/**
* * Test SSL client connection to SSL server
*
* @throws Exception
*/
@Test
public void testSSLConnectionWithProperty() throws Exception {
setSslConfOverlay(confOverlay);
// Test in binary mode
setBinaryConfOverlay(confOverlay);
// Start HS2 with SSL
miniHS2.start(confOverlay);
System.setProperty(JAVA_TRUST_STORE_PROP, dataFileDir + File.separator + TRUST_STORE_NAME);
System.setProperty(JAVA_TRUST_STORE_PASS_PROP, KEY_STORE_PASSWORD);
// make SSL connection
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL() + ";ssl=true", System.getProperty("user.name"), "bar");
hs2Conn.close();
miniHS2.stop();
// Test in http mode
setHttpConfOverlay(confOverlay);
miniHS2.start(confOverlay);
// make SSL connection
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL("default", SSL_CONN_PARAMS), System.getProperty("user.name"), "bar");
hs2Conn.close();
}
/**
* Start HS2 in Http mode with SSL enabled, open a SSL connection and fetch data
*
* @throws Exception
*/
@Test
public void testSSLFetchHttp() throws Exception {
setSslConfOverlay(confOverlay);
// Test in http mode
setHttpConfOverlay(confOverlay);
miniHS2.start(confOverlay);
String tableName = "sslTab";
Path dataFilePath = new Path(dataFileDir, "kv1.txt");
// make SSL connection
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL("default", SSL_CONN_PARAMS), System.getProperty("user.name"), "bar");
// Set up test data
setupTestTableWithData(tableName, dataFilePath, hs2Conn);
Statement stmt = hs2Conn.createStatement();
ResultSet res = stmt.executeQuery("SELECT * FROM " + tableName);
int rowCount = 0;
while (res.next()) {
++rowCount;
assertEquals("val_" + res.getInt(1), res.getString(2));
}
// read result over SSL
assertEquals(500, rowCount);
hs2Conn.close();
}
@BeforeClass
public static void beforeTest() throws Exception {
Class.forName(MiniHS2.getJdbcDriverName());
confOverlay.put(ConfVars.HIVE_SERVER2_SESSION_HOOK.varname, SessionHookTest.class.getName());
HiveConf hiveConf = new HiveConf();
miniHiveKdc = MiniHiveKdc.getMiniHiveKdc(hiveConf);
miniHS2 = MiniHiveKdc.getMiniHS2WithKerb(miniHiveKdc, hiveConf);
miniHS2.start(confOverlay);
}
@After
public void tearDown() throws Exception {
if (hs2Conn != null) {
hs2Conn.close();
}
if (miniHS2 != null && miniHS2.isStarted()) {
miniHS2.stop();
}
System.clearProperty(JAVA_TRUST_STORE_PROP);
System.clearProperty(JAVA_TRUST_STORE_PASS_PROP);
}
@BeforeClass
public static void beforeTest() throws Exception {
Class.forName(MiniHS2.getJdbcDriverName());
HiveConf conf = new HiveConf();
conf.setVar(ConfVars.HIVE_AUTHORIZATION_MANAGER, SQLStdHiveAuthorizerFactory.class.getName());
conf.setVar(ConfVars.HIVE_AUTHENTICATOR_MANAGER, SessionStateUserAuthenticator.class.getName());
conf.setBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED, true);
conf.setBoolVar(ConfVars.HIVE_SUPPORT_CONCURRENCY, false);
conf.setBoolVar(ConfVars.HIVE_SERVER2_ENABLE_DOAS, false);
miniHS2 = new MiniHS2(conf);
miniHS2.start(new HashMap<String, String>());
}
/**
* * Negative test isValid() method
*
* @throws Exception
*/
@Test
public void testIsValidNeg() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
hs2Conn.close();
assertFalse(hs2Conn.isValid(1000));
}
/**
* Test connection using the proxy user connection property
*
* @throws Exception
*/
@Test
public void testProxyAuth() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL(
"default", ";hive.server2.proxy.user=" + MiniHiveKdc.HIVE_TEST_USER_1));
verifyProperty(SESSION_USER_NAME, MiniHiveKdc.HIVE_TEST_USER_1);
}
/**
* * Test token based authentication over kerberos Login as super user and retrieve the token for
* normal user use the token to connect connect as normal user
*
* @throws Exception
*/
@Test
public void testTokenAuth() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
// retrieve token and store in the cache
String token =
((HiveConnection) hs2Conn)
.getDelegationToken(MiniHiveKdc.HIVE_TEST_USER_1, MiniHiveKdc.HIVE_SERVICE_PRINCIPAL);
assertTrue(token != null && !token.isEmpty());
hs2Conn.close();
UserGroupInformation ugi = miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_USER_1);
// Store token in the cache
storeToken(token, ugi);
hs2Conn =
DriverManager.getConnection(miniHS2.getBaseJdbcURL() + "default;auth=delegationToken");
verifyProperty(SESSION_USER_NAME, MiniHiveKdc.HIVE_TEST_USER_1);
}
/**
* * Negative test, verify that connection to secure HS2 fails when required connection attributes
* are not provided
*
* @throws Exception
*/
@Test
public void testConnectionNeg() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_USER_1);
