Grokbase Groups Hive commits May 2016
FAQ
Repository: hive
Updated Branches:
   refs/heads/branch-2.0 53aad28c6 -> 116751eb5


HIVE-13390: HiveServer2: Add more test to ZK service discovery using MiniHS2 (Vaibhav Gumashta reviewed by Sushanth Sowmyan)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/116751eb
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/116751eb
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/116751eb

Branch: refs/heads/branch-2.0
Commit: 116751eb543ff218502b5bf2add342b152baa17d
Parents: 53aad28
Author: Vaibhav Gumashta <vgumashta@hortonworks.com>
Authored: Mon May 2 16:29:17 2016 -0700
Committer: Vaibhav Gumashta <vgumashta@hortonworks.com>
Committed: Mon May 2 16:29:17 2016 -0700

----------------------------------------------------------------------
  data/files/keystore.jks | Bin 2248 -> 2206 bytes
  data/files/keystore_exampledotcom.jks | Bin 0 -> 2222 bytes
  data/files/truststore.jks | Bin 958 -> 1816 bytes
  .../org/apache/hive/jdbc/miniHS2/MiniHS2.java | 33 +++++--
  .../jdbc/TestJdbcWithLocalClusterSpark.java | 2 +-
  .../apache/hive/jdbc/TestJdbcWithMiniMr.java | 2 +-
  ...stMultiSessionsHS2WithLocalClusterSpark.java | 7 +-
  .../test/java/org/apache/hive/jdbc/TestSSL.java | 71 +++++++++++--
  .../jdbc/authorization/TestHS2AuthzContext.java | 4 +-
  .../authorization/TestJdbcMetadataApiAuth.java | 2 +-
  .../TestJdbcWithSQLAuthorization.java | 2 +-
  .../org/apache/hive/jdbc/HiveConnection.java | 99 +++++++++----------
  .../hive/service/auth/HiveAuthFactory.java | 21 +++-
  13 files changed, 157 insertions(+), 86 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/116751eb/data/files/keystore.jks
----------------------------------------------------------------------
diff --git a/data/files/keystore.jks b/data/files/keystore.jks
index 469d8a5..8f35af0 100644
Binary files a/data/files/keystore.jks and b/data/files/keystore.jks differ

http://git-wip-us.apache.org/repos/asf/hive/blob/116751eb/data/files/keystore_exampledotcom.jks
----------------------------------------------------------------------
diff --git a/data/files/keystore_exampledotcom.jks b/data/files/keystore_exampledotcom.jks
new file mode 100644
index 0000000..1d33aad
Binary files /dev/null and b/data/files/keystore_exampledotcom.jks differ

http://git-wip-us.apache.org/repos/asf/hive/blob/116751eb/data/files/truststore.jks
----------------------------------------------------------------------
diff --git a/data/files/truststore.jks b/data/files/truststore.jks
index 9c5d703..03dd2a3 100644
Binary files a/data/files/truststore.jks and b/data/files/truststore.jks differ

http://git-wip-us.apache.org/repos/asf/hive/blob/116751eb/itests/hive-unit/src/main/java/org/apache/hive/jdbc/miniHS2/MiniHS2.java
----------------------------------------------------------------------
diff --git a/itests/hive-unit/src/main/java/org/apache/hive/jdbc/miniHS2/MiniHS2.java b/itests/hive-unit/src/main/java/org/apache/hive/jdbc/miniHS2/MiniHS2.java
index 8b0f9d4..1c02252 100644
--- a/itests/hive-unit/src/main/java/org/apache/hive/jdbc/miniHS2/MiniHS2.java
+++ b/itests/hive-unit/src/main/java/org/apache/hive/jdbc/miniHS2/MiniHS2.java
@@ -307,8 +307,9 @@ public class MiniHS2 extends AbstractHiveService {
    /**
     * return connection URL for this server instance
     * @return
+ * @throws Exception
     */
- public String getJdbcURL() {
+ public String getJdbcURL() throws Exception {
      return getJdbcURL("default");
    }

@@ -316,8 +317,9 @@ public class MiniHS2 extends AbstractHiveService {
     * return connection URL for this server instance
     * @param dbName - DB name to be included in the URL
     * @return
+ * @throws Exception
     */
- public String getJdbcURL(String dbName) {
+ public String getJdbcURL(String dbName) throws Exception {
      return getJdbcURL(dbName, "");
    }

