Solr keystore property renames

solr/bin/solr

@@ -241,7 +241,7 @@ if [ "$SOLR_SSL_ENABLED" == "true" ]; then
   fi
 
   if [ "${SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION:true}" == "true" ] ; then
-    SOLR_SSL_OPTS+=" -Dsolr.jetty.ssl.verifyClientHostName=HTTPS"
+    SOLR_SSL_OPTS+=" -Dsolr.jetty.ssl.verify.client.hostname=HTTPS"
   fi
 
   if [ -n "$SOLR_SSL_NEED_CLIENT_AUTH" ]; then

solr/bin/solr.cmd

@@ -109,7 +109,7 @@ IF "%SOLR_SSL_ENABLED%"=="true" (
     set "SOLR_SSL_OPTS=!SOLR_SSL_OPTS! -Dsolr.jetty.keystore=%SOLR_SSL_KEY_STORE%"
     IF "%SOLR_SSL_RELOAD_ENABLED%"=="true" (
       IF "%SOLR_SECURITY_MANAGER_ENABLED%"=="true" (
-        set "SOLR_SSL_OPTS=!SOLR_SSL_OPTS! -Dsolr.jetty.keystoreParentPath=%SOLR_SSL_KEY_STORE%/.."
+        set "SOLR_SSL_OPTS=!SOLR_SSL_OPTS! -Dsolr.jetty.keystore.parent.path=%SOLR_SSL_KEY_STORE%/.."
       )
     )
   )
@@ -129,7 +129,7 @@ IF "%SOLR_SSL_ENABLED%"=="true" (
     set SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=true
   )
   IF "%SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION%"=="true" (
-    set "SOLR_SSL_OPTS=!SOLR_SSL_OPTS! -Dsolr.jetty.ssl.verifyClientHostName=HTTPS"
+    set "SOLR_SSL_OPTS=!SOLR_SSL_OPTS! -Dsolr.jetty.ssl.verify.client.hostname=HTTPS"
   )
 
   IF DEFINED SOLR_SSL_NEED_CLIENT_AUTH (

solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudClusterSSL.java

@@ -82,7 +82,7 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 {
 
   @Rule
   public TestRule syspropRestore =
-      new TestRuleRestoreSystemProperties(SolrHttpConstants.SYS_PROP_CHECK_PEER_NAME);
+      new TestRuleRestoreSystemProperties(SolrHttpConstants.SYS_PROP_CHECK_PEER_NAME_ENABLED);
 
   @Before
   public void before() {
@@ -178,7 +178,7 @@ private void checkClusterWithNodeReplacement(SSLTestConfig sslConfig) throws Exc
       SSLContext.setDefault(
           sslConfig.isSSLMode() ? sslConfig.buildClientSSLContext() : DEFAULT_SSL_CONTEXT);
       System.setProperty(
-          SolrHttpConstants.SYS_PROP_CHECK_PEER_NAME,
+          SolrHttpConstants.SYS_PROP_CHECK_PEER_NAME_ENABLED,
           Boolean.toString(sslConfig.getCheckPeerName()));
       HttpClientUtil.resetHttpClientBuilder();
       Http2SolrClient.resetSslContextFactory();
@@ -208,7 +208,7 @@ public void testSslWithInvalidPeerName() throws Exception {
 
       // now initialize a client that still uses the existing SSLContext/Provider, so it will accept
       // our existing certificate, but *does* care about validating the peer name
-      System.setProperty(SolrHttpConstants.SYS_PROP_CHECK_PEER_NAME, "true");
+      System.setProperty(SolrHttpConstants.SYS_PROP_CHECK_PEER_NAME_ENABLED, "true");
       HttpClientUtil.resetHttpClientBuilder();
       Http2SolrClient.resetSslContextFactory();
 

solr/server/etc/jetty-http.xml

@@ -40,9 +40,9 @@
         </Arg>
         <Set name="host"><Property name="solr.host.bind" default="127.0.0.1"/></Set>
         <Set name="port"><Property name="solr.port.listen" default="8983" /></Set>
-        <Set name="idleTimeout"><Property name="solr.jetty.http.idleTimeout" default="120000"/></Set>
-        <Set name="acceptorPriorityDelta"><Property name="solr.jetty.http.acceptorPriorityDelta" default="0"/></Set>
-        <Set name="acceptQueueSize"><Property name="solr.jetty.http.acceptQueueSize" default="0"/></Set>
+        <Set name="idleTimeout"><Property name="solr.jetty.http.timeout.ms" default="120000"/></Set>
+        <Set name="acceptorPriorityDelta"><Property name="solr.jetty.http.acceptor.priority.delta" default="0"/></Set>
+        <Set name="acceptQueueSize"><Property name="solr.jetty.http.accept.queue.size" default="0"/></Set>
         <Set name="reuseAddress"><Property name="solr.jetty.http.reuseAddress" default="true"/></Set>
         <Set name="reusePort"><Property name="solr.jetty.http.reusePort" default="false"/></Set>
         <Set name="acceptedTcpNoDelay"><Property name="solr.jetty.http.acceptedTcpNoDelay" default="true"/></Set>

