Exemple #1
0
  /**
   * * Test SSL client connection to SSL server
   *
   * @throws Exception
   */
  @Test
  public void testSSLConnectionWithProperty() throws Exception {
    setSslConfOverlay(confOverlay);
    // Test in binary mode
    setBinaryConfOverlay(confOverlay);
    // Start HS2 with SSL
    miniHS2.start(confOverlay);

    System.setProperty(JAVA_TRUST_STORE_PROP, dataFileDir + File.separator + TRUST_STORE_NAME);
    System.setProperty(JAVA_TRUST_STORE_PASS_PROP, KEY_STORE_PASSWORD);
    // make SSL connection
    hs2Conn =
        DriverManager.getConnection(
            miniHS2.getJdbcURL() + ";ssl=true", System.getProperty("user.name"), "bar");
    hs2Conn.close();
    miniHS2.stop();

    // Test in http mode
    setHttpConfOverlay(confOverlay);
    miniHS2.start(confOverlay);
    // make SSL connection
    hs2Conn =
        DriverManager.getConnection(
            miniHS2.getJdbcURL("default", SSL_CONN_PARAMS), System.getProperty("user.name"), "bar");
    hs2Conn.close();
  }
Exemple #2
0
  /**
   * Start HS2 in Http mode with SSL enabled, open a SSL connection and fetch data
   *
   * @throws Exception
   */
  @Test
  public void testSSLFetchHttp() throws Exception {
    setSslConfOverlay(confOverlay);
    // Test in http mode
    setHttpConfOverlay(confOverlay);
    miniHS2.start(confOverlay);

    String tableName = "sslTab";
    Path dataFilePath = new Path(dataFileDir, "kv1.txt");

    // make SSL connection
    hs2Conn =
        DriverManager.getConnection(
            miniHS2.getJdbcURL("default", SSL_CONN_PARAMS), System.getProperty("user.name"), "bar");

    // Set up test data
    setupTestTableWithData(tableName, dataFilePath, hs2Conn);
    Statement stmt = hs2Conn.createStatement();
    ResultSet res = stmt.executeQuery("SELECT * FROM " + tableName);
    int rowCount = 0;
    while (res.next()) {
      ++rowCount;
      assertEquals("val_" + res.getInt(1), res.getString(2));
    }
    // read result over SSL
    assertEquals(500, rowCount);

    hs2Conn.close();
  }
  @BeforeClass
  public static void beforeTest() throws Exception {
    Class.forName(MiniHS2.getJdbcDriverName());
    confOverlay.put(ConfVars.HIVE_SERVER2_SESSION_HOOK.varname, SessionHookTest.class.getName());

    HiveConf hiveConf = new HiveConf();
    miniHiveKdc = MiniHiveKdc.getMiniHiveKdc(hiveConf);
    miniHS2 = MiniHiveKdc.getMiniHS2WithKerb(miniHiveKdc, hiveConf);
    miniHS2.start(confOverlay);
  }
Exemple #4
0
 @After
 public void tearDown() throws Exception {
   if (hs2Conn != null) {
     hs2Conn.close();
   }
   if (miniHS2 != null && miniHS2.isStarted()) {
     miniHS2.stop();
   }
   System.clearProperty(JAVA_TRUST_STORE_PROP);
   System.clearProperty(JAVA_TRUST_STORE_PASS_PROP);
 }
  @BeforeClass
  public static void beforeTest() throws Exception {
    Class.forName(MiniHS2.getJdbcDriverName());
    HiveConf conf = new HiveConf();
    conf.setVar(ConfVars.HIVE_AUTHORIZATION_MANAGER, SQLStdHiveAuthorizerFactory.class.getName());
    conf.setVar(ConfVars.HIVE_AUTHENTICATOR_MANAGER, SessionStateUserAuthenticator.class.getName());
    conf.setBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED, true);
    conf.setBoolVar(ConfVars.HIVE_SUPPORT_CONCURRENCY, false);
    conf.setBoolVar(ConfVars.HIVE_SERVER2_ENABLE_DOAS, false);

    miniHS2 = new MiniHS2(conf);
    miniHS2.start(new HashMap<String, String>());
  }
 /**
  * * Negative test isValid() method
  *
  * @throws Exception
  */
 @Test
 public void testIsValidNeg() throws Exception {
   miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
   hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
   hs2Conn.close();
   assertFalse(hs2Conn.isValid(1000));
 }
 /**
  * Test connection using the proxy user connection property
  *
  * @throws Exception
  */
 @Test
 public void testProxyAuth() throws Exception {
   miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
   hs2Conn =
       DriverManager.getConnection(
           miniHS2.getJdbcURL(
               "default", ";hive.server2.proxy.user=" + MiniHiveKdc.HIVE_TEST_USER_1));
   verifyProperty(SESSION_USER_NAME, MiniHiveKdc.HIVE_TEST_USER_1);
 }
  /**
   * * Test token based authentication over kerberos Login as super user and retrieve the token for
   * normal user use the token to connect connect as normal user
   *
   * @throws Exception
   */
  @Test
  public void testTokenAuth() throws Exception {
    miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
    hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());

