[
https://issues.apache.org/jira/browse/SOLR-9609?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jeremy Martini updated SOLR-9609:
---------------------------------
Description:
In order to configure our dataSource without requiring a plaintext password in
the configuration file, we extended JdbcDataSource to create our own custom
implementation. Our dataSource config now looks something like this:
{code:xml}
<dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser"
password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
{code}
We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the
password. However, this seems to cause an issue when we try use Solr in a Cloud
Configuration (using Zookeeper). The error is "Strong key gen and multiprime
gen require at least 1024-bit keysize." Full log attached.
This seems to be due to the hard-coded value of 512 in the
org.apache.solr.util.CryptoKeys$RSAKeyPair class:
{code:java}
public RSAKeyPair() {
KeyPairGenerator keyGen = null;
try {
keyGen = KeyPairGenerator.getInstance("RSA");
} catch (NoSuchAlgorithmException e) {
throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
}
keyGen.initialize(512);
{code}
I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt it,
and now everything seems to work great.
was:
In order to configure our dataSource without requiring a plaintext password in
the configuration file, we extended JdbcDataSource to create our own custom
implementation. Our dataSource config now looks something like this:
{code:xml}
<dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser"
password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
{code}
We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the
password. However, this seems to cause an issue when we try use Solr in a Cloud
Configuration (using Zookeeper). The error is "Strong key gen and multiprime
gen require at least 1024-bit keysize." Full log attached.
This seems to be due to the hard-coded value of 512 in the
org.apache.solr.util.CryptoKeys$RSAKeyPair class:
{code:java}
public RSAKeyPair() {
KeyPairGenerator keyGen = null;
try {
keyGen = KeyPairGenerator.getInstance("RSA");
} catch (NoSuchAlgorithmException e) {
throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
}
keyGen.initialize(512);
{code}
I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt it,
and this now everything seems to work great.
> Change hard-coded keysize from 512 to 1024
> ------------------------------------------
>
> Key: SOLR-9609
> URL: https://issues.apache.org/jira/browse/SOLR-9609
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Jeremy Martini
> Attachments: solr.log
>
>
> In order to configure our dataSource without requiring a plaintext password
> in the configuration file, we extended JdbcDataSource to create our own
> custom implementation. Our dataSource config now looks something like this:
> {code:xml}
> <dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.OracleDriver"
> url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser"
> password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
> {code}
> We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the
> password. However, this seems to cause an issue when we try use Solr in a
> Cloud Configuration (using Zookeeper). The error is "Strong key gen and
> multiprime gen require at least 1024-bit keysize." Full log attached.
> This seems to be due to the hard-coded value of 512 in the
> org.apache.solr.util.CryptoKeys$RSAKeyPair class:
> {code:java}
> public RSAKeyPair() {
> KeyPairGenerator keyGen = null;
> try {
> keyGen = KeyPairGenerator.getInstance("RSA");
> } catch (NoSuchAlgorithmException e) {
> throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
> }
> keyGen.initialize(512);
> {code}
> I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt
> it, and now everything seems to work great.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
