private void setup(boolean addShutdownHook, Settings settings, Environment environment)
throws Exception {
initializeNatives(
environment.tmpFile(),
BootstrapSettings.MLOCKALL_SETTING.get(settings),
BootstrapSettings.SECCOMP_SETTING.get(settings),
BootstrapSettings.CTRLHANDLER_SETTING.get(settings));
// initialize probes before the security manager is installed
initializeProbes();
if (addShutdownHook) {
Runtime.getRuntime()
.addShutdownHook(
new Thread() {
@Override
public void run() {
try {
IOUtils.close(node);
} catch (IOException ex) {
throw new ElasticsearchException("failed to stop node", ex);
}
}
});
}
// look for jar hell
JarHell.checkJarHell();
// install SM after natives, shutdown hooks, etc.
Security.configure(
environment, BootstrapSettings.SECURITY_FILTER_BAD_DEFAULTS_SETTING.get(settings));
// We do not need to reload system properties here as we have already applied them in building
// the settings and
// reloading could cause multiple prompts to the user for values if a system property was
// specified with a prompt
// placeholder
Settings nodeSettings =
Settings.settingsBuilder()
.put(settings)
.put(InternalSettingsPreparer.IGNORE_SYSTEM_PROPERTIES_SETTING.getKey(), true)
.build();
node = new Node(nodeSettings);
}
/**
* Sets properties (codebase URLs) for policy files. JAR locations are not fixed so we have to
* find the locations of the ones we want.
*/
@SuppressForbidden(reason = "proper use of URL")
static void setCodebaseProperties() {
for (URL url : JarHell.parseClassPath()) {
for (Map.Entry<Pattern, String> e : SPECIAL_JARS.entrySet()) {
if (e.getKey().matcher(url.getPath()).matches()) {
String prop = e.getValue();
if (System.getProperty(prop) != null) {
throw new IllegalStateException(
"property: " + prop + " is unexpectedly set: " + System.getProperty(prop));
}
System.setProperty(prop, url.toString());
}
}
}
for (String prop : SPECIAL_JARS.values()) {
if (System.getProperty(prop) == null) {
System.setProperty(prop, "file:/dev/null"); // no chance to be interpreted as "all"
}
}
}
/** Adds access to classpath jars/classes for jar hell scan, etc */
@SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
static void addClasspathPermissions(Permissions policy) throws IOException {
// add permissions to everything in classpath
// really it should be covered by lib/, but there could be e.g. agents or similar configured)
for (URL url : JarHell.parseClassPath()) {
Path path;
try {
path = PathUtils.get(url.toURI());
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
// resource itself
policy.add(new FilePermission(path.toString(), "read,readlink"));
// classes underneath
if (Files.isDirectory(path)) {
policy.add(
new FilePermission(
path.toString() + path.getFileSystem().getSeparator() + "-", "read,readlink"));
}
}
}
static {
// just like bootstrap, initialize natives, then SM
Bootstrap.initializeNatives(true, true);
// initialize probes
Bootstrap.initializeProbes();
// check for jar hell
try {
JarHell.checkJarHell();
} catch (Exception e) {
if (Boolean.parseBoolean(System.getProperty("tests.maven"))) {
throw new RuntimeException("found jar hell in test classpath", e);
} else {
Loggers.getLogger(BootstrapForTesting.class)
.warn(
"Your ide or custom test runner has jar hell issues, "
+ "you might want to look into that",
e);
}
}
// make sure java.io.tmpdir exists always (in case code uses it in a static initializer)
Path javaTmpDir =
PathUtils.get(
Objects.requireNonNull(
System.getProperty("java.io.tmpdir"), "please set ${java.io.tmpdir} in pom.xml"));
try {
Security.ensureDirectoryExists(javaTmpDir);
} catch (Exception e) {
throw new RuntimeException("unable to create test temp directory", e);
}
// install security manager if requested
if (systemPropertyAsBoolean("tests.security.manager", true)) {
try {
Security.setCodebaseProperties();
// if its an insecure plugin, its not easy to simulate here, since we don't have a real
// plugin install.
// we just do our best so unit testing can work. integration tests for such plugins are
// essential.
String artifact = System.getProperty("tests.artifact");
String insecurePluginProp = Security.INSECURE_PLUGINS.get(artifact);
if (insecurePluginProp != null) {
System.setProperty(insecurePluginProp, "file:/-");
}
// initialize paths the same exact way as bootstrap.
Permissions perms = new Permissions();
// add permissions to everything in classpath
for (URL url : JarHell.parseClassPath()) {
Path path = PathUtils.get(url.toURI());
// resource itself
perms.add(new FilePermission(path.toString(), "read,readlink"));
// classes underneath
perms.add(
new FilePermission(
path.toString() + path.getFileSystem().getSeparator() + "-", "read,readlink"));
// crazy jython...
String filename = path.getFileName().toString();
if (filename.contains("jython") && filename.endsWith(".jar")) {
// just enough so it won't fail when it does not exist
perms.add(new FilePermission(path.getParent().toString(), "read,readlink"));
perms.add(
new FilePermission(path.getParent().resolve("Lib").toString(), "read,readlink"));
}
}
// java.io.tmpdir
Security.addPath(perms, "java.io.tmpdir", javaTmpDir, "read,readlink,write,delete");
// custom test config file
if (Strings.hasLength(System.getProperty("tests.config"))) {
perms.add(new FilePermission(System.getProperty("tests.config"), "read,readlink"));
}
// jacoco coverage output file
if (Boolean.getBoolean("tests.coverage")) {
Path coverageDir = PathUtils.get(System.getProperty("tests.coverage.dir"));
perms.add(
new FilePermission(coverageDir.resolve("jacoco.exec").toString(), "read,write"));
// in case we get fancy and use the -integration goals later:
perms.add(
new FilePermission(coverageDir.resolve("jacoco-it.exec").toString(), "read,write"));
}
Policy.setPolicy(new ESPolicy(perms));
System.setSecurityManager(new TestSecurityManager());
Security.selfTest();
if (insecurePluginProp != null) {
// initialize the plugin class, in case it has one-time hacks (unit tests often won't do
// this)
String clazz = System.getProperty("tests.plugin.classname");
if (clazz == null) {
throw new IllegalStateException(
"plugin classname is needed for insecure plugin unit tests");
}
Class.forName(clazz);
}
} catch (Exception e) {
throw new RuntimeException("unable to install test security manager", e);
}
}
}
