[kudu-CR] [jwt] Verify JWKS URL server TLS certificate by default

Fri, 14 Apr 2023 05:19:00 -0700 

Hello Alexey Serbin, Attila Bukor, Kudu Jenkins, Abhishek Chennaka, Wenzhe Zhou,

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/19709

to look at the new patch set (#8).

Change subject: [jwt] Verify JWKS URL server TLS certificate by default
......................................................................

[jwt] Verify JWKS URL server TLS certificate by default

This commit is to pull IMPALA-11922 code into the Kudu jwt handling,
with some modifications.

This change introduces:
  1. verification of JWKS server TLS certificate by default
  2. jwks_verify_server_certificate Kudu startup flag

Instead of introducing a new flag such as 'jwks_ca_certificate' the
already existing 'trusted_certificate_file' flag is reused.

The TLS certificate verification is not used in unit-tests, however
security-itest is set up with the verification enabled.

Change-Id: I0fd7b53d651786bbe57642dd14cd477055b80c78
---
M src/kudu/integration-tests/CMakeLists.txt
M src/kudu/integration-tests/security-itest.cc
M src/kudu/mini-cluster/CMakeLists.txt
M src/kudu/mini-cluster/external_mini_cluster.cc
M src/kudu/security/test/test_certs.cc
M src/kudu/security/test/test_certs.h
M src/kudu/server/server_base.cc
M src/kudu/util/jwt-util-internal.h
M src/kudu/util/jwt-util-test.cc
M src/kudu/util/jwt-util.cc
M src/kudu/util/jwt-util.h
M src/kudu/util/mini_oidc.cc
M src/kudu/util/mini_oidc.h
13 files changed, 422 insertions(+), 52 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/09/19709/8
--
To view, visit http://gerrit.cloudera.org:8080/19709
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I0fd7b53d651786bbe57642dd14cd477055b80c78
Gerrit-Change-Number: 19709
Gerrit-PatchSet: 8
Gerrit-Owner: Zoltan Chovan <[email protected]>
Gerrit-Reviewer: Abhishek Chennaka <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Attila Bukor <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Wenzhe Zhou <[email protected]>
Gerrit-Reviewer: Zoltan Chovan <[email protected]>

Reply via email to