@@ -326,8 +328,9 @@ public class MiniHS2 extends AbstractHiveService {
     * @param dbName - DB name to be included in the URL
     * @param sessionConfExt - Addional string to be appended to sessionConf part of url
     * @return
+ * @throws Exception
     */
- public String getJdbcURL(String dbName, String sessionConfExt) {
+ public String getJdbcURL(String dbName, String sessionConfExt) throws Exception {
      return getJdbcURL(dbName, sessionConfExt, "");
    }

@@ -337,20 +340,30 @@ public class MiniHS2 extends AbstractHiveService {
     * @param sessionConfExt - Addional string to be appended to sessionConf part of url
     * @param hiveConfExt - Additional string to be appended to HiveConf part of url (excluding the ?)
     * @return
+ * @throws Exception
     */
- public String getJdbcURL(String dbName, String sessionConfExt, String hiveConfExt) {
+ public String getJdbcURL(String dbName, String sessionConfExt, String hiveConfExt)
+ throws Exception {
      sessionConfExt = (sessionConfExt == null ? "" : sessionConfExt);
      hiveConfExt = (hiveConfExt == null ? "" : hiveConfExt);
- String krbConfig = "";
+ // Strip the leading ";" if provided
+ // (this is the assumption with which we're going to start configuring sessionConfExt)
+ if (sessionConfExt.startsWith(";")) {
+ sessionConfExt = sessionConfExt.substring(1);
+ }
      if (isUseMiniKdc()) {
- krbConfig = "principal=" + serverPrincipal;
+ sessionConfExt = "principal=" + serverPrincipal + ";" + sessionConfExt;
      }
      if (isHttpTransportMode()) {
- sessionConfExt = "transportMode=http;httpPath=cliservice;" + sessionConfExt;
+ sessionConfExt = "transportMode=http;httpPath=cliservice" + ";" + sessionConfExt;
+ }
+ String baseJdbcURL = getBaseJdbcURL();
+ baseJdbcURL = baseJdbcURL + dbName;
+ if (!sessionConfExt.isEmpty()) {
+ baseJdbcURL = baseJdbcURL + ";" + sessionConfExt;
      }
- String baseJdbcURL = getBaseJdbcURL() + dbName + ";" + krbConfig + ";" + sessionConfExt;
- if (!hiveConfExt.trim().equals("")) {
- baseJdbcURL = "?" + hiveConfExt;
+ if ((hiveConfExt != null) && (!hiveConfExt.trim().isEmpty())) {
+ baseJdbcURL = baseJdbcURL + "?" + hiveConfExt;
      }
      return baseJdbcURL;
    }

http://git-wip-us.apache.org/repos/asf/hive/blob/116751eb/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcWithLocalClusterSpark.java
----------------------------------------------------------------------
diff --git a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcWithLocalClusterSpark.java b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcWithLocalClusterSpark.java
index f649fc2..cabddea 100644
--- a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcWithLocalClusterSpark.java
+++ b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcWithLocalClusterSpark.java
@@ -92,7 +92,7 @@ public class TestJdbcWithLocalClusterSpark {
    }

    // setup DB
- private static void createDb() throws SQLException {
+ private static void createDb() throws Exception {
      Connection conn = DriverManager.
          getConnection(miniHS2.getJdbcURL(), System.getProperty("user.name"), "bar");
      Statement stmt2 = conn.createStatement();

http://git-wip-us.apache.org/repos/asf/hive/blob/116751eb/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcWithMiniMr.java
----------------------------------------------------------------------
diff --git a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcWithMiniMr.java b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcWithMiniMr.java
index bcd65a9..637e51a 100644
--- a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcWithMiniMr.java
+++ b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcWithMiniMr.java
@@ -83,7 +83,7 @@ public class TestJdbcWithMiniMr {
    }

