You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by sa...@apache.org on 2016/12/06 23:13:22 UTC
[27/50] [abbrv] lucene-solr:apiv2: SOLR-9728: Ability to specify Key
Store type in solr.in file for SSL
SOLR-9728: Ability to specify Key Store type in solr.in file for SSL
Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/bf424d1e
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/bf424d1e
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/bf424d1e
Branch: refs/heads/apiv2
Commit: bf424d1ec1602dffeb33ab0acc8f470e351a6959
Parents: c36ec0b
Author: Kevin Risden <kr...@apache.org>
Authored: Tue Nov 22 13:22:16 2016 -0600
Committer: Kevin Risden <kr...@apache.org>
Committed: Mon Nov 28 09:52:02 2016 -0600
----------------------------------------------------------------------
solr/CHANGES.txt | 2 +
solr/bin/solr | 80 +++++++++++++++++++++++++++++++-------
solr/bin/solr.cmd | 72 +++++++++++++++++++++++++++++++---
solr/bin/solr.in.cmd | 6 ++-
solr/bin/solr.in.sh | 4 ++
solr/server/etc/jetty-ssl.xml | 4 +-
6 files changed, 146 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/bf424d1e/solr/CHANGES.txt
----------------------------------------------------------------------
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index e234322..422f1c6 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -150,6 +150,8 @@ New Features
runtime without the need to modify solrconfig from the default configuration. hl.useFastVectorHighlighter is now
considered deprecated in lieu of hl.method=fastVector. (Timothy Rodriguez, David Smiley)
+* SOLR-9728: Ability to specify Key Store type in solr.in.sh file for SSL (Michael Suzuki, Kevin Risden)
+
Optimizations
----------------------
* SOLR-9704: Facet Module / JSON Facet API: Optimize blockChildren facets that have
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/bf424d1e/solr/bin/solr
----------------------------------------------------------------------
diff --git a/solr/bin/solr b/solr/bin/solr
index 880fcef..c1add26 100755
--- a/solr/bin/solr
+++ b/solr/bin/solr
@@ -158,22 +158,74 @@ SOLR_SSL_OPTS=""
if [ -n "$SOLR_SSL_KEY_STORE" ]; then
SOLR_JETTY_CONFIG+=("--module=https")
SOLR_URL_SCHEME=https
- SOLR_SSL_OPTS=" -Dsolr.jetty.keystore=$SOLR_SSL_KEY_STORE \
- -Dsolr.jetty.keystore.password=$SOLR_SSL_KEY_STORE_PASSWORD \
- -Dsolr.jetty.truststore=$SOLR_SSL_TRUST_STORE \
- -Dsolr.jetty.truststore.password=$SOLR_SSL_TRUST_STORE_PASSWORD \
- -Dsolr.jetty.ssl.needClientAuth=$SOLR_SSL_NEED_CLIENT_AUTH \
- -Dsolr.jetty.ssl.wantClientAuth=$SOLR_SSL_WANT_CLIENT_AUTH"
+ SOLR_SSL_OPTS+=" -Dsolr.jetty.keystore=$SOLR_SSL_KEY_STORE"
+ if [ -n "$SOLR_SSL_KEY_STORE_PASSWORD" ]; then
+ SOLR_SSL_OPTS+=" -Dsolr.jetty.keystore.password=$SOLR_SSL_KEY_STORE_PASSWORD"
+ fi
+ if [ -n "$SOLR_SSL_KEY_STORE_TYPE" ]; then
+ SOLR_SSL_OPTS+=" -Dsolr.jetty.keystore.type=$SOLR_SSL_KEY_STORE_TYPE"
+ fi
+
+ if [ -n "$SOLR_SSL_TRUST_STORE" ]; then
+ SOLR_SSL_OPTS+=" -Dsolr.jetty.truststore=$SOLR_SSL_TRUST_STORE"
+ fi
+ if [ -n "$SOLR_SSL_TRUST_STORE_PASSWORD" ]; then
+ SOLR_SSL_OPTS+=" -Dsolr.jetty.truststore.password=$SOLR_SSL_TRUST_STORE_PASSWORD"
+ fi
+ if [ -n "$SOLR_SSL_TRUST_STORE_TYPE" ]; then
