Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-9609

Change hard-coded keysize from 512 to 1024

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 6.4, 7.0
    • None
    • None

    Description

      In order to configure our dataSource without requiring a plaintext password in the configuration file, we extended JdbcDataSource to create our own custom implementation. Our dataSource config now looks something like this:

      <dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.OracleDriver" url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser" password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
      

      We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the password. However, this seems to cause an issue when we try use Solr in a Cloud Configuration (using Zookeeper). The error is "Strong key gen and multiprime gen require at least 1024-bit keysize." Full log attached.

      This seems to be due to the hard-coded value of 512 in the org.apache.solr.util.CryptoKeys$RSAKeyPair class:

      public RSAKeyPair() {
        KeyPairGenerator keyGen = null;
        try {
          keyGen = KeyPairGenerator.getInstance("RSA");
        } catch (NoSuchAlgorithmException e) {
          throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
        }
        keyGen.initialize(512);
      

      I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt it, and now everything seems to work great.

      Attachments

        1. solr.log
          10 kB
          Jeremy Martini
        2. SOLR-9609.patch
          0.7 kB
          Jeremy Martini
        3. SOLR-9609.patch
          0.7 kB
          Erick Erickson
        4. SOLR-9609.patch
          6 kB
          Erick Erickson
        5. SOLR-9609.patch
          2 kB
          Erick Erickson

        Activity

          People

            erickerickson Erick Erickson
            jpm290 Jeremy Martini
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: