drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-5431) Support SSL
Date Wed, 27 Sep 2017 05:58:04 GMT

    [ https://issues.apache.org/jira/browse/DRILL-5431?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16182033#comment-16182033
] 

ASF GitHub Bot commented on DRILL-5431:
---------------------------------------

Github user sohami commented on a diff in the pull request:

    https://github.com/apache/drill/pull/950#discussion_r140590439
  
    --- Diff: exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestUserBitSSL.java
---
    @@ -0,0 +1,338 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *    http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.drill.exec.rpc.user.security;
    +
    +import com.typesafe.config.ConfigValueFactory;
    +import io.netty.handler.ssl.util.SelfSignedCertificate;
    +import junit.framework.TestCase;
    +import org.apache.drill.BaseTestQuery;
    +import org.apache.drill.common.config.DrillConfig;
    +import org.apache.drill.common.config.DrillProperties;
    +import org.apache.drill.exec.ExecConstants;
    +import org.junit.AfterClass;
    +import org.junit.BeforeClass;
    +import org.junit.Test;
    +
    +import java.io.File;
    +import java.io.FileOutputStream;
    +import java.net.InetAddress;
    +import java.security.KeyStore;
    +import java.util.Properties;
    +
    +import static junit.framework.TestCase.fail;
    +import static org.junit.Assert.assertEquals;
    +
    +public class TestUserBitSSL extends BaseTestQuery {
    +  private static final org.slf4j.Logger logger =
    +      org.slf4j.LoggerFactory.getLogger(TestUserBitSSL.class);
    +
    +  private static DrillConfig newConfig;
    +  private static Properties initProps; // initial client properties
    +  private static ClassLoader classLoader;
    +  private static String ksPath;
    +  private static String tsPath;
    +  private static String emptyTSPath;
    +  private static String unknownKsPath;
    +
    +  @BeforeClass
    +  public static void setupTest() throws Exception {
    +
    +    // Create a new DrillConfig
    +    classLoader = TestUserBitSSL.class.getClassLoader();
    +    ksPath = new File(classLoader.getResource("ssl/keystore.ks").getFile()).getAbsolutePath();
    +    unknownKsPath = new File(classLoader.getResource("ssl/unknownkeystore.ks").getFile()).getAbsolutePath();
    +    tsPath = new File(classLoader.getResource("ssl/truststore.ks").getFile()).getAbsolutePath();
    +    emptyTSPath = new File(classLoader.getResource("ssl/emptytruststore.ks").getFile()).getAbsolutePath();
    +    newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties())
    +        .withValue(ExecConstants.SSL_USE_HADOOP_CONF,
    +            ConfigValueFactory.fromAnyRef(false))
    +        .withValue(ExecConstants.USER_SSL_ENABLED,
    +            ConfigValueFactory.fromAnyRef(true))
    +        .withValue(ExecConstants.SSL_KEYSTORE_TYPE,
    +            ConfigValueFactory.fromAnyRef("JKS"))
    +        .withValue(ExecConstants.SSL_KEYSTORE_PATH,
    +            ConfigValueFactory.fromAnyRef(ksPath))
    +        .withValue(ExecConstants.SSL_KEYSTORE_PASSWORD,
    +            ConfigValueFactory.fromAnyRef("drill123"))
    +        .withValue(ExecConstants.SSL_KEY_PASSWORD,
    +            ConfigValueFactory.fromAnyRef("drill123"))
    +        .withValue(ExecConstants.SSL_TRUSTSTORE_TYPE,
    +            ConfigValueFactory.fromAnyRef("JKS"))
    +        .withValue(ExecConstants.SSL_TRUSTSTORE_PATH,
    +            ConfigValueFactory.fromAnyRef(tsPath))
    +        .withValue(ExecConstants.SSL_TRUSTSTORE_PASSWORD,
    +            ConfigValueFactory.fromAnyRef("drill123"))
    +        .withValue(ExecConstants.SSL_PROTOCOL,
    +            ConfigValueFactory.fromAnyRef("TLSv1.2")),
    +      false);
    +
    +    initProps = new Properties();
    +    initProps.setProperty(DrillProperties.ENABLE_TLS, "true");
    +    initProps.setProperty(DrillProperties.TRUSTSTORE_PATH, tsPath);
    +    initProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, "drill123");
    +    initProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, "true");
    +
    +    // Start an SSL enabled cluster
    +    updateTestCluster(1, newConfig, initProps);
    +  }
    +
    +  @AfterClass
    +  public static void cleanTest() throws Exception {
    +    DrillConfig restoreConfig =
    +        new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()), false);
    +    updateTestCluster(1, restoreConfig);
    +  }
    +
    +  @Test
    +  public void testSSLConnection() throws Exception {
    +    final Properties connectionProps = new Properties();
    +    connectionProps.setProperty(DrillProperties.ENABLE_TLS, "true");
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PATH, tsPath);
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, "drill123");
    +    connectionProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, "true");
    +    try {
    +      updateClient(connectionProps);
    +    } catch (Exception e) {
    +      TestCase.fail( new StringBuilder()
    +          .append("SSL Connection failed with exception [" )
    +          .append( e.getMessage() )
    +          .append("]")
    +          .toString());
    +    }
    +  }
    +
    +  @Test
    +  public void testSSLConnectionWithKeystore() throws Exception {
    +    final Properties connectionProps = new Properties();
    +    connectionProps.setProperty(DrillProperties.ENABLE_TLS, "true");
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PATH, ksPath);
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, "drill123");
    +    connectionProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, "true");
    +    try {
    +      updateClient(connectionProps);
    +    } catch (Exception e) {
    +      TestCase.fail( new StringBuilder()
    +          .append("SSL Connection failed with exception [" )
    +          .append( e.getMessage() )
    +          .append("]")
    +          .toString());
    +    }
    +  }
    +
    +  @Test
    +  public void testSSLConnectionFailBadTrustStore() throws Exception {
    +    final Properties connectionProps = new Properties();
    +    connectionProps.setProperty(DrillProperties.ENABLE_TLS, "true");
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PATH, ""); // NO truststore
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, "drill123");
    +    connectionProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, "true");
    +    boolean failureCaught = false;
    +    try {
    +      updateClient(connectionProps);
    +    } catch (Exception e) {
    +      failureCaught = true;
    +    }
    --- End diff --
    
    Is this failure because the default truststore which will be used internally on client
side will not be able to validate server side of test certificate ? Because providing TrustStore
itself is optinal


> Support SSL
> -----------
>
>                 Key: DRILL-5431
>                 URL: https://issues.apache.org/jira/browse/DRILL-5431
>             Project: Apache Drill
>          Issue Type: New Feature
>          Components: Client - Java, Client - ODBC
>            Reporter: Sudheesh Katkam
>            Assignee: Parth Chandra
>
> Support SSL between Drillbit and JDBC/ODBC drivers. Drill already supports HTTPS for
web traffic.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message