From 9e131b57c4d6d256d54000dca916dd7f5e741017 Mon Sep 17 00:00:00 2001 From: Evgeniy Cheban Date: Fri, 19 Sep 2025 00:45:59 +0300 Subject: [PATCH 1/2] Support TLS for cproto connector Closes gh-122 --- README.md | 20 ++++ pom.xml | 4 + .../reindexer/ReindexerConfiguration.java | 22 +++- .../cproto/DataSourceConfiguration.java | 33 ++++++ .../cproto/DataSourceFactoryStrategy.java | 4 +- .../binding/cproto/PhysicalConnection.java | 14 ++- .../binding/cproto/PhysicalDataSource.java | 20 +++- .../connector/CprotosReindexerTest.java | 35 +++++++ .../rt/restream/reindexer/db/DbBaseTest.java | 2 +- .../rt/restream/reindexer/db/DbLocator.java | 94 ++++++++++++++++-- src/test/resources/builtin-server.crt | 23 +++++ src/test/resources/builtin-server.jks | Bin 0 -> 1382 bytes src/test/resources/builtin-server.key | 28 ++++++ .../default-builtin-server-config.yml | 2 + 14 files changed, 287 insertions(+), 14 deletions(-) create mode 100644 src/test/java/ru/rt/restream/reindexer/connector/CprotosReindexerTest.java create mode 100644 src/test/resources/builtin-server.crt create mode 100644 src/test/resources/builtin-server.jks create mode 100644 src/test/resources/builtin-server.key diff --git a/README.md b/README.md index fd53fedd..029801dc 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,8 @@ public class Item { // Init a database instance and choose the binding (builtin). Configure connection pool size and connection // timeout. Database should be created explicitly via reindexer_tool. + // To connect to Reindexer with TLS, use cprotos:// protocol with default port 6535. + // Use ReindexerConfiguration#sslSocketFactory to provide a custom SSLSocketFactory. Reindexer db = ReindexerConfiguration.builder() .url("cproto://localhost:6534/testdb") .connectionPoolSize(1) @@ -354,3 +356,21 @@ Depends on amount changes in transaction there are 2 possible Commit strategies: 2. Transaction object holds Reindexer's resources, therefore application should explicitly call `tx.rollback` or `tx.commit`, otherwise resources will leak. 3. It is safe to call `tx.rollback` after `tx.commit`. 4. It is possible to call Query from transaction by call `tx.query().execute(); ...`. Only read-committed isolation is available. Changes made in active transaction is invisible to current and another transactions. + +### Development notes + +To run tests locally, you need to install Reindexer using a package manager for your OS. +Cprotos protocol tests require Reindexer to be built with TLS support, and ssl certificate and key must be placed in +src/test/resources, to generate a new valid certificate run the following commands: + +```bash +cd src/test/resources +# Generates a certificate key (not needed if you already have one). +openssl genrsa -out builtin-server.key 2048 +# Generates a self-signed certificate using the provided key; +# Prompts to fill certificate information e.g. CN=localhost; +# The certificate will be valid for 10 years. +openssl req -new -x509 -key builtin-server.key -out builtin-server.crt -days 3650 +# Import the certificate into the Java keystore and save it as a JKS file. +keytool -importcert -alias builtin-server -file builtin-server.crt -keystore builtin-server.jks -storepass password -noprompt +``` diff --git a/pom.xml b/pom.xml index c1b8a1c6..30c1c0b5 100644 --- a/pom.xml +++ b/pom.xml @@ -139,6 +139,10 @@ ${tests} + + ${project.basedir}/src/test/resources/builtin-server.jks + password + diff --git a/src/main/java/ru/rt/restream/reindexer/ReindexerConfiguration.java b/src/main/java/ru/rt/restream/reindexer/ReindexerConfiguration.java index a74ab593..fe9b2258 100644 --- a/src/main/java/ru/rt/restream/reindexer/ReindexerConfiguration.java +++ b/src/main/java/ru/rt/restream/reindexer/ReindexerConfiguration.java @@ -33,6 +33,8 @@ import java.util.Objects; import java.util.function.Consumer; +import javax.net.ssl.SSLSocketFactory; + /** * Represents approach for bootstrapping Reindexer. */ @@ -54,6 +56,8 @@ public final class ReindexerConfiguration { private String serverConfigFile = "default-builtin-server-config.yml"; + private SSLSocketFactory sslSocketFactory; + private ReindexerConfiguration() { } @@ -161,6 +165,17 @@ public ReindexerConfiguration serverConfigFile(String serverConfigFile) { return this; } + /** + * Configure an {@link SSLSocketFactory}. + * + * @param sslSocketFactory the {@link SSLSocketFactory} to use + * @return the {@link ReindexerConfiguration} for further customizations + */ + public ReindexerConfiguration sslSocketFactory(SSLSocketFactory sslSocketFactory) { + this.sslSocketFactory = sslSocketFactory; + return this; + } + /** * Build and return reindexer connector instance. * @@ -186,10 +201,15 @@ public Reindexer getReindexer() { private Binding getBinding(String protocol, List uris) { switch (protocol) { + case "cprotos": + if (sslSocketFactory == null) { + sslSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); + } case "cproto": DataSourceConfiguration dataSourceConfig = DataSourceConfiguration.builder() .urls(urls) .allowUnlistedDataSource(allowUnlistedDataSource) + .sslSocketFactory(sslSocketFactory) .build(); return new Cproto(dataSourceFactory, dataSourceConfig, connectionPoolSize, requestTimeout); case "builtin": @@ -197,7 +217,7 @@ private Binding getBinding(String protocol, List uris) { case "builtinserver": return new BuiltinServer(uris.get(0), serverConfigFile, serverStartupTimeout, requestTimeout); default: - throw new UnimplementedException("Protocol: '" + protocol + "' is not suppored"); + throw new UnimplementedException("Protocol: '" + protocol + "' is not supported"); } } diff --git a/src/main/java/ru/rt/restream/reindexer/binding/cproto/DataSourceConfiguration.java b/src/main/java/ru/rt/restream/reindexer/binding/cproto/DataSourceConfiguration.java index 443a5b81..a0e9ad01 100644 --- a/src/main/java/ru/rt/restream/reindexer/binding/cproto/DataSourceConfiguration.java +++ b/src/main/java/ru/rt/restream/reindexer/binding/cproto/DataSourceConfiguration.java @@ -22,6 +22,8 @@ import java.util.List; import java.util.Objects; +import javax.net.ssl.SSLSocketFactory; + /** * A {@link DataSource} configuration. */ @@ -37,6 +39,11 @@ public class DataSourceConfiguration { */ private final boolean allowUnlistedDataSource; + /** + * An {@link SSLSocketFactory} to connect to Reindexer using cprotos (SSL/TLS) protocol. + */ + private final SSLSocketFactory sslSocketFactory; + /** * An index of the current active data source. */ @@ -46,6 +53,7 @@ private DataSourceConfiguration(Builder builder) { urls = builder.urls; allowUnlistedDataSource = builder.allowUnlistedDataSource; active = builder.active; + sslSocketFactory = builder.sslSocketFactory; } public static Builder builder() { @@ -69,6 +77,15 @@ public boolean isAllowUnlistedDataSource() { return allowUnlistedDataSource; } + /** + * Returns an {@link SSLSocketFactory} to connect