You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by da...@apache.org on 2017/07/25 09:06:15 UTC
[30/50] [abbrv] lucene-solr:feature/autoscaling: SOLR-10338:
Configure SecureRandom non blocking for tests.
SOLR-10338: Configure SecureRandom non blocking for tests.
Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/ffd76a69
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/ffd76a69
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/ffd76a69
Branch: refs/heads/feature/autoscaling
Commit: ffd76a69773196813271f4372052d07481d602cb
Parents: 7ea4072
Author: markrmiller <ma...@apache.org>
Authored: Thu Jul 20 12:22:13 2017 -0400
Committer: markrmiller <ma...@apache.org>
Committed: Thu Jul 20 13:40:05 2017 -0400
----------------------------------------------------------------------
dev-tools/idea/.idea/workspace.xml | 2 +-
dev-tools/maven/pom.xml.template | 1 +
lucene/common-build.xml | 3 ++
solr/CHANGES.txt | 2 +
.../test/SecureRandomAlgorithmTesterApp.java | 41 +++++++++++++++++++
.../java/org/apache/solr/SolrTestCaseJ4.java | 42 ++++++++++++++++++++
6 files changed, 90 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/ffd76a69/dev-tools/idea/.idea/workspace.xml
----------------------------------------------------------------------
diff --git a/dev-tools/idea/.idea/workspace.xml b/dev-tools/idea/.idea/workspace.xml
index 0ca7f0c..e22108f 100644
--- a/dev-tools/idea/.idea/workspace.xml
+++ b/dev-tools/idea/.idea/workspace.xml
@@ -2,7 +2,7 @@
<project version="4">
<component name="RunManager" selected="JUnit.Lucene core">
<configuration default="true" type="JUnit" factoryName="JUnit">
- <option name="VM_PARAMETERS" value="-ea" />
+ <option name="VM_PARAMETERS" value="-ea -Djava.security.egd=file:/dev/./urandom" />
</configuration>
<configuration default="false" name="Lucene core" type="JUnit" factoryName="JUnit">
<module name="lucene-core-tests" />
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/ffd76a69/dev-tools/maven/pom.xml.template
----------------------------------------------------------------------
diff --git a/dev-tools/maven/pom.xml.template b/dev-tools/maven/pom.xml.template
index cd8d6b8..6b7f915 100644
--- a/dev-tools/maven/pom.xml.template
+++ b/dev-tools/maven/pom.xml.template
@@ -277,6 +277,7 @@
<tests.postingsformat>${tests.postingsformat}</tests.postingsformat>
<tests.timezone>${tests.timezone}</tests.timezone>
<tests.verbose>${tests.verbose}</tests.verbose>
+ <java.security.egd>file:/dev/./urandom</java.security.egd>
</systemPropertyVariables>
</configuration>
</plugin>
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/ffd76a69/lucene/common-build.xml
----------------------------------------------------------------------
diff --git a/lucene/common-build.xml b/lucene/common-build.xml
index dba69db..50a758b 100644
--- a/lucene/common-build.xml
+++ b/lucene/common-build.xml
@@ -1062,6 +1062,9 @@
<sysproperty key="tests.src.home" value="${user.dir}" />
+ <!-- replaces default random source to the nonblocking variant -->
+ <sysproperty key="java.security.egd" value="file:/dev/./urandom"/>
+
<!-- Only pass these to the test JVMs if defined in ANT. -->
<syspropertyset>
<propertyref prefix="tests.maxfailures" />
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/ffd76a69/solr/CHANGES.txt
----------------------------------------------------------------------
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 0c02585..851daed 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -1058,6 +1058,8 @@ Bug Fixes
* SOLR-10527: edismax with sow=false fails to create dismax-per-term queries when any field is boosted.
