diff --git a/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java b/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java index ba971fd..cef6861 100644 --- a/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java +++ b/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java @@ -419,6 +419,38 @@ public long getRetryInterval() { } /** + * Create underlying SSL or non-SSL transport + * + * @return TTransport + * @throws TTransportException + */ + private TTransport createUnderlyingTransport() throws TTransportException { + TTransport transport = null; + // Note: Thrift returns an SSL socket that is already bound to the specified host:port + // Therefore an open called on this would be a no-op later + // Hence, any TTransportException related to connecting with the peer are thrown here. + // Bubbling them up the call hierarchy so that a retry can happen in openTransport, + // if dynamic service discovery is configured. + if (isSslConnection()) { + // get SSL socket + String sslTrustStore = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE); + String sslTrustStorePassword = sessConfMap.get( + JdbcConnectionParams.SSL_TRUST_STORE_PASSWORD); + + if (sslTrustStore == null || sslTrustStore.isEmpty()) { + transport = HiveAuthFactory.getSSLSocket(host, port, loginTimeout); + } else { + transport = HiveAuthFactory.getSSLSocket(host, port, loginTimeout, + sslTrustStore, sslTrustStorePassword); + } + } else { + // get non-SSL socket transport + transport = HiveAuthFactory.getSocketTransport(host, port, loginTimeout); + } + return transport; + } + + /** * Create transport per the connection options * Supported transport options are: * - SASL based transports over @@ -433,6 +465,7 @@ public long getRetryInterval() { */ private TTransport createBinaryTransport() throws SQLException, TTransportException { try { + TTransport socketTransport = createUnderlyingTransport(); // handle secure connection if specified if (!JdbcConnectionParams.AUTH_SIMPLE.equals(sessConfMap.get(JdbcConnectionParams.AUTH_TYPE))) { // If Kerberos @@ -454,46 +487,24 @@ private TTransport createBinaryTransport() throws SQLException, TTransportExcept if (sessConfMap.containsKey(JdbcConnectionParams.AUTH_PRINCIPAL)) { transport = KerberosSaslHelper.getKerberosTransport( sessConfMap.get(JdbcConnectionParams.AUTH_PRINCIPAL), host, - HiveAuthFactory.getSocketTransport(host, port, loginTimeout), saslProps, - assumeSubject); + socketTransport, saslProps, assumeSubject); } else { // If there's a delegation token available then use token based connection String tokenStr = getClientDelegationToken(sessConfMap); if (tokenStr != null) { transport = KerberosSaslHelper.getTokenTransport(tokenStr, - host, HiveAuthFactory.getSocketTransport(host, port, loginTimeout), saslProps); + host, socketTransport, saslProps); } else { // we are using PLAIN Sasl connection with user/password String userName = getUserName(); String passwd = getPassword(); - // Note: Thrift returns an SSL socket that is already bound to the specified host:port - // Therefore an open called on this would be a no-op later - // Hence, any TTransportException related to connecting with the peer are thrown here. - // Bubbling them up the call hierarchy so that a retry can happen in openTransport, - // if dynamic service discovery is configured. - if (isSslConnection()) { - // get SSL socket - String sslTrustStore = sessConfMap.get(JdbcConnectionParams.SSL_TRUST_STORE); - String sslTrustStorePassword = sessConfMap.get( - JdbcConnectionParams.SSL_TRUST_STORE_PASSWORD); - - if (sslTrustStore == null || sslTrustStore.isEmpty()) { - transport = HiveAuthFactory.getSSLSocket(host, port, loginTimeout); - } else { - transport = HiveAuthFactory.getSSLSocket(host, port, loginTimeout, - sslTrustStore, sslTrustStorePassword); - } - } else { - // get non-SSL socket transport - transport = HiveAuthFactory.getSocketTransport(host, port, loginTimeout); - } // Overlay the SASL transport on top of the base socket transport (SSL or non-SSL) - transport = PlainSaslHelper.getPlainTransport(userName, passwd, transport); + transport = PlainSaslHelper.getPlainTransport(userName, passwd, socketTransport); } } } else { // Raw socket connection (non-sasl) - transport = HiveAuthFactory.getSocketTransport(host, port, loginTimeout); + transport = socketTransport; } } catch (SaslException e) { throw new SQLException("Could not create secure connection to "