[jira] [Commented] (CALCITE-2285) Support client cert keystore for Avatica Client

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CALCITE-2285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16510316#comment-16510316
 ] 

ASF GitHub Bot commented on CALCITE-2285:
-----------------------------------------

Github user karanmehta93 commented on a diff in the pull request:

    https://github.com/apache/calcite-avatica/pull/57#discussion_r194906396
  
    --- Diff: 
core/src/main/java/org/apache/calcite/avatica/remote/AvaticaCommonsHttpClientImpl.java
 ---
    @@ -127,11 +121,54 @@ private void initializeClient() {
         final String maxCnxnsPerRoute = 
System.getProperty(MAX_POOLED_CONNECTION_PER_ROUTE_KEY,
             MAX_POOLED_CONNECTION_PER_ROUTE_DEFAULT);
         pool.setDefaultMaxPerRoute(Integer.parseInt(maxCnxnsPerRoute));
    +  }
     
    -    this.authCache = new BasicAuthCache();
    +  protected Registry<ConnectionSocketFactory> configureSocketFactories() {
    +    RegistryBuilder<ConnectionSocketFactory> registryBuilder = 
RegistryBuilder.create();
    +    configureHttpRegistry(registryBuilder);
    +    configureHttpsRegistry(registryBuilder);
    +    return registryBuilder.build();
    +  }
     
    -    // A single thread-safe HttpClient, pooling connections via the 
ConnectionManager
    -    this.client = HttpClients.custom().setConnectionManager(pool).build();
    +  protected void 
configureHttpsRegistry(RegistryBuilder<ConnectionSocketFactory> 
registryBuilder) {
    +    if (!configureHttpsSocket) {
    --- End diff --
    
    I looked through the code. That's correct. The `HttpHost` required by 
`CloseableHttpClient` is created in the constructor itself. `HttpHost` is the 
one that uses the URL provided during the initialization. So there's a tight 
coupling here and there will never be a case where both of them will be 
together. I will update the code to configure either of these factories 
depending on URL prefix as `http` vs `https`. What do you think?


> Support client cert keystore for Avatica Client
> -----------------------------------------------
>
>                 Key: CALCITE-2285
>                 URL: https://issues.apache.org/jira/browse/CALCITE-2285
>             Project: Calcite
>          Issue Type: Improvement
>          Components: avatica
>            Reporter: Karan Mehta
>            Assignee: Karan Mehta
>            Priority: Major
>             Fix For: avatica-1.12.0
>
>
> Currently Avatica only supports adding trust-store in {{SSLContext}} in all 
> {{AvaticaHttpClient}} implementations. If keystore support it added, MTLS 
> connections can be established as well.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)