(Steve Rowe)
+* SOLR-10338: Configure SecureRandom non blocking for tests. (Mihaly Toth, hossman, Ishan Chattopadhyaya, via Mark Miller)
+
================== 6.5.0 ==================
Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/ffd76a69/solr/core/src/test/SecureRandomAlgorithmTesterApp.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/SecureRandomAlgorithmTesterApp.java b/solr/core/src/test/SecureRandomAlgorithmTesterApp.java
new file mode 100644
index 0000000..44f79e9
--- /dev/null
+++ b/solr/core/src/test/SecureRandomAlgorithmTesterApp.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+public class SecureRandomAlgorithmTesterApp {
+ public static void main(String[] args) throws NoSuchAlgorithmException {
+ String algorithm = args[0];
+ String method = args[1];
+ int amount = Integer.valueOf(args[2]);
+ SecureRandom secureRandom;
+ if(algorithm.equals("default"))
+ secureRandom = new SecureRandom();
+ else
+ secureRandom = SecureRandom.getInstance(algorithm);
+ System.out.println("Algorithm:" + secureRandom.getAlgorithm());
+ switch(method) {
+ case "seed": secureRandom.generateSeed(amount); break;
+ case "bytes": secureRandom.nextBytes(new byte[amount]); break;
+ case "long": secureRandom.nextLong(); break;
+ case "int": secureRandom.nextInt(); break;
+ default: throw new IllegalArgumentException("Not supported random function: " + method);
+ }
+ System.out.println("SecureRandom function invoked");
+ }
+}
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/ffd76a69/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java
----------------------------------------------------------------------
diff --git a/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java b/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java
index f034f32..cf54499 100644
--- a/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java
+++ b/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java
@@ -40,6 +40,7 @@ import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
+import java.security.SecureRandom;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
@@ -2594,6 +2595,47 @@ public abstract class SolrTestCaseJ4 extends LuceneTestCase {
waitForWarming(h.getCore());
}
+ @BeforeClass
+ public static void assertNonBlockingRandomGeneratorAvailable() throws InterruptedException {
+ final String EGD = "java.security.egd";
+ final String URANDOM = "file:/dev/./urandom";
+ final String ALLOWED = "test.solr.allowed.securerandom";
+ final String allowedAlg = System.getProperty(ALLOWED);
+ final String actualEGD = System.getProperty(EGD);
+
+ log.info("SecureRandom sanity checks: {}={} & {}={}", ALLOWED, allowedAlg, EGD, actualEGD);
+
+ if (null != allowedAlg) {
+ // the user has explicitly requested to bypass our assertions and allow a particular alg
+ // the only thing we should do is assert that the algorithm they have whitelisted is actaully used
+
+
+ final String actualAlg = (new SecureRandom()).getAlgorithm();
+ assertEquals("Algorithm specified using "+ALLOWED+" system property " +
+ "does not match actual algorithm", allowedAlg, actualAlg);
+ return;
+ }
+ // else: no user override, do the checks we want including
+
+ if (null == actualEGD) {
+ System.setProperty(EGD, URANDOM);
+ log.warn("System property {} was not set by test runner, forcibly set to expected: {}", EGD, URANDOM);
+ } else if (! URANDOM.equals(actualEGD) ) {
+ log.warn("System property {}={} .. test runner should use expected: {}", EGD, actualEGD, URANDOM);
+ }
+
+ final String algorithm = (new SecureRandom()).getAlgorithm();
+
+ assertFalse("SecureRandom algorithm '" + algorithm + "' is in use by your JVM, " +
+ "which is a potentially blocking algorithm on some environments. " +
+ "Please report the details of this failure (and your JVM vendor/version) to solr-user@lucene.apache.org. " +
+ "You can try to run your tests with -D"+EGD+"="+URANDOM+" or bypass this check using " +
+ "-Dtest.solr.allowed.securerandom="+ algorithm +" as a JVM option when running tests.",
+ // be permissive in our checks and blacklist only algorithms
+ // that are known to be blocking under some circumstances
+ algorithm.equals("NativePRNG") || algorithm.equals("NativePRNGBlocking"));
+ }
+
protected static void systemSetPropertySolrTestsMergePolicyFactory(String value) {
System.setProperty(SYSTEM_PROPERTY_SOLR_TESTS_MERGEPOLICYFACTORY, value);
}