Releasing version 6.2.4.0

kineticadb · Sep 12, 2019 · 4cf5ef3 · 4cf5ef3
1 parent 87ccc4d
commit 4cf5ef3
Show file tree

Hide file tree

Showing 8 changed files with 166 additions and 625 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 ## Version 6.2
 
+### Version 6.2.4.0 - 2019-09-05
+
+#### Added
+-   An option to GPUdb.Options for bypassing SSL certificate verification
+    for HTTPS connections.  Obtained by and set by Options.getBypassSslCertCheck()
+    and Options.setBypassSslCertCheck(boolean) methods.
+
 ### Version 6.2.3.0 - 2019-08-01
 
 #### Added

diff --git a/VERSION b/VERSION
@@ -1,4 +1,4 @@
 MAJOR = 6
 MINOR = 2
-REVISION = 3
+REVISION = 4
 ABI_VERSION = 0
diff --git a/api/pom.xml b/api/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.gpudb</groupId>
     <artifactId>gpudb-api</artifactId>
-    <version>6.2.3.0</version>
+    <version>6.2.4.0</version>
     <packaging>jar</packaging>
     <name>Kinetica Java API</name>
     <distributionManagement>

diff --git a/api/src/main/java/com/gpudb/GPUdbBase.java b/api/src/main/java/com/gpudb/GPUdbBase.java
@@ -6,6 +6,7 @@
 import com.gpudb.protocol.ShowTableResponse;
 import com.gpudb.protocol.ShowTypesRequest;
 import com.gpudb.protocol.ShowTypesResponse;
+import com.gpudb.util.ssl.X509TrustManagerBypass;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -14,6 +15,7 @@
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.nio.ByteBuffer;
+import java.security.GeneralSecurityException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -31,6 +33,8 @@
 import org.apache.commons.codec.binary.Base64;
 import org.xerial.snappy.Snappy;
 
+
+
 /**
  * Base class for the GPUdb API that provides general functionality not specific
  * to any particular GPUdb request. This class is never instantiated directly;
@@ -47,6 +51,7 @@ public static final class Options {
         private String username;
         private String password;
         private boolean useSnappy = true;
+        private boolean bypassSslCertCheck = false;
         private int threadCount = 1;
         private ExecutorService executor;
         private Map<String, String> httpHeaders = new HashMap<>();
@@ -88,6 +93,18 @@ public boolean getUseSnappy() {
             return useSnappy;
         }
 
+        /**
+         * Gets the value of the flag indicating whether to verify the SSL
+         * certificate for HTTPS connections.
+         *
+         * @return  the value of the SSL certificate verification bypass flag
+         *
+         * @see #setBypassSslCertCheck(boolean)
+         */
+        public boolean getBypassSslCertCheck() {
+            return this.bypassSslCertCheck;
+        }
+
         /**
          * Gets the number of threads that will be used during data encoding and
          * decoding operations.
@@ -210,6 +227,24 @@ public Options setUseSnappy(boolean value) {
             return this;
         }
 
+        /**
+         * Sets the flag indicating whether to verify the SSL certificate for
+         * HTTPS connections.  If {@code true}, then the SSL certificate sent
+         * by the server during HTTPS connection handshake will not be verified;
+         * the public key sent by the server will be blindly trusted and used
+         * to encrypt the packets.  The default is {@code false}.
+         *
+         * @param value  the value of the SSL certificate verification bypass
+         *               flag
+         * @return       the current {@link Options} instance
+         *
+         * @see #getBypassSslCertCheck()
+         */
+        public Options setBypassSslCertCheck(boolean value) {
+            this.bypassSslCertCheck = value;
+            return this;
+        }
+
         /**
          * Sets the number of threads that will be used during data encoding and
          * decoding operations. If set to one (the default), all encoding and
@@ -562,6 +597,7 @@ public static Map<String, String> options(String... values) {
     private String password;
     private String authorization;
     private boolean useSnappy;
+    private boolean bypassSslCertCheck;
     private int threadCount;
     private ExecutorService executor;
     private Map<String, String> httpHeaders;
@@ -614,6 +650,19 @@ private void init(Options options) throws GPUdbException {
         threadCount = options.getThreadCount();
         executor = options.getExecutor();
 
+        // Handle SSL certificate verification bypass for HTTPS connections
+        this.bypassSslCertCheck = options.getBypassSslCertCheck();
+        if ( this.bypassSslCertCheck ) {
+            // This bypass works only for HTTPS connections
+            try {
+                X509TrustManagerBypass.install();
+            } catch (GeneralSecurityException ex) {
+                // Not doing anything about it since we're trying to bypass
+                // to reduce distractions anyway
+            }
+        }
+
+
         // Create URLs for the host manager
         this.hmUrls = new ArrayList();
         for ( URL url : this.urls ) {
@@ -1456,38 +1505,68 @@ public <T extends IndexedRecord> T submitRequest(URL url, IndexedRecord request,
                 */
             }
 
