Package org.apache.solr.util
Class SSLTestConfig
- java.lang.Object
-
- org.apache.solr.client.solrj.embedded.SSLConfig
-
- org.apache.solr.util.SSLTestConfig
-
public class SSLTestConfig extends org.apache.solr.client.solrj.embedded.SSLConfig
AnSSLConfig
that supports reading key/trust store information directly from resource files provided with the Solr test-framework classes
-
-
Constructor Summary
Constructors Constructor Description SSLTestConfig()
Creates an SSLTestConfig that does not use SSL or client authenticationSSLTestConfig(boolean useSSL, boolean clientAuth)
Create an SSLTestConfig based on a few caller specified options, implicitly assumingcheckPeerName=false
.SSLTestConfig(boolean useSSL, boolean clientAuth, boolean checkPeerName)
Create an SSLTestConfig based on a few caller specified options.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description org.apache.solr.client.solrj.impl.HttpClientUtil.SchemaRegistryProvider
buildClientSchemaRegistryProvider()
Creates aHttpClientUtil.SchemaRegistryProvider
for HTTP clients to use when communicating with servers which have been configured based on the settings of this object.org.apache.http.conn.ssl.SSLConnectionSocketFactory
buildClientSSLConnectionSocketFactory()
Constructs a new SSLConnectionSocketFactory for HTTP clients to use when communicating with servers which have been configured based on the settings of this object.SSLContext
buildClientSSLContext()
Builds a new SSLContext for HTTP clients to use when communicating with servers which have been configured based on the settings of this object.protected static KeyStore
buildKeyStore(org.eclipse.jetty.util.resource.Resource resource, String password)
Constructs a KeyStore using the specified filename and passwordSSLContext
buildServerSSLContext()
Builds a new SSLContext for jetty servers which have been configured based on the settings of this object.org.eclipse.jetty.util.ssl.SslContextFactory
createContextFactory()
Returns an SslContextFactory usingbuildServerSSLContext()
if SSL should be used, else returns null.boolean
getCheckPeerName()
If true, then servers hostname/ip should be validated against the SSL Cert metadataString
getKeyStore()
NOTE: This method is meaningless in SSLTestConfig.String
getTrustStore()
NOTE: This method is meaningless in SSLTestConfig.static boolean
toBooleanDefaultIfNull(Boolean bool, boolean valueIfNull)
static Boolean
toBooleanObject(String str)
-
-
-
Constructor Detail
-
SSLTestConfig
public SSLTestConfig()
Creates an SSLTestConfig that does not use SSL or client authentication
-
SSLTestConfig
public SSLTestConfig(boolean useSSL, boolean clientAuth)
Create an SSLTestConfig based on a few caller specified options, implicitly assumingcheckPeerName=false
.As needed, keystore/truststore information will be pulled from a hardcoded resource file provided by the solr test-framework
- Parameters:
useSSL
- - whether SSL should be required.clientAuth
- - whether client authentication should be required.
-
SSLTestConfig
public SSLTestConfig(boolean useSSL, boolean clientAuth, boolean checkPeerName)
Create an SSLTestConfig based on a few caller specified options. As needed, keystore/truststore information will be pulled from a hardcoded resource files provided by the solr test-framework based on the value ofcheckPeerName
:true
- A keystore resource file will be used that specifies a CN oflocalhost
and a SAN IP of127.0.0.1
, to ensure that all connections should be valid regardless of what machine runs the tests.false
- A keystore resource file will be used that specifies a bogus hostname in the CN and reserved IP as the SAN, since no (valid) tests using this SSLTestConfig should care what CN/SAN are.
- Parameters:
useSSL
- - whether SSL should be required.clientAuth
- - whether client authentication should be required.checkPeerName
- - whether the client should validate the 'peer name' of the SSL Certificate (and which testing Cert should be used)- See Also:
HttpClientUtil.SYS_PROP_CHECK_PEER_NAME
-
-
Method Detail
-
getCheckPeerName
public boolean getCheckPeerName()
If true, then servers hostname/ip should be validated against the SSL Cert metadata
-
getKeyStore
public String getKeyStore()
NOTE: This method is meaningless in SSLTestConfig.- Overrides:
getKeyStore
in classorg.apache.solr.client.solrj.embedded.SSLConfig
- Returns:
- null
-
getTrustStore
public String getTrustStore()
NOTE: This method is meaningless in SSLTestConfig.- Overrides:
getTrustStore
in classorg.apache.solr.client.solrj.embedded.SSLConfig
- Returns:
- null
-
buildClientSchemaRegistryProvider
public org.apache.solr.client.solrj.impl.HttpClientUtil.SchemaRegistryProvider buildClientSchemaRegistryProvider()
Creates aHttpClientUtil.SchemaRegistryProvider
for HTTP clients to use when communicating with servers which have been configured based on the settings of this object. WhenSSLConfig.isSSLMode()
is true, thisSchemaRegistryProvider
will only support HTTPS (no HTTP scheme) using the appropriate certs. WhenSSLConfig.isSSLMode()
is false, only HTTP (no HTTPS scheme) will be supported.
-
buildClientSSLContext
public SSLContext buildClientSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException
Builds a new SSLContext for HTTP clients to use when communicating with servers which have been configured based on the settings of this object. NOTE: Uses a completely insecureSecureRandom
instance to prevent tests from blocking due to lack of entropy, also explicitly allows the use of self-signed certificates (since that's what is almost always used during testing).
-
buildServerSSLContext
public SSLContext buildServerSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException
Builds a new SSLContext for jetty servers which have been configured based on the settings of this object. NOTE: Uses a completely insecureSecureRandom
instance to prevent tests from blocking due to lack of entropy, also explicitly allows the use of self-signed certificates (since that's what is almost always used during testing). almost always used during testing).
-
createContextFactory
public org.eclipse.jetty.util.ssl.SslContextFactory createContextFactory()
Returns an SslContextFactory usingbuildServerSSLContext()
if SSL should be used, else returns null.- Overrides:
createContextFactory
in classorg.apache.solr.client.solrj.embedded.SSLConfig
-
buildKeyStore
protected static KeyStore buildKeyStore(org.eclipse.jetty.util.resource.Resource resource, String password)
Constructs a KeyStore using the specified filename and password
-
buildClientSSLConnectionSocketFactory
public org.apache.http.conn.ssl.SSLConnectionSocketFactory buildClientSSLConnectionSocketFactory()
Constructs a new SSLConnectionSocketFactory for HTTP clients to use when communicating with servers which have been configured based on the settings of this object. Will return null unlessSSLConfig.isSSLMode()
is true.
-
toBooleanDefaultIfNull
public static boolean toBooleanDefaultIfNull(Boolean bool, boolean valueIfNull)
-
-