This is an automated email from the ASF dual-hosted git repository. houston pushed a commit to branch add-pki-caching in repository https://gitbox.apache.org/repos/asf/solr.git
commit 2dbc0d21177fbcd3c7d51261b8077a5f9811502e Author: Jason Gerlowski <[email protected]> AuthorDate: Wed Sep 25 23:08:45 2024 -0400 Replace 'raw' client usage in PKIAuthPlugin (#107) Using a Http2SolrClient ensures that the PKI logic can take advantage of the certificate-refresh logic that Http2SolrClient et al have supported since SOLR-16743. (This commit anticipates some changes that the upstream community is currently working on, but that haven't yet landed in their final form on branch_9x. At time of writing, it looks exceedingly likely that these changes will be available in Solr 9.8, and so this commit will not need brought forward to any release branches other than 9.7. This assumption can be validated by checking the latest status of SOLR-16503 where this upstream work is happening.) Co-authored-by: Jason Gerlowski <[email protected]> --- .../solr/security/PKIAuthenticationPlugin.java | 29 +++++++++++----------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java b/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java index b1f6e6b6eed..06c52022c55 100644 --- a/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java +++ b/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java @@ -41,15 +41,15 @@ import org.apache.http.HttpException; import org.apache.http.HttpHeaders; import org.apache.http.HttpRequest; import org.apache.http.HttpRequestInterceptor; -import org.apache.http.HttpResponse; import org.apache.http.auth.BasicUserPrincipal; -import org.apache.http.client.methods.HttpGet; import org.apache.http.protocol.HttpContext; -import org.apache.http.util.EntityUtils; +import org.apache.solr.client.solrj.SolrRequest; import org.apache.solr.client.solrj.impl.Http2SolrClient; import org.apache.solr.client.solrj.impl.HttpClientUtil; import org.apache.solr.client.solrj.impl.HttpListenerFactory; import org.apache.solr.client.solrj.impl.SolrHttpClientBuilder; +import org.apache.solr.client.solrj.request.GenericSolrRequest; +import org.apache.solr.common.params.ModifiableSolrParams; import org.apache.solr.common.util.ExecutorUtil; import org.apache.solr.common.util.StrUtils; import org.apache.solr.common.util.SuppressForbidden; @@ -345,18 +345,17 @@ public class PKIAuthenticationPlugin extends AuthenticationPlugin } String url = cores.getZkController().getZkStateReader().getBaseUrlForNodeName(nodename); HttpEntity entity = null; - try { - String uri = url + PublicKeyHandler.PATH + "?wt=json&omitHeader=true"; - log.debug("Fetching fresh public key from: {}", uri); - HttpResponse rsp = - cores - .getUpdateShardHandler() - .getDefaultHttpClient() - .execute(new HttpGet(uri), HttpClientUtil.createNewHttpClientRequestContext()); - entity = rsp.getEntity(); - byte[] bytes = EntityUtils.toByteArray(entity); - Map<?, ?> m = (Map<?, ?>) Utils.fromJSON(bytes); - String key = (String) m.get("key"); + try (final var fetchClient = + new Http2SolrClient.Builder(url) + .withHttpClient(cores.getUpdateShardHandler().getUpdateOnlyHttpClient()) + .build()) { + final var noHeaderParams = new ModifiableSolrParams(); + noHeaderParams.add("omitHeader", "true"); + final var request = + new GenericSolrRequest(SolrRequest.METHOD.GET, PublicKeyHandler.PATH, noHeaderParams); + log.debug("Fetching fresh public key from: {}{}", url, PublicKeyHandler.PATH); + final var rsp = request.process(fetchClient); + final String key = (String) rsp.getResponse().get("key"); if (key == null) { log.error("No key available from {}{}", url, PublicKeyHandler.PATH); return null;
