[jira] [Commented] (CALCITE-2285) Support client cert keystore for Avatica Client

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CALCITE-2285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16510258#comment-16510258
 ] 

ASF GitHub Bot commented on CALCITE-2285:
-----------------------------------------

Github user joshelser commented on a diff in the pull request:

    https://github.com/apache/calcite-avatica/pull/57#discussion_r194898896
  
    --- Diff: 
core/src/main/java/org/apache/calcite/avatica/remote/AvaticaCommonsHttpClientImpl.java
 ---
    @@ -95,29 +103,15 @@ public AvaticaCommonsHttpClientImpl(URL url) {
       }
     
       private void initializeClient() {
    -    SSLConnectionSocketFactory sslFactory = null;
    -    if (null != truststore && null != truststorePassword) {
    -      try {
    -        SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(
    -            truststore, truststorePassword.toCharArray()).build();
    -
    -        final HostnameVerifier verifier = 
getHostnameVerifier(hostnameVerification);
    -
    -        sslFactory = new SSLConnectionSocketFactory(sslcontext, verifier);
    -      } catch (Exception e) {
    -        throw new RuntimeException(e);
    -      }
    -    } else {
    -      LOG.debug("Not configuring HTTPS because of missing 
truststore/password");
    -    }
    +    socketFactoryRegistry = this.configureSocketFactories();
    +    configureConnectionPool(socketFactoryRegistry);
    +    this.authCache = new BasicAuthCache();
    +    // A single thread-safe HttpClient, pooling connections via the 
ConnectionManager
    +    this.client = HttpClients.custom().setConnectionManager(pool).build();
    +  }
     
    -    RegistryBuilder<ConnectionSocketFactory> registryBuilder = 
RegistryBuilder.create();
    -    registryBuilder.register("http", 
PlainConnectionSocketFactory.getSocketFactory());
    -    // Only register the SSL factory when provided
    -    if (null != sslFactory) {
    -      registryBuilder.register("https", sslFactory);
    -    }
    -    pool = new PoolingHttpClientConnectionManager(registryBuilder.build());
    +  protected void configureConnectionPool(Registry<ConnectionSocketFactory> 
configureSocketFactory) {
    +    pool = new PoolingHttpClientConnectionManager(configureSocketFactory);
    --- End diff --
    
    meant to be `connectionSocketFactory`?


> Support client cert keystore for Avatica Client
> -----------------------------------------------
>
>                 Key: CALCITE-2285
>                 URL: https://issues.apache.org/jira/browse/CALCITE-2285
>             Project: Calcite
>          Issue Type: Improvement
>          Components: avatica
>            Reporter: Karan Mehta
>            Assignee: Karan Mehta
>            Priority: Major
>             Fix For: avatica-1.12.0
>
>
> Currently Avatica only supports adding trust-store in {{SSLContext}} in all 
> {{AvaticaHttpClient}} implementations. If keystore support it added, MTLS 
> connections can be established as well.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)