You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lens.apache.org by Ankit Kailaswar <an...@gmail.com> on 2018/05/25 09:09:15 UTC
Review Request 67316: For SSL enabled lens client must always use
trust manager for root X509 cert
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67316/
-----------------------------------------------------------
Review request for lens and Rajitha R.
Bugs: LENS-1515
https://issues.apache.org/jira/browse/LENS-1515
Repository: lens
Description
-------
In case of if cert verification is disabled then we are returning root cert. Also server cert validation will be taken care by default trust manager.
Diffs
-----
lens-client/src/main/java/org/apache/lens/client/LensTrustManager.java 4a696178
Diff: https://reviews.apache.org/r/67316/diff/1/
Testing
-------
https://build.corp.inmobi.com/view/Platform/job/Platform_Common_Job/2959/console
untrusted cert,
25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
25 May 2018 08:37:13 [Spring Shell] WARN org.apache.hadoop.util.NativeCodeLoader - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
25 May 2018 08:37:13 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
CA signed cert,
25 May 2018 08:35:55 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
25 May 2018 08:35:55 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
25 May 2018 08:35:55 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:35:55 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
25 May 2018 08:35:55 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
25 May 2018 08:35:56 [Spring Shell] WARN org.apache.hadoop.util.NativeCodeLoader - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
25 May 2018 08:35:56 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
25 May 2018 08:35:56 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:35:56 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
25 May 2018 08:35:56 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
25 May 2018 08:35:56 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
25 May 2018 08:35:58 [Thread-2] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
25 May 2018 08:35:58 [Thread-2] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:35:58 [Thread-2] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
25 May 2018 08:35:58 [Thread-2] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
25 May 2018 08:35:58 [Thread-2] INFO org.apache.lens.client.LensTrustManager - return root X509.
Thanks,
Ankit Kailaswar
Re: Review Request 67316: For SSL enabled lens client must always use
trust manager for root X509 cert
Posted by Rajitha R <ra...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67316/#review203881
-----------------------------------------------------------
Ship it!
Ship It!
- Rajitha R
On May 25, 2018, 10:56 a.m., Ankit Kailaswar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67316/
> -----------------------------------------------------------
>
> (Updated May 25, 2018, 10:56 a.m.)
>
>
> Review request for lens and Rajitha R.
>
>
> Bugs: LENS-1515
> https://issues.apache.org/jira/browse/LENS-1515
>
>
> Repository: lens
>
>
> Description
> -------
>
> In case of if cert verification is disabled then we should use root cert else we should rely on our trust manager which is first found instance of X509TrustManager in jvm TrustManagerFactory.
>
>
> Diffs
> -----
>
> lens-client/src/main/java/org/apache/lens/client/LensTrustManager.java 4a696178
>
>
> Diff: https://reviews.apache.org/r/67316/diff/1/
>
>
> Testing
> -------
>
> https://build.corp.inmobi.com/view/Platform/job/Platform_Common_Job/2959/console
>
>
> untrusted cert,
> 25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
> 25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
> 25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
> 25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
> 25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
> 25 May 2018 08:37:13 [Spring Shell] WARN org.apache.hadoop.util.NativeCodeLoader - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
> 25 May 2018 08:37:13 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
> 25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
> 25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
> 25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
> 25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
> 25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
> 25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
> 25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
> 25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
>
>
> CA signed cert,
> 25 May 2018 08:34:52 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
> 25 May 2018 08:34:52 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
> 25 May 2018 08:34:52 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
> 25 May 2018 08:34:53 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Server cert verification is enabled.
> 25 May 2018 08:34:53 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Host name verification is enabled.
> 25 May 2018 08:34:53 [Spring Shell] WARN org.apache.hadoop.util.NativeCodeLoader - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
> 25 May 2018 08:34:53 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return first CA X509 cert.
> 25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
> 25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Server cert verification is enabled.
> 25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Host name verification is enabled.
> 25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return first CA X509 cert.
>
>
> Thanks,
>
> Ankit Kailaswar
>
>
Re: Review Request 67316: For SSL enabled lens client must always use
trust manager for root X509 cert
Posted by Ankit Kailaswar <an...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67316/
-----------------------------------------------------------
(Updated May 25, 2018, 10:56 a.m.)
Review request for lens and Rajitha R.
Bugs: LENS-1515
https://issues.apache.org/jira/browse/LENS-1515
Repository: lens
Description (updated)
-------
In case of if cert verification is disabled then we should use root cert else we should rely on our trust manager which is first found instance of X509TrustManager in jvm TrustManagerFactory.
Diffs
-----
lens-client/src/main/java/org/apache/lens/client/LensTrustManager.java 4a696178
Diff: https://reviews.apache.org/r/67316/diff/1/
Testing
-------
https://build.corp.inmobi.com/view/Platform/job/Platform_Common_Job/2959/console
untrusted cert,
25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
25 May 2018 08:37:13 [Spring Shell] WARN org.apache.hadoop.util.NativeCodeLoader - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
25 May 2018 08:37:13 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
CA signed cert,
25 May 2018 08:34:52 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
25 May 2018 08:34:52 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
25 May 2018 08:34:52 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:34:53 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Server cert verification is enabled.