try {
String url = miniHS2.getJdbcURL().replaceAll(";principal.*", "");
hs2Conn = DriverManager.getConnection(url);
fail("NON kerberos connection should fail");
} catch (SQLException e) {
// expected error
assertEquals("08S01", e.getSQLState().trim());
}
}
@BeforeClass
public static void beforeTest() throws Exception {
Class.forName(MiniHS2.getJdbcDriverName());
confOverlay.put(ConfVars.HIVE_SERVER2_SESSION_HOOK.varname, SessionHookTest.class.getName());
confOverlay.put(
ConfVars.HIVE_SERVER2_CUSTOM_AUTHENTICATION_CLASS.varname,
CustomAuthenticator.class.getName());
HiveConf hiveConf = new HiveConf();
miniHiveKdc = MiniHiveKdc.getMiniHiveKdc(hiveConf);
miniHS2 = MiniHiveKdc.getMiniHS2WithKerbWithRemoteHMS(miniHiveKdc, hiveConf, "CUSTOM");
miniHS2.start(confOverlay);
}
@BeforeClass
public static void setUpBeforeClass() throws Exception {
tableName = "TestOperationLoggingLayout_table";
hiveConf = new HiveConf();
hiveConf.set(HiveConf.ConfVars.HIVE_SERVER2_LOGGING_OPERATION_LEVEL.varname, "execution");
// We need to set the below parameter to test performance level logging
hiveConf.set("hive.ql.log.PerfLogger.level", "INFO,DRFA");
miniHS2 = new MiniHS2(hiveConf);
confOverlay = new HashMap<String, String>();
confOverlay.put(HiveConf.ConfVars.HIVE_SUPPORT_CONCURRENCY.varname, "false");
miniHS2.start(confOverlay);
}
/**
* * Test SSL client connection to SSL server
*
* @throws Exception
*/
@Test
public void testSSLConnectionWithURL() throws Exception {
setSslConfOverlay(confOverlay);
// Test in binary mode
setBinaryConfOverlay(confOverlay);
// Start HS2 with SSL
miniHS2.start(confOverlay);
// make SSL connection
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL("default", SSL_CONN_PARAMS), System.getProperty("user.name"), "bar");
hs2Conn.close();
miniHS2.stop();
// Test in http mode
setHttpConfOverlay(confOverlay);
miniHS2.start(confOverlay);
// make SSL connection
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL("default", SSL_CONN_PARAMS), System.getProperty("user.name"), "bar");
hs2Conn.close();
}
/**
* * Test SSL client with non-SSL server fails
*
* @throws Exception
*/
@Test
public void testInvalidConfig() throws Exception {
clearSslConfOverlay(confOverlay);
// Test in binary mode
setBinaryConfOverlay(confOverlay);
miniHS2.start(confOverlay);
DriverManager.setLoginTimeout(4);
try {
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL("default", SSL_CONN_PARAMS),
System.getProperty("user.name"),
"bar");
fail("SSL connection should fail with NON-SSL server");
} catch (SQLException e) {
// expected error
assertEquals("08S01", e.getSQLState().trim());
}
System.setProperty(JAVA_TRUST_STORE_PROP, dataFileDir + File.separator + TRUST_STORE_NAME);
System.setProperty(JAVA_TRUST_STORE_PASS_PROP, KEY_STORE_PASSWORD);
try {
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL() + ";ssl=true", System.getProperty("user.name"), "bar");
fail("SSL connection should fail with NON-SSL server");
} catch (SQLException e) {
// expected error
assertEquals("08S01", e.getSQLState().trim());
}
miniHS2.stop();
// Test in http mode with ssl properties specified in url
System.clearProperty(JAVA_TRUST_STORE_PROP);
System.clearProperty(JAVA_TRUST_STORE_PASS_PROP);
setHttpConfOverlay(confOverlay);
miniHS2.start(confOverlay);
try {
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL("default", SSL_CONN_PARAMS),
System.getProperty("user.name"),
"bar");
fail("SSL connection should fail with NON-SSL server");
} catch (SQLException e) {
// expected error
assertEquals("08S01", e.getSQLState().trim());
}
}
/**
* Test connection using the proxy user connection property. Verify proxy connection fails when
* super user doesn't have privilege to impersonate the given user
*
* @throws Exception
*/
@Test
public void testNegativeProxyAuth() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
try {
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL(
"default", ";hive.server2.proxy.user="******" shouldn't be allowed proxy connection for "
+ MiniHiveKdc.HIVE_TEST_USER_2);
} catch (SQLException e) {
// Expected error
e.printStackTrace();
assertTrue(e.getMessage().contains("Failed to validate proxy privilege"));
assertTrue(e.getCause().getCause().getMessage().contains("is not allowed to impersonate"));
}
}
/**
* * Negative test for token based authentication Verify that a user can't retrieve a token for
* user that it's not allowed to impersonate
*
* @throws Exception
*/
@Test
public void testNegativeTokenAuth() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
try {
// retrieve token and store in the cache
