solr/core/src/test/org/apache/solr/util/configuration/SSLConfigurationsTest.java - lucene-solr - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.solr.util.configuration;

 import java.io.IOException;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;

 import org.apache.hadoop.conf.Configuration;
 import org.apache.lucene.util.TestRuleRestoreSystemProperties;
 import org.apache.solr.SolrTestCaseJ4;
 import org.apache.solr.util.configuration.providers.EnvSSLCredentialProvider;
 import org.apache.solr.util.configuration.providers.HadoopSSLCredentialProvider;
 import org.apache.solr.util.configuration.providers.SysPropSSLCredentialProvider;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.TestRule;
 import org.mockito.Mockito;

 import static org.apache.hadoop.security.alias.CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH;
 import static org.hamcrest.CoreMatchers.is;
 import static org.junit.Assert.assertThat;
 import static org.mockito.Mockito.when;

 public class SSLConfigurationsTest {
   private Map<String, String> envs;
   private SSLConfigurations sut;

   public static final String SAMPLE_PW1 = "pw123";
   public static final String SAMPLE_PW2 = "pw456";
   public static final String SAMPLE_PW3 = "pw789";
   public static final String KEY_STORE_PASSWORD = SSLConfigurations.SysProps.SSL_KEY_STORE_PASSWORD;
   public static final String TRUST_STORE_PASSWORD = SSLConfigurations.SysProps.SSL_TRUST_STORE_PASSWORD;
   public static final String CLIENT_KEY_STORE_PASSWORD = SSLConfigurations.SysProps.SSL_CLIENT_KEY_STORE_PASSWORD;
   public static final String CLIENT_TRUST_STORE_PASSWORD = SSLConfigurations.SysProps.SSL_CLIENT_TRUST_STORE_PASSWORD;

   @Rule
   public TestRule syspropRestore = new TestRuleRestoreSystemProperties(
       SSLConfigurations.SysProps.SSL_KEY_STORE_PASSWORD,
       SSLConfigurations.SysProps.SSL_TRUST_STORE_PASSWORD,
       SSLConfigurations.SysProps.SSL_CLIENT_KEY_STORE_PASSWORD,
       SSLConfigurations.SysProps.SSL_CLIENT_TRUST_STORE_PASSWORD,
       CREDENTIAL_PROVIDER_PATH
   );

   @Before
   public void setUp() {
     envs = new HashMap<>();
   }

   private SSLConfigurations createSut(Configuration mockHadoopConfiguration) {
     EnvSSLCredentialProvider envSSLCredentialProvider = new EnvSSLCredentialProvider();
     envSSLCredentialProvider.setEnvVars(envs);
     sut = new SSLConfigurations(Arrays.asList(
         new HadoopSSLCredentialProvider(mockHadoopConfiguration),
         envSSLCredentialProvider,
         new SysPropSSLCredentialProvider())
     );
     return sut;
   }

   private SSLConfigurations createSut() {
     EnvSSLCredentialProvider envSSLCredentialProvider = new EnvSSLCredentialProvider();
     envSSLCredentialProvider.setEnvVars(envs);
     sut = new SSLConfigurations(Arrays.asList(envSSLCredentialProvider, new SysPropSSLCredentialProvider()));
     return sut;
   }

   @Test
   public void testSslConfigKeystorePwFromKeystoreEnvVar() {
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_KEY_STORE_PASSWORD, SAMPLE_PW1);
     createSut().init();
     assertThat(System.getProperty(CLIENT_KEY_STORE_PASSWORD), is(SAMPLE_PW1));
   }

   @Test
   public void testSslConfigKeystorePwFromClientKeystoreEnvVar() {
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW2);
     createSut().init();
     assertThat(System.getProperty(CLIENT_KEY_STORE_PASSWORD), is(SAMPLE_PW2));
   }

   @Test
   public void testSslConfigKeystorePwFromBothEnvVars() {
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_KEY_STORE_PASSWORD, SAMPLE_PW1);
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW2);
     createSut().init();
     assertThat(System.getProperty(CLIENT_KEY_STORE_PASSWORD), is(SAMPLE_PW2));
   }