to Reindexer using cprotos (SSL/TLS) protocol. + * + * @return the {@link SSLSocketFactory} to use + */ + public SSLSocketFactory getSslSocketFactory() { + return sslSocketFactory; + } + /** * Returns the index of the current active data source. * @@ -102,6 +119,11 @@ public static class Builder { */ private boolean allowUnlistedDataSource = true; + /** + * An {@link SSLSocketFactory} to connect to Reindexer using cprotos (SSL/TLS) protocol. + */ + private SSLSocketFactory sslSocketFactory; + /** * An index of the current active data source. */ @@ -157,6 +179,17 @@ public Builder allowUnlistedDataSource(boolean allowUnlistedDataSource) { return this; } + /** + * Configure an {@link SSLSocketFactory} to connect to Reindexer using cprotos (TLS) protocol. + * + * @param sslSocketFactory the {@link SSLSocketFactory} to use + * @return the {@link Builder} for further customizations + */ + public Builder sslSocketFactory(SSLSocketFactory sslSocketFactory) { + this.sslSocketFactory = sslSocketFactory; + return this; + } + /** * Build and return a {@link DataSource} configuration. * diff --git a/src/main/java/ru/rt/restream/reindexer/binding/cproto/DataSourceFactoryStrategy.java b/src/main/java/ru/rt/restream/reindexer/binding/cproto/DataSourceFactoryStrategy.java index 201268ab..e8032c28 100644 --- a/src/main/java/ru/rt/restream/reindexer/binding/cproto/DataSourceFactoryStrategy.java +++ b/src/main/java/ru/rt/restream/reindexer/binding/cproto/DataSourceFactoryStrategy.java @@ -43,7 +43,7 @@ public enum DataSourceFactoryStrategy implements DataSourceFactory { public DataSource getDataSource(DataSourceConfiguration configuration) { List urls = configuration.getUrls(); configuration.setActive((configuration.getActive() + 1) % urls.size()); - return new PhysicalDataSource(urls.get(configuration.getActive())); + return new PhysicalDataSource(urls.get(configuration.getActive()), configuration.getSslSocketFactory()); } }, @@ -55,7 +55,7 @@ public DataSource getDataSource(DataSourceConfiguration configuration) { public DataSource getDataSource(DataSourceConfiguration configuration) { List urls = configuration.getUrls(); configuration.setActive(ThreadLocalRandom.current().nextInt(urls.size())); - return new PhysicalDataSource(urls.get(configuration.getActive())); + return new PhysicalDataSource(urls.get(configuration.getActive()), configuration.getSslSocketFactory()); } }, diff --git a/src/main/java/ru/rt/restream/reindexer/binding/cproto/PhysicalConnection.java b/src/main/java/ru/rt/restream/reindexer/binding/cproto/PhysicalConnection.java index 048a232b..966650fd 100644 --- a/src/main/java/ru/rt/restream/reindexer/binding/cproto/PhysicalConnection.java +++ b/src/main/java/ru/rt/restream/reindexer/binding/cproto/PhysicalConnection.java @@ -46,6 +46,9 @@ import java.util.concurrent.locks.ReentrantLock; import java.util.concurrent.locks.ReentrantReadWriteLock; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; + import static ru.rt.restream.reindexer.binding.Consts.APP_PROPERTY_NAME; import static ru.rt.restream.reindexer.binding.Consts.BINDING_CAPABILITY_COMPLEX_RANK; import static ru.rt.restream.reindexer.binding.Consts.BINDING_CAPABILITY_NAMESPACE_INCARNATIONS; @@ -106,9 +109,18 @@ public class PhysicalConnection implements Connection { private final ScheduledFuture writeTaskFuture; public PhysicalConnection(String host, int port, String user, String password, String database, + SSLSocketFactory