String token =
((HiveConnection) hs2Conn)
.getDelegationToken(MiniHiveKdc.HIVE_TEST_USER_2, MiniHiveKdc.HIVE_SERVICE_PRINCIPAL);
fail(
MiniHiveKdc.HIVE_TEST_SUPER_USER
+ " shouldn't be allowed to retrieve token for "
+ MiniHiveKdc.HIVE_TEST_USER_2);
} catch (SQLException e) {
// Expected error
assertTrue(e.getMessage().contains("Error retrieving delegation token for user"));
assertTrue(e.getCause().getCause().getMessage().contains("is not allowed to impersonate"));
} finally {
hs2Conn.close();
}
}
/**
* * Test non-SSL client with SSL server fails
*
* @throws Exception
*/
@Test
public void testConnectionMismatch() throws Exception {
setSslConfOverlay(confOverlay);
// Test in binary mode
setBinaryConfOverlay(confOverlay);
miniHS2.start(confOverlay);
// Start HS2 with SSL
try {
hs2Conn =
DriverManager.getConnection(miniHS2.getJdbcURL(), System.getProperty("user.name"), "bar");
fail("NON SSL connection should fail with SSL server");
} catch (SQLException e) {
// expected error
assertEquals("08S01", e.getSQLState().trim());
}
try {
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL() + ";ssl=false", System.getProperty("user.name"), "bar");
fail("NON SSL connection should fail with SSL server");
} catch (SQLException e) {
// expected error
assertEquals("08S01", e.getSQLState().trim());
}
miniHS2.stop();
// Test in http mode
setHttpConfOverlay(confOverlay);
miniHS2.start(confOverlay);
try {
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL("default", ";ssl=false"), System.getProperty("user.name"), "bar");
fail("NON SSL connection should fail with SSL server");
} catch (SQLException e) {
// expected error
assertEquals("08S01", e.getSQLState().trim());
}
}
@BeforeClass
public static void beforeTest() throws Exception {
Class.forName(MiniHS2.getJdbcDriverName());
}
/**
* Open a session, and create a table for cases usage
*
* @throws Exception
*/
@Before
public void setUp() throws Exception {
dataFile = new File(hiveConf.get("test.data.files"), "kv1.txt");
client = miniHS2.getServiceClient();
sessionHandle = setupSession();
}
@AfterClass
public static void tearDownAfterClass() throws Exception {
miniHS2.stop();
}
/** * Tests to ensure SSLv2 and SSLv3 are disabled */
@Test
public void testSSLVersion() throws Exception {
// we need openssl
Assume.assumeTrue(execCommand("which openssl") == 0);
// we depend on linux openssl exit codes
Assume.assumeTrue(System.getProperty("os.name").toLowerCase().contains("linux"));
setSslConfOverlay(confOverlay);
// Test in binary mode
setBinaryConfOverlay(confOverlay);
// Start HS2 with SSL
miniHS2.start(confOverlay);
// make SSL connection
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL()
+ ";ssl=true;sslTrustStore="
+ dataFileDir
+ File.separator
+ TRUST_STORE_NAME
+ ";trustStorePassword="******"user.name"),
"bar");
hs2Conn.close();
Assert.assertEquals(
"Expected exit code of 1",
1,
execCommand(
"openssl s_client -connect "
+ miniHS2.getHost()
+ ":"
+ miniHS2.getBinaryPort()
+ " -ssl2 < /dev/null"));
Assert.assertEquals(
"Expected exit code of 1",
1,
execCommand(
"openssl s_client -connect "
+ miniHS2.getHost()
+ ":"
+ miniHS2.getBinaryPort()
+ " -ssl3 < /dev/null"));
miniHS2.stop();
// Test in http mode
setHttpConfOverlay(confOverlay);
miniHS2.start(confOverlay);
// make SSL connection
try {
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL()
+ ";ssl=true;sslTrustStore="
+ dataFileDir
+ File.separator
+ TRUST_STORE_NAME
+ ";trustStorePassword="******"user.name"),
"bar");
Assert.fail("Expected SQLException during connect");
} catch (SQLException e) {
LOG.info("Expected exception: " + e, e);
Assert.assertEquals("08S01", e.getSQLState().trim());
Throwable cause = e.getCause();
Assert.assertNotNull(cause);
while (cause.getCause() != null) {
cause = cause.getCause();
}
Assert.assertEquals("org.apache.http.NoHttpResponseException", cause.getClass().getName());
Assert.assertTrue(cause.getMessage().contains("failed to respond"));
}
miniHS2.stop();
}
private Connection getConnection(String userName) throws SQLException {
return DriverManager.getConnection(miniHS2.getJdbcURL(), userName, "bar");
}
@AfterClass
public static void afterTest() throws Exception {
miniHS2.stop();
}
@AfterClass
public static void afterTest() throws Exception {
if (miniHS2.isStarted()) {
miniHS2.stop();
}
}
/**
* * Basic connection test
*
* @throws Exception
*/
@Test
public void testConnection() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_USER_1);
hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
verifyProperty(SESSION_USER_NAME, MiniHiveKdc.HIVE_TEST_USER_1);
}