   @Test
   public void testSslConfigKeystorePwFromKeystoreHadoopCredentialProvider() throws IOException {
     getSutWithMockedHadoopCredentialProvider(SSLConfigurations.SysProps.SSL_KEY_STORE_PASSWORD, SAMPLE_PW1)
         .init();
     assertThat(System.getProperty(CLIENT_KEY_STORE_PASSWORD), is(SAMPLE_PW1));
   }

   @Test
   public void testSslConfigKeystorePwFromClientKeystoreHadoopCredentialProvider() throws IOException {
     getSutWithMockedHadoopCredentialProvider(SSLConfigurations.SysProps.SSL_CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW2)
         .init();
     assertThat(System.getProperty(CLIENT_KEY_STORE_PASSWORD), is(SAMPLE_PW2));
   }

   @Test
   public void testSslConfigKeystorePwNotOverwrittenIfExists() {
     System.setProperty(CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW3);
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_KEY_STORE_PASSWORD, SAMPLE_PW1);
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW2);
     createSut().init();
     assertThat(System.getProperty(CLIENT_KEY_STORE_PASSWORD), is(SAMPLE_PW3)); // unchanged
   }


   @Test
   public void testSslConfigTruststorePwFromKeystoreEnvVar() {
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_TRUST_STORE_PASSWORD, SAMPLE_PW1);
     createSut().init();
     assertThat(System.getProperty(CLIENT_TRUST_STORE_PASSWORD), is(SAMPLE_PW1));
   }

   @Test
   public void testSslConfigTruststorePwFromClientKeystoreEnvVar() {
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD, SAMPLE_PW2);
     createSut().init();
     assertThat(System.getProperty(CLIENT_TRUST_STORE_PASSWORD), is(SAMPLE_PW2));
   }

   @Test
   public void testSslConfigTruststorePwFromBothEnvVars() {
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_TRUST_STORE_PASSWORD, SAMPLE_PW1);
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD, SAMPLE_PW2);
     createSut().init();
     assertThat(System.getProperty(CLIENT_TRUST_STORE_PASSWORD), is(SAMPLE_PW2));
   }

   @Test
   public void testSslConfigTruststorePwNotOverwrittenIfExists() {
     System.setProperty(CLIENT_TRUST_STORE_PASSWORD, SAMPLE_PW3);
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_TRUST_STORE_PASSWORD, SAMPLE_PW1);
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD, SAMPLE_PW2);
     createSut().init();
     assertThat(System.getProperty(CLIENT_TRUST_STORE_PASSWORD), is(SAMPLE_PW3)); // unchanged
   }

   @Test
   public void testGetKeyStorePasswordFromProperty() {
     System.setProperty(KEY_STORE_PASSWORD, SAMPLE_PW1);
     assertThat(createSut().getKeyStorePassword(), is(SAMPLE_PW1));
   }

   @Test
   public void testGetKeyStorePasswordFromEnv() {
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_KEY_STORE_PASSWORD, SAMPLE_PW2);
     assertThat(createSut().getKeyStorePassword(), is(SAMPLE_PW2));
   }

   @Test
   public void testGetKeyStorePasswordFromHadoopCredentialProvider() throws IOException {
     SSLConfigurations sut = getSutWithMockedHadoopCredentialProvider(SSLConfigurations.SysProps.SSL_KEY_STORE_PASSWORD, SAMPLE_PW3);
     assertThat(sut.getKeyStorePassword(), is(SAMPLE_PW3));
   }


   @Test
   public void testGetTrustStorePasswordFromProperty() {
     System.setProperty(TRUST_STORE_PASSWORD, SAMPLE_PW1);
     assertThat(createSut().getTrustStorePassword(), is(SAMPLE_PW1));
   }

   @Test
   public void testGetTrustStorePasswordFromEnv() {
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_TRUST_STORE_PASSWORD, SAMPLE_PW2);
     assertThat(createSut().getTrustStorePassword(), is(SAMPLE_PW2));
   }

