Package org.apache.solr.util
Class SSLTestConfig
- java.lang.Object
-
- org.apache.solr.util.SSLTestConfig
-
public class SSLTestConfig extends Object
An SSLConfig that providesSSLConfig
andHttpClientUtil.SocketFactoryRegistryProvider
for both clients and servers that supports reading key/trust store information directly from resource files provided with the Solr test-framework classes
-
-
Constructor Summary
Constructors Constructor Description SSLTestConfig()
Creates an SSLTestConfig that does not use SSL or client authenticationSSLTestConfig(boolean useSSL, boolean clientAuth)
Create an SSLTestConfig based on a few caller specified options, implicitly assumingcheckPeerName=false
.SSLTestConfig(boolean useSSL, boolean clientAuth, boolean checkPeerName)
Create an SSLTestConfig based on a few caller specified options.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static void
assumeSslIsSafeToTest()
Helper method for sanity checking if it's safe to use SSL on this JVMorg.apache.solr.client.solrj.impl.HttpClientUtil.SocketFactoryRegistryProvider
buildClientSocketFactoryRegistryProvider()
Creates aHttpClientUtil.SocketFactoryRegistryProvider
for HTTP clients to use when communicating with servers which have been configured based on the settings of this object.org.apache.solr.client.solrj.embedded.SSLConfig
buildClientSSLConfig()
org.apache.http.conn.ssl.SSLConnectionSocketFactory
buildClientSSLConnectionSocketFactory()
Constructs a new SSLConnectionSocketFactory for HTTP clients to use when communicating with servers which have been configured based on the settings of this object.SSLContext
buildClientSSLContext()
Builds a new SSLContext for HTTP clients to use when communicating with servers which have been configured based on the settings of this object.org.apache.solr.client.solrj.embedded.SSLConfig
buildServerSSLConfig()
Builds a new SSLContext for jetty servers which have been configured based on the settings of this object.boolean
getCheckPeerName()
If true, then servers hostname/ip should be validated against the SSL Cert metadataboolean
isClientAuthMode()
boolean
isSSLMode()
All other settings on this object are ignored unless this is true
-
-
-
Constructor Detail
-
SSLTestConfig
public SSLTestConfig()
Creates an SSLTestConfig that does not use SSL or client authentication
-
SSLTestConfig
public SSLTestConfig(boolean useSSL, boolean clientAuth)
Create an SSLTestConfig based on a few caller specified options, implicitly assumingcheckPeerName=false
.As needed, keystore/truststore information will be pulled from a hardcoded resource file provided by the solr test-framework
- Parameters:
useSSL
- - whether SSL should be required.clientAuth
- - whether client authentication should be required.
-
SSLTestConfig
public SSLTestConfig(boolean useSSL, boolean clientAuth, boolean checkPeerName)
Create an SSLTestConfig based on a few caller specified options. As needed, keystore/truststore information will be pulled from a hardcoded resource files provided by the solr test-framework based on the value ofcheckPeerName
:true
- A keystore resource file will be used that specifies a CN oflocalhost
and a SAN IP of127.0.0.1
, to ensure that all connections should be valid regardless of what machine runs the tests.false
- A keystore resource file will be used that specifies a bogus hostname in the CN and reserved IP as the SAN, since no (valid) tests using this SSLTestConfig should care what CN/SAN are.
- Parameters:
useSSL
- - whether SSL should be required.clientAuth
- - whether client authentication should be required.checkPeerName
- - whether the client should validate the 'peer name' of the SSL Certificate (and which testing Cert should be used)- See Also:
HttpClientUtil.SYS_PROP_CHECK_PEER_NAME
-
-
Method Detail
-
getCheckPeerName
public boolean getCheckPeerName()
If true, then servers hostname/ip should be validated against the SSL Cert metadata
-
isSSLMode
public boolean isSSLMode()
All other settings on this object are ignored unless this is true
-
isClientAuthMode
public boolean isClientAuthMode()
-
buildClientSocketFactoryRegistryProvider
public org.apache.solr.client.solrj.impl.HttpClientUtil.SocketFactoryRegistryProvider buildClientSocketFactoryRegistryProvider()
Creates aHttpClientUtil.SocketFactoryRegistryProvider
for HTTP clients to use when communicating with servers which have been configured based on the settings of this object. WhenisSSLMode()
is true, thisSocketFactoryRegistryProvider
will only support HTTPS (no HTTP scheme) using the appropriate certs. WhenisSSLMode()
is false, only HTTP (no HTTPS scheme) will be supported.
-
buildClientSSLContext
public SSLContext buildClientSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException
Builds a new SSLContext for HTTP clients to use when communicating with servers which have been configured based on the settings of this object.NOTE: Uses a completely insecure
SecureRandom
instance to prevent tests from blocking due to lack of entropy, also explicitly allows the use of self-signed certificates (since that's what is almost always used during testing).
-
buildClientSSLConfig
public org.apache.solr.client.solrj.embedded.SSLConfig buildClientSSLConfig()
-
buildServerSSLConfig
public org.apache.solr.client.solrj.embedded.SSLConfig buildServerSSLConfig()
Builds a new SSLContext for jetty servers which have been configured based on the settings of this object.NOTE: Uses a completely insecure
SecureRandom
instance to prevent tests from blocking due to lack of entropy, also explicitly allows the use of self-signed certificates (since that's what is almost always used during testing). almost always used during testing).
-
buildClientSSLConnectionSocketFactory
public org.apache.http.conn.ssl.SSLConnectionSocketFactory buildClientSSLConnectionSocketFactory()
Constructs a new SSLConnectionSocketFactory for HTTP clients to use when communicating with servers which have been configured based on the settings of this object. Will return null unlessisSSLMode()
is true.
-
assumeSslIsSafeToTest
public static void assumeSslIsSafeToTest()
Helper method for sanity checking if it's safe to use SSL on this JVM- Throws:
org.junit.internal.AssumptionViolatedException
- if this JVM is known to have SSL problems- See Also:
- SOLR-12988
-
-