sslSocketFactory, Duration requestTimeout, ScheduledExecutorService scheduler) { try { - clientSocket = new Socket(host, port); + if (sslSocketFactory != null) { + LOGGER.debug("rx: using SSL/TLS connection to {}:{}", host, port); + SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(host, port); + // Fail fast if SSL/TLS handshake fails. + sslSocket.startHandshake(); + clientSocket = sslSocket; + } else { + clientSocket = new Socket(host, port); + } output = new DataOutputStream(clientSocket.getOutputStream()); input = new DataInputStream(clientSocket.getInputStream()); timeout = requestTimeout; diff --git a/src/main/java/ru/rt/restream/reindexer/binding/cproto/PhysicalDataSource.java b/src/main/java/ru/rt/restream/reindexer/binding/cproto/PhysicalDataSource.java index 9ed79f7e..4ac34558 100644 --- a/src/main/java/ru/rt/restream/reindexer/binding/cproto/PhysicalDataSource.java +++ b/src/main/java/ru/rt/restream/reindexer/binding/cproto/PhysicalDataSource.java @@ -20,6 +20,8 @@ import java.time.Duration; import java.util.concurrent.ScheduledThreadPoolExecutor; +import javax.net.ssl.SSLSocketFactory; + /** * A {@link DataSource} that creates a {@link PhysicalConnection}. */ @@ -35,12 +37,27 @@ public class PhysicalDataSource implements DataSource { private final String database; + private final SSLSocketFactory sslSocketFactory; + /** * Creates an instance. * * @param url the URL to use + * @deprecated Use {@link #PhysicalDataSource(String, SSLSocketFactory)} + * to connect to Reindexer using cprotos (SSL/TLS) protocol. */ + @Deprecated public PhysicalDataSource(String url) { + this(url, null); + } + + /** + * Creates an instance. + * + * @param url the URL to use + * @param sslSocketFactory the {@link SSLSocketFactory} socket factory to use + */ + public PhysicalDataSource(String url, SSLSocketFactory sslSocketFactory) { URI uri = URI.create(url); host = uri.getHost(); port = uri.getPort(); @@ -58,11 +75,12 @@ public PhysicalDataSource(String url) { password = ""; } database = uri.getPath().substring(1); + this.sslSocketFactory = sslSocketFactory; } @Override public Connection getConnection(Duration timeout, ScheduledThreadPoolExecutor scheduler) { - return new PhysicalConnection(host, port, user, password, database, timeout, scheduler); + return new PhysicalConnection(host, port, user, password, database, sslSocketFactory, timeout, scheduler); } @Override diff --git a/src/test/java/ru/rt/restream/reindexer/connector/CprotosReindexerTest.java b/src/test/java/ru/rt/restream/reindexer/connector/CprotosReindexerTest.java new file mode 100644 index 00000000..c3c00dbd --- /dev/null +++ b/src/test/java/ru/rt/restream/reindexer/connector/CprotosReindexerTest.java @@ -0,0 +1,35 @@ +/* + * Copyright 2020 Restream + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package ru.rt.restream.reindexer.connector; + +import org.junit.jupiter.api.BeforeAll; +import ru.rt.restream.category.CprotoTest; +import ru.rt.restream.reindexer.db.DbLocator; +import ru.rt.restream.reindexer.db.DbLocator.Type; + +/** + * Tests for Cprotos (SSL/TLS) protocol implementation. + */ +@CprotoTest +public class CprotosReindexerTest extends ReindexerTest { + + @BeforeAll + @Override + protected void initDb() { + db = DbLocator.getDb(Type.CPROTOS); + } + +} diff --git a/src/test/java/ru/rt/restream/reindexer/db/DbBaseTest.java b/src/test/java/ru/rt/restream/reindexer/db/DbBaseTest.java index cca1b0f3..12f5dcfe 100644 --- a/src/test/java/ru/rt/restream/reindexer/db/DbBaseTest.java +++ b/src/test/java/ru/rt/restream/reindexer/db/DbBaseTest.java @@ -41,7 +41,7 @@ public abstract class DbBaseTest { * Initializes the Reindexer instance before all tests. */ @BeforeAll - void initDb() { + protected void initDb() { if (this.getClass().isAnnotationPresent(CprotoTest.class)) { db = DbLocator.getDb(CPROTO); } else if (this.getClass().isAnnotationPresent(BuiltinTest.class)) { diff --git a/src/test/java/ru/rt/restream/reindexer/db/DbLocator.java b/src/test/java/ru/rt/restream/reindexer/db/DbLocator.java index 9f07bf50..2bbeae39 100644 --- a/src/test/java/ru/rt/restream/reindexer/db/DbLocator.java +++ b/src/test/java/ru/rt/restream/reindexer/db/DbLocator.java @@ -23,6 +23,12 @@ import java.io.File; import java.io.IOException; +import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.nio.file.StandardCopyOption; +import java.security.KeyStore; import java.time.Duration; import java.util.ArrayList; import java.util.Arrays; @@ -30,6 +36,10 @@ import java.util.List; import java.util.Map; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManagerFactory; + /** * Creates a Reindexer instances for tests. * This class is not thread safe. @@ -39,7 +49,7 @@ public class DbLocator { private static final String BUILTIN_DB_PATH = "/tmp/reindex/builtin_test"; // if change the path, need to synchronized it with path in default-builtin-server-config.yml - private static final String BUILTINSERVER_DB_PATH = "/tmp/reindex/server"; + private static final String BUILTINSERVER_DB_PATH = "/tmp/reindex"; private static final Map instancesForUse = new HashMap<>(); @@ -50,6 +60,20 @@ public class DbLocator { */ private static final String CPROTO_DSNS_PROPERTY = "CprotoDsns"; + private static final String TRUST_STORE_PROPERTY = "javax.net.ssl.trustStore"; + + // A certificate that is valid for 10 years, used to test CPROTOS (SSL/TLS) connection. + private static final String SSL_CERT_PATH = "builtin-server.crt"; + + private static final String SSL_CERT_KEY_PATH = "builtin-server.key"; + + private static final String TRUST_STORE_PATH = "builtin-server.jks"; + + private static final String TRUST_STORE_PASSWORD = "password"; + + // Ensures that the builtin server is started only once. + private static boolean serverStarted = false; + public static ClearDbReindexer getDb(Type type) { ClearDbReindexer db = instancesForUse.get(type); if (db == null) { @@ -71,6 +95,7 @@ static void closeAllDbInstances() throws IOException { } instancesForClose.clear(); instancesForUse.clear(); + serverStarted = false; } private static ClearDbReindexer addDbInstance(Type type) { @@ -82,15 +107,17 @@ private static ClearDbReindexer addDbInstance(Type type) { instancesForUse.put(Type.BUILTIN, builtinDb); instancesForClose.put(builtinDb, BUILTIN_DB_PATH); return builtinDb; + case CPROTOS: case CPROTO: ReindexerConfiguration cprotoConfig = ReindexerConfiguration.builder() .connectionPoolSize(4) + .sslSocketFactory(getSslSocketFactory(type)) .requestTimeout(Duration.ofSeconds(30L)); List urls = getCprotoDbUrlsFromProperty(); if (urls.isEmpty()) { // run builtinserver, not for own use, only for use in cproto datasource - String builtinServerCprotoUrl = runDefaultBuiltinServerDbInstance(); + String builtinServerCprotoUrl = runDefaultBuiltinServerDbInstance(type); urls.add(builtinServerCprotoUrl); } urls.forEach(cprotoConfig::url); @@ -104,6 +131,33 @@ private static ClearDbReindexer addDbInstance(Type type) { } } + private static SSLSocketFactory getSslSocketFactory(Type type) { + // Return null if protocol is not cprotos. + if (type != Type.CPROTOS) { + return null; + } + // Return null if trust store is specified then default SSLSocketFactory is used. + String trustStore = System.getProperty(TRUST_STORE_PROPERTY, null); + if (trustStore != null) { + return null; + } + // Load KeyStore from the classpath and build SSLSocketFactory. + try (InputStream is = DbLocator.class.getClassLoader().getResourceAsStream(TRUST_STORE_PATH)) { + if (is == null) { + throw new IllegalArgumentException(TRUST_STORE_PATH + " not found in classpath"); + } + KeyStore keyStore = KeyStore.getInstance("JKS"); + keyStore.load(is, TRUST_STORE_PASSWORD.toCharArray()); + TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(keyStore); + SSLContext sslContext = SSLContext.getInstance("TLS"); + sslContext.init(null, tmf.getTrustManagers(), null); + return sslContext.getSocketFactory(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + private static List getCprotoDbUrlsFromProperty() { List urls = new ArrayList<>(); @@ -111,22 +165,46 @@ private static List getCprotoDbUrlsFromProperty() { if (cprotoUrls != null) { Arrays.stream(cprotoUrls.split(",")) .filter(s -> !s.isEmpty()) - .filter(s -> s.startsWith("cproto://")) + .filter(s -> s.startsWith("cproto://") || s.startsWith("cprotos://")) .forEach(urls::add); } return urls; } - private static String runDefaultBuiltinServerDbInstance() { - ClearDbReindexer server = new ClearDbReindexer(ReindexerConfiguration.builder() - .url("builtinserver://items") - .getReindexer().getBinding()); - instancesForClose.put(server, BUILTINSERVER_DB_PATH); + private static String runDefaultBuiltinServerDbInstance(Type type) { + if (!serverStarted) { + // Copy the SSL certificate and key to the Reindexer directory. + copyResourceToReindexerDirectory(SSL_CERT_PATH); + copyResourceToReindexerDirectory(SSL_CERT_KEY_PATH); + ClearDbReindexer server = new ClearDbReindexer(ReindexerConfiguration.builder() + .url("builtinserver://items") + .getReindexer().getBinding()); + instancesForClose.put(server, BUILTINSERVER_DB_PATH); + serverStarted = true; + } + if (type == Type.CPROTOS) { + return "cprotos://localhost:6535/items"; + } return "cproto://localhost:6534/items"; } + private static void copyResourceToReindexerDirectory(String fileName) { + try (InputStream is = DbLocator.class.getClassLoader().getResourceAsStream(fileName)) { + if (is == null) { + throw new IllegalArgumentException(fileName + " not found in classpath"); + } + Path reindexerDir = Paths.get(BUILTINSERVER_DB_PATH); + Files.createDirectories(reindexerDir); + Path target = reindexerDir.resolve(fileName); + Files.copy(is, target, StandardCopyOption.REPLACE_EXISTING); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + public enum Type { BUILTIN, + CPROTOS, CPROTO } diff --git a/src/test/resources/builtin-server.crt b/src/test/resources/builtin-server.crt new file mode 100644 index 00000000..32e5fc42 --- /dev/null +++ b/src/test/resources/builtin-server.