   @Test
   public void testGetTruststorePasswordFromHadoopCredentialProvider() throws IOException {
     SSLConfigurations sut = getSutWithMockedHadoopCredentialProvider(SSLConfigurations.SysProps.SSL_TRUST_STORE_PASSWORD, SAMPLE_PW3);
     assertThat(sut.getTrustStorePassword(), is(SAMPLE_PW3));
   }

   @Test
   public void testGetClientKeyStorePasswordFromProperty() {
     System.setProperty(CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW1);
     assertThat(createSut().getClientKeyStorePassword(), is(SAMPLE_PW1));
   }

   @Test
   public void testGetClientKeyStorePasswordFromEnv() {
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW2);
     assertThat(createSut().getClientKeyStorePassword(), is(SAMPLE_PW2));
   }

   @Test
   public void testGetClientKeyStorePasswordFromHadoopCredentialProvider() throws IOException {
     SSLConfigurations sut = getSutWithMockedHadoopCredentialProvider(SSLConfigurations.SysProps.SSL_CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW3);
     assertThat(sut.getClientKeyStorePassword(), is(SAMPLE_PW3));
   }


   @Test
   public void testGetClientTrustStorePasswordFromProperty() {
     System.setProperty(CLIENT_TRUST_STORE_PASSWORD, SAMPLE_PW1);
     assertThat(createSut().getClientTrustStorePassword(), is(SAMPLE_PW1));
   }

   @Test
   public void testGetClientTrustStorePasswordFromEnv() {
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD, SAMPLE_PW2);
     assertThat(createSut().getClientTrustStorePassword(), is(SAMPLE_PW2));
   }

   @Test
   public void testGetClientTruststorePasswordFromHadoopCredentialProvider() throws IOException {
     SSLConfigurations sut = getSutWithMockedHadoopCredentialProvider(SSLConfigurations.SysProps.SSL_CLIENT_TRUST_STORE_PASSWORD, SAMPLE_PW3);
     assertThat(sut.getClientTrustStorePassword(), is(SAMPLE_PW3));
   }

   @Test
   public void testSystemPropertyPriorityOverEnvVar() throws IOException {
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_KEY_STORE_PASSWORD, SAMPLE_PW2);
     assertThat(createSut().getKeyStorePassword(), is(SAMPLE_PW2));
     System.setProperty(KEY_STORE_PASSWORD, SAMPLE_PW1);
     assertThat(createSut().getKeyStorePassword(), is(SAMPLE_PW2));
   }

   @Test
   public void testHadoopCredentialProviderPrioritySysPropAndEnvVars() throws IOException {
     envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_KEY_STORE_PASSWORD, SAMPLE_PW2);
     assertThat(createSut().getKeyStorePassword(), is(SAMPLE_PW2));
     System.setProperty(KEY_STORE_PASSWORD, SAMPLE_PW1);
     assertThat(createSut().getKeyStorePassword(), is(SAMPLE_PW2));
     SSLConfigurations sut = getSutWithMockedHadoopCredentialProvider(KEY_STORE_PASSWORD, SAMPLE_PW3);
     assertThat(sut.getKeyStorePassword(), is(SAMPLE_PW3));
   }

   private SSLConfigurations getSutWithMockedHadoopCredentialProvider(String key, String pw) throws IOException {
     Configuration mockHadoopConfiguration = getMockHadoopConfiguration();
     when(mockHadoopConfiguration.getPassword(key))
         .then(invocationOnMock -> invocationOnMock.getArguments()[0].equals(key) ? pw.toCharArray() : null);
     System.setProperty(CREDENTIAL_PROVIDER_PATH, "/some/path"); // enables HCP
     return createSut(mockHadoopConfiguration);
   }

   private Configuration getMockHadoopConfiguration() {
     SolrTestCaseJ4.assumeWorkingMockito();
     return Mockito.mock(Configuration.class);
   }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.solr.util.configuration;

	import java.io.IOException;
	import java.util.Arrays;
	import java.util.HashMap;
	import java.util.Map;

