Index: jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java =================================================================== --- jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java (revision 1668185) +++ jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java (working copy) @@ -343,6 +343,20 @@ */ private TTransport createBinaryTransport() throws SQLException, TTransportException { try { + TTransport socketTransport = null; + if (isSslConnection()) { + String sslTrustStore = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE); + String sslTrustStorePassword = sessConfMap.get( + JdbcConnectionParams.SSL_TRUST_STORE_PASSWORD); + if (sslTrustStore == null || sslTrustStore.isEmpty()) { + socketTransport = HiveAuthFactory.getSSLSocket(host, port, loginTimeout); + } else { + socketTransport = HiveAuthFactory.getSSLSocket(host, port, loginTimeout, sslTrustStore, + sslTrustStorePassword); + } + } else { + socketTransport = HiveAuthFactory.getSocketTransport(host, port, loginTimeout); + } // handle secure connection if specified if (!JdbcConnectionParams.AUTH_SIMPLE.equals(sessConfMap.get(JdbcConnectionParams.AUTH_TYPE))) { // If Kerberos @@ -361,14 +375,13 @@ saslProps.put(Sasl.SERVER_AUTH, "true"); transport = KerberosSaslHelper.getKerberosTransport( sessConfMap.get(JdbcConnectionParams.AUTH_PRINCIPAL), host, - HiveAuthFactory.getSocketTransport(host, port, loginTimeout), saslProps, - assumeSubject); + socketTransport, saslProps, assumeSubject); } else { // If there's a delegation token available then use token based connection String tokenStr = getClientDelegationToken(sessConfMap); if (tokenStr != null) { transport = KerberosSaslHelper.getTokenTransport(tokenStr, - host, HiveAuthFactory.getSocketTransport(host, port, loginTimeout), saslProps); + host, socketTransport, saslProps); } else { // we are using PLAIN Sasl connection with user/password String userName = getUserName(); @@ -378,27 +391,13 @@ // Hence, any TTransportException related to connecting with the peer are thrown here. // Bubbling them up the call hierarchy so that a retry can happen in openTransport, // if dynamic service discovery is configured. - if (isSslConnection()) { - // get SSL socket - String sslTrustStore = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE); - String sslTrustStorePassword = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE_PASSWORD); - if (sslTrustStore == null || sslTrustStore.isEmpty()) { - transport = HiveAuthFactory.getSSLSocket(host, port, loginTimeout); - } else { - transport = HiveAuthFactory.getSSLSocket(host, port, loginTimeout, - sslTrustStore, sslTrustStorePassword); - } - } else { - // get non-SSL socket transport - transport = HiveAuthFactory.getSocketTransport(host, port, loginTimeout); - } // Overlay the SASL transport on top of the base socket transport (SSL or non-SSL) - transport = PlainSaslHelper.getPlainTransport(userName, passwd, transport); + transport = PlainSaslHelper.getPlainTransport(userName, passwd, socketTransport); } } } else { // Raw socket connection (non-sasl) - transport = HiveAuthFactory.getSocketTransport(host, port, loginTimeout); + transport = socketTransport; } } catch (SaslException e) { throw new SQLException("Could not create secure connection to "