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID3zCCAsegAwIBAgIUdXlVASWl+7dSBtvACMVSeI2Jq4gwDQYJKoZIhvcNAQEL +BQAwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEjAQBgNVBAcM +CVZhbmNvdXZlcjEmMCQGA1UECgwdUmVpbmRleGVyIEJ1aWx0aW4gU2VydmVyIFRl +c3QxCzAJBgNVBAsMAklUMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjUwOTE2MDE1 +ODA2WhcNMzUwOTE0MDE1ODA2WjB/MQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2Fz +aGluZ3RvbjESMBAGA1UEBwwJVmFuY291dmVyMSYwJAYDVQQKDB1SZWluZGV4ZXIg +QnVpbHRpbiBTZXJ2ZXIgVGVzdDELMAkGA1UECwwCSVQxEjAQBgNVBAMMCWxvY2Fs +aG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMhHgrcr+CEuLcPF +PnLMKuMi0UDeXnI0fihc4O4z+o9NuY+bkGjJX+K4PRZ93KC5a3pxyhTchdgGJv2w +E4L/VUDsBnTyXDAuNc6aWYdasDHxX7TBRKcV0qAPuNwNg3CvfAnxEt3uj4RznAQc +mcCECDL/AYVp/PRQrMsJ/iVpydsxgksSFWLR3hSw9FhgKH5FXfp7aZpd53uSbVla +BLmGsH95F5+f52mDs+LvqZfoXHtjaLVNVRVfpsQ9iJVwIm3FyYu0txRS3NBCwiaX +emsQiptsd0FkQAXcgd/UyWHuvJ3irHdUSW2Ts0RQkk0ZCtuLJAflnzwC6IqxnjNj +GMVuptECAwEAAaNTMFEwHQYDVR0OBBYEFHGCNQNJa2BzlaAxnevlFWUxDe/BMB8G +A1UdIwQYMBaAFHGCNQNJa2BzlaAxnevlFWUxDe/BMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQELBQADggEBAF4nGGKdun4ei0knEytoF+cJCvcmLZ2nlB7ZJu0q +f+CexNElX7SZxVpYEBkYStFjDqZ/vZD6K2PXk6VsqfyD8grlrWOuaFRWRt7G2+TF +9XWfespyXNqAJUIl9fozDYItfQB4PL4qbkR9ip2PPt0+XreGvmMAtL/1tpGgt49z +ReWQpwGEZgagyMnIsLCg9Gin2s2eu6DKXRoufC7cZ7Fai3ipBUCRuZIZd7ZwLVpY +ZTzdfgATOEsJ3xqYHZRSQFLafARh0VKctBHs8ZxGLCZ3v4pSkpF137kZBtJjwvyd +uO+M0BDkDtHWpwQfUijnspHY6SxvaYgHuksu1rIurQPcyJQ= +-----END CERTIFICATE----- diff --git a/src/test/resources/builtin-server.jks b/src/test/resources/builtin-server.jks new file mode 100644 index 0000000000000000000000000000000000000000..e3b8869811585f6e254c5b50c61603015f4af034 GIT binary patch literal 1382 zcmV-s1)2IVf(2p%0Ru3C1q=oWDuzgg_YDCD0ic2e{RDyp`7nY6^)P}2@dgPhhDe6@ z4FLxRpn?SAFoFc$0s#Opf&|wF2`Yw2hW8Bt2LUi<1_>&LNQUBni`%Sa)z+H4!z#M!j%F7ClCSwATSID2r7n1hW8Bu2?YQ! z9R>+thDZTr0|Wso1Q6GT_Ex0N(M14^yAhogui}7$1Ym8b8wg@1O2?;fwdJ$A49k++ zkJ&zVA?7?=Wp1g`uq$d|Nr-@k_1~IQYp^;txw2=Lxkkjf-ld_$FSOCbPmvc-lF!DSnMo3ChnR^g9R?7#g<5nCfMJlT_b3&w{}~8DHk`2-B$G0$S3hU@axnGN{BtS zv+$VLXC%Ca?bsG@@Ud*bDuJh@Zkh!Lh18PDl?7_^s6Vl?^1ilpIZ?wmUTNu3a5-PK zW-`93E93x-q%QAs60kvrdSvB?mJwPIQXmD)tw?0S0X?H*Ly4-1$AFh$i4Y+GMk^U4 ztKSLAdL={pr-zJsaQ7O+;FpFTwfFU-#`~Fn`cG*3Jo^&DTSx6|X-EDUM}OUUu}>OY zSWr;gdg&DK*~Eh#Xub6?QYM(mAngm%f{J=3ODjuy12H+w%AHbib6c(|EmWW%Nv&KgZU5HEpDJlG*(@AeU_CQp*g5+yU8=&POQhK|M)T-WM@ z7qo+}e|E$=+f_0g6#rYyN(YeiRiv`G;?L`(m+xC)=LlF>Dk#3+HK#uw#t zhC@3=wy2|rH!qM_FF#$jSzLA(a^0`8Py^M7Xo#XEGhzL*6lX5qp6wx(3qm-Hk0tBW z*@2!u3W+bF<%jOzti7CXCY-_42y!zw5{*K)NAjUVTmEPX$oYXdq0;VU;7GUQ$F zWg_HgiBr1&;vR?^uKYz1%c}sNI?WMfvDsD3^{wv1x1P^^PIy6^-D65p=vg|sVZ#mE z?COa}RbY6`m@s5(17Tw?*yMC);DgWdG!OmC;yZ!}9_;JQ&8L|)@^)yVn=i8?SK+wx zgklF^z+!yJC`V$N{Q)k>4Zy}*Fg#z$9l0T3V#7}_=(N;P-aAr0)jB2*!>)Yujb4o0 z6+VxkT3A6&M|k(1War;kFW?|risb$~HC%9!+uc1u=GBlnC6+sTp&fCR4}!V?|2-!> z;c&fbPM#t2h^)sdc^a;xN}54DZ&ZVnG!;A&3Z=xFLXo_{CRoGd+zFPSNOMsCpQ0K; zklXN3Q+(cc(D*xve;;D-2q=KxIbXEogUqBwOxc&qGey1T~;4fR`yox=& z*=$Kcl}hbwjNC9O71OfpC00ba%qCSOL!2|qiy=aAx4Xn*RaO7mi ox7FTndSy<(Dqtc66!c&-#qbLEu86pGYxW@-7R!u*vH}7p5HPNI>Hq)$ literal 0 HcmV?d00001 diff --git a/src/test/resources/builtin-server.key b/src/test/resources/builtin-server.key new file mode 100644 index 00000000..652993ee --- /dev/null +++ b/src/test/resources/builtin-server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIR4K3K/ghLi3D +xT5yzCrjItFA3l5yNH4oXODuM/qPTbmPm5BoyV/iuD0WfdyguWt6ccoU3IXYBib9 +sBOC/1VA7AZ08lwwLjXOmlmHWrAx8V+0wUSnFdKgD7jcDYNwr3wJ8RLd7o+Ec5wE +HJnAhAgy/wGFafz0UKzLCf4lacnbMYJLEhVi0d4UsPRYYCh+RV36e2maXed7km1Z +WgS5hrB/eRefn+dpg7Pi76mX6Fx7Y2i1TVUVX6bEPYiVcCJtxcmLtLcUUtzQQsIm +l3prEIqbbHdBZEAF3IHf1Mlh7ryd4qx3VEltk7NEUJJNGQrbiyQH5Z88AuiKsZ4z +YxjFbqbRAgMBAAECggEAAuI5tPi4ecTUEpyrT6SWLP9ON0KEZl1QYDUnJXLg5ZGT +TYiqQYH9xBJOSd290KAe1qxfAiIjOLcs9kvj2gfiYr0LQkGPl3+A1ZTWG2twPEXb +EIuUWRoItnaHfT6iEPwr22pJ0OF7lkcCXPJK+fFEu3Q9wb2jD2L+e+1sx/3gEsx7 +Cmom5LVJy7N0ehUONRmg9iISqXoomyFw80L/HSE20gsUgyYfytPaR+hRJ+eEvBDc +oFtMIjMyTJaSFwkPaSwXC7aFch8ZVNRrLluBcSwMKxr5WA4xNiJuZLVaS4OyCi5R +gAtvjdum/3EXgJa4/s6Uao9lj8vcbyDDu1GbZVpuaQKBgQDs87+UFu7J9zLEIq3F +vU79NgvrmJd1nyY0p1SgKOEB8PR7yVvHBXFIeXw+e/RVaeZNdMJgu/m0ur9oblDg +IxRRAea/diHITevMDD8P2rujFbbg6BJ41juadZuvtWYN2XJxaGiofSP+M+4Bs3ei +0CaZ36138mjo8cZUI5sXdvBCSQKBgQDYYRIOk7JhVdH4UCOj7IQCwrsJEMdn2K39 +BgBFoxuj+WamSZjR90+8j18fOO81VcLG41+4OW59z+DCsnVxgHF0QEQBRyl2dzd0 +UMHM9iM7plyVJ2znJN+qxtZQej7O4aQZuevFe/YSKQO6kVzhvu9qaWF1eDegLC2O +m9AV743ASQKBgCq7bqJbXGcJ8JrUkjgmAtfBZnbvhukMcYxvXOChXqrF9KFaV/XV +cm+akSCHpDG/LmxrkR525/qC7z/7HRS+3swZJq8Cs+b2vn6G+tx2Gv63TMrUr3gh +UpBxg0k10pjOzUfMh4tTPil63gJqhjnThhKb9yG5ktfnule0MCUUKxIZAoGBAKd4 +2iT2I8Y6Sj1KqYsicDpCxciKeAvkJSYFEwjS6X3MdqqVo/Y+2DQ1M4ZS5rH9IrgV +G+zWZrJxxqBqx4OFykoTw47JqUnLk9wu9RDSIQr2BApdbWipnYPsScwYEazF7+EJ +iXZcL2R24i/welcvFNbjoU7uMP+Dse8CodeYhbohAoGARplGnV4tH/u7zIBoy8GG +wj6N/L+MQTdxWmb1g7jzGP0LiOr3Ah3yd2LRqX4JMGxsFBeMmqjJbKl3sMiKDDFI +rOAOsDkaUjLOf3Fbx1vlDmC1AzrTCXuwEYgUOhUbj0Y9k0ir2TuGxw+p2lzPnE9y +YUfmvAt+4CIsux1Sr9vPpDk= +-----END PRIVATE KEY----- diff --git a/src/test/resources/default-builtin-server-config.yml b/src/test/resources/default-builtin-server-config.yml index eaab68f4..5d9c2360 100644 --- a/src/test/resources/default-builtin-server-config.yml +++ b/src/test/resources/default-builtin-server-config.yml @@ -7,6 +7,8 @@ net: httpaddr: "0.0.0.0:9088" rpcaddr: "0.0.0.0:6534" security: false + ssl_cert: /tmp/reindex/builtin-server.crt + ssl_key: /tmp/reindex/builtin-server.key logger: serverlog: "stdout" corelog: "stdout" From e13cce3c28ec03d85cc714444c711abdf50a5390 Mon Sep 17 00:00:00 2001 From: Evgeniy Cheban Date: Fri, 19 Sep 2025 01:18:35 +0300 Subject: [PATCH 2/2] Fixed a failing build on macOS (AArch64) - Bump cmake-maven-plugin from 3.19.2-b1 to 4.0.3-b1 - Workaround for macOS to propagate a correct OpenSSL lib path to Reindexer Issue gh-122 --- builtin-adapter/CMakeLists.txt | 16 +++++++++++++++- pom.xml | 5 ++--- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/builtin-adapter/CMakeLists.txt b/builtin-adapter/CMakeLists.txt index 615a0a9d..d48cd2bb 100644 --- a/builtin-adapter/CMakeLists.txt +++ b/builtin-adapter/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.0) +cmake_minimum_required(VERSION 3.5) project(builtin-adapter) @@ -17,3 +17,17 @@ add_library(${TARGET} SHARED BuiltinAdapter.cpp) include_directories(${JNI_INCLUDE_DIRS} ${REINDEXER_INCLUDE_DIRS}) target_link_libraries(${TARGET} reindexer_server_library reindexer_server_resources ${REINDEXER_LIBRARIES}) + +# Workaround for macOS to propagate a correct OpenSSL lib path to Reindexer. +if(APPLE) + find_package(OpenSSL) + if(OpenSSL_FOUND) + if(NOT DEFINED OPENSSL_LIB_PATH) + get_filename_component(OPENSSL_LIB_PATH ${OPENSSL_CRYPTO_LIBRARY} DIRECTORY) + endif() + set_target_properties(${TARGET} PROPERTIES + BUILD_WITH_INSTALL_RPATH TRUE + INSTALL_RPATH ${OPENSSL_LIB_PATH} + ) + endif() +endif() diff --git a/pom.xml b/pom.xml index 30c1c0b5..dd7c0c2a 100644 --- a/pom.xml +++ b/pom.xml @@ -179,13 +179,12 @@ - com.googlecode.cmake-maven-project + io.github.cmake-maven-plugin cmake-maven-plugin - 3.19.2-b1 + 4.0.3-b1 Unix Makefiles ${cmake.source.directory} - ${cmake.binary.directory} ${cmake.binary.directory}