	import org.apache.hadoop.conf.Configuration;
	import org.apache.lucene.util.TestRuleRestoreSystemProperties;
	import org.apache.solr.SolrTestCaseJ4;
	import org.apache.solr.util.configuration.providers.EnvSSLCredentialProvider;
	import org.apache.solr.util.configuration.providers.HadoopSSLCredentialProvider;
	import org.apache.solr.util.configuration.providers.SysPropSSLCredentialProvider;
	import org.junit.Before;
	import org.junit.Rule;
	import org.junit.Test;
	import org.junit.rules.TestRule;
	import org.mockito.Mockito;

	import static org.apache.hadoop.security.alias.CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH;
	import static org.hamcrest.CoreMatchers.is;
	import static org.junit.Assert.assertThat;
	import static org.mockito.Mockito.when;

	public class SSLConfigurationsTest {
	private Map<String, String> envs;
	private SSLConfigurations sut;

	public static final String SAMPLE_PW1 = "pw123";
	public static final String SAMPLE_PW2 = "pw456";
	public static final String SAMPLE_PW3 = "pw789";
	public static final String KEY_STORE_PASSWORD = SSLConfigurations.SysProps.SSL_KEY_STORE_PASSWORD;
	public static final String TRUST_STORE_PASSWORD = SSLConfigurations.SysProps.SSL_TRUST_STORE_PASSWORD;
	public static final String CLIENT_KEY_STORE_PASSWORD = SSLConfigurations.SysProps.SSL_CLIENT_KEY_STORE_PASSWORD;
	public static final String CLIENT_TRUST_STORE_PASSWORD = SSLConfigurations.SysProps.SSL_CLIENT_TRUST_STORE_PASSWORD;

	@Rule
	public TestRule syspropRestore = new TestRuleRestoreSystemProperties(
	SSLConfigurations.SysProps.SSL_KEY_STORE_PASSWORD,
	SSLConfigurations.SysProps.SSL_TRUST_STORE_PASSWORD,
	SSLConfigurations.SysProps.SSL_CLIENT_KEY_STORE_PASSWORD,
	SSLConfigurations.SysProps.SSL_CLIENT_TRUST_STORE_PASSWORD,
	CREDENTIAL_PROVIDER_PATH
	);

	@Before
	public void setUp() {
	envs = new HashMap<>();
	}

	private SSLConfigurations createSut(Configuration mockHadoopConfiguration) {
	EnvSSLCredentialProvider envSSLCredentialProvider = new EnvSSLCredentialProvider();
	envSSLCredentialProvider.setEnvVars(envs);
	sut = new SSLConfigurations(Arrays.asList(
	new HadoopSSLCredentialProvider(mockHadoopConfiguration),
	envSSLCredentialProvider,
	new SysPropSSLCredentialProvider())
	);
	return sut;
	}

	private SSLConfigurations createSut() {
	EnvSSLCredentialProvider envSSLCredentialProvider = new EnvSSLCredentialProvider();
	envSSLCredentialProvider.setEnvVars(envs);
	sut = new SSLConfigurations(Arrays.asList(envSSLCredentialProvider, new SysPropSSLCredentialProvider()));
	return sut;
	}

	@Test
	public void testSslConfigKeystorePwFromKeystoreEnvVar() {
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_KEY_STORE_PASSWORD, SAMPLE_PW1);
	createSut().init();
	assertThat(System.getProperty(CLIENT_KEY_STORE_PASSWORD), is(SAMPLE_PW1));
	}

	@Test
	public void testSslConfigKeystorePwFromClientKeystoreEnvVar() {
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW2);
	createSut().init();
	assertThat(System.getProperty(CLIENT_KEY_STORE_PASSWORD), is(SAMPLE_PW2));
	}

	@Test
	public void testSslConfigKeystorePwFromBothEnvVars() {
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_KEY_STORE_PASSWORD, SAMPLE_PW1);
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW2);
	createSut().init();
	assertThat(System.getProperty(CLIENT_KEY_STORE_PASSWORD), is(SAMPLE_PW2));
	}

