Yingchun Lai has submitted this change and it was merged. (
http://gerrit.cloudera.org:8080/20047 )
Change subject: [java] allow adding CA certs to the client's trust chain
......................................................................
[java] allow adding CA certs to the client's trust chain
With this patch, the Java client doesn't implicitly trust the TLS
certificate of a Kudu server it's negotiating an RPC connection with
when using its JWT. There is also an update on the Negotiator class
to fix various JWT-related issues during RPC connection negotiation.
To implement that, this patch introduces the following new methods:
* [Async]KuduClient.trustedCertificates(List<ByteString> certs)
to add the specified CA certificates (in DER format) as the
trusted ones for the client (the call replaces all the previously
set certificates if invoked again)
* KuduTestHarness.getClusterCACertDer() to acquire the IPKI CA
certificate of the test mini-cluster via call to
MiniKuduCluster.getCACertDer()
* MiniKuduCluster.getMasterWebServerAddressesAsString() which
returns the addresses of Master's webserver as a comma separated
string, similar to MiniKuduCluster.getMasterAddressesAsString()
In addition, this changelist also contains tests to cover the newly
introduced functionality.
Change-Id: I281fd59da0d24a6119b99e1da8096f381b414a2b
Reviewed-on: http://gerrit.cloudera.org:8080/20017
Tested-by: Kudu Jenkins
Reviewed-by: Attila Bukor <[email protected]>
(cherry picked from commit a0c0c44b91a795022eb46fd450d05e76acf3d718)
Reviewed-on: http://gerrit.cloudera.org:8080/20047
Reviewed-by: Yingchun Lai <[email protected]>
---
M java/kudu-client/src/main/java/org/apache/kudu/client/AsyncKuduClient.java
M java/kudu-client/src/main/java/org/apache/kudu/client/KuduClient.java
M java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java
M java/kudu-client/src/main/java/org/apache/kudu/client/SecurityContext.java
M java/kudu-client/src/test/java/org/apache/kudu/client/TestKuduClient.java
M java/kudu-client/src/test/java/org/apache/kudu/client/TestNegotiation.java
M java/kudu-test-utils/src/main/java/org/apache/kudu/test/KuduTestHarness.java
M
java/kudu-test-utils/src/main/java/org/apache/kudu/test/cluster/MiniKuduCluster.java
M
java/kudu-test-utils/src/test/java/org/apache/kudu/test/TestMiniKuduCluster.java
9 files changed, 455 insertions(+), 47 deletions(-)
Approvals:
Kudu Jenkins: Verified
Yingchun Lai: Looks good to me, approved
--
To view, visit http://gerrit.cloudera.org:8080/20047
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: branch-1.17.x
Gerrit-MessageType: merged
Gerrit-Change-Id: I281fd59da0d24a6119b99e1da8096f381b414a2b
Gerrit-Change-Number: 20047
Gerrit-PatchSet: 2
Gerrit-Owner: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Attila Bukor <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Yingchun Lai <[email protected]>
Gerrit-Reviewer: Zoltan Chovan <[email protected]>