    // setup DB
- private static void createDb() throws SQLException {
+ private static void createDb() throws Exception {
      Connection conn = DriverManager.
          getConnection(miniHS2.getJdbcURL(), System.getProperty("user.name"), "bar");
      Statement stmt2 = conn.createStatement();

http://git-wip-us.apache.org/repos/asf/hive/blob/116751eb/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestMultiSessionsHS2WithLocalClusterSpark.java
----------------------------------------------------------------------
diff --git a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestMultiSessionsHS2WithLocalClusterSpark.java b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestMultiSessionsHS2WithLocalClusterSpark.java
index 0c3479d..3427c5c 100644
--- a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestMultiSessionsHS2WithLocalClusterSpark.java
+++ b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestMultiSessionsHS2WithLocalClusterSpark.java
@@ -101,7 +101,7 @@ public class TestMultiSessionsHS2WithLocalClusterSpark {
    }

    // setup DB
- private static void createDb() throws SQLException {
+ private static void createDb() throws Exception {
      Connection conn = DriverManager.
        getConnection(miniHS2.getJdbcURL(), System.getProperty("user.name"), "bar");
      Statement stmt2 = conn.createStatement();
@@ -124,7 +124,7 @@ public class TestMultiSessionsHS2WithLocalClusterSpark {
      closeConnection();
    }

- private void createConnection() throws SQLException {
+ private void createConnection() throws Exception {
      Connection connection = DriverManager.getConnection(miniHS2.getJdbcURL(dbName),
        System.getProperty("user.name"), "bar");
      Statement statement = connection.createStatement();
@@ -215,8 +215,7 @@ public class TestMultiSessionsHS2WithLocalClusterSpark {
      };
    }

- private void testKvQuery(String queryStr, String resultVal)
- throws SQLException {
+ private void testKvQuery(String queryStr, String resultVal) throws Exception {
      createConnection();
      verifyResult(queryStr, resultVal, 2);
      closeConnection();

http://git-wip-us.apache.org/repos/asf/hive/blob/116751eb/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestSSL.java
----------------------------------------------------------------------
diff --git a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestSSL.java b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestSSL.java
index b66ffda..92e7674 100644
--- a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestSSL.java
+++ b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestSSL.java
@@ -18,6 +18,7 @@

  package org.apache.hive.jdbc;
  import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
  import static org.junit.Assert.fail;

  import java.io.File;
@@ -46,9 +47,10 @@ import org.slf4j.LoggerFactory;

  public class TestSSL {
    private static final Logger LOG = LoggerFactory.getLogger(TestSSL.class);
- private static final String KEY_STORE_NAME = "keystore.jks";
+ private static final String LOCALHOST_KEY_STORE_NAME = "keystore.jks";
+ private static final String EXAMPLEDOTCOM_KEY_STORE_NAME = "keystore_exampledotcom.jks";
    private static final String TRUST_STORE_NAME = "truststore.jks";
- private static final String KEY_STORE_PASSWORD = "HiveJdbc";
+ private static final String KEY_STORE_TRUST_STORE_PASSWORD = "HiveJdbc";
    private static final String JAVA_TRUST_STORE_PROP = "javax.net.ssl.trustStore";
    private static final String JAVA_TRUST_STORE_PASS_PROP = "javax.net.ssl.trustStorePassword";
    private static final String HS2_BINARY_MODE = "binary";
@@ -61,9 +63,9 @@ public class TestSSL {
    private Connection hs2Conn = null;
    private String dataFileDir = conf.get("test.data.files");
    private Map<String, String> confOverlay;
- private final String SSL_CONN_PARAMS = ";ssl=true;sslTrustStore="
+ private final String SSL_CONN_PARAMS = "ssl=true;sslTrustStore="
        + URLEncoder.encode(dataFileDir + File.separator + TRUST_STORE_NAME) + ";trustStorePassword="
- + KEY_STORE_PASSWORD;
+ + KEY_STORE_TRUST_STORE_PASSWORD;

