {MOCK_TRUST_MANAGER}, - stc.notSecureSecureRandom()); - allTrustingSslContext = sslContext; - } catch (Exception e) { - throw new RuntimeException(e); - } - } - @After public void workaroundToReleaseThreads_noClosableUntilJava21() { Thread[] threads = new Thread[Thread.currentThread().getThreadGroup().activeCount()]; @@ -550,7 +518,7 @@ public class HttpJdkSolrClientTest extends HttpSolrClientTestBase { .withConnectionTimeout(connectionTimeout, TimeUnit.MILLISECONDS) .withIdleTimeout(socketTimeout, TimeUnit.MILLISECONDS) .withDefaultCollection(DEFAULT_CORE) - .withSSLContext(allTrustingSslContext); + .withSSLContext(MockTrustManager.ALL_TRUSTING_SSL_CONTEXT); return (B) b; } @@ -583,52 +551,4 @@ public class HttpJdkSolrClientTest extends HttpSolrClientTestBase { + "6f 6e 21 32 e0 28 72 65 73 " + "70 6f 6e 73 65 0c 84 60 60 " + "00 01 80"; - - /** - * Taken from: https://www.baeldung.com/java-httpclient-ssl sec 4.1, 2024/02/12. This is an - * all-trusting Trust Manager. Works with self-signed certificates. - */ - private static final TrustManager MOCK_TRUST_MANAGER = - new X509ExtendedTrustManager() { - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) - throws CertificateException { - // no-op - } - - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) - throws CertificateException { - // no-op - } - - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) - throws CertificateException { - // no-op - } - - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) - throws CertificateException { - // no-op - } - - @Override - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return new java.security.cert.X509Certificate[0]; - } - - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) - throws CertificateException { - // no-op - } - - @Override - public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) - throws CertificateException { - // no-op - } - }; } diff --git a/solr/solrj/src/test/org/apache/solr/client/solrj/impl/LBHttp2SolrClientIntegrationTest.java b/solr/solrj/src/test/org/apache/solr/client/solrj/impl/LBHttp2SolrClientIntegrationTest.java index 05a762669d5..b13882d53b4 100644 --- a/solr/solrj/src/test/org/apache/solr/client/solrj/impl/LBHttp2SolrClientIntegrationTest.java +++ b/solr/solrj/src/test/org/apache/solr/client/solrj/impl/LBHttp2SolrClientIntegrationTest.java @@ -20,14 +20,20 @@ import java.io.File; import java.io.IOException; import java.io.UncheckedIOException; import java.lang.invoke.MethodHandles; +import java.net.Socket; import java.nio.file.Files; import java.nio.file.Path; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.HashSet; import java.util.List; import java.util.Properties; import java.util.Set; import java.util.concurrent.TimeUnit; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509ExtendedTrustManager; import org.apache.lucene.util.IOUtils; import org.apache.solr.SolrTestCaseJ4; import org.apache.solr.client.solrj.SolrClient; @@ -134,6 +140,7 @@ public class LBHttp2SolrClientIntegrationTest extends SolrTestCaseJ4 { var delegateClient = new HttpJdkSolrClient.Builder() .withConnectionTimeout(1000, TimeUnit.MILLISECONDS) .withIdleTimeout(2000, TimeUnit.MILLISECONDS) + .withSSLContext(MockTrustManager.ALL_TRUSTING_SSL_CONTEXT) .build(); var lbClient = new LBHttpJdkSolrClient.Builder(delegateClient, baseSolrEndpoints) .withDefaultCollection(solr[0].getDefaultCollection()) @@ -371,4 +378,52 @@ public class LBHttp2SolrClientIntegrationTest extends SolrTestCaseJ4 { } } } + + /** + * Taken from: https://www.baeldung.com/java-httpclient-ssl sec 4.1, 2024/02/12. This is an + * all-trusting Trust Manager. Works with self-signed certificates. + */ + private static final TrustManager MOCK_TRUST_MANAGER = + new X509ExtendedTrustManager() { + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) + throws CertificateException { + // no-op + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) + throws CertificateException { + // no-op + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) + throws CertificateException { + // no-op + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) + throws CertificateException { + // no-op + } + + @Override + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return new java.security.cert.X509Certificate[0]; + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + // no-op + } + + @Override + public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) + throws CertificateException { + // no-op + } + }; } diff --git a/solr/solrj/src/test/org/apache/solr/client/solrj/impl/MockTrustManager.java b/solr/solrj/src/test/org/apache/solr/client/solrj/impl/MockTrustManager.java new file mode 100644 index 00000000000..7dad3a709cb --- /dev/null +++ b/solr/solrj/src/test/org/apache/solr/client/solrj/impl/MockTrustManager.java @@ -0,0 +1,84 @@ +package org.apache.solr.client.solrj.impl; + +import java.net.Socket; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509ExtendedTrustManager; +import org.apache.solr.SolrTestCaseJ4; +import org.apache.solr.util.SSLTestConfig; + +/** + * Taken from: https://www.baeldung.com/java-httpclient-ssl sec 4.1, 2024/02/12. This is an + * all-trusting Trust Manager. Works with self-signed certificates. + */ +public class MockTrustManager extends X509ExtendedTrustManager { + + public static final SSLContext ALL_TRUSTING_SSL_CONTEXT; + + private static final MockTrustManager INSTANCE = new MockTrustManager(); + + static { + try { + KeyManagerFactory keyManagerFactory = + KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + SSLTestConfig stc = SolrTestCaseJ4.sslConfig; + keyManagerFactory.init(stc.defaultKeyStore(), stc.defaultKeyStorePassword().toCharArray()); + + SSLContext sslContext = SSLContext.getInstance("SSL"); + sslContext.init( + keyManagerFactory.getKeyManagers(), + new TrustManager[] {INSTANCE}, + stc.notSecureSecureRandom()); + ALL_TRUSTING_SSL_CONTEXT = sslContext; + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + private MockTrustManager() {} + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) + throws CertificateException { + // no-op + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) + throws CertificateException { + // no-op + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) + throws CertificateException { + // no-op + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) + throws CertificateException { + // no-op + } + + @Override + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return new java.security.cert.X509Certificate[0]; + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + // no-op + } + + @Override + public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) + throws CertificateException { + // no-op + } +}
