You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by yc...@apache.org on 2020/10/22 16:44:41 UTC
[hive] branch master updated: HIVE-24292: hive webUI should support
keystoretype by config (Yongzhi Chen, reviewed by Kevin Risden) (#1594)
This is an automated email from the ASF dual-hosted git repository.
ychena pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push:
new 377c874 HIVE-24292: hive webUI should support keystoretype by config (Yongzhi Chen, reviewed by Kevin Risden) (#1594)
377c874 is described below
commit 377c8741b7714d37fcff82ecb38ead1b7dcce890
Author: Yongzhi Chen <yo...@hotmail.com>
AuthorDate: Thu Oct 22 12:44:19 2020 -0400
HIVE-24292: hive webUI should support keystoretype by config (Yongzhi Chen, reviewed by Kevin Risden) (#1594)
Add:
hive.server2.webui.keystore.type
hive.server2.webui.keymanagerfactory.algorithm
* Fix test after review.
---
.../java/org/apache/hadoop/hive/conf/HiveConf.java | 4 ++++
common/src/java/org/apache/hive/http/HttpServer.java | 19 ++++++++++++++++++-
.../org/apache/hive/service/server/HiveServer2.java | 3 +++
.../server/TestHS2HttpServerPamConfiguration.java | 2 ++
4 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
index b8eaefe..aab4913 100644
--- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
+++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
@@ -3615,6 +3615,10 @@ public class HiveConf extends Configuration {
"SSL certificate keystore location for HiveServer2 WebUI."),
HIVE_SERVER2_WEBUI_SSL_KEYSTORE_PASSWORD("hive.server2.webui.keystore.password", "",
"SSL certificate keystore password for HiveServer2 WebUI."),
+ HIVE_SERVER2_WEBUI_SSL_KEYSTORE_TYPE("hive.server2.webui.keystore.type", "",
+ "SSL certificate keystore type for HiveServer2 WebUI."),
+ HIVE_SERVER2_WEBUI_SSL_KEYMANAGERFACTORY_ALGORITHM("hive.server2.webui.keymanagerfactory.algorithm",
+ "","SSL certificate key manager factory algorithm for HiveServer2 WebUI."),
HIVE_SERVER2_WEBUI_USE_SPNEGO("hive.server2.webui.use.spnego", false,
"If true, the HiveServer2 WebUI will be secured with SPNEGO. Clients must authenticate with Kerberos."),
HIVE_SERVER2_WEBUI_SPNEGO_KEYTAB("hive.server2.webui.spnego.keytab", "",
diff --git a/common/src/java/org/apache/hive/http/HttpServer.java b/common/src/java/org/apache/hive/http/HttpServer.java
index 31646ab..1d1db2f 100644
--- a/common/src/java/org/apache/hive/http/HttpServer.java
+++ b/common/src/java/org/apache/hive/http/HttpServer.java
@@ -35,6 +35,7 @@ import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import javax.net.ssl.KeyManagerFactory;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -155,6 +156,8 @@ public class HttpServer {
private final Map<String, Object> contextAttrs = new HashMap<String, Object>();
private String keyStorePassword;
private String keyStorePath;
+ private String keyStoreType;
+ private String keyManagerFactoryAlgorithm;
private String spnegoPrincipal;
private String spnegoKeytab;
private boolean useSPNEGO;
@@ -221,6 +224,16 @@ public class HttpServer {
return this;
}
+ public Builder setKeyStoreType(String keyStoreType) {
+ this.keyStoreType = keyStoreType;
+ return this;
+ }
+
+ public Builder setKeyManagerFactoryAlgorithm(String keyManagerFactoryAlgorithm) {
+ this.keyManagerFactoryAlgorithm = keyManagerFactoryAlgorithm;
+ return this;
+ }
+
public Builder setUseSSL(boolean useSSL) {
this.useSSL = useSSL;
return this;
@@ -519,7 +532,11 @@ public class HttpServer {
} else {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(b.keyStorePath);
- sslContextFactory.setKeyStoreType(KeyStore.getDefaultType());
+ sslContextFactory.setKeyStoreType(b.keyStoreType == null || b.keyStoreType.isEmpty() ?
+ KeyStore.getDefaultType(): b.keyStoreType);
+ sslContextFactory.setKeyManagerFactoryAlgorithm(
+ b.keyManagerFactoryAlgorithm == null || b.keyManagerFactoryAlgorithm.isEmpty()?
+ KeyManagerFactory.getDefaultAlgorithm() : b.keyManagerFactoryAlgorithm);
Set<String> excludedSSLProtocols = Sets.newHashSet(
Splitter.on(",").trimResults().omitEmptyStrings().split(
Strings.nullToEmpty(b.conf.getVar(ConfVars.HIVE_SSL_PROTOCOL_BLACKLIST))));
diff --git a/service/src/java/org/apache/hive/service/server/HiveServer2.java b/service/src/java/org/apache/hive/service/server/HiveServer2.java
index 4783298..2bf2505 100644
--- a/service/src/java/org/apache/hive/service/server/HiveServer2.java
+++ b/service/src/java/org/apache/hive/service/server/HiveServer2.java
@@ -360,6 +360,9 @@ public class HiveServer2 extends CompositeService {
builder.setKeyStorePassword(ShimLoader.getHadoopShims().getPassword(
hiveConf, ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_PASSWORD.varname));
builder.setKeyStorePath(keyStorePath);
+ builder.setKeyStoreType(hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_TYPE));
+ builder.setKeyManagerFactoryAlgorithm(
+ hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYMANAGERFACTORY_ALGORITHM));
builder.setUseSSL(true);
}
if (hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_USE_SPNEGO)) {
diff --git a/service/src/test/org/apache/hive/service/server/TestHS2HttpServerPamConfiguration.java b/service/src/test/org/apache/hive/service/server/TestHS2HttpServerPamConfiguration.java
index 8d978cd..1e969bd 100644
--- a/service/src/test/org/apache/hive/service/server/TestHS2HttpServerPamConfiguration.java
+++ b/service/src/test/org/apache/hive/service/server/TestHS2HttpServerPamConfiguration.java
@@ -48,6 +48,7 @@ public class TestHS2HttpServerPamConfiguration {
private static HiveConf hiveConf = null;
private static String keyStorePassword = "123456";
private static String keyFileName = "myKeyStore";
+ private static String keyStoreType = KeyStore.getDefaultType();
private static String testDataDir = new File(
System.getProperty("java.io.tmpdir") + File.separator + TestHS2HttpServerPam.class.getCanonicalName() + "-"
+ System.currentTimeMillis()).getPath().replaceAll("\\\\", "/");
@@ -99,6 +100,7 @@ public class TestHS2HttpServerPamConfiguration {
hiveConf.setBoolVar(ConfVars.HIVE_SERVER2_WEBUI_USE_SSL, true);
hiveConf.setVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_PATH, sslKeyStorePath);
hiveConf.setVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_PASSWORD, keyStorePassword);
+ hiveConf.setVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_TYPE, keyStoreType);
hiveServer2 = new HiveServer2();
hiveServer2.init(hiveConf);
}