Search in sources :

Example 1 with CryptoKeys

use of org.apache.solr.util.CryptoKeys in project lucene-solr by apache.

the class TestCryptoKeys method test.

@Test
public void test() throws Exception {
    System.setProperty("enable.runtime.lib", "true");
    setupHarnesses();
    String pk1sig = "G8LEW7uJ1is81Aqqfl3Sld3qDtOxPuVFeTLJHFJWecgDvUkmJNFXmf7nkHOVlXnDWahp1vqZf0W02VHXg37lBw==";
    String pk2sig = "pCyBQycB/0YvLVZfKLDIIqG1tFwM/awqzkp2QNpO7R3ThTqmmrj11wEJFDRLkY79efuFuQPHt40EE7jrOKoj9jLNELsfEqvU3jw9sZKiDONY+rV9Bj9QPeW8Pgt+F9Y1";
    String wrongKeySig = "xTk2hTipfpb+J5s4x3YZGOXkmHWtnJz05Vvd8RTm/Q1fbQVszR7vMk6dQ1URxX08fcg4HvxOo8g9bG2TSMOGjg==";
    String result = null;
    CryptoKeys cryptoKeys = null;
    SolrZkClient zk = getCommonCloudSolrClient().getZkStateReader().getZkClient();
    cryptoKeys = new CryptoKeys(CloudUtil.getTrustedKeys(zk, "exe"));
    ByteBuffer samplefile = ByteBuffer.wrap(readFile("cryptokeys/samplefile.bin"));
    //there are no keys yet created in ZK
    result = cryptoKeys.verify(pk1sig, samplefile);
    assertNull(result);
    zk.makePath("/keys/exe", true);
    zk.create("/keys/exe/pubk1.der", readFile("cryptokeys/pubk1.der"), CreateMode.PERSISTENT, true);
    zk.create("/keys/exe/pubk2.der", readFile("cryptokeys/pubk2.der"), CreateMode.PERSISTENT, true);
    Map<String, byte[]> trustedKeys = CloudUtil.getTrustedKeys(zk, "exe");
    cryptoKeys = new CryptoKeys(trustedKeys);
    result = cryptoKeys.verify(pk2sig, samplefile);
    assertEquals("pubk2.der", result);
    result = cryptoKeys.verify(pk1sig, samplefile);
    assertEquals("pubk1.der", result);
    try {
        result = cryptoKeys.verify(wrongKeySig, samplefile);
        assertNull(result);
    } catch (Exception e) {
    //pass
    }
    try {
        result = cryptoKeys.verify("SGVsbG8gV29ybGQhCg==", samplefile);
        assertNull(result);
    } catch (Exception e) {
    //pass
    }
    HttpSolrClient randomClient = (HttpSolrClient) clients.get(random().nextInt(clients.size()));
    String baseURL = randomClient.getBaseURL();
    baseURL = baseURL.substring(0, baseURL.lastIndexOf('/'));
    TestBlobHandler.createSystemCollection(getHttpSolrClient(baseURL, randomClient.getHttpClient()));
    waitForRecoveriesToFinish(".system", true);
    ByteBuffer jar = TestDynamicLoading.getFileContent("runtimecode/runtimelibs.jar.bin");
    String blobName = "signedjar";
    TestBlobHandler.postAndCheck(cloudClient, baseURL, blobName, jar, 1);
    String payload = "{\n" + "'create-requesthandler' : { 'name' : '/runtime', 'class': 'org.apache.solr.core.RuntimeLibReqHandler' , 'runtimeLib':true }" + "}";
    RestTestHarness client = restTestHarnesses.get(random().nextInt(restTestHarnesses.size()));
    TestSolrConfigHandler.runConfigCommand(client, "/config?wt=json", payload);
    TestSolrConfigHandler.testForResponseElement(client, null, "/config/overlay?wt=json", null, Arrays.asList("overlay", "requestHandler", "/runtime", "class"), "org.apache.solr.core.RuntimeLibReqHandler", 10);
    payload = "{\n" + "'add-runtimelib' : { 'name' : 'signedjar' ,'version':1}\n" + "}";
    client = restTestHarnesses.get(random().nextInt(restTestHarnesses.size()));
    TestSolrConfigHandler.runConfigCommand(client, "/config?wt=json", payload);
    TestSolrConfigHandler.testForResponseElement(client, null, "/config/overlay?wt=json", null, Arrays.asList("overlay", "runtimeLib", blobName, "version"), 1l, 10);
    Map map = TestSolrConfigHandler.getRespMap("/runtime?wt=json", client);
    String s = (String) Utils.getObjectByPath(map, false, Arrays.asList("error", "msg"));
    assertNotNull(TestBlobHandler.getAsString(map), s);