    // retrieve token and store in the cache
    String token =
        ((HiveConnection) hs2Conn)
            .getDelegationToken(MiniHiveKdc.HIVE_TEST_USER_1, MiniHiveKdc.HIVE_SERVICE_PRINCIPAL);
    assertTrue(token != null && !token.isEmpty());
    hs2Conn.close();

    UserGroupInformation ugi = miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_USER_1);
    // Store token in the cache
    storeToken(token, ugi);
    hs2Conn =
        DriverManager.getConnection(miniHS2.getBaseJdbcURL() + "default;auth=delegationToken");
    verifyProperty(SESSION_USER_NAME, MiniHiveKdc.HIVE_TEST_USER_1);
  }
 /**
  * * Negative test, verify that connection to secure HS2 fails when required connection attributes
  * are not provided
  *
  * @throws Exception
  */
 @Test
 public void testConnectionNeg() throws Exception {
   miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_USER_1);
   try {
     String url = miniHS2.getJdbcURL().replaceAll(";principal.*", "");
     hs2Conn = DriverManager.getConnection(url);
     fail("NON kerberos connection should fail");
   } catch (SQLException e) {
     // expected error
     assertEquals("08S01", e.getSQLState().trim());
   }
 }
 @BeforeClass
 public static void beforeTest() throws Exception {
   Class.forName(MiniHS2.getJdbcDriverName());
   confOverlay.put(ConfVars.HIVE_SERVER2_SESSION_HOOK.varname, SessionHookTest.class.getName());
   confOverlay.put(
       ConfVars.HIVE_SERVER2_CUSTOM_AUTHENTICATION_CLASS.varname,
       CustomAuthenticator.class.getName());
   HiveConf hiveConf = new HiveConf();
   miniHiveKdc = MiniHiveKdc.getMiniHiveKdc(hiveConf);
   miniHS2 = MiniHiveKdc.getMiniHS2WithKerbWithRemoteHMS(miniHiveKdc, hiveConf, "CUSTOM");
   miniHS2.start(confOverlay);
 }
 @BeforeClass
 public static void setUpBeforeClass() throws Exception {
   tableName = "TestOperationLoggingLayout_table";
   hiveConf = new HiveConf();
   hiveConf.set(HiveConf.ConfVars.HIVE_SERVER2_LOGGING_OPERATION_LEVEL.varname, "execution");
   // We need to set the below parameter to test performance level logging
   hiveConf.set("hive.ql.log.PerfLogger.level", "INFO,DRFA");
   miniHS2 = new MiniHS2(hiveConf);
   confOverlay = new HashMap<String, String>();
   confOverlay.put(HiveConf.ConfVars.HIVE_SUPPORT_CONCURRENCY.varname, "false");
   miniHS2.start(confOverlay);
 }
Exemple #12
0
  /**
   * * Test SSL client connection to SSL server
   *
   * @throws Exception
   */
  @Test
  public void testSSLConnectionWithURL() throws Exception {
    setSslConfOverlay(confOverlay);
    // Test in binary mode
    setBinaryConfOverlay(confOverlay);
    // Start HS2 with SSL
    miniHS2.start(confOverlay);

    // make SSL connection
    hs2Conn =
        DriverManager.getConnection(
            miniHS2.getJdbcURL("default", SSL_CONN_PARAMS), System.getProperty("user.name"), "bar");
    hs2Conn.close();
    miniHS2.stop();

