hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ser...@apache.org
Subject [36/43] hive git commit: HIVE-10048: JDBC - Support SSL encryption regardless of Authentication mechanism (Mubashir Kazia, reviewed by Sergio Pena)
Date Mon, 28 Sep 2015 19:10:38 GMT
HIVE-10048: JDBC - Support SSL encryption regardless of Authentication mechanism (Mubashir
Kazia, reviewed by Sergio Pena)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/abe622be
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/abe622be
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/abe622be

Branch: refs/heads/llap
Commit: abe622be4e82781ea831da3d01c093cdf532c93d
Parents: e570e4f
Author: Sergio Pena <sergio.pena@cloudera.com>
Authored: Sun Sep 27 22:10:22 2015 -0500
Committer: Sergio Pena <sergio.pena@cloudera.com>
Committed: Sun Sep 27 22:10:22 2015 -0500

----------------------------------------------------------------------
 .../org/apache/hive/jdbc/HiveConnection.java    | 63 ++++++++++++--------
 1 file changed, 37 insertions(+), 26 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/abe622be/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
----------------------------------------------------------------------
diff --git a/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java b/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
index ba971fd..2969bc6 100644
--- a/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
+++ b/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
@@ -419,6 +419,38 @@ public class HiveConnection implements java.sql.Connection {
   }
 
   /**
+   * Create underlying SSL or non-SSL transport
+   *
+   * @return TTransport
+   * @throws TTransportException
+   */
+  private TTransport createUnderlyingTransport() throws TTransportException {
+    TTransport transport = null;
+    // Note: Thrift returns an SSL socket that is already bound to the specified host:port
+    // Therefore an open called on this would be a no-op later
+    // Hence, any TTransportException related to connecting with the peer are thrown here.
+    // Bubbling them up the call hierarchy so that a retry can happen in openTransport,
+    // if dynamic service discovery is configured.
+    if (isSslConnection()) {
+      // get SSL socket
+      String sslTrustStore = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE);
+      String sslTrustStorePassword = sessConfMap.get(
+        JdbcConnectionParams.SSL_TRUST_STORE_PASSWORD);
+
+      if (sslTrustStore == null || sslTrustStore.isEmpty()) {
+        transport = HiveAuthFactory.getSSLSocket(host, port, loginTimeout);
+      } else {
+        transport = HiveAuthFactory.getSSLSocket(host, port, loginTimeout,
+            sslTrustStore, sslTrustStorePassword);
+      }
+    } else {
+      // get non-SSL socket transport
+      transport = HiveAuthFactory.getSocketTransport(host, port, loginTimeout);
+    }
+    return transport;
+  }
+
+  /**
    * Create transport per the connection options
    * Supported transport options are:
    *   - SASL based transports over
@@ -433,6 +465,7 @@ public class HiveConnection implements java.sql.Connection {
    */
   private TTransport createBinaryTransport() throws SQLException, TTransportException {
     try {
+      TTransport socketTransport = createUnderlyingTransport();
       // handle secure connection if specified
       if (!JdbcConnectionParams.AUTH_SIMPLE.equals(sessConfMap.get(JdbcConnectionParams.AUTH_TYPE)))
{
         // If Kerberos
@@ -454,46 +487,24 @@ public class HiveConnection implements java.sql.Connection {
         if (sessConfMap.containsKey(JdbcConnectionParams.AUTH_PRINCIPAL)) {
           transport = KerberosSaslHelper.getKerberosTransport(
               sessConfMap.get(JdbcConnectionParams.AUTH_PRINCIPAL), host,
-              HiveAuthFactory.getSocketTransport(host, port, loginTimeout), saslProps,
-              assumeSubject);
+              socketTransport, saslProps, assumeSubject);
         } else {
           // If there's a delegation token available then use token based connection
           String tokenStr = getClientDelegationToken(sessConfMap);
           if (tokenStr != null) {
             transport = KerberosSaslHelper.getTokenTransport(tokenStr,
-                host, HiveAuthFactory.getSocketTransport(host, port, loginTimeout), saslProps);
+                host, socketTransport, saslProps);
           } else {
             // we are using PLAIN Sasl connection with user/password
             String userName = getUserName();
             String passwd = getPassword();
-            // Note: Thrift returns an SSL socket that is already bound to the specified
host:port
-            // Therefore an open called on this would be a no-op later
-            // Hence, any TTransportException related to connecting with the peer are thrown
here.
-            // Bubbling them up the call hierarchy so that a retry can happen in openTransport,
-            // if dynamic service discovery is configured.
-            if (isSslConnection()) {
-              // get SSL socket
-              String sslTrustStore = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE);
-              String sslTrustStorePassword = sessConfMap.get(
-                JdbcConnectionParams.SSL_TRUST_STORE_PASSWORD);
-
-              if (sslTrustStore == null || sslTrustStore.isEmpty()) {
-                transport = HiveAuthFactory.getSSLSocket(host, port, loginTimeout);
-              } else {
-                transport = HiveAuthFactory.getSSLSocket(host, port, loginTimeout,
-                    sslTrustStore, sslTrustStorePassword);
-              }
-            } else {
-              // get non-SSL socket transport
-              transport = HiveAuthFactory.getSocketTransport(host, port, loginTimeout);
-            }
             // Overlay the SASL transport on top of the base socket transport (SSL or non-SSL)
-            transport = PlainSaslHelper.getPlainTransport(userName, passwd, transport);
+            transport = PlainSaslHelper.getPlainTransport(userName, passwd, socketTransport);
           }
         }
       } else {
         // Raw socket connection (non-sasl)
-        transport = HiveAuthFactory.getSocketTransport(host, port, loginTimeout);
+        transport = socketTransport;
       }
     } catch (SaslException e) {
       throw new SQLException("Could not create secure connection to "


Mime
View raw message