    assertTrue(TestBlobHandler.getAsString(map), s.contains("should be signed with one of the keys in ZK /keys/exe"));
    String wrongSig = "QKqHtd37QN02iMW9UEgvAO9g9qOOuG5vEBNkbUsN7noc2hhXKic/ABFIOYJA9PKw61mNX2EmNFXOcO3WClYdSw==";
    payload = "{\n" + "'update-runtimelib' : { 'name' : 'signedjar' ,'version':1, 'sig': 'QKqHtd37QN02iMW9UEgvAO9g9qOOuG5vEBNkbUsN7noc2hhXKic/ABFIOYJA9PKw61mNX2EmNFXOcO3WClYdSw=='}\n" + "}";
    client = restTestHarnesses.get(random().nextInt(restTestHarnesses.size()));
    TestSolrConfigHandler.runConfigCommand(client, "/config?wt=json", payload);
    TestSolrConfigHandler.testForResponseElement(client, null, "/config/overlay?wt=json", null, Arrays.asList("overlay", "runtimeLib", blobName, "sig"), wrongSig, 10);
    map = TestSolrConfigHandler.getRespMap("/runtime?wt=json", client);
    s = (String) Utils.getObjectByPath(map, false, Arrays.asList("error", "msg"));
    //No key matched signature for jar
    assertNotNull(TestBlobHandler.getAsString(map), s);
    assertTrue(TestBlobHandler.getAsString(map), s.contains("No key matched signature for jar"));
    String rightSig = "YkTQgOtvcM/H/5EQdABGl3wjjrPhonAGlouIx59vppBy2cZEofX3qX1yZu5sPNRmJisNXEuhHN2149dxeUmk2Q==";
    payload = "{\n" + "'update-runtimelib' : { 'name' : 'signedjar' ,'version':1, 'sig': 'YkTQgOtvcM/H/5EQdABGl3wjjrPhonAGlouIx59vppBy2cZEofX3qX1yZu5sPNRmJisNXEuhHN2149dxeUmk2Q=='}\n" + "}";
    client = restTestHarnesses.get(random().nextInt(restTestHarnesses.size()));
    TestSolrConfigHandler.runConfigCommand(client, "/config?wt=json", payload);
    TestSolrConfigHandler.testForResponseElement(client, null, "/config/overlay?wt=json", null, Arrays.asList("overlay", "runtimeLib", blobName, "sig"), rightSig, 10);
    map = TestSolrConfigHandler.testForResponseElement(client, null, "/runtime?wt=json", null, Arrays.asList("class"), "org.apache.solr.core.RuntimeLibReqHandler", 10);
    compareValues(map, MemClassLoader.class.getName(), asList("loader"));
    rightSig = "VJPMTxDf8Km3IBj2B5HWkIOqeM/o+HHNobOYCNA3WjrEVfOMZbMMqS1Lo7uLUUp//RZwOGkOhrUhuPNY1z2CGEIKX2/m8VGH64L14d52oSvFiwhoTDDuuyjW1TFGu35D";
    payload = "{\n" + "'update-runtimelib' : { 'name' : 'signedjar' ,'version':1, 'sig': 'VJPMTxDf8Km3IBj2B5HWkIOqeM/o+HHNobOYCNA3WjrEVfOMZbMMqS1Lo7uLUUp//RZwOGkOhrUhuPNY1z2CGEIKX2/m8VGH64L14d52oSvFiwhoTDDuuyjW1TFGu35D'}\n" + "}";
    client = restTestHarnesses.get(random().nextInt(restTestHarnesses.size()));
    TestSolrConfigHandler.runConfigCommand(client, "/config?wt=json", payload);
    TestSolrConfigHandler.testForResponseElement(client, null, "/config/overlay?wt=json", null, Arrays.asList("overlay", "runtimeLib", blobName, "sig"), rightSig, 10);
    map = TestSolrConfigHandler.testForResponseElement(client, null, "/runtime?wt=json", null, Arrays.asList("class"), "org.apache.solr.core.RuntimeLibReqHandler", 10);
    compareValues(map, MemClassLoader.class.getName(), asList("loader"));
}
Also used : HttpSolrClient(org.apache.solr.client.solrj.impl.HttpSolrClient) RestTestHarness(org.apache.solr.util.RestTestHarness) CryptoKeys(org.apache.solr.util.CryptoKeys) MemClassLoader(org.apache.solr.core.MemClassLoader) SolrZkClient(org.apache.solr.common.cloud.SolrZkClient) ByteBuffer(java.nio.ByteBuffer) Map(java.util.Map) IOException(java.io.IOException) Test(org.junit.Test)

Aggregations

IOException (java.io.IOException)1 ByteBuffer (java.nio.ByteBuffer)1 Map (java.util.Map)1 HttpSolrClient (org.apache.solr.client.solrj.impl.HttpSolrClient)1 SolrZkClient (org.apache.solr.common.cloud.SolrZkClient)1 MemClassLoader (org.apache.solr.core.MemClassLoader)1 CryptoKeys (org.apache.solr.util.CryptoKeys)1 RestTestHarness (org.apache.solr.util.RestTestHarness)1 Test (org.junit.Test)1