Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.1, 6.0
    • Component/s: None
    • Labels:

      Description

      We need to ensure that the jars loaded into solr are trusted

      We shall use simple PKI to protect the jars/config loaded into the system
      The following are the steps involved for doing that.

      #Step 1:
      # generate a 768-bit RSA private key. or whaterver strength you would need
      $ openssl genrsa -out priv_key.pem 768
      # store your private keys safely (with  a password if possible)
      
      # output public key portion in DER format (so that Java can read it)
      $ openssl rsa -in priv_key.pem -pubout -outform DER -out pub_key.der
      
      #Step 2:
      #Load the .DER files to ZK under /keys/exe
      
      Step3:
      # start all your servers with -Denable.runtime.lib=true 
      
      Step 4:
      # sign the sha1 digest of your jar with one of your private keys and get the base64 string of that signature . 
      $ openssl dgst -sha1 -sign priv_key.pem myjar.jar | openssl enc -base64 
      
      #Step 5:
      # load your jars into blob store . refer SOLR-6787
      
      #Step 6:
      # use the command to add your jar to classpath as follows
      
      curl http://localhost:8983/solr/collection1/config -H 'Content-type:application/json'  -d '{
      "add-runtimelib" : {"name": "jarname" , "version":2 , "sig":"mW1Gwtz2QazjfVdrLFHfbGwcr8xzFYgUOLu68LHqWRDvLG0uLcy1McQ+AzVmeZFBf1yLPDEHBWJb5KXr8bdbHN/PYgUB1nsr9pk4EFyD9KfJ8TqeH/ijQ9waa/vjqyiKEI9U550EtSzruLVZ32wJ7smvV0fj2YYhrUaaPzOn9g0=" }// output of step 4. concatenate the lines 
      
      }' 
      

      sig is the extra parameter that is nothing but the base64 encoded value of the jar's sha1 signature

      If no keys are present , the jar is loaded without any checking.

      Before loading a jar from blob store , each Solr node would check if there are keys present in the keys directory. If yes, each jar's signature will be verified with all the available public keys. If atleast one succeeds , the jar is loaded into memory. If nothing succeeds , it will be rejected

      1. SOLR-7126.patch
        21 kB
        Noble Paul
      2. SOLR-7126.patch
        10 kB
        Noble Paul
      3. SOLR-7126.patch
        5 kB
        Noble Paul

        Issue Links

          Activity

          Hide
          Noble Paul added a comment -

          utility class for crypto

          Show
          Noble Paul added a comment - utility class for crypto
          Hide
          ASF subversion and git services added a comment -

          Commit 1664107 from Noble Paul in branch 'dev/trunk'
          [ https://svn.apache.org/r1664107 ]

          SOLR-7126: adding crypto keys and test data

          Show
          ASF subversion and git services added a comment - Commit 1664107 from Noble Paul in branch 'dev/trunk' [ https://svn.apache.org/r1664107 ] SOLR-7126 : adding crypto keys and test data
          Hide
          Noble Paul added a comment -

          utility class and tests

          Show
          Noble Paul added a comment - utility class and tests
          Hide
          ASF subversion and git services added a comment -

          Commit 1664116 from Noble Paul in branch 'dev/trunk'
          [ https://svn.apache.org/r1664116 ]

          SOLR-7126: Utility classes for Crypto

          Show
          ASF subversion and git services added a comment - Commit 1664116 from Noble Paul in branch 'dev/trunk' [ https://svn.apache.org/r1664116 ] SOLR-7126 : Utility classes for Crypto
          Hide
          ASF subversion and git services added a comment -

          Commit 1664802 from Noble Paul in branch 'dev/trunk'
          [ https://svn.apache.org/r1664802 ]

          SOLR-7126: honor the enable.runtime.lib flag

          Show
          ASF subversion and git services added a comment - Commit 1664802 from Noble Paul in branch 'dev/trunk' [ https://svn.apache.org/r1664802 ] SOLR-7126 : honor the enable.runtime.lib flag
          Hide
          Noble Paul added a comment -

          Complete with tests

          Show
          Noble Paul added a comment - Complete with tests
          Hide
          ASF subversion and git services added a comment -

          Commit 1665207 from Noble Paul in branch 'dev/trunk'
          [ https://svn.apache.org/r1665207 ]

          SOLR-7126: Secure loading of runtime external jars

          Show
          ASF subversion and git services added a comment - Commit 1665207 from Noble Paul in branch 'dev/trunk' [ https://svn.apache.org/r1665207 ] SOLR-7126 : Secure loading of runtime external jars
          Hide
          ASF subversion and git services added a comment -

          Commit 1665313 from Noble Paul in branch 'dev/branches/branch_5x'
          [ https://svn.apache.org/r1665313 ]

          SOLR-7126: Secure loading of runtime external jars

          Show
          ASF subversion and git services added a comment - Commit 1665313 from Noble Paul in branch 'dev/branches/branch_5x' [ https://svn.apache.org/r1665313 ] SOLR-7126 : Secure loading of runtime external jars
          Hide
          ASF subversion and git services added a comment -

          Commit 1665361 from Noble Paul in branch 'dev/branches/branch_5x'
          [ https://svn.apache.org/r1665361 ]

          SOLR-7126: use jars compiled with java 7

          Show
          ASF subversion and git services added a comment - Commit 1665361 from Noble Paul in branch 'dev/branches/branch_5x' [ https://svn.apache.org/r1665361 ] SOLR-7126 : use jars compiled with java 7
          Hide
          Yonik Seeley added a comment - - edited

          Reopening. This test (TestCryptoKeys) has been sometimes failing for me.
          I just saw a fail on jenkins too.

          I just changed this to a blocker for 5.1 also...
          Unless there is something inherently hard to test here, there should be no excuses for new tests being flakey.

          Show
          Yonik Seeley added a comment - - edited Reopening. This test (TestCryptoKeys) has been sometimes failing for me. I just saw a fail on jenkins too. I just changed this to a blocker for 5.1 also... Unless there is something inherently hard to test here, there should be no excuses for new tests being flakey.
          Hide
          Noble Paul added a comment -

          It would be helpful if you post a link to a failed Jenkins build

          Show
          Noble Paul added a comment - It would be helpful if you post a link to a failed Jenkins build
          Hide
          Noble Paul added a comment - - edited

          Yonik Seeley I'm yet to see a failure (in jenkins or otherwise). If it has not failed in the past few days, I don't see a reason why it should be considered a blocker?

          https://builds.apache.org/job/Lucene-Solr-Tests-5.x-Java7/2885/testReport/junit/org.apache.solr.cloud/TestCryptoKeys/test/history/

          Show
          Noble Paul added a comment - - edited Yonik Seeley I'm yet to see a failure (in jenkins or otherwise). If it has not failed in the past few days, I don't see a reason why it should be considered a blocker? https://builds.apache.org/job/Lucene-Solr-Tests-5.x-Java7/2885/testReport/junit/org.apache.solr.cloud/TestCryptoKeys/test/history/
          Hide
          Noble Paul added a comment -

          I'm unable to spot a jenkins failure in the past 100 runs . May be it was a false alarm

          Show
          Noble Paul added a comment - I'm unable to spot a jenkins failure in the past 100 runs . May be it was a false alarm
          Hide
          Timothy Potter added a comment -

          Bulk close after 5.1 release

          Show
          Timothy Potter added a comment - Bulk close after 5.1 release

            People

            • Assignee:
              Noble Paul
              Reporter:
              Noble Paul
            • Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development