You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by ho...@apache.org on 2023/05/09 18:42:44 UTC
[solr] branch branch_9x updated: Add test with ssl and basic auth (#1635)
This is an automated email from the ASF dual-hosted git repository.
houston pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/branch_9x by this push:
new 436e27076a6 Add test with ssl and basic auth (#1635)
436e27076a6 is described below
commit 436e27076a684050094bd084d4f0d5ae927f2dca
Author: Houston Putman <ho...@apache.org>
AuthorDate: Tue May 9 14:38:46 2023 -0400
Add test with ssl and basic auth (#1635)
(cherry picked from commit a3bba065fd6aa8e7ce907c42e2f8e1bf73fe1c6b)
---
solr/packaging/test/test_ssl.bats | 39 ++++++++++++++++++++++++++++++++++++++-
1 file changed, 38 insertions(+), 1 deletion(-)
diff --git a/solr/packaging/test/test_ssl.bats b/solr/packaging/test/test_ssl.bats
index d9e4794c3ce..3f9065956d9 100644
--- a/solr/packaging/test/test_ssl.bats
+++ b/solr/packaging/test/test_ssl.bats
@@ -25,6 +25,7 @@ teardown() {
# save a snapshot of SOLR_HOME for failed tests
save_home_on_failure
+ run solr auth disable
solr stop -all >/dev/null 2>&1
}
@@ -56,6 +57,42 @@ teardown() {
run curl --cacert "$ssl_dir/solr-ssl.pem" 'https://localhost:8983/solr/admin/collections?action=CREATE&collection.configName=_default&name=test&numShards=2&replicationFactor=1&router.name=compositeId&wt=json'
assert_output --partial '"status":0'
- run curl --cacert "$ssl_dir/solr-ssl.pem" 'https://localhost:8983/solr/test/select?q=*:*'
+ run curl --http2 --cacert "$ssl_dir/solr-ssl.pem" 'https://localhost:8983/solr/test/select?q=*:*'
assert_output --partial '"numFound":0'
}
+
+@test "start solr with ssl and auth" {
+ # Create a keystore
+ export ssl_dir="${BATS_TEST_TMPDIR}/ssl"
+ mkdir -p "$ssl_dir"
+ (
+ cd "$ssl_dir"
+ rm -f solr-ssl.keystore.p12 solr-ssl.pem
+ keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.p12 -storetype PKCS12 -ext SAN=DNS:localhost,IP:127.0.0.1 -dname "CN=localhost, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country"
+ openssl pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem -passin pass:secret -passout pass:secret
+ )
+
+ # Set ENV_VARs so that Solr uses this keystore
+ export SOLR_SSL_ENABLED=true
+ export SOLR_SSL_KEY_STORE=$ssl_dir/solr-ssl.keystore.p12
+ export SOLR_SSL_KEY_STORE_PASSWORD=secret
+ export SOLR_SSL_TRUST_STORE=$ssl_dir/solr-ssl.keystore.p12
+ export SOLR_SSL_TRUST_STORE_PASSWORD=secret
+ export SOLR_SSL_NEED_CLIENT_AUTH=false
+ export SOLR_SSL_WANT_CLIENT_AUTH=false
+ export SOLR_SSL_CHECK_PEER_NAME=true
+ export SOLR_HOST=localhost
+
+ solr start -c
+ solr auth enable -type basicAuth -credentials name:password
+ solr assert --started https://localhost:8983/solr --timeout 5000
+
+ run curl -u name:password --basic --cacert "$ssl_dir/solr-ssl.pem" 'https://localhost:8983/solr/admin/collections?action=CREATE&collection.configName=_default&name=test&numShards=2&replicationFactor=1&router.name=compositeId&wt=json'
+ assert_output --partial '"status":0'
+
+ run curl -u name:password --basic --http2 --cacert "$ssl_dir/solr-ssl.pem" 'https://localhost:8983/solr/test/select?q=*:*'
+ assert_output --partial '"numFound":0'
+
+ run ! curl --http2 --fail-with-body --cacert "$ssl_dir/solr-ssl.pem" 'https://localhost:8983/solr/test/select?q=*:*'
+ assert_output --partial '401 require authentication'
+}