Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
7.4, 8.0
-
None
-
None
Description
After the changes in SOLR-12354 to eagerly create a PublicKeyHandler for the CoreContainer, the creation of the underlying RSAKeyPair uses SecureRandom to generate primes. This eats up a lot of system entropy and can slow down tests significantly (I observed it adding 10s to an individual test).
Similar to what we do for SSL config for tests, we can swap in a non blocking implementation of SecureRandom for the key pair generation to allow multiple tests to run better in parallel. Primality testing with BigInteger is also slow, so I'm not sure how much total speedup we can get here, maybe it's worth checking if there are faster implementations out there in other libraries.
In production cases, this also blocks creation of all cores. We should only create the Handler if necessary, i.e. if the existing authn/z tell us that they won't support internode requests.
Attachments
Issue Links
- is related to
-
SOLR-16613 CryptoKeys should handle RSA padding for OpenJ9
-
- Closed
-
- links to
