[jira] [Commented] (CALCITE-2285) Support client cert keystore for Avatica Client

Tue, 12 Jun 2018 14:53:08 -0700 


    [ 
https://issues.apache.org/jira/browse/CALCITE-2285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16510270#comment-16510270
 ] 

ASF GitHub Bot commented on CALCITE-2285:
-----------------------------------------

Github user karanmehta93 commented on a diff in the pull request:

    https://github.com/apache/calcite-avatica/pull/57#discussion_r194900551
  
    --- Diff: 
core/src/main/java/org/apache/calcite/avatica/remote/AvaticaCommonsHttpClientImpl.java
 ---
    @@ -127,11 +121,54 @@ private void initializeClient() {
         final String maxCnxnsPerRoute = 
System.getProperty(MAX_POOLED_CONNECTION_PER_ROUTE_KEY,
             MAX_POOLED_CONNECTION_PER_ROUTE_DEFAULT);
         pool.setDefaultMaxPerRoute(Integer.parseInt(maxCnxnsPerRoute));
    +  }
     
    -    this.authCache = new BasicAuthCache();
    +  protected Registry<ConnectionSocketFactory> configureSocketFactories() {
    +    RegistryBuilder<ConnectionSocketFactory> registryBuilder = 
RegistryBuilder.create();
    +    configureHttpRegistry(registryBuilder);
    +    configureHttpsRegistry(registryBuilder);
    +    return registryBuilder.build();
    +  }
     
    -    // A single thread-safe HttpClient, pooling connections via the 
ConnectionManager
    -    this.client = HttpClients.custom().setConnectionManager(pool).build();
    +  protected void 
configureHttpsRegistry(RegistryBuilder<ConnectionSocketFactory> 
registryBuilder) {
    +    if (!configureHttpsSocket) {
    --- End diff --
    
    I agree, but sometimes various services can have varied requirements. The 
best and simple case is to have either http or https, however I didn't want to 
change the original implementation, so I added both of them here as well.
    What do you think?


> Support client cert keystore for Avatica Client
> -----------------------------------------------
>
>                 Key: CALCITE-2285
>                 URL: https://issues.apache.org/jira/browse/CALCITE-2285
>             Project: Calcite
>          Issue Type: Improvement
>          Components: avatica
>            Reporter: Karan Mehta
>            Assignee: Karan Mehta
>            Priority: Major
>             Fix For: avatica-1.12.0
>
>
> Currently Avatica only supports adding trust-store in {{SSLContext}} in all 
> {{AvaticaHttpClient}} implementations. If keystore support it added, MTLS 
> connections can be established as well.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to