Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SOLR-16613: CryptoKeys should handle RSA padding for OpenJ9 #1279

Merged
merged 4 commits into from Jan 10, 2023
Merged

SOLR-16613: CryptoKeys should handle RSA padding for OpenJ9 #1279

merged 4 commits into from Jan 10, 2023

Conversation

risdenk
Copy link
Contributor

@risdenk risdenk commented Jan 6, 2023
edited

https://issues.apache.org/jira/browse/SOLR-16613

Tested with:

# With Temurin 17
./gradlew test --tests TestRSAKeyPair
./gradlew test --tests TestPKIAuthenticationPlugin

# With OpenJ9 17
RUNTIME_JAVA_HOME=/Library/Java/JavaVirtualMachines/ibm-semeru-open-17.jdk/Contents/Home ./gradlew test --tests TestRSAKeyPair
RUNTIME_JAVA_HOME=/Library/Java/JavaVirtualMachines/ibm-semeru-open-17.jdk/Contents/Home ./gradlew test --tests TestPKIAuthenticationPlugin

@risdenk risdenk self-assigned this Jan 6, 2023
@risdenk risdenk requested review from madrob, gerlowskija, tflobbe, magibney and uschindler and removed request for madrob January 6, 2023 20:27
risdenk
risdenk commented Jan 6, 2023
View reviewed changes
solr/core/src/test/org/apache/solr/cloud/TestRSAKeyPair.java
testRoundTrip(new CryptoKeys.RSAKeyPair(privateKey, publicKey));
}

private void testRoundTrip(CryptoKeys.RSAKeyPair kp) throws Exception {
final byte[] plaintext = new byte[random().nextInt(64)];
random().nextBytes(plaintext);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

random().nextBytes() would end up with null bytes and that would cause issues. I switched this to generate a regular string with no null bytes.

solr/core/src/java/org/apache/solr/util/CryptoKeys.java Show resolved Hide resolved
uschindler
uschindler reviewed Jan 6, 2023
View reviewed changes
Copy link
Contributor

@uschindler uschindler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for inviting me to review, but this is far away from my knowledge. I try to avoid crypto apis in Java.

madrob
madrob reviewed Jan 6, 2023
View reviewed changes
Copy link
Contributor

@madrob madrob left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we switch the algorithm from no padding to something with padding?

@risdenk
Copy link
Contributor Author

risdenk commented Jan 6, 2023
edited

Should we switch the algorithm from no padding to something with padding?

probably at some point. I don't really want to tackle that with this. This at least cleans up the build failures.

Let me add one more thing related to this - as far as I can tell the whole "RSA Encryption" stuff in question here - is really just a signature and shouldn't be done this way. This is encrypting with private key and verifying with public key. There are signatures for that instead. Not sure why its done this way, but it MIGHT be that the whole NoPadding stuff is really just working around using the right cryptography approach of a signature.

@risdenk risdenk merged commit 248dc3c into apache:main Jan 10, 2023
@risdenk risdenk deleted the SOLR-16613 branch January 10, 2023 16:52
risdenk added a commit that referenced this pull request Jan 10, 2023
@risdenk
SOLR-16613: CryptoKeys should handle RSA padding for OpenJ9 (#1279)
f9b486c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@uschindler uschindler uschindler left review comments

@madrob madrob madrob left review comments

@gerlowskija gerlowskija Awaiting requested review from gerlowskija

@tflobbe tflobbe Awaiting requested review from tflobbe

@magibney magibney Awaiting requested review from magibney

Assignees

@risdenk risdenk

Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@risdenk @uschindler @madrob @magibney