	@Test
	public void testSslConfigKeystorePwFromKeystoreHadoopCredentialProvider() throws IOException {
	getSutWithMockedHadoopCredentialProvider(SSLConfigurations.SysProps.SSL_KEY_STORE_PASSWORD, SAMPLE_PW1)
	.init();
	assertThat(System.getProperty(CLIENT_KEY_STORE_PASSWORD), is(SAMPLE_PW1));
	}

	@Test
	public void testSslConfigKeystorePwFromClientKeystoreHadoopCredentialProvider() throws IOException {
	getSutWithMockedHadoopCredentialProvider(SSLConfigurations.SysProps.SSL_CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW2)
	.init();
	assertThat(System.getProperty(CLIENT_KEY_STORE_PASSWORD), is(SAMPLE_PW2));
	}

	@Test
	public void testSslConfigKeystorePwNotOverwrittenIfExists() {
	System.setProperty(CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW3);
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_KEY_STORE_PASSWORD, SAMPLE_PW1);
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW2);
	createSut().init();
	assertThat(System.getProperty(CLIENT_KEY_STORE_PASSWORD), is(SAMPLE_PW3)); // unchanged
	}


	@Test
	public void testSslConfigTruststorePwFromKeystoreEnvVar() {
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_TRUST_STORE_PASSWORD, SAMPLE_PW1);
	createSut().init();
	assertThat(System.getProperty(CLIENT_TRUST_STORE_PASSWORD), is(SAMPLE_PW1));
	}

	@Test
	public void testSslConfigTruststorePwFromClientKeystoreEnvVar() {
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD, SAMPLE_PW2);
	createSut().init();
	assertThat(System.getProperty(CLIENT_TRUST_STORE_PASSWORD), is(SAMPLE_PW2));
	}

	@Test
	public void testSslConfigTruststorePwFromBothEnvVars() {
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_TRUST_STORE_PASSWORD, SAMPLE_PW1);
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD, SAMPLE_PW2);
	createSut().init();
	assertThat(System.getProperty(CLIENT_TRUST_STORE_PASSWORD), is(SAMPLE_PW2));
	}

	@Test
	public void testSslConfigTruststorePwNotOverwrittenIfExists() {
	System.setProperty(CLIENT_TRUST_STORE_PASSWORD, SAMPLE_PW3);
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_TRUST_STORE_PASSWORD, SAMPLE_PW1);
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD, SAMPLE_PW2);
	createSut().init();
	assertThat(System.getProperty(CLIENT_TRUST_STORE_PASSWORD), is(SAMPLE_PW3)); // unchanged
	}

	@Test
	public void testGetKeyStorePasswordFromProperty() {
	System.setProperty(KEY_STORE_PASSWORD, SAMPLE_PW1);
	assertThat(createSut().getKeyStorePassword(), is(SAMPLE_PW1));
	}

	@Test
	public void testGetKeyStorePasswordFromEnv() {
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_KEY_STORE_PASSWORD, SAMPLE_PW2);
	assertThat(createSut().getKeyStorePassword(), is(SAMPLE_PW2));
	}

	@Test
	public void testGetKeyStorePasswordFromHadoopCredentialProvider() throws IOException {
	SSLConfigurations sut = getSutWithMockedHadoopCredentialProvider(SSLConfigurations.SysProps.SSL_KEY_STORE_PASSWORD, SAMPLE_PW3);
	assertThat(sut.getKeyStorePassword(), is(SAMPLE_PW3));
	}


	@Test
	public void testGetTrustStorePasswordFromProperty() {
	System.setProperty(TRUST_STORE_PASSWORD, SAMPLE_PW1);
	assertThat(createSut().getTrustStorePassword(), is(SAMPLE_PW1));
	}

	@Test
	public void testGetTrustStorePasswordFromEnv() {
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_TRUST_STORE_PASSWORD, SAMPLE_PW2);
	assertThat(createSut().getTrustStorePassword(), is(SAMPLE_PW2));
	}