-            try (InputStream inputStream = connection.getResponseCode() < 400 ? connection.getInputStream() : connection.getErrorStream()) {
-                if (inputStream == null) {
-                    throw new IOException("Server returned HTTP " + connection.getResponseCode() + " (" + connection.getResponseMessage() + ").");
+            // try (InputStream inputStream = connection.getResponseCode() < 400 ? connection.getInputStream() : connection.getErrorStream()) {
+
+            int response_code = connection.getResponseCode();
+
+            // Ensure that we're not getting any html snippet (may be
+            // returned by the HTTPD server)
+            if ( connection.getContentType().startsWith( "text" ) ) {
+                String responseMsg = connection.getResponseMessage();
+
+                String errorMsg;
+                if (response_code == 401) {
+                    errorMsg = ("Unauthorized access: '"
+                                + responseMsg + "'");
+                } else {
+                    errorMsg = ("Cannot parse response from server: '"
+                                + responseMsg + "'");
                 }
+                throw new SubmitException( url, request, requestSize, errorMsg );
+            }
 
-                try {
-                    // Manually decode the RawGpudbResponse wrapper directly from
-                    // the stream to avoid allocation of intermediate buffers
+            // Parse response based on error code
+            InputStream inputStream;
+            if (response_code == 401) {
+                throw new SubmitException( url, request, requestSize,
+                                           connection.getResponseMessage());
+            }
+            else if (response_code < 400) {
+                inputStream = connection.getInputStream();
+            } else {
+                inputStream = connection.getErrorStream();
+            }
 
-                    BinaryDecoder decoder = DecoderFactory.get().binaryDecoder(inputStream, null);
-                    String status = decoder.readString();
-                    String message = decoder.readString();
+            if (inputStream == null) {
+                throw new IOException("Server returned HTTP " + connection.getResponseCode() + " (" + connection.getResponseMessage() + ").");
+            }
 
-                    if (status.equals("ERROR")) {
-                        throw new SubmitException(url, request, requestSize, message);
-                    }
+            try {
+                // Manually decode the RawGpudbResponse wrapper directly from
+                // the stream to avoid allocation of intermediate buffers
 
-                    // Skip over data_type field
+                BinaryDecoder decoder = DecoderFactory.get().binaryDecoder(inputStream, null);
+                String status = decoder.readString();
+                String message = decoder.readString();
 
-                    decoder.skipString();
+                if (status.equals("ERROR")) {
+                    throw new SubmitException(url, request, requestSize, message);
+                }
 
-                    // Decode data field
+                // Skip over data_type field
 
-                    decoder.readInt();
-                    return new Avro.DatumReader<T>(response.getSchema()).read(response, decoder);
-                } finally {
-                    // Attempt to read any remaining data in the stream
+                decoder.skipString();
 
-                    try {
-                        inputStream.skip(Long.MAX_VALUE);
-                    } catch (Exception ex) {
-                    }
+                // Decode data field
+
+                decoder.readInt();
+                return new Avro.DatumReader<T>(response.getSchema()).read(response, decoder);
+            } finally {
+                // Attempt to read any remaining data in the stream
+
+                try {
+                    inputStream.skip(Long.MAX_VALUE);
+                } catch (Exception ex) {
                 }
             }
         } catch (SubmitException ex) {

diff --git a/api/src/main/java/com/gpudb/util/ssl/X509TrustManagerBypass.java b/api/src/main/java/com/gpudb/util/ssl/X509TrustManagerBypass.java
@@ -0,0 +1,55 @@
+package com.gpudb.util.ssl;
+
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509ExtendedTrustManager;
+import java.net.Socket;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+public class X509TrustManagerBypass extends X509ExtendedTrustManager {
+
+    public static void install() throws GeneralSecurityException {
+
+        TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManagerBypass() };
+        SSLContext sslContext = SSLContext.getInstance("SSL");
+        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
+        HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
+    }
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] x509Certificates, String authType) throws CertificateException {
+    }
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] x509Certificates, String authType, Socket socket)
+            throws CertificateException {
+    }
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] x509Certificates, String authType, SSLEngine sslEngine)
+            throws CertificateException {
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] x509Certificates, String authType) throws CertificateException {
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] x509Certificates, String authType, Socket socket)
+            throws CertificateException {
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] x509Certificates, String authType, SSLEngine sslEngine)
+            throws CertificateException {
+    }
+
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+        return null;
+    }
+}
diff --git a/rpmbuild/gpudb-api-java.spec b/rpmbuild/gpudb-api-java.spec