+ SOLR_SSL_OPTS+=" -Dsolr.jetty.truststore.type=$SOLR_SSL_TRUST_STORE_TYPE"
+ fi
+
+ if [ -n "$SOLR_SSL_NEED_CLIENT_AUTH" ]; then
+ SOLR_SSL_OPTS+=" -Dsolr.jetty.ssl.needClientAuth=$SOLR_SSL_NEED_CLIENT_AUTH"
+ fi
+ if [ -n "$SOLR_SSL_WANT_CLIENT_AUTH" ]; then
+ SOLR_SSL_OPTS+=" -Dsolr.jetty.ssl.wantClientAuth=$SOLR_SSL_WANT_CLIENT_AUTH"
+ fi
+
if [ -n "$SOLR_SSL_CLIENT_KEY_STORE" ]; then
- SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStore=$SOLR_SSL_CLIENT_KEY_STORE \
- -Djavax.net.ssl.keyStorePassword=$SOLR_SSL_CLIENT_KEY_STORE_PASSWORD \
- -Djavax.net.ssl.trustStore=$SOLR_SSL_CLIENT_TRUST_STORE \
- -Djavax.net.ssl.trustStorePassword=$SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD"
+ SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStore=$SOLR_SSL_CLIENT_KEY_STORE"
+
+ if [ -n "$SOLR_SSL_CLIENT_KEY_STORE_PASSWORD" ]; then
+ SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStorePassword=$SOLR_SSL_CLIENT_KEY_STORE_PASSWORD"
+ fi
+ if [ -n "$SOLR_SSL_CLIENT_KEY_STORE_TYPE" ]; then
+ SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStoreType=$SOLR_SSL_CLIENT_KEY_STORE_TYPE"
+ fi
+ else
+ if [ -n "$SOLR_SSL_KEY_STORE" ]; then
+ SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStore=$SOLR_SSL_KEY_STORE"
+ fi
+ if [ -n "$SOLR_SSL_KEY_STORE_PASSWORD" ]; then
+ SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStorePassword=$SOLR_SSL_KEY_STORE_PASSWORD"
+ fi
+ if [ -n "$SOLR_SSL_KEY_STORE_TYPE" ]; then
+ SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStoreType=$SOLR_SSL_KEYSTORE_TYPE"
+ fi
+ fi
+
+ if [ -n "$SOLR_SSL_CLIENT_TRUST_STORE" ]; then
+ SOLR_SSL_OPTS+=" -Djavax.net.ssl.trustStore=$SOLR_SSL_CLIENT_TRUST_STORE"
+
+ if [ -n "$SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD" ]; then
+ SOLR_SSL_OPTS+=" -Djavax.net.ssl.trustStorePassword=$SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD"
+ fi
+
+ if [ -n "$SOLR_SSL_CLIENT_TRUST_STORE_TYPE" ]; then
+ SOLR_SSL_OPTS+=" -Djavax.net.ssl.trustStoreType=$SOLR_SSL_CLIENT_TRUST_STORE_TYPE"
+ fi
else
- SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStore=$SOLR_SSL_KEY_STORE \
- -Djavax.net.ssl.keyStorePassword=$SOLR_SSL_KEY_STORE_PASSWORD \
- -Djavax.net.ssl.trustStore=$SOLR_SSL_TRUST_STORE \
- -Djavax.net.ssl.trustStorePassword=$SOLR_SSL_TRUST_STORE_PASSWORD"
+ if [ -n "$SOLR_SSL_TRUST_STORE" ]; then
+ SOLR_SSL_OPTS+=" -Djavax.net.ssl.trustStore=$SOLR_SSL_TRUST_STORE"
+ fi
+
+ if [ -n "$SOLR_SSL_TRUST_STORE_PASSWORD" ]; then
+ SOLR_SSL_OPTS+=" -Djavax.net.ssl.trustStorePassword=$SOLR_SSL_TRUST_STORE_PASSWORD"
+ fi
+
+ if [ -n "$SOLR_SSL_TRUST_STORE_TYPE" ]; then
+ SOLR_SSL_OPTS+=" -Djavax.net.ssl.trustStoreType=$SOLR_SSL_TRUST_STORE_TYPE"
+ fi
fi
else
SOLR_JETTY_CONFIG+=("--module=http")
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/bf424d1e/solr/bin/solr.cmd
----------------------------------------------------------------------
diff --git a/solr/bin/solr.cmd b/solr/bin/solr.cmd
index a7ad956..80f2bbc 100644
--- a/solr/bin/solr.cmd
+++ b/solr/bin/solr.cmd
@@ -45,12 +45,72 @@ set "SOLR_SSL_OPTS= "
IF DEFINED SOLR_SSL_KEY_STORE (
set "SOLR_JETTY_CONFIG=--module=https"
set SOLR_URL_SCHEME=https
- set "SCRIPT_ERROR=Solr server directory %SOLR_SERVER_DIR% not found!"
