You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by yc...@apache.org on 2020/10/22 16:44:41 UTC

[hive] branch master updated: HIVE-24292: hive webUI should support keystoretype by config (Yongzhi Chen, reviewed by Kevin Risden) (#1594)

This is an automated email from the ASF dual-hosted git repository.

ychena pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git


The following commit(s) were added to refs/heads/master by this push:
     new 377c874  HIVE-24292: hive webUI should support keystoretype by config (Yongzhi Chen, reviewed by Kevin Risden) (#1594)
377c874 is described below

commit 377c8741b7714d37fcff82ecb38ead1b7dcce890
Author: Yongzhi Chen <yo...@hotmail.com>
AuthorDate: Thu Oct 22 12:44:19 2020 -0400

    HIVE-24292: hive webUI should support keystoretype by config (Yongzhi Chen, reviewed by Kevin Risden) (#1594)
    
    Add:
     hive.server2.webui.keystore.type
     hive.server2.webui.keymanagerfactory.algorithm
    
    * Fix test after review.
---
 .../java/org/apache/hadoop/hive/conf/HiveConf.java    |  4 ++++
 common/src/java/org/apache/hive/http/HttpServer.java  | 19 ++++++++++++++++++-
 .../org/apache/hive/service/server/HiveServer2.java   |  3 +++
 .../server/TestHS2HttpServerPamConfiguration.java     |  2 ++
 4 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
index b8eaefe..aab4913 100644
--- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
+++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
@@ -3615,6 +3615,10 @@ public class HiveConf extends Configuration {
         "SSL certificate keystore location for HiveServer2 WebUI."),
     HIVE_SERVER2_WEBUI_SSL_KEYSTORE_PASSWORD("hive.server2.webui.keystore.password", "",
         "SSL certificate keystore password for HiveServer2 WebUI."),
+    HIVE_SERVER2_WEBUI_SSL_KEYSTORE_TYPE("hive.server2.webui.keystore.type", "",
+        "SSL certificate keystore type for HiveServer2 WebUI."),
+    HIVE_SERVER2_WEBUI_SSL_KEYMANAGERFACTORY_ALGORITHM("hive.server2.webui.keymanagerfactory.algorithm",
+        "","SSL certificate key manager factory algorithm for HiveServer2 WebUI."),
     HIVE_SERVER2_WEBUI_USE_SPNEGO("hive.server2.webui.use.spnego", false,
         "If true, the HiveServer2 WebUI will be secured with SPNEGO. Clients must authenticate with Kerberos."),
     HIVE_SERVER2_WEBUI_SPNEGO_KEYTAB("hive.server2.webui.spnego.keytab", "",
diff --git a/common/src/java/org/apache/hive/http/HttpServer.java b/common/src/java/org/apache/hive/http/HttpServer.java
index 31646ab..1d1db2f 100644
--- a/common/src/java/org/apache/hive/http/HttpServer.java
+++ b/common/src/java/org/apache/hive/http/HttpServer.java
@@ -35,6 +35,7 @@ import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import javax.net.ssl.KeyManagerFactory;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -155,6 +156,8 @@ public class HttpServer {
     private final Map<String, Object> contextAttrs = new HashMap<String, Object>();
     private String keyStorePassword;
     private String keyStorePath;
+    private String keyStoreType;
+    private String keyManagerFactoryAlgorithm;
     private String spnegoPrincipal;
     private String spnegoKeytab;
     private boolean useSPNEGO;
@@ -221,6 +224,16 @@ public class HttpServer {
       return this;
     }
 
+    public Builder setKeyStoreType(String keyStoreType) {
+      this.keyStoreType = keyStoreType;
+      return this;
+    }
+
+    public Builder setKeyManagerFactoryAlgorithm(String keyManagerFactoryAlgorithm) {
+      this.keyManagerFactoryAlgorithm = keyManagerFactoryAlgorithm;
+      return this;
+    }
+
     public Builder setUseSSL(boolean useSSL) {
       this.useSSL = useSSL;
       return this;
@@ -519,7 +532,11 @@ public class HttpServer {
     } else {
       SslContextFactory sslContextFactory = new SslContextFactory();
       sslContextFactory.setKeyStorePath(b.keyStorePath);
-      sslContextFactory.setKeyStoreType(KeyStore.getDefaultType());
+      sslContextFactory.setKeyStoreType(b.keyStoreType == null || b.keyStoreType.isEmpty() ?
+          KeyStore.getDefaultType(): b.keyStoreType);
+      sslContextFactory.setKeyManagerFactoryAlgorithm(
+          b.keyManagerFactoryAlgorithm == null || b.keyManagerFactoryAlgorithm.isEmpty()?
+          KeyManagerFactory.getDefaultAlgorithm() : b.keyManagerFactoryAlgorithm);
       Set<String> excludedSSLProtocols = Sets.newHashSet(
         Splitter.on(",").trimResults().omitEmptyStrings().split(
           Strings.nullToEmpty(b.conf.getVar(ConfVars.HIVE_SSL_PROTOCOL_BLACKLIST))));
diff --git a/service/src/java/org/apache/hive/service/server/HiveServer2.java b/service/src/java/org/apache/hive/service/server/HiveServer2.java
index 4783298..2bf2505 100644
--- a/service/src/java/org/apache/hive/service/server/HiveServer2.java
+++ b/service/src/java/org/apache/hive/service/server/HiveServer2.java
@@ -360,6 +360,9 @@ public class HiveServer2 extends CompositeService {
             builder.setKeyStorePassword(ShimLoader.getHadoopShims().getPassword(
               hiveConf, ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_PASSWORD.varname));
             builder.setKeyStorePath(keyStorePath);
+            builder.setKeyStoreType(hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_TYPE));
+            builder.setKeyManagerFactoryAlgorithm(
+                hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYMANAGERFACTORY_ALGORITHM));
             builder.setUseSSL(true);
           }
           if (hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_USE_SPNEGO)) {
diff --git a/service/src/test/org/apache/hive/service/server/TestHS2HttpServerPamConfiguration.java b/service/src/test/org/apache/hive/service/server/TestHS2HttpServerPamConfiguration.java
index 8d978cd..1e969bd 100644
--- a/service/src/test/org/apache/hive/service/server/TestHS2HttpServerPamConfiguration.java
+++ b/service/src/test/org/apache/hive/service/server/TestHS2HttpServerPamConfiguration.java
@@ -48,6 +48,7 @@ public class TestHS2HttpServerPamConfiguration {
   private static HiveConf hiveConf = null;
   private static String keyStorePassword = "123456";
   private static String keyFileName = "myKeyStore";
+  private static String keyStoreType = KeyStore.getDefaultType();
   private static String testDataDir = new File(
       System.getProperty("java.io.tmpdir") + File.separator + TestHS2HttpServerPam.class.getCanonicalName() + "-"
           + System.currentTimeMillis()).getPath().replaceAll("\\\\", "/");
@@ -99,6 +100,7 @@ public class TestHS2HttpServerPamConfiguration {
     hiveConf.setBoolVar(ConfVars.HIVE_SERVER2_WEBUI_USE_SSL, true);
     hiveConf.setVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_PATH, sslKeyStorePath);
     hiveConf.setVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_PASSWORD, keyStorePassword);
+    hiveConf.setVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_TYPE, keyStoreType);
     hiveServer2 = new HiveServer2();
     hiveServer2.init(hiveConf);
   }