You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@calcite.apache.org by fr...@apache.org on 2021/02/05 09:43:12 UTC
[calcite-avatica] branch master updated: [CALCITE-3401] Assume
empty keystore passwords by default (Istvan Toth, Alessandro Solimando)
This is an automated email from the ASF dual-hosted git repository.
francischuang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/calcite-avatica.git
The following commit(s) were added to refs/heads/master by this push:
new ba20936 [CALCITE-3401] Assume empty keystore passwords by default (Istvan Toth, Alessandro Solimando)
ba20936 is described below
commit ba20936bb1387793f34ae489760ec0cdbe205e4e
Author: Istvan Toth <st...@stoty.hu>
AuthorDate: Fri Oct 11 14:47:49 2019 +0200
[CALCITE-3401] Assume empty keystore passwords by default (Istvan Toth, Alessandro Solimando)
---
.../calcite/avatica/BuiltInConnectionProperty.java | 6 ++--
.../calcite/avatica/ConnectionConfigImplTest.java | 3 +-
.../org/apache/calcite/avatica/HttpBaseTest.java | 17 +++++++----
.../org/apache/calcite/avatica/SslDriverTest.java | 33 +++++++++++++---------
4 files changed, 36 insertions(+), 23 deletions(-)
diff --git a/core/src/main/java/org/apache/calcite/avatica/BuiltInConnectionProperty.java b/core/src/main/java/org/apache/calcite/avatica/BuiltInConnectionProperty.java
index a1babb3..16e1061 100644
--- a/core/src/main/java/org/apache/calcite/avatica/BuiltInConnectionProperty.java
+++ b/core/src/main/java/org/apache/calcite/avatica/BuiltInConnectionProperty.java
@@ -74,16 +74,16 @@ public enum BuiltInConnectionProperty implements ConnectionProperty {
TRUSTSTORE("truststore", Type.STRING, null, false),
/** Password for the truststore */
- TRUSTSTORE_PASSWORD("truststore_password", Type.STRING, null, false),
+ TRUSTSTORE_PASSWORD("truststore_password", Type.STRING, "", false),
/** Keystore for MTLS authentication */
KEYSTORE("keystore", Type.STRING, null, false),
/** Password for the keystore */
- KEYSTORE_PASSWORD("keystore_password", Type.STRING, null, false),
+ KEYSTORE_PASSWORD("keystore_password", Type.STRING, "", false),
/** Password for the key inside keystore */
- KEY_PASSWORD("key_password", Type.STRING, null, false),
+ KEY_PASSWORD("key_password", Type.STRING, "", false),
HOSTNAME_VERIFICATION("hostname_verification", Type.ENUM, HostnameVerification.STRICT,
HostnameVerification.class, false);
diff --git a/core/src/test/java/org/apache/calcite/avatica/ConnectionConfigImplTest.java b/core/src/test/java/org/apache/calcite/avatica/ConnectionConfigImplTest.java
index 227acd3..6f41018 100644
--- a/core/src/test/java/org/apache/calcite/avatica/ConnectionConfigImplTest.java
+++ b/core/src/test/java/org/apache/calcite/avatica/ConnectionConfigImplTest.java
@@ -23,6 +23,7 @@ import java.nio.file.Paths;
import java.util.Properties;
import static org.hamcrest.core.Is.is;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertThat;
@@ -49,7 +50,7 @@ public class ConnectionConfigImplTest {
Properties props = new Properties();
ConnectionConfigImpl config = new ConnectionConfigImpl(props);
assertNull(config.truststore());
- assertNull(config.truststorePassword());
+ assertEquals(config.truststorePassword(), "");
}
}
diff --git a/server/src/test/java/org/apache/calcite/avatica/HttpBaseTest.java b/server/src/test/java/org/apache/calcite/avatica/HttpBaseTest.java
index 7969eeb..1bee356 100644
--- a/server/src/test/java/org/apache/calcite/avatica/HttpBaseTest.java
+++ b/server/src/test/java/org/apache/calcite/avatica/HttpBaseTest.java
@@ -70,6 +70,7 @@ public abstract class HttpBaseTest {
protected static final Logger LOG = LoggerFactory.getLogger(HttpBaseTest.class);
protected static final String KEYSTORE_PASSWORD = "avaticasecret";