- set "SOLR_SSL_OPTS=-Dsolr.jetty.keystore=%SOLR_SSL_KEY_STORE% -Dsolr.jetty.keystore.password=%SOLR_SSL_KEY_STORE_PASSWORD% -Dsolr.jetty.truststore=%SOLR_SSL_TRUST_STORE% -Dsolr.jetty.truststore.password=%SOLR_SSL_TRUST_STORE_PASSWORD% -Dsolr.jetty.ssl.needClientAuth=%SOLR_SSL_NEED_CLIENT_AUTH% -Dsolr.jetty.ssl.wantClientAuth=%SOLR_SSL_WANT_CLIENT_AUTH%"
- IF DEFINED SOLR_SSL_CLIENT_KEY_STORE (
- set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStore=%SOLR_SSL_CLIENT_KEY_STORE% -Djavax.net.ssl.keyStorePassword=%SOLR_SSL_CLIENT_KEY_STORE_PASSWORD% -Djavax.net.ssl.trustStore=%SOLR_SSL_CLIENT_TRUST_STORE% -Djavax.net.ssl.trustStorePassword=%SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD%"
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Dsolr.jetty.keystore=%SOLR_SSL_KEY_STORE%"
+ IF DEFINED SOLR_SSL_KEY_STORE_PASSWORD (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Dsolr.jetty.keystore.password=%SOLR_SSL_KEY_STORE_PASSWORD%"
+ )
+ IF DEFINED SOLR_SSL_KEY_STORE_TYPE (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Dsolr.jetty.keystore.type=%SOLR_SSL_KEY_STORE_TYPE%"
+ )
+
+ IF DEFINED SOLR_SSL_TRUST_STORE (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Dsolr.jetty.truststore=%SOLR_SSL_TRUST_STORE%"
+ )
+ IF DEFINED SOLR_SSL_TRUST_STORE_PASSWORD (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Dsolr.jetty.truststore.password=%SOLR_SSL_TRUST_STORE_PASSWORD%"
+ )
+ IF DEFINED SOLR_SSL_TRUST_STORE_TYPE (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Dsolr.jetty.truststore.type=%SOLR_SSL_TRUST_STORE_TYPE%"
+ )
+
+ IF DEFINED SOLR_SSL_NEED_CLIENT_AUTH (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Dsolr.jetty.ssl.needClientAuth=%SOLR_SSL_NEED_CLIENT_AUTH%"
+ )
+ IF DEFINED SOLR_SSL_WANT_CLIENT_AUTH (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Dsolr.jetty.ssl.wantClientAuth=%SOLR_SSL_WANT_CLIENT_AUTH%"
+ )
+
+ IF DEFINED SOLR_SSL_CLIENT_KEY_STORE (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStore=%SOLR_SSL_CLIENT_KEY_STORE%"
+
+ IF DEFINED SOLR_SSL_CLIENT_KEY_STORE_PASSWORD (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStorePassword=%SOLR_SSL_CLIENT_KEY_STORE_PASSWORD%"
+ )
+ IF DEFINED SOLR_SSL_CLIENT_KEY_STORE_TYPE (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStoreType=%SOLR_SSL_CLIENT_KEY_STORE_TYPE%"
+ )
) ELSE (
- set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStore=%SOLR_SSL_KEY_STORE% -Djavax.net.ssl.keyStorePassword=%SOLR_SSL_KEY_STORE_PASSWORD% -Djavax.net.ssl.trustStore=%SOLR_SSL_TRUST_STORE% -Djavax.net.ssl.trustStorePassword=%SOLR_SSL_TRUST_STORE_PASSWORD%"
+ IF DEFINED SOLR_SSL_KEY_STORE (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStore=%SOLR_SSL_KEY_STORE%"
+ )
+ IF DEFINED SOLR_SSL_KEY_STORE_PASSWORD (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStorePassword=%SOLR_SSL_KEY_STORE_PASSWORD%"
+ )
+ IF DEFINED SOLR_SSL_KEY_STORE_TYPE (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStoreType=%SOLR_SSL_KEY_STORE_TYPE%"
+ )
+ )
+
+ IF DEFINED SOLR_SSL_CLIENT_TRUST_STORE (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.trustStore=%SOLR_SSL_CLIENT_TRUST_STORE%"
+
+ IF DEFINED SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.trustStorePassword=%SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD%"
+ )
+
+ IF DEFINED SOLR_SSL_CLIENT_TRUST_STORE_TYPE (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.trustStoreType=%SOLR_SSL_CLIENT_TRUST_STORE_TYPE%"
+ )
+ ) ELSE (
+ IF DEFINED SOLR_SSL_TRUST_STORE (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.trustStore=%SOLR_SSL_TRUST_STORE%"
+ )
+ IF DEFINED SOLR_SSL_TRUST_STORE_PASSWORD (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.trustStorePassword=%SOLR_SSL_TRUST_STORE_PASSWORD%"
+ )
+ IF DEFINED SOLR_SSL_TRUST_STORE_TYPE (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.trustStoreType=%SOLR_SSL_TRUST_STORE_TYPE%"
+ )
)
) ELSE (
set SOLR_SSL_OPTS=
@@ -1612,4 +1672,4 @@ REM Safe echo which does not mess with () in strings
set "eout=%1"
set eout=%eout:"=%
echo !eout!