    @BeforeClass
    public static void beforeTest() throws Exception {
@@ -125,7 +127,7 @@ public class TestSSL {
      // make SSL connection
      hs2Conn =
          DriverManager.getConnection(miniHS2.getJdbcURL() + ";ssl=true;sslTrustStore=" + dataFileDir
- + File.separator + TRUST_STORE_NAME + ";trustStorePassword=" + KEY_STORE_PASSWORD,
+ + File.separator + TRUST_STORE_NAME + ";trustStorePassword=" + KEY_STORE_TRUST_STORE_PASSWORD,
              System.getProperty("user.name"), "bar");
      hs2Conn.close();
      Assert.assertEquals("Expected exit code of 1", 1, execCommand("openssl s_client -connect "
@@ -142,7 +144,7 @@ public class TestSSL {
        hs2Conn =
            DriverManager.getConnection(miniHS2.getJdbcURL() + ";ssl=true;sslTrustStore="
                + dataFileDir + File.separator + TRUST_STORE_NAME + ";trustStorePassword="
- + KEY_STORE_PASSWORD, System.getProperty("user.name"), "bar");
+ + KEY_STORE_TRUST_STORE_PASSWORD, System.getProperty("user.name"), "bar");
        Assert.fail("Expected SQLException during connect");
      } catch (SQLException e) {
        LOG.info("Expected exception: " + e, e);
@@ -179,7 +181,7 @@ public class TestSSL {
      }

      System.setProperty(JAVA_TRUST_STORE_PROP, dataFileDir + File.separator + TRUST_STORE_NAME );
- System.setProperty(JAVA_TRUST_STORE_PASS_PROP, KEY_STORE_PASSWORD);
+ System.setProperty(JAVA_TRUST_STORE_PASS_PROP, KEY_STORE_TRUST_STORE_PASSWORD);
      try {
        hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL() + ";ssl=true",
            System.getProperty("user.name"), "bar");
@@ -289,7 +291,7 @@ public class TestSSL {
      miniHS2.start(confOverlay);

      System.setProperty(JAVA_TRUST_STORE_PROP, dataFileDir + File.separator + TRUST_STORE_NAME );
- System.setProperty(JAVA_TRUST_STORE_PASS_PROP, KEY_STORE_PASSWORD);
+ System.setProperty(JAVA_TRUST_STORE_PASS_PROP, KEY_STORE_TRUST_STORE_PASSWORD);
      // make SSL connection
      hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL() + ";ssl=true",
          System.getProperty("user.name"), "bar");
@@ -373,6 +375,55 @@ public class TestSSL {
      hs2Conn.close();
    }

+ /***
+ * Test a new connection when server sends a certificate with wrong CN
+ * (sends a certificate for www.example.com instead of localhost)
+ * Opening a new connection with this wrong certificate should fail
+ * @throws Exception
+ */
+ @Test
+ public void testConnectionWrongCertCN() throws Exception {
+ // This call sets the default ssl params including the correct keystore in the server config
+ setSslConfOverlay(confOverlay);
+ // Replace default keystore with keystore for www.example.com
+ confOverlay.put(ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PATH.varname, dataFileDir + File.separator
+ + EXAMPLEDOTCOM_KEY_STORE_NAME);
+ // Binary (TCP) mode
+ setBinaryConfOverlay(confOverlay);
+ miniHS2.start(confOverlay);
+ try {
+ hs2Conn =
+ DriverManager.getConnection(miniHS2.getJdbcURL("default", SSL_CONN_PARAMS),
+ System.getProperty("user.name"), "bar");
+ fail("SSL connection, with the server providing wrong certifcate (with CN www.example.com, "
+ + "instead of localhost), should fail");
+ } catch (SQLException e) {
+ // Expected error: should throw java.security.cert.CertificateException
+ assertEquals("08S01", e.getSQLState().trim());
+ assertTrue(e.toString().contains("java.security.cert.CertificateException"));
+ }
+
+ miniHS2.stop();
+
+ // Http mode
+ setHttpConfOverlay(confOverlay);
+ miniHS2.start(confOverlay);
+ try {
+ hs2Conn =
+ DriverManager.getConnection(miniHS2.getJdbcURL("default", SSL_CONN_PARAMS),
+ System.getProperty("user.name"), "bar");
+ fail("SSL connection, with the server providing wrong certifcate (with CN www.example.com, "
+ + "instead of localhost), should fail");
+ } catch (SQLException e) {
+ // Expected error: should throw javax.net.ssl.SSLPeerUnverifiedException
+ assertEquals("08S01", e.getSQLState().trim());
+ assertTrue(e.toString().contains("javax.net.ssl.SSLPeerUnverifiedException"));
+ }
+ // Revert to default keystore path
+ confOverlay.put(ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PATH.varname, dataFileDir + File.separator
+ + LOCALHOST_KEY_STORE_NAME);
+ }
+
    private void setupTestTableWithData(String tableName, Path dataFilePath,
        Connection hs2Conn) throws Exception {
      Statement stmt = hs2Conn.createStatement();
@@ -391,9 +442,9 @@ public class TestSSL {
    private void setSslConfOverlay(Map<String, String> confOverlay) {
      confOverlay.put(ConfVars.HIVE_SERVER2_USE_SSL.varname, "true");
      confOverlay.put(ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PATH.varname,
- dataFileDir + File.separator + KEY_STORE_NAME);
+ dataFileDir + File.separator + LOCALHOST_KEY_STORE_NAME);
      confOverlay.put(ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PASSWORD.varname,
- KEY_STORE_PASSWORD);
+ KEY_STORE_TRUST_STORE_PASSWORD);
    }