solr/server/etc/jetty-https.xml

@@ -66,8 +66,8 @@
         <Set name="host"><Property name="solr.host.bind" default="127.0.0.1"/></Set>
         <Set name="port"><Property name="solr.jetty.https.port" default="8983" /></Set>
         <Set name="idleTimeout"><Property name="solr.jetty.https.timeout" default="120000"/></Set>
-        <Set name="acceptorPriorityDelta"><Property name="solr.jetty.ssl.acceptorPriorityDelta" default="0"/></Set>
-        <Set name="acceptQueueSize"><Property name="solr.jetty.https.acceptQueueSize" default="0"/></Set>
+        <Set name="acceptorPriorityDelta"><Property name="solr.jetty.ssl.acceptor.priority.delta" default="0"/></Set>
+        <Set name="acceptQueueSize"><Property name="solr.jetty.https.accept.queue.size" default="0"/></Set>
         <Set name="reuseAddress"><Property name="solr.jetty.ssl.reuseAddress" default="true"/></Set>
         <Set name="reusePort"><Property name="solr.jetty.ssl.reusePort" default="false"/></Set>
         <Set name="acceptedTcpNoDelay"><Property name="solr.jetty.ssl.acceptedTcpNoDelay" default="true"/></Set>

solr/server/etc/jetty-ssl.xml

@@ -23,7 +23,7 @@
   <Set name="WantClientAuth"><Property name="solr.jetty.ssl.want.client.auth.enabled" default="false"/></Set>
   <Set name="KeyStoreType"><Property name="solr.jetty.keystore.type" default="PKCS12"/></Set>
   <Set name="TrustStoreType"><Property name="solr.jetty.truststore.type" default="PKCS12"/></Set>
-  <Set name="EndpointIdentificationAlgorithm"><Property name="solr.jetty.ssl.verifyClientHostName"/></Set>
+  <Set name="EndpointIdentificationAlgorithm"><Property name="solr.jetty.ssl.verify.client.hostname"/></Set>
   <Set name="useCipherSuitesOrder" property="solr.jetty.ssl.useCipherSuitesOrder" />
   <Set name="sslSessionCacheSize" property="solr.jetty.ssl.sslSessionCacheSize" />
   <Set name="sslSessionTimeout" property="solr.jetty.ssl.sslSessionTimeout" />

solr/server/etc/jetty.xml

@@ -65,7 +65,7 @@
     <Set name="sendServerVersion"><Property name="solr.jetty.send.server.version" default="false" /></Set>
     <Set name="sendDateHeader"><Property name="solr.jetty.send.date.header" default="false" /></Set>
     <Set name="headerCacheSize"><Property name="solr.jetty.header.cache.size" default="512" /></Set>
-    <Set name="delayDispatchUntilContent"><Property name="solr.jetty.delayDispatchUntilContent" default="false"/></Set>
+    <Set name="delayDispatchUntilContent"><Property name="solr.jetty.delay.dispatch.until.content" default="false"/></Set>
     <Set name="relativeRedirectAllowed">true</Set><!-- can remove in Jetty 12, which has this default -->
     <!-- Uncomment to enable handling of X-Forwarded- style headers
     <Call name="addCustomizer">

solr/server/etc/security.policy

@@ -178,7 +178,7 @@ grant {
 
   permission java.io.FilePermission "${javax.net.ssl.trustStore}", "read,readlink";
 
-  permission java.io.FilePermission "${solr.jetty.keystoreParentPath}", "read,readlink";
+  permission java.io.FilePermission "${solr.jetty.keystore.parent.path}", "read,readlink";
   permission java.io.FilePermission "${javax.net.ssl.keyStoreParentPath}", "read,readlink";
 
   permission java.io.FilePermission "${solr.install.dir}", "read,write,delete,readlink";

solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-10.adoc

@@ -45,6 +45,8 @@ The previous `SOLR_HOST` and 'host' are deprecated and now use `SOLR_HOST_ADVERT
 
 The previous `jetty.port` is deprecated and now use `solr.port.listen`.
 
