Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/19503 )
Change subject: IMPALA-11922 Verify JWKS URL server TLS certificate by default. ...................................................................... Patch Set 2: (34 comments) http://gerrit.cloudera.org:8080/#/c/19503/2/be/src/util/jwt-util.cc File be/src/util/jwt-util.cc: http://gerrit.cloudera.org:8080/#/c/19503/2/be/src/util/jwt-util.cc@710 PS2, Line 710: new_jwks->LoadKeysFromUrl(jwks_uri_, jwks_verify_server_certificate_, jwks_ca_certificate_, line too long (99 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/be/src/util/jwt-util.cc@760 PS2, Line 760: RETURN_IF_ERROR(jwks_mgr_->Init(jwks_uri, jwks_verify_server_certificate, jwks_ca_certificate, line too long (96 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/customcluster/JwtHttpTest.java File fe/src/test/java/org/apache/impala/customcluster/JwtHttpTest.java: http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/customcluster/JwtHttpTest.java@352 PS2, Line 352: String certDir = setupServerAndRootCerts("testJwtAuthWithInsecureJwksHttpsUrl", "testJwtAuthWithInsecureJwksHttpsUrl Root", "localhostlocalhost"); line too long (150 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/customcluster/JwtHttpTest.java@392 PS2, Line 392: * line has trailing whitespace http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/customcluster/JwtHttpTest.java@399 PS2, Line 399: String certDir = setupServerAndRootCerts("testJwtAuthWithUntrustedJwksHttpsUrl", "testJwtAuthWithUntrustedJwksHttpsUrl Root", "localhost"); line too long (143 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/customcluster/JwtHttpTest.java@439 PS2, Line 439: * line has trailing whitespace http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/customcluster/JwtHttpTest.java@447 PS2, Line 447: String certDir = setupServerAndRootCerts("testJwtAuthWithTrustedJwksHttpsUrlInvalidCN", "testJwtAuthWithTrustedJwksHttpsUrlInvalidCN Root", certCN); line too long (152 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/customcluster/JwtHttpTest.java@448 PS2, Line 448: Path logDir = Files.createTempDirectory("testJwtAuthWithTrustedJwksHttpsUrlInvalidCN"); line too long (91 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/customcluster/JwtHttpTest.java@464 PS2, Line 464: + "error: SSL peer certificate or SSH remote key was not OK: SSL: certificate subject name '%s' does not match target host name '%s'", jwksHttpUrl, certCN, "localhost"); line too long (177 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/customcluster/JwtHttpTest.java@490 PS2, Line 490: String certDir = setupServerAndRootCerts("testJwtAuthWithTrustedJwksHttpsUrl", "testJwtAuthWithTrustedJwksHttpsUrl Root", "localhost"); line too long (139 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/customcluster/JwtHttpTest.java@518 PS2, Line 518: private String setupServerAndRootCerts(String testName, String rootCaCertCN, String rootLeafCertCN) throws Exception { line too long (120 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java File fe/src/test/java/org/apache/impala/testutil/X509CertChain.java: http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@51 PS2, Line 51: line has trailing whitespace http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@53 PS2, Line 53: private static final AlgorithmIdentifier sha256WithRSA = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption, DERNull.INSTANCE); line too long (148 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@54 PS2, Line 54: line has trailing whitespace http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@55 PS2, Line 55: private static final KeyUsage certSignKeyUsage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign); line too long (105 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@56 PS2, Line 56: private static final KeyUsage serverAuthKeyUsage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment); line too long (120 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@63 PS2, Line 63: line has trailing whitespace http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@64 PS2, Line 64: public X509CertChain(String rootCaCertCN, String rootLeafCertCN) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException, IOException, CertificateException { line too long (203 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@73 PS2, Line 73: leafCert = generateLeafCert(rootLeafCertCN, this.leafKp, this.rootCert, this.rootCaKp.getPrivate()); line too long (104 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@100 PS2, Line 100: public void writeRootCertAsPem(Writer w) throws CertificateEncodingException, IOException { line too long (93 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@103 PS2, Line 103: line has trailing whitespace http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@110 PS2, Line 110: public void writeLeafCertAsPem(Writer w) throws CertificateEncodingException, IOException { line too long (93 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@117 PS2, Line 117: * line has trailing whitespace http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@131 PS2, Line 131: line has trailing whitespace http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@136 PS2, Line 136: private X509Certificate generateRootCACert(String commonName, KeyPair kp) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException, IOException, CertificateException { line too long (210 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@168 PS2, Line 168: return (X509Certificate)CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER))); line too long (169 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@171 PS2, Line 171: private X509Certificate generateLeafCert(String commonName, KeyPair kp, X509Certificate issuerCert, PrivateKey issuerPrivateKey) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException, CertificateException { line too long (265 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@183 PS2, Line 183: extGenerator.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth})); line too long (169 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@184 PS2, Line 184: line has trailing whitespace http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@193 PS2, Line 193: line has trailing whitespace http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@206 PS2, Line 206: return (java.security.cert.X509Certificate)CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER))); line too long (188 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@209 PS2, Line 209: private void certToPem(X509Certificate cert, Writer writer) throws IOException, CertificateEncodingException { line too long (112 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@216 PS2, Line 216: private String certToPem(X509Certificate cert) throws IOException, CertificateEncodingException { line too long (99 > 90) http://gerrit.cloudera.org:8080/#/c/19503/2/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java@223 PS2, Line 223: line has trailing whitespace -- To view, visit http://gerrit.cloudera.org:8080/19503 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I5f1e887fae39b5fb82fa9a40352e4b507b7d8d35 Gerrit-Change-Number: 19503 Gerrit-PatchSet: 2 Gerrit-Owner: Jason Fehr <[email protected]> Gerrit-Reviewer: Abhishek Rawat <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Sherman <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Jason Fehr <[email protected]> Gerrit-Reviewer: Wenzhe Zhou <[email protected]> Gerrit-Comment-Date: Tue, 21 Feb 2023 02:38:30 +0000 Gerrit-HasComments: Yes