    private void clearSslConfOverlay(Map<String, String> confOverlay) {

http://git-wip-us.apache.org/repos/asf/hive/blob/116751eb/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzContext.java
----------------------------------------------------------------------
diff --git a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzContext.java b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzContext.java
index 0bb3c0a..c43776b 100644
--- a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzContext.java
+++ b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzContext.java
@@ -101,7 +101,7 @@ public class TestHS2AuthzContext {
      verifyContextContents("dfs -ls /", "-ls /");
    }

- private void verifyContextContents(final String cmd, String ctxCmd) throws SQLException,
+ private void verifyContextContents(final String cmd, String ctxCmd) throws Exception,
        HiveAuthzPluginException, HiveAccessControlException {
      Connection hs2Conn = getConnection("user1");
      Statement stmt = hs2Conn.createStatement();
@@ -126,7 +126,7 @@ public class TestHS2AuthzContext {

    }

- private Connection getConnection(String userName) throws SQLException {
+ private Connection getConnection(String userName) throws Exception {
      return DriverManager.getConnection(miniHS2.getJdbcURL(), userName, "bar");
    }


http://git-wip-us.apache.org/repos/asf/hive/blob/116751eb/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestJdbcMetadataApiAuth.java
----------------------------------------------------------------------
diff --git a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestJdbcMetadataApiAuth.java b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestJdbcMetadataApiAuth.java
index 19b311d..692bfa0 100644
--- a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestJdbcMetadataApiAuth.java
+++ b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestJdbcMetadataApiAuth.java
@@ -253,7 +253,7 @@ public class TestJdbcMetadataApiAuth {
      }
    }

- private static Connection getConnection(String userName) throws SQLException {
+ private static Connection getConnection(String userName) throws Exception {
      return DriverManager.getConnection(miniHS2.getJdbcURL(), userName, "bar");
    }


http://git-wip-us.apache.org/repos/asf/hive/blob/116751eb/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestJdbcWithSQLAuthorization.java
----------------------------------------------------------------------
diff --git a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestJdbcWithSQLAuthorization.java b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestJdbcWithSQLAuthorization.java
index dacde45..5e653ec 100644
--- a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestJdbcWithSQLAuthorization.java
+++ b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestJdbcWithSQLAuthorization.java
@@ -126,7 +126,7 @@ public class TestJdbcWithSQLAuthorization {
      }
    }

- private Connection getConnection(String userName) throws SQLException {
+ private Connection getConnection(String userName) throws Exception {
      return DriverManager.getConnection(miniHS2.getJdbcURL(), userName, "bar");
    }