+Many of the properties in the various `solr/server/etc/jetty-*.xml` files have been updated to be dot seperated names.
+
 
 === Solr CLI and Scripts
 

solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java

@@ -1109,7 +1109,7 @@ public static void resetSslContextFactory() {
 
   /* package-private for testing */
   static SslContextFactory.Client getDefaultSslContextFactory() {
-    String checkPeerNameStr = System.getProperty(SolrHttpConstants.SYS_PROP_CHECK_PEER_NAME);
+    String checkPeerNameStr = System.getProperty(SolrHttpConstants.SYS_PROP_CHECK_PEER_NAME_ENABLED);
     boolean sslCheckPeerName = !"false".equalsIgnoreCase(checkPeerNameStr);
 
     SslContextFactory.Client sslContextFactory = new SslContextFactory.Client(!sslCheckPeerName);

solr/solrj/src/java/org/apache/solr/client/solrj/impl/SolrHttpConstants.java

@@ -52,7 +52,7 @@ public interface SolrHttpConstants {
    * System property consulted to determine if HTTP based SolrClients will require hostname
    * validation of SSL Certificates. The default behavior is to enforce peer name validation.
    */
-  String SYS_PROP_CHECK_PEER_NAME = "solr.ssl.check.peer.name.enabled";
+  String SYS_PROP_CHECK_PEER_NAME_ENABLED = "solr.ssl.check.peer.name.enabled";
 
   /** Basic auth username */
   String PROP_BASIC_AUTH_USER = "httpBasicAuthUser";

solr/test-framework/src/java/org/apache/solr/client/solrj/apache/HttpClientUtil.java

@@ -247,7 +247,7 @@ public static void setHttpClientProvider(SolrHttpClientBuilder newHttpClientBuil
   }
 
   /**
-   * @see #SYS_PROP_CHECK_PEER_NAME
+   * @see #SYS_PROP_CHECK_PEER_NAME_ENABLED
    */
   public static void setSocketFactoryRegistryProvider(
       SocketFactoryRegistryProvider newRegistryProvider) {
@@ -259,7 +259,7 @@ public static SolrHttpClientBuilder getHttpClientBuilder() {
   }
 
   /**
-   * @see #SYS_PROP_CHECK_PEER_NAME
+   * @see #SYS_PROP_CHECK_PEER_NAME_ENABLED
    */
   public static SocketFactoryRegistryProvider getSocketFactoryRegistryProvider() {
     return socketFactoryRegistryProvider;
@@ -286,15 +286,15 @@ public Registry<ConnectionSocketFactory> getSocketFactoryRegistry() {
       SSLConnectionSocketFactory sslConnectionSocketFactory = null;
       boolean sslCheckPeerName =
           toBooleanDefaultIfNull(
-              toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), true);
+              toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME_ENABLED)), true);
       if (sslCheckPeerName) {
         sslConnectionSocketFactory = SSLConnectionSocketFactory.getSystemSocketFactory();
       } else {
         sslConnectionSocketFactory =
             new SSLConnectionSocketFactory(
                 SSLContexts.createSystemDefault(), NoopHostnameVerifier.INSTANCE);
         log.debug(
-            "{} is false, hostname checks disabled.", HttpClientUtil.SYS_PROP_CHECK_PEER_NAME);
+            "{} is false, hostname checks disabled.", HttpClientUtil.SYS_PROP_CHECK_PEER_NAME_ENABLED);
       }
       builder.register("https", sslConnectionSocketFactory);
 

solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java

@@ -99,7 +99,7 @@ public SSLTestConfig(boolean useSsl, boolean clientAuth) {
    * @param clientAuth - whether client authentication should be required.
    * @param checkPeerName - whether the client should validate the 'peer name' of the SSL
    *     Certificate (and which testing Cert should be used)
-   * @see SolrHttpConstants#SYS_PROP_CHECK_PEER_NAME
+   * @see SolrHttpConstants#SYS_PROP_CHECK_PEER_NAME_ENABLED
    */
   @SuppressWarnings("removal")
   public SSLTestConfig(boolean useSsl, boolean clientAuth, boolean checkPeerName) {

solr/test-framework/src/test/org/apache/solr/client/solrj/apache/HttpClientUtilTest.java

@@ -45,7 +45,7 @@ public class HttpClientUtilTest extends SolrTestCase {
 
   @Rule
   public TestRule syspropRestore =
-      new TestRuleRestoreSystemProperties(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME);
+      new TestRuleRestoreSystemProperties(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME_ENABLED);
 
   @After
   public void resetHttpClientBuilder() {
@@ -64,17 +64,17 @@ public void testSSLSystemProperties() {
     assertSSLHostnameVerifier(
         DefaultHostnameVerifier.class, HttpClientUtil.getSocketFactoryRegistryProvider());
 
-    System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME, "true");
+    System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME_ENABLED, "true");
     resetHttpClientBuilder();
     assertSSLHostnameVerifier(
         DefaultHostnameVerifier.class, HttpClientUtil.getSocketFactoryRegistryProvider());
 
-    System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME, "");
+    System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME_ENABLED, "");
     resetHttpClientBuilder();
     assertSSLHostnameVerifier(
         DefaultHostnameVerifier.class, HttpClientUtil.getSocketFactoryRegistryProvider());
 
-    System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME, "false");
+    System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME_ENABLED, "false");
     resetHttpClientBuilder();
     assertSSLHostnameVerifier(
         NoopHostnameVerifier.class, HttpClientUtil.getSocketFactoryRegistryProvider());