[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15973787#comment-15973787 ]
Hoss Man commented on SOLR-10338: --------------------------------- I don't think we should have tests that assert something happens "fast enough" ... past experience shows that leads nothing but pain. I think for a check like this, it's fine to just be more permissive about the expected types of non-blocking algorithms we might encounter -- as long as there's an easy work around for people on a the bleeding edge of new/alternative JVMs. how about something like ... {code} final String egdfile = System.getProperty("java.security.egd"); final String allowed = System.getProperty("test.solr.allowed.securerandom"); // NOTE: we're checking egdfile *BEFORE* we init a SecureRandom, since we want this check to // be as fast as possible, and if it's not correct, the SecureRandom constructor might block and slow us down if (null == allowed) { assertEquals("Solr tests expect a non-blocking SecureRandom to be configured. " + "Use -Djava.security.egd=file:/dev/./urandom as a JVM option when running tests to bypass this check.", "file:/dev/./urandom", egdfile); } final String actual = (new SecureRandom()).getAlgorithm(); if (null != allowed) { assertEquals("SecureRandom algorithm does not match the specified -Dtest.solr.allowed.securerandom=" + allowed + " JVM option. " + "Set -Djava.security.egd=... accordingly, or remove the test.solr.allowed.securerandom option", allowed, actual); } else { assertTrue("SecureRandom algorithm '"+actual+"' is in use by your JVM, " + "but does not match any of the known non-blocking algorithms that are expected. " + "Please report the details of this failure (and your JVM vendor/version) to solr-u...@lucene.apache.org. " + "You can bypass this check in the meantime by specifying -Dtest.solr.allowed.securerandom=" + actual + " as a JVM option when running tests.", // be permissive in our checks to try and account for future variations (actual.contains("NonBlocking") || actual.contains("SHA") || actual.contains("DRBG"))); } {code} > Configure SecureRandom non blocking for tests. > ---------------------------------------------- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task > Reporter: Mihaly Toth > Assignee: Mark Miller > Fix For: 6.6, master (7.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org