http://git-wip-us.apache.org/repos/asf/hive/blob/116751eb/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
----------------------------------------------------------------------
diff --git a/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java b/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
index e3a5028..2770afb 100644
--- a/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
+++ b/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
@@ -43,13 +43,15 @@ import org.apache.http.client.ServiceUnavailableRetryStrategy;
  import org.apache.http.config.Registry;
  import org.apache.http.config.RegistryBuilder;
  import org.apache.http.conn.socket.ConnectionSocketFactory;
-import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.conn.ssl.DefaultHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
  import org.apache.http.impl.client.BasicCookieStore;
  import org.apache.http.impl.client.CloseableHttpClient;
  import org.apache.http.impl.client.HttpClientBuilder;
  import org.apache.http.impl.client.HttpClients;
  import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
  import org.apache.http.protocol.HttpContext;
+import org.apache.http.ssl.SSLContexts;
  import org.apache.thrift.TException;
  import org.apache.thrift.protocol.TBinaryProtocol;
  import org.apache.thrift.transport.THttpClient;
@@ -305,30 +307,29 @@ public class HiveConnection implements java.sql.Connection {
      if (isCookieEnabled) {
        // Create a http client with a retry mechanism when the server returns a status code of 401.
        httpClientBuilder =
- HttpClients.custom().setServiceUnavailableRetryStrategy(
- new ServiceUnavailableRetryStrategy() {
-
- @Override
- public boolean retryRequest(
- final HttpResponse response,
- final int executionCount,
- final HttpContext context) {
- int statusCode = response.getStatusLine().getStatusCode();
- boolean ret = statusCode == 401 && executionCount <= 1;
-
- // Set the context attribute to true which will be interpreted by the request interceptor
- if (ret) {
- context.setAttribute(Utils.HIVE_SERVER2_RETRY_KEY, Utils.HIVE_SERVER2_RETRY_TRUE);
- }
- return ret;
- }
-
- @Override
- public long getRetryInterval() {
- // Immediate retry
- return 0;
- }
- });
+ HttpClients.custom().setServiceUnavailableRetryStrategy(
+ new ServiceUnavailableRetryStrategy() {
+ @Override
+ public boolean retryRequest(final HttpResponse response, final int executionCount,
+ final HttpContext context) {
+ int statusCode = response.getStatusLine().getStatusCode();
+ boolean ret = statusCode == 401 && executionCount <= 1;
+
+ // Set the context attribute to true which will be interpreted by the request
+ // interceptor
+ if (ret) {
+ context.setAttribute(Utils.HIVE_SERVER2_RETRY_KEY,
+ Utils.HIVE_SERVER2_RETRY_TRUE);
+ }
+ return ret;
+ }
+
+ @Override
+ public long getRetryInterval() {
+ // Immediate retry
+ return 0;
+ }
+ });
      } else {
        httpClientBuilder = HttpClientBuilder.create();
      }
@@ -341,47 +342,37 @@ public class HiveConnection implements java.sql.Connection {
        String sslTrustStorePassword = sessConfMap.get(
          JdbcConnectionParams.SSL_TRUST_STORE_PASSWORD);
        KeyStore sslTrustStore;
- SSLSocketFactory socketFactory;
-
+ SSLConnectionSocketFactory socketFactory;
+ SSLContext sslContext;
        /**
- * The code within the try block throws:
- * 1. SSLInitializationException
- * 2. KeyStoreException
- * 3. IOException
- * 4. NoSuchAlgorithmException
- * 5. CertificateException
- * 6. KeyManagementException
- * 7. UnrecoverableKeyException
- * We don't want the client to retry on any of these, hence we catch all
- * and throw a SQLException.
+ * The code within the try block throws: SSLInitializationException, KeyStoreException,
+ * IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException &
+ * UnrecoverableKeyException. We don't want the client to retry on any of these,
+ * hence we catch all and throw a SQLException.
         */
        try {
- if (useTwoWaySSL != null &&
- useTwoWaySSL.equalsIgnoreCase(JdbcConnectionParams.TRUE)) {
+ if (useTwoWaySSL != null && useTwoWaySSL.equalsIgnoreCase(JdbcConnectionParams.TRUE)) {
            socketFactory = getTwoWaySSLSocketFactory();
          } else if (sslTrustStorePath == null || sslTrustStorePath.isEmpty()) {
            // Create a default socket factory based on standard JSSE trust material
- socketFactory = SSLSocketFactory.getSocketFactory();
+ socketFactory = SSLConnectionSocketFactory.getSocketFactory();
          } else {
            // Pick trust store config from the given path
            sslTrustStore = KeyStore.getInstance(JdbcConnectionParams.SSL_TRUST_STORE_TYPE);
            try (FileInputStream fis = new FileInputStream(sslTrustStorePath)) {
              sslTrustStore.load(fis, sslTrustStorePassword.toCharArray());
            }
- socketFactory = new SSLSocketFactory(sslTrustStore);
+ sslContext = SSLContexts.custom().loadTrustMaterial(sslTrustStore, null).build();
+ socketFactory =
+ new SSLConnectionSocketFactory(sslContext, new DefaultHostnameVerifier(null));
          }
- socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
-
          final Registry<ConnectionSocketFactory> registry =
- RegistryBuilder.<ConnectionSocketFactory>create()
- .register("https", socketFactory)
- .build();
-
+ RegistryBuilder.<ConnectionSocketFactory> create().register("https", socketFactory)
+ .build();
          httpClientBuilder.setConnectionManager(new BasicHttpClientConnectionManager(registry));
- }
- catch (Exception e) {
- String msg = "Could not create an https connection to " +
- jdbcUriString + ". " + e.getMessage();
+ } catch (Exception e) {
+ String msg =
+ "Could not create an https connection to " + jdbcUriString + ". " + e.getMessage();
          throw new SQLException(msg, " 08S01", e);
        }
      }
@@ -483,8 +474,8 @@ public class HiveConnection implements java.sql.Connection {
      return transport;
    }