    // Test in http mode
    setHttpConfOverlay(confOverlay);
    miniHS2.start(confOverlay);
    // make SSL connection
    hs2Conn =
        DriverManager.getConnection(
            miniHS2.getJdbcURL("default", SSL_CONN_PARAMS), System.getProperty("user.name"), "bar");
    hs2Conn.close();
  }
Exemple #13
0
  /**
   * * Test SSL client with non-SSL server fails
   *
   * @throws Exception
   */
  @Test
  public void testInvalidConfig() throws Exception {
    clearSslConfOverlay(confOverlay);
    // Test in binary mode
    setBinaryConfOverlay(confOverlay);
    miniHS2.start(confOverlay);
    DriverManager.setLoginTimeout(4);
    try {
      hs2Conn =
          DriverManager.getConnection(
              miniHS2.getJdbcURL("default", SSL_CONN_PARAMS),
              System.getProperty("user.name"),
              "bar");
      fail("SSL connection should fail with NON-SSL server");
    } catch (SQLException e) {
      // expected error
      assertEquals("08S01", e.getSQLState().trim());
    }

    System.setProperty(JAVA_TRUST_STORE_PROP, dataFileDir + File.separator + TRUST_STORE_NAME);
    System.setProperty(JAVA_TRUST_STORE_PASS_PROP, KEY_STORE_PASSWORD);
    try {
      hs2Conn =
          DriverManager.getConnection(
              miniHS2.getJdbcURL() + ";ssl=true", System.getProperty("user.name"), "bar");
      fail("SSL connection should fail with NON-SSL server");
    } catch (SQLException e) {
      // expected error
      assertEquals("08S01", e.getSQLState().trim());
    }
    miniHS2.stop();

    // Test in http mode with ssl properties specified in url
    System.clearProperty(JAVA_TRUST_STORE_PROP);
    System.clearProperty(JAVA_TRUST_STORE_PASS_PROP);
    setHttpConfOverlay(confOverlay);
    miniHS2.start(confOverlay);
    try {
      hs2Conn =
          DriverManager.getConnection(
              miniHS2.getJdbcURL("default", SSL_CONN_PARAMS),
              System.getProperty("user.name"),
              "bar");
      fail("SSL connection should fail with NON-SSL server");
    } catch (SQLException e) {
      // expected error
      assertEquals("08S01", e.getSQLState().trim());
    }
  }
 /**
  * Test connection using the proxy user connection property. Verify proxy connection fails when
  * super user doesn't have privilege to impersonate the given user
  *
  * @throws Exception
  */
 @Test
 public void testNegativeProxyAuth() throws Exception {
   miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
   try {
     hs2Conn =
         DriverManager.getConnection(
             miniHS2.getJdbcURL(
                 "default", ";hive.server2.proxy.user="******" shouldn't be allowed proxy connection for "
             + MiniHiveKdc.HIVE_TEST_USER_2);
   } catch (SQLException e) {
     // Expected error
     e.printStackTrace();
     assertTrue(e.getMessage().contains("Failed to validate proxy privilege"));
     assertTrue(e.getCause().getCause().getMessage().contains("is not allowed to impersonate"));
   }
 }
  /**
   * * Negative test for token based authentication Verify that a user can't retrieve a token for
   * user that it's not allowed to impersonate
   *
   * @throws Exception
   */
  @Test
  public void testNegativeTokenAuth() throws Exception {
    miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
    hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());

    try {
      // retrieve token and store in the cache
      String token =
          ((HiveConnection) hs2Conn)
              .getDelegationToken(MiniHiveKdc.HIVE_TEST_USER_2, MiniHiveKdc.HIVE_SERVICE_PRINCIPAL);

      fail(
          MiniHiveKdc.HIVE_TEST_SUPER_USER
              + " shouldn't be allowed to retrieve token for "
              + MiniHiveKdc.HIVE_TEST_USER_2);
    } catch (SQLException e) {
      // Expected error
      assertTrue(e.getMessage().contains("Error retrieving delegation token for user"));
      assertTrue(e.getCause().getCause().getMessage().contains("is not allowed to impersonate"));
    } finally {
      hs2Conn.close();
    }
  }
Exemple #16
0
  /**
   * * Test non-SSL client with SSL server fails
   *
   * @throws Exception
   */
  @Test
  public void testConnectionMismatch() throws Exception {
    setSslConfOverlay(confOverlay);
    // Test in binary mode
    setBinaryConfOverlay(confOverlay);
    miniHS2.start(confOverlay);
    // Start HS2 with SSL
    try {
      hs2Conn =
          DriverManager.getConnection(miniHS2.getJdbcURL(), System.getProperty("user.name"), "bar");
      fail("NON SSL connection should fail with SSL server");
    } catch (SQLException e) {
      // expected error
      assertEquals("08S01", e.getSQLState().trim());
    }

    try {
      hs2Conn =
          DriverManager.getConnection(
              miniHS2.getJdbcURL() + ";ssl=false", System.getProperty("user.name"), "bar");
      fail("NON SSL connection should fail with SSL server");
    } catch (SQLException e) {
      // expected error
      assertEquals("08S01", e.getSQLState().trim());
    }
    miniHS2.stop();