+ protected static final String KEYSTORE_EMPTY_PASSWORD = "";
protected static final ConnectionSpec CONNECTION_SPEC = ConnectionSpec.HSQLDB;
protected static final List<HttpServer> SERVERS_TO_STOP = new ArrayList<>();
@@ -77,22 +78,26 @@ public abstract class HttpBaseTest {
protected static final File TARGET_DIR =
new File(System.getProperty("user.dir"), TARGET_DIR_NAME);
protected static final File KEYSTORE = new File(TARGET_DIR, "avatica-test.jks");
+ protected static final File EMPTY_PW_KEYSTORE = new File(TARGET_DIR, "avatica-test-emptypw.jks");
+
protected static LocalService localService;
protected final String jdbcUrl;
public static void setupClass() throws SQLException {
// Create a self-signed cert
- File target = SpnegoTestUtil.TARGET_DIR;
- File keystore = new File(target, "avatica-test.jks");
- if (keystore.isFile()) {
- assertTrue("Failed to delete keystore: " + keystore, keystore.delete());
+ if (KEYSTORE.isFile()) {
+ assertTrue("Failed to delete keystore: " + KEYSTORE, KEYSTORE.delete());
+ }
+ new CertTool().createSelfSignedCert(KEYSTORE, "avatica", KEYSTORE_PASSWORD);
+
+ if (EMPTY_PW_KEYSTORE.isFile()) {
+ assertTrue("Failed to delete keystore: " + EMPTY_PW_KEYSTORE, EMPTY_PW_KEYSTORE.delete());
}
- new CertTool().createSelfSignedCert(keystore, "avatica", KEYSTORE_PASSWORD);
+ new CertTool().createSelfSignedCert(EMPTY_PW_KEYSTORE, "avatica", KEYSTORE_EMPTY_PASSWORD);
// Create a LocalService around HSQLDB
JdbcMeta jdbcMeta;
- jdbcMeta = null;
jdbcMeta = new JdbcMeta(CONNECTION_SPEC.url,
CONNECTION_SPEC.username, CONNECTION_SPEC.password);
localService = new LocalService(jdbcMeta);
diff --git a/server/src/test/java/org/apache/calcite/avatica/SslDriverTest.java b/server/src/test/java/org/apache/calcite/avatica/SslDriverTest.java
index 42abac5..7421ddd 100644
--- a/server/src/test/java/org/apache/calcite/avatica/SslDriverTest.java
+++ b/server/src/test/java/org/apache/calcite/avatica/SslDriverTest.java
@@ -24,6 +24,7 @@ import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.runners.Parameterized.Parameters;
+import java.io.File;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
@@ -60,21 +61,27 @@ public class SslDriverTest extends HttpBaseTest {
setupClass();
for (Driver.Serialization serialization : new Driver.Serialization[] {
Driver.Serialization.JSON, Driver.Serialization.PROTOBUF}) {
- // Build and start the server, using TLS
- HttpServer httpServer = new HttpServer.Builder()
- .withPort(0)
- .withTLS(KEYSTORE, KEYSTORE_PASSWORD, KEYSTORE, KEYSTORE_PASSWORD)
- .withHandler(localService, serialization)
- .build();
- httpServer.start();
- SERVERS_TO_STOP.add(httpServer);
+ for (boolean emptyPassword : new boolean[] {true, false}) {
+ File keyStore = emptyPassword ? EMPTY_PW_KEYSTORE : KEYSTORE;
+ String password = emptyPassword ? KEYSTORE_EMPTY_PASSWORD : KEYSTORE_PASSWORD;
+ // Build and start the server, using TLS
+ HttpServer httpServer = new HttpServer.Builder()
+ .withPort(0)
+ .withTLS(keyStore, password, keyStore, password)
+ .withHandler(localService, serialization)
+ .build();
+ httpServer.start();
+ SERVERS_TO_STOP.add(httpServer);
- final String url = "jdbc:avatica:remote:url=https://localhost:" + httpServer.getPort()
- + ";serialization=" + serialization + ";truststore=" + KEYSTORE.getAbsolutePath()
- + ";truststore_password=" + KEYSTORE_PASSWORD;
- LOG.info("JDBC URL {}", url);
+ String url = "jdbc:avatica:remote:url=https://localhost:" + httpServer.getPort()
+ + ";serialization=" + serialization + ";truststore=" + keyStore.getAbsolutePath();
+ if (!emptyPassword) {
+ url += ";truststore_password=" + password;
+ }
+ LOG.info("JDBC URL {}", url);
- parameters.add(new Object[] {url});
+ parameters.add(new Object[] {url});
+ }
}
return parameters;