You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by Daisuke Goto <da...@att.net> on 2017/12/11 15:01:18 UTC

Hive JDBC and invalid SSL certificates

Hello: I am a Hive JDBC user and I am new to Hive and Java.  I am currently
trying to use the JDBC driver to pull data from a test server that issues a
SSL certificate for *.azurehdinsight.net but I can only reach the server
through an internal ip address 10.*.*.*.  I figured that I need to modify
\jdbc\src\java\org\apache\hive\jdbc\HiveConnection.java to accept invalid
certificates.  I found that lines 465 - 506 are responsible for
establishing a SSL connection.  I am wondering if anyone could either
modify the code for me to accept an invalid certificate or give me some
pointers.  I'd never want to ask for something without making contributions
first but at this moment, I need your help.  I'd greatly appreciate your
input.

DG

    // Configure http client for SSL
    if (useSsl) {
      String useTwoWaySSL = sessConfMap.get(JdbcConnectionParams.USE_TWO_
WAY_SSL);
      String sslTrustStorePath = sessConfMap.get(JdbcConnectionParams.SSL_
TRUST_STORE);
      String sslTrustStorePassword = sessConfMap.get(
        JdbcConnectionParams.SSL_TRUST_STORE_PASSWORD);
      KeyStore sslTrustStore;
      SSLConnectionSocketFactory socketFactory;
      SSLContext sslContext;
      /**
       * The code within the try block throws: SSLInitializationException,
KeyStoreException,
       * IOException, NoSuchAlgorithmException, CertificateException,
KeyManagementException &
       * UnrecoverableKeyException. We don't want the client to retry on
any of these,
       * hence we catch all and throw a SQLException.
       */
      try {
        if (useTwoWaySSL != null &&
useTwoWaySSL.equalsIgnoreCase(JdbcConnectionParams.TRUE))
{
          socketFactory = getTwoWaySSLSocketFactory();
        } else if (sslTrustStorePath == null ||
sslTrustStorePath.isEmpty()) {
          // Create a default socket factory based on standard JSSE trust
material
          socketFactory = SSLConnectionSocketFactory.getSocketFactory();
        } else {
          // Pick trust store config from the given path
          sslTrustStore = KeyStore.getInstance(JdbcConnectionParams.SSL_
TRUST_STORE_TYPE);
          try (FileInputStream fis = new FileInputStream(sslTrustStorePath))
{
            sslTrustStore.load(fis, sslTrustStorePassword.toCharArray());
          }
          sslContext = SSLContexts.custom().loadTrustMaterial(sslTrustStore,
null).build();
          socketFactory =
              new SSLConnectionSocketFactory(sslContext, new
DefaultHostnameVerifier(null));
        }
        final Registry<ConnectionSocketFactory> registry =
            RegistryBuilder.<ConnectionSocketFactory>
create().register("https", socketFactory)
                .build();
        httpClientBuilder.setConnectionManager(new
BasicHttpClientConnectionManager(registry));
      } catch (Exception e) {
        String msg =
            "Could not create an https connection to " + jdbcUriString + ".
" + e.getMessage();
        throw new SQLException(msg, " 08S01", e);
      }
    }
    return httpClientBuilder.build();