    // Test in http mode
    setHttpConfOverlay(confOverlay);
    miniHS2.start(confOverlay);
    try {
      hs2Conn =
          DriverManager.getConnection(
              miniHS2.getJdbcURL("default", ";ssl=false"), System.getProperty("user.name"), "bar");
      fail("NON SSL connection should fail with SSL server");
    } catch (SQLException e) {
      // expected error
      assertEquals("08S01", e.getSQLState().trim());
    }
  }
Exemple #17
0
 @BeforeClass
 public static void beforeTest() throws Exception {
   Class.forName(MiniHS2.getJdbcDriverName());
 }
 /**
  * Open a session, and create a table for cases usage
  *
  * @throws Exception
  */
 @Before
 public void setUp() throws Exception {
   dataFile = new File(hiveConf.get("test.data.files"), "kv1.txt");
   client = miniHS2.getServiceClient();
   sessionHandle = setupSession();
 }
 @AfterClass
 public static void tearDownAfterClass() throws Exception {
   miniHS2.stop();
 }
Exemple #20
0
  /** * Tests to ensure SSLv2 and SSLv3 are disabled */
  @Test
  public void testSSLVersion() throws Exception {
    // we need openssl
    Assume.assumeTrue(execCommand("which openssl") == 0);
    // we depend on linux openssl exit codes
    Assume.assumeTrue(System.getProperty("os.name").toLowerCase().contains("linux"));

    setSslConfOverlay(confOverlay);
    // Test in binary mode
    setBinaryConfOverlay(confOverlay);
    // Start HS2 with SSL
    miniHS2.start(confOverlay);

    // make SSL connection
    hs2Conn =
        DriverManager.getConnection(
            miniHS2.getJdbcURL()
                + ";ssl=true;sslTrustStore="
                + dataFileDir
                + File.separator
                + TRUST_STORE_NAME
                + ";trustStorePassword="******"user.name"),
            "bar");
    hs2Conn.close();
    Assert.assertEquals(
        "Expected exit code of 1",
        1,
        execCommand(
            "openssl s_client -connect "
                + miniHS2.getHost()
                + ":"
                + miniHS2.getBinaryPort()
                + " -ssl2 < /dev/null"));
    Assert.assertEquals(
        "Expected exit code of 1",
        1,
        execCommand(
            "openssl s_client -connect "
                + miniHS2.getHost()
                + ":"
                + miniHS2.getBinaryPort()
                + " -ssl3 < /dev/null"));
    miniHS2.stop();

    // Test in http mode
    setHttpConfOverlay(confOverlay);
    miniHS2.start(confOverlay);
    // make SSL connection
    try {
      hs2Conn =
          DriverManager.getConnection(
              miniHS2.getJdbcURL()
                  + ";ssl=true;sslTrustStore="
                  + dataFileDir
                  + File.separator
                  + TRUST_STORE_NAME
                  + ";trustStorePassword="******"user.name"),
              "bar");
      Assert.fail("Expected SQLException during connect");
    } catch (SQLException e) {
      LOG.info("Expected exception: " + e, e);
      Assert.assertEquals("08S01", e.getSQLState().trim());
      Throwable cause = e.getCause();
      Assert.assertNotNull(cause);
      while (cause.getCause() != null) {
        cause = cause.getCause();
      }
      Assert.assertEquals("org.apache.http.NoHttpResponseException", cause.getClass().getName());
      Assert.assertTrue(cause.getMessage().contains("failed to respond"));
    }
    miniHS2.stop();
  }
 private Connection getConnection(String userName) throws SQLException {
   return DriverManager.getConnection(miniHS2.getJdbcURL(), userName, "bar");
 }
 @AfterClass
 public static void afterTest() throws Exception {
   miniHS2.stop();
 }
 @AfterClass
 public static void afterTest() throws Exception {
   if (miniHS2.isStarted()) {
     miniHS2.stop();
   }
 }
 /**
  * * Basic connection test
  *
  * @throws Exception
  */
 @Test
 public void testConnection() throws Exception {
   miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_USER_1);
   hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
   verifyProperty(SESSION_USER_NAME, MiniHiveKdc.HIVE_TEST_USER_1);
 }