[jira] [Updated] (HIVE-27271) Client connection to HS2 fails when transportMode=http, ssl=true, sslTrustStore specified without trustStorePassword in the JDBC URL

Venugopal Reddy K (Jira) Wed, 19 Apr 2023 02:11:11 -0700


     [ 
https://issues.apache.org/jira/browse/HIVE-27271?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Venugopal Reddy K updated HIVE-27271:
-------------------------------------
    Description: 
*[Description]*

Client connection to HS2 fails with transportMode as http, ssl is enabled, 
sslTrustStore is specified without trustStorePassword in the JDBC URL. Where as 
with transportMode as binary, connection is successful without 
trustStorePassword in the connection URL.

trustStorePassword is not a necessary parameter in connection URL. Connection 
can be established without it.

>From the javadocs 
>[Link|https://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html#load(java.io.InputStream,%20char%5B%5D)]
> A password may be given to unlock the keystore (e.g. the keystore resides on 
>a hardware token device), or to check the integrity of the keystore data. If a 
>password is not given for integrity checking, then integrity checking is not 
>performed.

 

At present, org.apache.hive.jdbc.HiveConnection#getHttpClient() access 
sslTrustStorePassword null reference and fails as shown below:

!image-2023-04-19-14-27-23-665.png!

 

*[Steps to reproduce]*
{code:java}
kvenureddy@192 apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin % bin/beeline -u 
"jdbc:hive2://kvrtls-1.kvrtls.root.hwx.site:10001/default;ssl=true;sslTrustStore=/Users/kvenureddy/code/hive/cloudera/hive/packaging/target/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/cm-auto-global_truststore.jks;transportMode=http;httpPath=cliservice;"
Error: Could not open client transport with JDBC Uri: 
jdbc:hive2://kvrtls-1.kvrtls.root.hwx.site:10001/default;ssl=true;sslTrustStore=/Users/kvenureddy/code/hive/cloudera/hive/packaging/target/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/cm-auto-global_truststore.jks;transportMode=http;httpPath=cliservice;:
 Could not create an https connection to 
jdbc:hive2://kvrtls-1.kvrtls.root.hwx.site:10001/default;ssl=true;sslTrustStore=/Users/kvenureddy/code/hive/cloudera/hive/packaging/target/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/cm-auto-global_truststore.jks;transportMode=http;httpPath=cliservice;.
 null (state=08S01,code=0)
kvenureddy@192 apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin % 
{code}
 

  was:
*[Description]*

Client connection to HS2 fails with transportMode as http, ssl is enabled, 
sslTrustStore is specified without trustStorePassword in the JDBC URL. Where as 
with transportMode as binary, connection is successful without 
trustStorePassword in the connection URL.

trustStorePassword is not a necessary parameter in connection URL. Connection 
can be established without it.

>From the javadocs 
>[#https://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html#load(java.io.InputStream,%20char%5B%5D)]
> A password may be given to unlock the keystore (e.g. the keystore resides on 
>a hardware token device), or to check the integrity of the keystore data. If a 
>password is not given for integrity checking, then integrity checking is not 
>performed.

 

At present, org.apache.hive.jdbc.HiveConnection#getHttpClient() access 
sslTrustStorePassword null reference and fails as shown below:

!image-2023-04-19-14-27-23-665.png!

 

*[Steps to reproduce]*
{code:java}
kvenureddy@192 apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin % bin/beeline -u 
"jdbc:hive2://kvrtls-1.kvrtls.root.hwx.site:10001/default;ssl=true;sslTrustStore=/Users/kvenureddy/code/hive/cloudera/hive/packaging/target/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/cm-auto-global_truststore.jks;transportMode=http;httpPath=cliservice;"
Error: Could not open client transport with JDBC Uri: 
jdbc:hive2://kvrtls-1.kvrtls.root.hwx.site:10001/default;ssl=true;sslTrustStore=/Users/kvenureddy/code/hive/cloudera/hive/packaging/target/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/cm-auto-global_truststore.jks;transportMode=http;httpPath=cliservice;:
 Could not create an https connection to 
jdbc:hive2://kvrtls-1.kvrtls.root.hwx.site:10001/default;ssl=true;sslTrustStore=/Users/kvenureddy/code/hive/cloudera/hive/packaging/target/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/cm-auto-global_truststore.jks;transportMode=http;httpPath=cliservice;.
 null (state=08S01,code=0)
kvenureddy@192 apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin % 
{code}
 


> Client connection to HS2 fails when transportMode=http, ssl=true, 
> sslTrustStore specified without trustStorePassword in the JDBC URL
> ------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-27271
>                 URL: https://issues.apache.org/jira/browse/HIVE-27271
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Venugopal Reddy K
>            Priority: Major
>         Attachments: image-2023-04-19-14-27-23-665.png
>
>
> *[Description]*
> Client connection to HS2 fails with transportMode as http, ssl is enabled, 
> sslTrustStore is specified without trustStorePassword in the JDBC URL. Where 
> as with transportMode as binary, connection is successful without 
> trustStorePassword in the connection URL.
> trustStorePassword is not a necessary parameter in connection URL. Connection 
> can be established without it.
> From the javadocs 
> [Link|https://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html#load(java.io.InputStream,%20char%5B%5D)]
>  A password may be given to unlock the keystore (e.g. the keystore resides on 
> a hardware token device), or to check the integrity of the keystore data. If 
> a password is not given for integrity checking, then integrity checking is 
> not performed.
>  
> At present, org.apache.hive.jdbc.HiveConnection#getHttpClient() access 
> sslTrustStorePassword null reference and fails as shown below:
> !image-2023-04-19-14-27-23-665.png!
>  
> *[Steps to reproduce]*
> {code:java}
> kvenureddy@192 apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin % bin/beeline -u 
> "jdbc:hive2://kvrtls-1.kvrtls.root.hwx.site:10001/default;ssl=true;sslTrustStore=/Users/kvenureddy/code/hive/cloudera/hive/packaging/target/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/cm-auto-global_truststore.jks;transportMode=http;httpPath=cliservice;"
> Error: Could not open client transport with JDBC Uri: 
> jdbc:hive2://kvrtls-1.kvrtls.root.hwx.site:10001/default;ssl=true;sslTrustStore=/Users/kvenureddy/code/hive/cloudera/hive/packaging/target/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/cm-auto-global_truststore.jks;transportMode=http;httpPath=cliservice;:
>  Could not create an https connection to 
> jdbc:hive2://kvrtls-1.kvrtls.root.hwx.site:10001/default;ssl=true;sslTrustStore=/Users/kvenureddy/code/hive/cloudera/hive/packaging/target/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin/cm-auto-global_truststore.jks;transportMode=http;httpPath=cliservice;.
>  null (state=08S01,code=0)
> kvenureddy@192 apache-hive-3.1.3000.2023.0.15.0-SNAPSHOT-bin % 
> {code}
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (HIVE-27271) Client connection to HS2 fails when transportMode=http, ssl=true, sslTrustStore specified without trustStorePassword in the JDBC URL

Reply via email to