25 May 2018 08:34:53 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Host name verification is enabled.
25 May 2018 08:34:53 [Spring Shell] WARN org.apache.hadoop.util.NativeCodeLoader - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
25 May 2018 08:34:53 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return first CA X509 cert.
25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Server cert verification is enabled.
25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Host name verification is enabled.
25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return first CA X509 cert.
Thanks,
Ankit Kailaswar
Re: Review Request 67316: For SSL enabled lens client must always use
trust manager for root X509 cert
Posted by Rajitha R <ra...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67316/#review203856
-----------------------------------------------------------
lens-client/src/main/java/org/apache/lens/client/LensTrustManager.java
Line 45 (original), 45 (patched)
<https://reviews.apache.org/r/67316/#comment286193>
please revert this here and everwhere else
- Rajitha R
On May 25, 2018, 9:59 a.m., Ankit Kailaswar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67316/
> -----------------------------------------------------------
>
> (Updated May 25, 2018, 9:59 a.m.)
>
>
> Review request for lens and Rajitha R.
>
>
> Bugs: LENS-1515
> https://issues.apache.org/jira/browse/LENS-1515
>
>
> Repository: lens
>
>
> Description
> -------
>
> In case of if cert verification is disabled then we are returning root cert. Also server cert validation will be taken care by default trust manager.
>
>
> Diffs
> -----
>
> lens-client/src/main/java/org/apache/lens/client/LensTrustManager.java 4a696178
>
>
> Diff: https://reviews.apache.org/r/67316/diff/1/
>
>
> Testing
> -------
>
> https://build.corp.inmobi.com/view/Platform/job/Platform_Common_Job/2959/console
>
>
> untrusted cert,
> 25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
> 25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
> 25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
> 25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
> 25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
> 25 May 2018 08:37:13 [Spring Shell] WARN org.apache.hadoop.util.NativeCodeLoader - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
> 25 May 2018 08:37:13 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
> 25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
> 25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
> 25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
> 25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
> 25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
> 25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
> 25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
> 25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
>
>
> CA signed cert,
> 25 May 2018 08:34:52 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
> 25 May 2018 08:34:52 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
> 25 May 2018 08:34:52 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
> 25 May 2018 08:34:53 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Server cert verification is enabled.
> 25 May 2018 08:34:53 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Host name verification is enabled.
> 25 May 2018 08:34:53 [Spring Shell] WARN org.apache.hadoop.util.NativeCodeLoader - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
> 25 May 2018 08:34:53 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return first CA X509 cert.
> 25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
> 25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Server cert verification is enabled.
> 25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Host name verification is enabled.
> 25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return first CA X509 cert.
>
>
> Thanks,
>
> Ankit Kailaswar
>
>
Re: Review Request 67316: For SSL enabled lens client must always use
trust manager for root X509 cert
Posted by Ankit Kailaswar <an...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67316/
-----------------------------------------------------------
(Updated May 25, 2018, 9:59 a.m.)
Review request for lens and Rajitha R.
Bugs: LENS-1515
https://issues.apache.org/jira/browse/LENS-1515
Repository: lens
Description
-------
In case of if cert verification is disabled then we are returning root cert. Also server cert validation will be taken care by default trust manager.
Diffs
-----
lens-client/src/main/java/org/apache/lens/client/LensTrustManager.java 4a696178
Diff: https://reviews.apache.org/r/67316/diff/1/
Testing (updated)
-------
https://build.corp.inmobi.com/view/Platform/job/Platform_Common_Job/2959/console
untrusted cert,
25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
25 May 2018 08:37:12 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
25 May 2018 08:37:13 [Spring Shell] WARN org.apache.hadoop.util.NativeCodeLoader - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
25 May 2018 08:37:13 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
25 May 2018 08:37:14 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Will skip server cert verification 1.
25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Will skip hostname verification 1.
25 May 2018 08:37:20 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return root X509.
CA signed cert,
25 May 2018 08:34:52 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
25 May 2018 08:34:52 [Spring Shell] INFO org.apache.lens.client.LensConnectionParams - Request filter added requestfilter
25 May 2018 08:34:52 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:34:53 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Server cert verification is enabled.
25 May 2018 08:34:53 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Host name verification is enabled.
25 May 2018 08:34:53 [Spring Shell] WARN org.apache.hadoop.util.NativeCodeLoader - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
25 May 2018 08:34:53 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return first CA X509 cert.
25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensConnection - SSL is enabled, Creating https client.
25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - Server cert verification is enabled.
25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensHostnameVerifier - Host name verification is enabled.
25 May 2018 08:34:54 [Spring Shell] INFO org.apache.lens.client.LensTrustManager - return first CA X509 cert.
Thanks,
Ankit Kailaswar