- SSLSocketFactory getTwoWaySSLSocketFactory() throws SQLException {
- SSLSocketFactory socketFactory = null;
+ SSLConnectionSocketFactory getTwoWaySSLSocketFactory() throws SQLException {
+ SSLConnectionSocketFactory socketFactory = null;

      try {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(
@@ -521,7 +512,7 @@ public class HiveConnection implements java.sql.Connection {
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(keyManagerFactory.getKeyManagers(),
          trustManagerFactory.getTrustManagers(), new SecureRandom());
- socketFactory = new SSLSocketFactory(context);
+ socketFactory = new SSLConnectionSocketFactory(context);
      } catch (Exception e) {
        throw new SQLException("Error while initializing 2 way ssl socket factory ", e);
      }

http://git-wip-us.apache.org/repos/asf/hive/blob/116751eb/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
----------------------------------------------------------------------
diff --git a/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java b/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
index 062974d..70a1f6b 100644
--- a/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
+++ b/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
@@ -28,7 +28,9 @@ import java.util.HashMap;
  import java.util.List;
  import java.util.Map;

+import javax.net.ssl.SSLParameters;
  import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLSocket;
  import javax.security.auth.login.LoginException;
  import javax.security.sasl.AuthenticationException;
  import javax.security.sasl.Sasl;
@@ -245,7 +247,9 @@ public class HiveAuthFactory {

    public static TTransport getSSLSocket(String host, int port, int loginTimeout)
      throws TTransportException {
- return TSSLTransportFactory.getClientSocket(host, port, loginTimeout);
+ // The underlying SSLSocket object is bound to host:port with the given SO_TIMEOUT
+ TSocket tSSLSocket = TSSLTransportFactory.getClientSocket(host, port, loginTimeout);
+ return getSSLSocketWithHttps(tSSLSocket);
    }

    public static TTransport getSSLSocket(String host, int port, int loginTimeout,
@@ -254,7 +258,20 @@ public class HiveAuthFactory {
        new TSSLTransportFactory.TSSLTransportParameters();
      params.setTrustStore(trustStorePath, trustStorePassWord);
      params.requireClientAuth(true);
- return TSSLTransportFactory.getClientSocket(host, port, loginTimeout, params);
+ // The underlying SSLSocket object is bound to host:port with the given SO_TIMEOUT and
+ // SSLContext created with the given params
+ TSocket tSSLSocket = TSSLTransportFactory.getClientSocket(host, port, loginTimeout, params);
+ return getSSLSocketWithHttps(tSSLSocket);
+ }
+
+ // Using endpoint identification algorithm as HTTPS enables us to do
+ // CNAMEs/subjectAltName verification
+ private static TSocket getSSLSocketWithHttps(TSocket tSSLSocket) throws TTransportException {
+ SSLSocket sslSocket = (SSLSocket) tSSLSocket.getSocket();
+ SSLParameters sslParams = sslSocket.getSSLParameters();
+ sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+ sslSocket.setSSLParameters(sslParams);
+ return new TSocket(sslSocket);
    }

    public static TServerSocket getServerSocket(String hiveHost, int portNum)

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 2 of 4 | next ›
Discussion Overview
groupcommits @
categorieshive, hadoop
postedMay 2, '16 at 8:36p
activeMay 3, '16 at 5:13a
posts4
users1
websitehive.apache.org

1 user in discussion

Vgumashta: 4 posts

People

Translate

site design / logo © 2021 Grokbase