You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spark.apache.org by yu...@apache.org on 2021/10/20 00:30:02 UTC
[spark] branch master updated: [SPARK-37041][SQL] Backport
HIVE-15025: Secure-Socket-Layer (SSL) support for HMS
This is an automated email from the ASF dual-hosted git repository.
yumwang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new 40f1494 [SPARK-37041][SQL] Backport HIVE-15025: Secure-Socket-Layer (SSL) support for HMS
40f1494 is described below
commit 40f14942a97d4572178974bcbeea207abb518571
Author: Yuming Wang <yu...@ebay.com>
AuthorDate: Wed Oct 20 08:28:27 2021 +0800
[SPARK-37041][SQL] Backport HIVE-15025: Secure-Socket-Layer (SSL) support for HMS
### What changes were proposed in this pull request?
This pr backport HIVE-15025: Secure-Socket-Layer (SSL) support for HMS.
### Why are the changes needed?
To make it easy upgrade Thrift:
```
[error] /home/jenkins/workspace/SparkPullRequestBuilder/sql/hive-thriftserver/src/main/java/org/apache/hive/service/auth/HiveAuthFactory.java:254:1: error: incompatible types: String cannot be converted to TConfiguration
[error] return new TSocket(host, port, loginTimeout);
```
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
Existing test.
Closes #34312 from wangyum/SPARK-37041.
Authored-by: Yuming Wang <yu...@ebay.com>
Signed-off-by: Yuming Wang <yu...@ebay.com>
---
.../apache/hive/service/auth/HiveAuthFactory.java | 77 ----------------------
1 file changed, 77 deletions(-)
diff --git a/sql/hive-thriftserver/src/main/java/org/apache/hive/service/auth/HiveAuthFactory.java b/sql/hive-thriftserver/src/main/java/org/apache/hive/service/auth/HiveAuthFactory.java
index fbb5230..8d77b23 100644
--- a/sql/hive-thriftserver/src/main/java/org/apache/hive/service/auth/HiveAuthFactory.java
+++ b/sql/hive-thriftserver/src/main/java/org/apache/hive/service/auth/HiveAuthFactory.java
@@ -19,17 +19,10 @@ package org.apache.hive.service.auth;
import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
-import java.net.InetSocketAddress;
-import java.net.UnknownHostException;
-import java.util.ArrayList;
-import java.util.Arrays;
import java.util.HashMap;
-import java.util.List;
-import java.util.Locale;
import java.util.Map;
import java.util.Objects;
-import javax.net.ssl.SSLServerSocket;
import javax.security.auth.login.LoginException;
import javax.security.sasl.Sasl;
@@ -50,10 +43,6 @@ import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hive.service.cli.HiveSQLException;
import org.apache.hive.service.cli.thrift.ThriftCLIService;
import org.apache.thrift.TProcessorFactory;
-import org.apache.thrift.transport.TSSLTransportFactory;
-import org.apache.thrift.transport.TServerSocket;
-import org.apache.thrift.transport.TSocket;
-import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TTransportException;
import org.apache.thrift.transport.TTransportFactory;
import org.slf4j.Logger;
@@ -250,72 +239,6 @@ public class HiveAuthFactory {
}
}
- public static TTransport getSocketTransport(String host, int port, int loginTimeout) {
- return new TSocket(host, port, loginTimeout);
- }
-
- public static TTransport getSSLSocket(String host, int port, int loginTimeout)
- throws TTransportException {
- return TSSLTransportFactory.getClientSocket(host, port, loginTimeout);
- }
-
- public static TTransport getSSLSocket(String host, int port, int loginTimeout,
- String trustStorePath, String trustStorePassWord) throws TTransportException {
- TSSLTransportFactory.TSSLTransportParameters params =
- new TSSLTransportFactory.TSSLTransportParameters();
- params.setTrustStore(trustStorePath, trustStorePassWord);
- params.requireClientAuth(true);
- return TSSLTransportFactory.getClientSocket(host, port, loginTimeout, params);
- }
-
- public static TServerSocket getServerSocket(String hiveHost, int portNum)
- throws TTransportException {
- InetSocketAddress serverAddress;
- if (hiveHost == null || hiveHost.isEmpty()) {
- // Wildcard bind
- serverAddress = new InetSocketAddress(portNum);
- } else {
- serverAddress = new InetSocketAddress(hiveHost, portNum);
- }
- return new TServerSocket(serverAddress);
- }
-
- public static TServerSocket getServerSSLSocket(String hiveHost, int portNum, String keyStorePath,
- String keyStorePassWord, List<String> sslVersionBlacklist) throws TTransportException,
- UnknownHostException {
- TSSLTransportFactory.TSSLTransportParameters params =
- new TSSLTransportFactory.TSSLTransportParameters();
- params.setKeyStore(keyStorePath, keyStorePassWord);
- InetSocketAddress serverAddress;
- if (hiveHost == null || hiveHost.isEmpty()) {
- // Wildcard bind
- serverAddress = new InetSocketAddress(portNum);
- } else {
- serverAddress = new InetSocketAddress(hiveHost, portNum);
- }
- TServerSocket thriftServerSocket =
- TSSLTransportFactory.getServerSocket(portNum, 0, serverAddress.getAddress(), params);
- if (thriftServerSocket.getServerSocket() instanceof SSLServerSocket) {
- List<String> sslVersionBlacklistLocal = new ArrayList<String>();
- for (String sslVersion : sslVersionBlacklist) {
- sslVersionBlacklistLocal.add(sslVersion.trim().toLowerCase(Locale.ROOT));
- }
- SSLServerSocket sslServerSocket = (SSLServerSocket) thriftServerSocket.getServerSocket();
- List<String> enabledProtocols = new ArrayList<String>();
- for (String protocol : sslServerSocket.getEnabledProtocols()) {
- if (sslVersionBlacklistLocal.contains(protocol.toLowerCase(Locale.ROOT))) {
- LOG.debug("Disabling SSL Protocol: " + protocol);
- } else {
- enabledProtocols.add(protocol);
- }
- }
- sslServerSocket.setEnabledProtocols(enabledProtocols.toArray(new String[0]));
- LOG.info("SSL Server Socket Enabled Protocols: "
- + Arrays.toString(sslServerSocket.getEnabledProtocols()));
- }
- return thriftServerSocket;
- }
-
// retrieve delegation token for the given user
public String getDelegationToken(String owner, String renewer, String remoteAddr)
throws HiveSQLException {
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org