Mike Drob created SOLR-14223:
--------------------------------

             Summary: PublicKeyHandler consumes a lot of entropy during tests
                 Key: SOLR-14223
                 URL: https://issues.apache.org/jira/browse/SOLR-14223
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
    Affects Versions: 8.0, 7.4
            Reporter: Mike Drob


After the changes in SOLR-12354 to eagerly create a {{PublicKeyHandler}} for 
the CoreContainer, the creation of the underlying {{RSAKeyPair}} uses 
{{SecureRandom}} to generate primes. This eats up a lot of system entropy and 
can slow down tests significantly (I observed it adding 10s to an individual 
test).

Similar to what we do for SSL config for tests, we can swap in a non blocking 
implementation of SecureRandom for the key pair generation to allow multiple 
tests to run better in parallel. Primality testing with BigInteger is also 
slow, so I'm not sure how much total speedup we can get here, maybe it's worth 
checking if there are faster implementations out there in other libraries.

In production cases, this also blocks creation of all cores. We should only 
create the Handler if necessary, i.e. if the existing authn/z tell us that they 
won't support internode requests.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

Reply via email to