(kyuubi) branch branch-1.8 updated: [KYUUBI #5713] Backport HIVE-27271: Client connection to HS2 fails when transportMode=http, ssl=true, sslTrustStore specified without trustStorePassword in the JDBC URL

[chengpan]

This is an automated email from the ASF dual-hosted git repository.

chengpan pushed a commit to branch branch-1.8
in repository https://gitbox.apache.org/repos/asf/kyuubi.git


The following commit(s) were added to refs/heads/branch-1.8 by this push:
     new d64eddc8a [KYUUBI #5713] Backport HIVE-27271: Client connection to HS2 
fails when transportMode=http, ssl=true, sslTrustStore specified without 
trustStorePassword in the JDBC URL
d64eddc8a is described below

commit d64eddc8a04ab96f86bf1796034e177388f57ba1
Author: pengqli <peng...@cisco.com>
AuthorDate: Fri Nov 17 19:31:59 2023 +0800

    [KYUUBI #5713] Backport HIVE-27271: Client connection to HS2 fails when 
transportMode=http, ssl=true, sslTrustStore specified without 
trustStorePassword in the JDBC URL
    
    # :mag: Description
    Backport https://github.com/apache/hive/pull/4262
    ## Issue References 🔗
    
    This pull request fixes ##5713
    
    ## Describe Your Solution 🔧
    
    trustStorePassword is not a necessary parameter in connection URL. 
Connection can be established without it.
    
    From the javadocs 
[Link](https://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html#load(java.io.InputStream,%20char%5B%5D))
 A password may be given to unlock the keystore (e.g. the keystore resides on a 
hardware token device), or to check the integrity of the keystore data. If a 
password is not given for integrity checking, then integrity checking is not 
performed.
    In order to create an empty keystore, or if the keystore cannot be 
initialized from a stream, pass null as the stream argument.
    
    Reference PR comes from HIVE-27271
    
    ## Types of changes :bookmark:
    
    - [x] Bugfix (non-breaking change which fixes an issue)
    - [ ] New feature (non-breaking change which adds functionality)
    - [ ] Breaking change (fix or feature that would cause existing 
functionality to change)
    
    ## Test Plan 🧪
    
    #### Behavior Without This Pull Request :coffin:
    
    #### Behavior With This Pull Request :tada:
    
    #### Related Unit Tests
    
    ---
    
    # Checklists
    ## 📝 Author Self Checklist
    
    - [ ] My code follows the [style 
guidelines](https://kyuubi.readthedocs.io/en/master/contributing/code/style.html)
 of this project
    - [ ] I have performed a self-review
    - [ ] I have commented my code, particularly in hard-to-understand areas
    - [ ] I have made corresponding changes to the documentation
    - [ ] My changes generate no new warnings
    - [ ] I have added tests that prove my fix is effective or that my feature 
works
    - [ ] New and existing unit tests pass locally with my changes
    - [ ] This patch was not authored or co-authored using [Generative 
Tooling](https://www.apache.org/legal/generative-tooling.html)
    
    ## 📝 Committer Pre-Merge Checklist
    
    - [x] Pull request title is okay.
    - [x] No license issues.
    - [x] Milestone correctly set?
    - [ ] Test coverage is ok
    - [x] Assignees are selected.
    - [x] Minimum number of approvals
    - [x] No changes are requested
    
    **Be nice. Be informative.**
    
    Closes #5712 from dev-lpq/ssl_http_store.
    
    Closes #5713
    
    c1011e487 [pengqli] Support client connection when 
transportMode=http,ssl=true, sslTrustStore specified without trustStorePassword 
in the JDBC URL
    
    Authored-by: pengqli <peng...@cisco.com>
    Signed-off-by: Cheng Pan <cheng...@apache.org>
    (cherry picked from commit 0bcd107d4fbc7b53cf400efa03259e5d39c70d15)
    Signed-off-by: Cheng Pan <cheng...@apache.org>
---
 .../src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git 
a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
 
b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
index 39a74e2f5..077def43b 100644
--- 
a/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
+++ 
b/kyuubi-hive-jdbc/src/main/java/org/apache/kyuubi/jdbc/hive/KyuubiConnection.java
@@ -559,7 +559,8 @@ public class KyuubiConnection implements SQLConnection, 
KyuubiLoggable {
           // Pick trust store config from the given path
           sslTrustStore = KeyStore.getInstance(SSL_TRUST_STORE_TYPE);
           try (FileInputStream fis = new FileInputStream(sslTrustStorePath)) {
-            sslTrustStore.load(fis, sslTrustStorePassword.toCharArray());
+            sslTrustStore.load(
+                fis, sslTrustStorePassword != null ? 
sslTrustStorePassword.toCharArray() : null);
           }
           sslContext = SSLContexts.custom().loadTrustMaterial(sslTrustStore, 
null).build();
           socketFactory =
@@ -685,7 +686,8 @@ public class KyuubiConnection implements SQLConnection, 
KyuubiLoggable {
             SSL_TRUST_STORE + " Not configured for 2 way SSL connection");
       }
       try (FileInputStream fis = new FileInputStream(trustStorePath)) {
-        sslTrustStore.load(fis, trustStorePassword.toCharArray());
+        sslTrustStore.load(
+            fis, trustStorePassword != null ? trustStorePassword.toCharArray() 
: null);
       }
       trustManagerFactory.init(sslTrustStore);
       SSLContext context = SSLContext.getInstance("TLS");