	@Test
	public void testGetTruststorePasswordFromHadoopCredentialProvider() throws IOException {
	SSLConfigurations sut = getSutWithMockedHadoopCredentialProvider(SSLConfigurations.SysProps.SSL_TRUST_STORE_PASSWORD, SAMPLE_PW3);
	assertThat(sut.getTrustStorePassword(), is(SAMPLE_PW3));
	}

	@Test
	public void testGetClientKeyStorePasswordFromProperty() {
	System.setProperty(CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW1);
	assertThat(createSut().getClientKeyStorePassword(), is(SAMPLE_PW1));
	}

	@Test
	public void testGetClientKeyStorePasswordFromEnv() {
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW2);
	assertThat(createSut().getClientKeyStorePassword(), is(SAMPLE_PW2));
	}

	@Test
	public void testGetClientKeyStorePasswordFromHadoopCredentialProvider() throws IOException {
	SSLConfigurations sut = getSutWithMockedHadoopCredentialProvider(SSLConfigurations.SysProps.SSL_CLIENT_KEY_STORE_PASSWORD, SAMPLE_PW3);
	assertThat(sut.getClientKeyStorePassword(), is(SAMPLE_PW3));
	}


	@Test
	public void testGetClientTrustStorePasswordFromProperty() {
	System.setProperty(CLIENT_TRUST_STORE_PASSWORD, SAMPLE_PW1);
	assertThat(createSut().getClientTrustStorePassword(), is(SAMPLE_PW1));
	}

	@Test
	public void testGetClientTrustStorePasswordFromEnv() {
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD, SAMPLE_PW2);
	assertThat(createSut().getClientTrustStorePassword(), is(SAMPLE_PW2));
	}

	@Test
	public void testGetClientTruststorePasswordFromHadoopCredentialProvider() throws IOException {
	SSLConfigurations sut = getSutWithMockedHadoopCredentialProvider(SSLConfigurations.SysProps.SSL_CLIENT_TRUST_STORE_PASSWORD, SAMPLE_PW3);
	assertThat(sut.getClientTrustStorePassword(), is(SAMPLE_PW3));
	}

	@Test
	public void testSystemPropertyPriorityOverEnvVar() throws IOException {
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_KEY_STORE_PASSWORD, SAMPLE_PW2);
	assertThat(createSut().getKeyStorePassword(), is(SAMPLE_PW2));
	System.setProperty(KEY_STORE_PASSWORD, SAMPLE_PW1);
	assertThat(createSut().getKeyStorePassword(), is(SAMPLE_PW2));
	}

	@Test
	public void testHadoopCredentialProviderPrioritySysPropAndEnvVars() throws IOException {
	envs.put(EnvSSLCredentialProvider.EnvVars.SOLR_SSL_KEY_STORE_PASSWORD, SAMPLE_PW2);
	assertThat(createSut().getKeyStorePassword(), is(SAMPLE_PW2));
	System.setProperty(KEY_STORE_PASSWORD, SAMPLE_PW1);
	assertThat(createSut().getKeyStorePassword(), is(SAMPLE_PW2));
	SSLConfigurations sut = getSutWithMockedHadoopCredentialProvider(KEY_STORE_PASSWORD, SAMPLE_PW3);
	assertThat(sut.getKeyStorePassword(), is(SAMPLE_PW3));
	}

	private SSLConfigurations getSutWithMockedHadoopCredentialProvider(String key, String pw) throws IOException {
	Configuration mockHadoopConfiguration = getMockHadoopConfiguration();
	when(mockHadoopConfiguration.getPassword(key))
	.then(invocationOnMock -> invocationOnMock.getArguments()[0].equals(key) ? pw.toCharArray() : null);
	System.setProperty(CREDENTIAL_PROVIDER_PATH, "/some/path"); // enables HCP
	return createSut(mockHadoopConfiguration);
	}

	private Configuration getMockHadoopConfiguration() {
	SolrTestCaseJ4.assumeWorkingMockito();
	return Mockito.mock(Configuration.class);
	}

	}