[CALCITE-3401] Assume empty keystore passwords by default (Istvan Toth, Alessandro Solimando)
diff --git a/core/src/main/java/org/apache/calcite/avatica/BuiltInConnectionProperty.java b/core/src/main/java/org/apache/calcite/avatica/BuiltInConnectionProperty.java
index a1babb3..16e1061 100644
--- a/core/src/main/java/org/apache/calcite/avatica/BuiltInConnectionProperty.java
+++ b/core/src/main/java/org/apache/calcite/avatica/BuiltInConnectionProperty.java
@@ -74,16 +74,16 @@
TRUSTSTORE("truststore", Type.STRING, null, false),
/** Password for the truststore */
- TRUSTSTORE_PASSWORD("truststore_password", Type.STRING, null, false),
+ TRUSTSTORE_PASSWORD("truststore_password", Type.STRING, "", false),
/** Keystore for MTLS authentication */
KEYSTORE("keystore", Type.STRING, null, false),
/** Password for the keystore */
- KEYSTORE_PASSWORD("keystore_password", Type.STRING, null, false),
+ KEYSTORE_PASSWORD("keystore_password", Type.STRING, "", false),
/** Password for the key inside keystore */
- KEY_PASSWORD("key_password", Type.STRING, null, false),
+ KEY_PASSWORD("key_password", Type.STRING, "", false),
HOSTNAME_VERIFICATION("hostname_verification", Type.ENUM, HostnameVerification.STRICT,
HostnameVerification.class, false);
diff --git a/core/src/test/java/org/apache/calcite/avatica/ConnectionConfigImplTest.java b/core/src/test/java/org/apache/calcite/avatica/ConnectionConfigImplTest.java
index 227acd3..6f41018 100644
--- a/core/src/test/java/org/apache/calcite/avatica/ConnectionConfigImplTest.java
+++ b/core/src/test/java/org/apache/calcite/avatica/ConnectionConfigImplTest.java
@@ -23,6 +23,7 @@
import java.util.Properties;
import static org.hamcrest.core.Is.is;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertThat;
@@ -49,7 +50,7 @@
Properties props = new Properties();
ConnectionConfigImpl config = new ConnectionConfigImpl(props);
assertNull(config.truststore());
- assertNull(config.truststorePassword());
+ assertEquals(config.truststorePassword(), "");
}
}
diff --git a/server/src/test/java/org/apache/calcite/avatica/HttpBaseTest.java b/server/src/test/java/org/apache/calcite/avatica/HttpBaseTest.java
index 7969eeb..1bee356 100644
--- a/server/src/test/java/org/apache/calcite/avatica/HttpBaseTest.java
+++ b/server/src/test/java/org/apache/calcite/avatica/HttpBaseTest.java
@@ -70,6 +70,7 @@
protected static final Logger LOG = LoggerFactory.getLogger(HttpBaseTest.class);
protected static final String KEYSTORE_PASSWORD = "avaticasecret";
+ protected static final String KEYSTORE_EMPTY_PASSWORD = "";
protected static final ConnectionSpec CONNECTION_SPEC = ConnectionSpec.HSQLDB;
protected static final List<HttpServer> SERVERS_TO_STOP = new ArrayList<>();
@@ -77,22 +78,26 @@
protected static final File TARGET_DIR =
new File(System.getProperty("user.dir"), TARGET_DIR_NAME);
protected static final File KEYSTORE = new File(TARGET_DIR, "avatica-test.jks");
+ protected static final File EMPTY_PW_KEYSTORE = new File(TARGET_DIR, "avatica-test-emptypw.jks");
+
protected static LocalService localService;
protected final String jdbcUrl;
public static void setupClass() throws SQLException {
// Create a self-signed cert
- File target = SpnegoTestUtil.TARGET_DIR;
- File keystore = new File(target, "avatica-test.jks");
- if (keystore.isFile()) {
- assertTrue("Failed to delete keystore: " + keystore, keystore.delete());
+ if (KEYSTORE.isFile()) {
+ assertTrue("Failed to delete keystore: " + KEYSTORE, KEYSTORE.delete());
}
- new CertTool().createSelfSignedCert(keystore, "avatica", KEYSTORE_PASSWORD);
+ new CertTool().createSelfSignedCert(KEYSTORE, "avatica", KEYSTORE_PASSWORD);
+
+ if (EMPTY_PW_KEYSTORE.isFile()) {
+ assertTrue("Failed to delete keystore: " + EMPTY_PW_KEYSTORE, EMPTY_PW_KEYSTORE.delete());
+ }
+ new CertTool().createSelfSignedCert(EMPTY_PW_KEYSTORE, "avatica", KEYSTORE_EMPTY_PASSWORD);
// Create a LocalService around HSQLDB
JdbcMeta jdbcMeta;
- jdbcMeta = null;
jdbcMeta = new JdbcMeta(CONNECTION_SPEC.url,
CONNECTION_SPEC.username, CONNECTION_SPEC.password);
localService = new LocalService(jdbcMeta);
diff --git a/server/src/test/java/org/apache/calcite/avatica/SslDriverTest.java b/server/src/test/java/org/apache/calcite/avatica/SslDriverTest.java
index 42abac5..7421ddd 100644
--- a/server/src/test/java/org/apache/calcite/avatica/SslDriverTest.java
+++ b/server/src/test/java/org/apache/calcite/avatica/SslDriverTest.java
@@ -24,6 +24,7 @@
import org.junit.runners.Parameterized;
import org.junit.runners.Parameterized.Parameters;
+import java.io.File;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
@@ -60,21 +61,27 @@
setupClass();
for (Driver.Serialization serialization : new Driver.Serialization[] {
Driver.Serialization.JSON, Driver.Serialization.PROTOBUF}) {
- // Build and start the server, using TLS
- HttpServer httpServer = new HttpServer.Builder()
- .withPort(0)
- .withTLS(KEYSTORE, KEYSTORE_PASSWORD, KEYSTORE, KEYSTORE_PASSWORD)
- .withHandler(localService, serialization)
- .build();
- httpServer.start();
- SERVERS_TO_STOP.add(httpServer);
+ for (boolean emptyPassword : new boolean[] {true, false}) {
+ File keyStore = emptyPassword ? EMPTY_PW_KEYSTORE : KEYSTORE;
+ String password = emptyPassword ? KEYSTORE_EMPTY_PASSWORD : KEYSTORE_PASSWORD;
+ // Build and start the server, using TLS
+ HttpServer httpServer = new HttpServer.Builder()
+ .withPort(0)
+ .withTLS(keyStore, password, keyStore, password)
+ .withHandler(localService, serialization)
+ .build();
+ httpServer.start();
+ SERVERS_TO_STOP.add(httpServer);
- final String url = "jdbc:avatica:remote:url=https://localhost:" + httpServer.getPort()
- + ";serialization=" + serialization + ";truststore=" + KEYSTORE.getAbsolutePath()
- + ";truststore_password=" + KEYSTORE_PASSWORD;
- LOG.info("JDBC URL {}", url);
+ String url = "jdbc:avatica:remote:url=https://localhost:" + httpServer.getPort()
+ + ";serialization=" + serialization + ";truststore=" + keyStore.getAbsolutePath();
+ if (!emptyPassword) {
+ url += ";truststore_password=" + password;
+ }
+ LOG.info("JDBC URL {}", url);
- parameters.add(new Object[] {url});
+ parameters.add(new Object[] {url});
+ }
}
return parameters;