You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by ja...@apache.org on 2022/10/22 21:30:11 UTC
[solr] 01/02: WIP
This is an automated email from the ASF dual-hosted git repository.
janhoy pushed a commit to branch SOLR-15484-jwt-test-failure
in repository https://gitbox.apache.org/repos/asf/solr.git
commit bf06985c7d679e11eb9289be2be465c1af36c6eb
Author: Jan Høydahl <ja...@users.noreply.github.com>
AuthorDate: Thu Feb 3 00:40:57 2022 +0100
WIP
---
solr/core/src/java/org/apache/solr/security/JWTIssuerConfig.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/solr/core/src/java/org/apache/solr/security/JWTIssuerConfig.java b/solr/core/src/java/org/apache/solr/security/JWTIssuerConfig.java
index c7e67bf1704..1e79ae4a725 100644
--- a/solr/core/src/java/org/apache/solr/security/JWTIssuerConfig.java
+++ b/solr/core/src/java/org/apache/solr/security/JWTIssuerConfig.java
@@ -45,6 +45,7 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import java.util.stream.Collectors;
/**
@@ -363,6 +364,7 @@ public class JWTIssuerConfig {
private final long jwkCacheDuration;
private final long refreshReprieveThreshold;
private Collection<X509Certificate> trustedCerts;
+ private static final Set<String> PRETRUSTED_HOSTS = Set.of("localhost", "localhost.localdomain");
public HttpsJwksFactory(long jwkCacheDuration, long refreshReprieveThreshold) {
this.jwkCacheDuration = jwkCacheDuration;
@@ -394,7 +396,7 @@ public class JWTIssuerConfig {
if (trustedCerts != null) {
Get getWithCustomTrust = new Get();
getWithCustomTrust.setTrustedCertificates(trustedCerts);
- if ("localhost".equals(jwksUrl.getHost())) {
+ if (PRETRUSTED_HOSTS.contains(jwksUrl.getHost())) {
getWithCustomTrust.setHostnameVerifier((hostname, session) -> true);
}
httpsJkws.setSimpleHttpGet(getWithCustomTrust);