SSLTestConfig (Solr 8.2.0 API)

java.lang.Object
- org.apache.solr.util.SSLTestConfig

```
public class SSLTestConfig
extends Object
```
An SSLConfig that provides SSLConfig and HttpClientUtil.SchemaRegistryProvider for both clients and servers that supports reading key/trust store information directly from resource files provided with the Solr test-framework classes

Constructor Summary

Constructors
Constructor and Description
`SSLTestConfig()` Creates an SSLTestConfig that does not use SSL or client authentication
`SSLTestConfig(boolean useSSL, boolean clientAuth)` Create an SSLTestConfig based on a few caller specified options, implicitly assuming `checkPeerName=false`.
`SSLTestConfig(boolean useSSL, boolean clientAuth, boolean checkPeerName)` Create an SSLTestConfig based on a few caller specified options.

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`static void`	`assumeSslIsSafeToTest()` Helper method for sanity checking if it's safe to use SSL on this JVM
`org.apache.solr.client.solrj.impl.HttpClientUtil.SchemaRegistryProvider`	`buildClientSchemaRegistryProvider()` Creates a `HttpClientUtil.SchemaRegistryProvider` for HTTP clients to use when communicating with servers which have been configured based on the settings of this object.
`org.apache.solr.client.solrj.embedded.SSLConfig`	`buildClientSSLConfig()`
`org.apache.http.conn.ssl.SSLConnectionSocketFactory`	`buildClientSSLConnectionSocketFactory()` Constructs a new SSLConnectionSocketFactory for HTTP clients to use when communicating with servers which have been configured based on the settings of this object.
`SSLContext`	`buildClientSSLContext()` Builds a new SSLContext for HTTP clients to use when communicating with servers which have been configured based on the settings of this object.
`org.apache.solr.client.solrj.embedded.SSLConfig`	`buildServerSSLConfig()` Builds a new SSLContext for jetty servers which have been configured based on the settings of this object.
`boolean`	`getCheckPeerName()` If true, then servers hostname/ip should be validated against the SSL Cert metadata
`boolean`	`isClientAuthMode()`
`boolean`	`isSSLMode()` All other settings on this object are ignored unless this is true

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SSLTestConfig
```
public SSLTestConfig()
```
    Creates an SSLTestConfig that does not use SSL or client authentication
  - SSLTestConfig
```
public SSLTestConfig(boolean useSSL,
                     boolean clientAuth)
```
    Create an SSLTestConfig based on a few caller specified options, implicitly assuming checkPeerName=false.
    As needed, keystore/truststore information will be pulled from a hardcoded resource file provided by the solr test-framework
    
    Parameters:
    
    useSSL - - whether SSL should be required.
    
    clientAuth - - whether client authentication should be required.
  - SSLTestConfig
```
public SSLTestConfig(boolean useSSL,
                     boolean clientAuth,
                     boolean checkPeerName)
```
    Create an SSLTestConfig based on a few caller specified options. As needed, keystore/truststore information will be pulled from a hardcoded resource files provided by the solr test-framework based on the value of checkPeerName:
    - true - A keystore resource file will be used that specifies a CN of localhost and a SAN IP of 127.0.0.1, to ensure that all connections should be valid regardless of what machine runs the tests.
    - false - A keystore resource file will be used that specifies a bogus hostname in the CN and reserved IP as the SAN, since no (valid) tests using this SSLTestConfig should care what CN/SAN are.
    Parameters:
    
    useSSL - - whether SSL should be required.
    
    clientAuth - - whether client authentication should be required.
    
    checkPeerName - - whether the client should validate the 'peer name' of the SSL Certificate (and which testing Cert should be used)
    
    See Also:
    
    HttpClientUtil.SYS_PROP_CHECK_PEER_NAME
- Method Detail
  - getCheckPeerName
```
public boolean getCheckPeerName()
```
    If true, then servers hostname/ip should be validated against the SSL Cert metadata
  - isSSLMode
```
public boolean isSSLMode()
```
    All other settings on this object are ignored unless this is true
  - isClientAuthMode
```
public boolean isClientAuthMode()
```
  - buildClientSchemaRegistryProvider
```
public org.apache.solr.client.solrj.impl.HttpClientUtil.SchemaRegistryProvider buildClientSchemaRegistryProvider()
```
    Creates a HttpClientUtil.SchemaRegistryProvider for HTTP clients to use when communicating with servers which have been configured based on the settings of this object. When isSSLMode() is true, this SchemaRegistryProvider will only support HTTPS (no HTTP scheme) using the appropriate certs. When isSSLMode() is false, only HTTP (no HTTPS scheme) will be supported.
  - buildClientSSLContext
```
public SSLContext buildClientSSLContext()
                                 throws KeyManagementException,
                                        UnrecoverableKeyException,
                                        NoSuchAlgorithmException,
                                        KeyStoreException
```
    Builds a new SSLContext for HTTP clients to use when communicating with servers which have been configured based on the settings of this object. NOTE: Uses a completely insecure SecureRandom instance to prevent tests from blocking due to lack of entropy, also explicitly allows the use of self-signed certificates (since that's what is almost always used during testing).
    
    Throws:
    
    KeyManagementException
    
    UnrecoverableKeyException
    
    NoSuchAlgorithmException
    
    KeyStoreException
  - buildClientSSLConfig
```
public org.apache.solr.client.solrj.embedded.SSLConfig buildClientSSLConfig()
```
  - buildServerSSLConfig
```
public org.apache.solr.client.solrj.embedded.SSLConfig buildServerSSLConfig()
```
    Builds a new SSLContext for jetty servers which have been configured based on the settings of this object. NOTE: Uses a completely insecure SecureRandom instance to prevent tests from blocking due to lack of entropy, also explicitly allows the use of self-signed certificates (since that's what is almost always used during testing). almost always used during testing).
  - buildClientSSLConnectionSocketFactory
```
public org.apache.http.conn.ssl.SSLConnectionSocketFactory buildClientSSLConnectionSocketFactory()
```
    Constructs a new SSLConnectionSocketFactory for HTTP clients to use when communicating with servers which have been configured based on the settings of this object. Will return null unless isSSLMode() is true.
  - assumeSslIsSafeToTest
```
public static void assumeSslIsSafeToTest()
```
    Helper method for sanity checking if it's safe to use SSL on this JVM
    
    Throws:
    
    org.junit.internal.AssumptionViolatedException - if this JVM is known to have SSL problems
    
    See Also:
    
    SOLR-12988

Class SSLTestConfig

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SSLTestConfig

SSLTestConfig

SSLTestConfig

Method Detail

getCheckPeerName

isSSLMode

isClientAuthMode

buildClientSchemaRegistryProvider

buildClientSSLContext

buildClientSSLConfig

buildServerSSLConfig

buildClientSSLConnectionSocketFactory

assumeSslIsSafeToTest