Hi,
I'm looking at filing an issue in JIRA, but wanted to first make sure my issue
would be a valid change.
In order to configure our dataSource without requiring a plaintext password in
the configuration file, we extended JdbcDataSource to create our own custom
implementation. Our dataSource config now looks something like this:
<dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser"
password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the
password. However, this seems to cause an issue when we try use Solr in a Cloud
Configuration (using Zookeeper). The error is "Strong key gen and multiprime
gen require at least 1024-bit keysize." Full log attached.
This seems to be due to the hard-coded value of 512 in the
org.apache.solr.util.CryptoKeys$RSAKeyPair class:
public RSAKeyPair() {
KeyPairGenerator keyGen = null;
try {
keyGen = KeyPairGenerator.getInstance("RSA");
} catch (NoSuchAlgorithmException e) {
throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
}
keyGen.initialize(512);
I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt it,
and this now everything seems to work great.
Would this be a valid code change to request? I'm happy to create the JIRA
ticket and supply a patch file.
Thanks,
Jeremy