-GOTO :eof
\ No newline at end of file
+GOTO :eof
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/bf424d1e/solr/bin/solr.in.cmd
----------------------------------------------------------------------
diff --git a/solr/bin/solr.in.cmd b/solr/bin/solr.in.cmd
index 14f35e3..d323434 100644
--- a/solr/bin/solr.in.cmd
+++ b/solr/bin/solr.in.cmd
@@ -86,8 +86,10 @@ REM Uncomment to set SSL-related system properties
REM Be sure to update the paths to the correct keystore for your environment
REM set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks
REM set SOLR_SSL_KEY_STORE_PASSWORD=secret
+REM set SOLR_SSL_KEY_STORE_TYPE=JKS
REM set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks
REM set SOLR_SSL_TRUST_STORE_PASSWORD=secret
+REM set SOLR_SSL_TRUST_STORE_TYPE=JKS
REM set SOLR_SSL_NEED_CLIENT_AUTH=false
REM set SOLR_SSL_WANT_CLIENT_AUTH=false
@@ -95,8 +97,10 @@ REM Uncomment if you want to override previously defined SSL values for HTTP cli
REM otherwise keep them commented and the above values will automatically be set for HTTP clients
REM set SOLR_SSL_CLIENT_KEY_STORE=
REM set SOLR_SSL_CLIENT_KEY_STORE_PASSWORD=
+REM set SOLR_SSL_CLIENT_KEY_STORE_TYPE=
REM set SOLR_SSL_CLIENT_TRUST_STORE=
-REM setSOLR_SSL_CLIENT_TRUST_STORE_PASSWORD=
+REM set SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD=
+REM set SOLR_SSL_CLIENT_TRUST_STORE_TYPE=
REM Settings for authentication
REM set SOLR_AUTHENTICATION_CLIENT_BUILDER=
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/bf424d1e/solr/bin/solr.in.sh
----------------------------------------------------------------------
diff --git a/solr/bin/solr.in.sh b/solr/bin/solr.in.sh
index a84c474..e5dd0c9 100644
--- a/solr/bin/solr.in.sh
+++ b/solr/bin/solr.in.sh
@@ -98,8 +98,10 @@
# Be sure to update the paths to the correct keystore for your environment
#SOLR_SSL_KEY_STORE=/home/shalin/work/oss/shalin-lusolr/solr/server/etc/solr-ssl.keystore.jks
#SOLR_SSL_KEY_STORE_PASSWORD=secret
+#SOLR_SSL_KEY_STORE_TYPE=JKS
#SOLR_SSL_TRUST_STORE=/home/shalin/work/oss/shalin-lusolr/solr/server/etc/solr-ssl.keystore.jks
#SOLR_SSL_TRUST_STORE_PASSWORD=secret
+#SOLR_SSL_TRUST_STORE_TYPE=JKS
#SOLR_SSL_NEED_CLIENT_AUTH=false
#SOLR_SSL_WANT_CLIENT_AUTH=false
@@ -107,8 +109,10 @@
# otherwise keep them commented and the above values will automatically be set for HTTP clients
#SOLR_SSL_CLIENT_KEY_STORE=
#SOLR_SSL_CLIENT_KEY_STORE_PASSWORD=
+#SOLR_SSL_CLIENT_KEY_STORE_TYPE=
#SOLR_SSL_CLIENT_TRUST_STORE=
#SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD=
+#SOLR_SSL_CLIENT_TRUST_STORE_TYPE=
# Settings for authentication
#SOLR_AUTHENTICATION_CLIENT_BUILDER=
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/bf424d1e/solr/server/etc/jetty-ssl.xml
----------------------------------------------------------------------
diff --git a/solr/server/etc/jetty-ssl.xml b/solr/server/etc/jetty-ssl.xml
index 7f0007a..4d85de6 100644
--- a/solr/server/etc/jetty-ssl.xml
+++ b/solr/server/etc/jetty-ssl.xml
@@ -13,6 +13,8 @@
<Set name="TrustStorePassword"><Property name="solr.jetty.truststore.password" default="secret"/></Set>
<Set name="NeedClientAuth"><Property name="solr.jetty.ssl.needClientAuth" default="false"/></Set>
<Set name="WantClientAuth"><Property name="solr.jetty.ssl.wantClientAuth" default="false"/></Set>
+ <Set name="KeyStoreType"><Property name="solr.jetty.keystore.type" default="JKS"/></Set>
+ <Set name="TrustStoreType"><Property name="solr.jetty.truststore.type" default="JKS"/></Set>
<Set name="excludeProtocols">
<Array type="java.lang.String">
<Item>SSLv3</Item>
@@ -43,4 +45,4 @@
</Call>
</New>
-</Configure>
\ No newline at end of file
+</Configure>