Sure seems like a JIRA to me. I have no clue why 512 was chosen in
the first place though.
Or you could post the same question on dev list first.
But this is an appropriate JIRA I think.
Erick
On Wed, Oct 5, 2016 at 10:43 AM, Martini, Jeremy (CGI Federal)
<jeremy.mart...@cgifederal.com> wrote:
> Hi,
>
>
>
> I'm looking at filing an issue in JIRA, but wanted to first make sure my
> issue would be a valid change.
>
>
>
> In order to configure our dataSource without requiring a plaintext password
> in the configuration file, we extended JdbcDataSource to create our own
> custom implementation. Our dataSource config now looks something like this:
>
>
>
> <dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.OracleDriver"
> url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser"
> password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
>
>
>
> We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the
> password. However, this seems to cause an issue when we try use Solr in a
> Cloud Configuration (using Zookeeper). The error is "Strong key gen and
> multiprime gen require at least 1024-bit keysize." Full log attached.
>
>
>
> This seems to be due to the hard-coded value of 512 in the
> org.apache.solr.util.CryptoKeys$RSAKeyPair class:
>
>
>
> public RSAKeyPair() {
>
> KeyPairGenerator keyGen = null;
>
> try {
>
> keyGen = KeyPairGenerator.getInstance("RSA");
>
> } catch (NoSuchAlgorithmException e) {
>
> throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
>
> }
>
> keyGen.initialize(512);
>
>
>
> I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt
> it, and this now everything seems to work great.
>
>
>
> Would this be a valid code change to request? I'm happy to create the JIRA
> ticket and supply a patch file.
>
>
>
> Thanks,
>
> Jeremy
