muse-dev[bot] commented on a change in pull request #139:
URL: https://github.com/apache/solr/pull/139#discussion_r641608294
##########
File path:
solr/core/src/test/org/apache/solr/security/JWTAuthPluginIntegrationTest.java
##########
@@ -328,4 +406,56 @@ private void executeCommand(String url, HttpClient cl,
String payload, JsonWebSi
});
}
+
+ /**
+ * Creates a security.json string which points to the MockOAuth server using
it's well-known URL and trusting its SSL
+ */
+ private static String createMockOAuthSecurityJson(Path pemFilePath) throws
IOException {
+ String wellKnown = mockOAuth2Server.wellKnownUrl("default").toString();
+ String pemCert = extractCertificateFromPem(pemFilePath);
+ return "{\n" +
+ " \"authentication\" : {\n" +
+ " \"class\": \"solr.JWTAuthPlugin\",\n" +
+ " \"wellKnownUrl\": \"" + wellKnown + "\",\n" +
+ " \"blockUnknown\": true\n" +
+ " \"trustedCerts\": \"" + pemCert + "\"\n" +
+ " }\n" +
+ "}";
+ }
+
+ private static String extractCertificateFromPem(Path pemFilePath) throws
IOException {
+ String raw = Files.readString(pemFilePath).replaceAll("\n", "\\\\n");
+ int from = raw.indexOf("-----BEGIN CERTIFICATE-----");
+ int end = raw.lastIndexOf("-----END CERTIFICATE-----") + 25;
+ return raw.substring(from, end);
+ }
+
+ /**
+ * Create and return a MockOAuth2Server with given SSL certificate
+ * @param pemFilepath path to a pem certificate file
+ * @param secretKeyPass password to secret key
+ */
+ private static MockOAuth2Server createMockOAuthServer(Path pemFilepath,
String secretKeyPass) {
+ X509ExtendedKeyManager keyManager =
PemUtils.loadIdentityMaterial(pemFilepath, secretKeyPass.toCharArray());
+ X509ExtendedTrustManager trustManager =
PemUtils.loadTrustMaterial(pemFilepath);
+ SSLFactory sslFactory = SSLFactory.builder()
+ .withIdentityMaterial(keyManager)
+ .withTrustMaterial(trustManager)
+ .build();
+
+ MockWebServerWrapper mockWebServerWrapper = new MockWebServerWrapper();
+ MockWebServer mockWebServer = mockWebServerWrapper.getMockWebServer();
+ try {
+ SSLContext sslContext = SSLContext.getInstance("TLS");
Review comment:
*opt.semgrep.java.lang.security.audit.weak-ssl-context.weak-ssl-context:* An
insecure SSL context was detected. TLS versions 1.0, 1.1, and all SSL versions
are considered weak encryption and are deprecated.
Use SSLContext.getInstance("TLSv1.2") for the best security.
(at-me [in a reply](https://docs.muse.dev/docs/talk-to-muse/) with `help` or
`ignore`)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
