Skip to content

Commit fac7dae

Browse files
mrveeralosipiuk
mrveera
authored and
losipiuk
committed
Add support to pass ssl certificate value instead of only path
1 parent ce42dbf commit fac7dae

File tree

2 files changed

+64
-4
lines changed

2 files changed

+64
-4
lines changed

trino/trino.go

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -135,6 +135,7 @@ const (
135135
kerberosRealmConfig = "KerberosRealm"
136136
kerberosConfigPathConfig = "KerberosConfigPath"
137137
SSLCertPathConfig = "SSLCertPath"
138+
SSLCertConfig = "SSLCert"
138139
)
139140

140141
var (
@@ -171,6 +172,7 @@ type Config struct {
171172
KerberosRealm string // The Kerberos Realm (optional)
172173
KerberosConfigPath string // The krb5 config path (optional)
173174
SSLCertPath string // The SSL cert path for TLS verification (optional)
175+
SSLCert string // The SSL cert for TLS verification (optional)
174176
}
175177

176178
// FormatDSN returns a DSN string from the configuration.
@@ -205,6 +207,10 @@ func (c *Config) FormatDSN() (string, error) {
205207
query.Add(SSLCertPathConfig, c.SSLCertPath)
206208
}
207209

210+
if isSSL && c.SSLCert != "" {
211+
query.Add(SSLCertConfig, c.SSLCert)
212+
}
213+
208214
if KerberosEnabled {
209215
query.Add(KerberosEnabledConfig, "true")
210216
query.Add(kerberosKeytabPathConfig, c.KerberosKeytabPath)
@@ -290,11 +296,17 @@ func newConn(dsn string) (*Conn, error) {
290296
if httpClient == nil {
291297
return nil, fmt.Errorf("trino: custom client not registered: %q", clientKey)
292298
}
293-
} else if certPath := query.Get(SSLCertPathConfig); certPath != "" && serverURL.Scheme == "https" {
294-
cert, err := ioutil.ReadFile(certPath)
295-
if err != nil {
296-
return nil, fmt.Errorf("trino: Error loading SSL Cert File: %v", err)
299+
} else if serverURL.Scheme == "https" {
300+
301+
cert := []byte(query.Get(SSLCertConfig))
302+
303+
if certPath := query.Get(SSLCertPathConfig); certPath != "" {
304+
cert, err = ioutil.ReadFile(certPath)
305+
if err != nil {
306+
return nil, fmt.Errorf("trino: Error loading SSL Cert File: %v", err)
307+
}
297308
}
309+
298310
certPool := x509.NewCertPool()
299311
certPool.AppendCertsFromPEM(cert)
300312

trino/trino_test.go

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ import (
2323
"math"
2424
"net/http"
2525
"net/http/httptest"
26+
"net/url"
2627
"reflect"
2728
"runtime/debug"
2829
"sort"
@@ -62,6 +63,53 @@ func TestConfigSSLCertPath(t *testing.T) {
6263
assert.Equal(t, want, dsn)
6364
}
6465

66+
func TestConfigSSLCert(t *testing.T) {
67+
sslCert := `-----BEGIN CERTIFICATE-----
68+
MIIFijCCA3ICCQDngXKCZFwSazANBgkqhkiG9w0BAQsFADCBhjELMAkGA1UEBhMC
69+
WFgxEjAQBgNVBAgMCVN0YXRlTmFtZTERMA8GA1UEBwwIQ2l0eU5hbWUxFDASBgNV
70+
BAoMC0NvbXBhbnlOYW1lMRswGQYDVQQLDBJDb21wYW55U2VjdGlvbk5hbWUxHTAb
71+
BgNVBAMMFENvbW1vbk5hbWVPckhvc3RuYW1lMB4XDTIzMDUxNzE2MzQ0MloXDTMz
72+
MDUxNDE2MzQ0MlowgYYxCzAJBgNVBAYTAlhYMRIwEAYDVQQIDAlTdGF0ZU5hbWUx
73+
ETAPBgNVBAcMCENpdHlOYW1lMRQwEgYDVQQKDAtDb21wYW55TmFtZTEbMBkGA1UE
74+
CwwSQ29tcGFueVNlY3Rpb25OYW1lMR0wGwYDVQQDDBRDb21tb25OYW1lT3JIb3N0
75+
bmFtZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKzz/SIuOiHZbUAH
76+
xCWrMaiJybdHHHl0smCu50XKvl/ZkszO1c4aES8/Vohw44ttaE+GOknTSGPka356
77+
NqwdPYMjnXN0d5HY5T5nOfgLxGD/1iCHACrT4gkd1asJ7eFaUgud0a+e9+oG53Vh
78+
Z3QV8+5JaWPuBMudJ8EOtrPMd0dJKVzeExTbpQLJ9HdIsHc6DXqshACd8Iy+ezqf
79+
OoYMYyJMAHO86MZrTs3t9AwUADlvntrwwObVrZ3v43IOKwJTRnpImmVlkouKrGn/
80+
HKzRmJEJ6hJQXhuhqI/0rr61XR8aa8Gs0FqtTTMJ32+PciPPzFtFVLAeA417lYz+
81+
uXZ6IpTLK4oDH8Q6gJY80GYqcGc+01ZY90W2L+odTz9P74vnTvsUgSjOcy7prJ0+
82+
WxoeBNPvkLeetX9WDZW4XaR++HVO1qelNJQqeB6Nver9MJdKkXvR3OxT6iluqXfA
83+
l9JJ57tnzspSrttjWG4kwwiaGn/4xPqd95Hp0r1WAK8U0Cqtvz+Zw9jl341tC1Ya
84+
K1KFIErZYf0KX8ZiYvmkHaTRxYiCmFnnfLtGdrAWkacisLKMhjeb9LXwC/TVtvio
85+
a+ofiW2DX80pQptkfNJs9P19ZFEojPAEFHiZFpz5yZSxHglxIsdIhRsuy5xb/KTo
86+
zey3tsKQJaFIah+aHKjyn3uZx2IRAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAIs5
87+
sbCMB6bT0hcNFqFRCI/BL23m5jwdL9kNWDlEQxBvErtzTC+uStGrCqwV+qu49QAZ
88+
64kUolbzFyq/hQFpHd+9EzNkZGbiOf5toWaBUP6jaZzqYPdfDW+AwIA7iPHcqwH1
89+
iWX2zuAWAICy4H+S4oa/ShOPc8BrrnS8k5f1NpergOhd+wl+szuXJN9Tjli3wd/k
90+
L7f86xvZfOrEbss8YP4QE0+mKh6G71NLEVQ4SV7yIE2hCNLDFWS2ltGVRLv6CDaQ
91+
fXIQrZx2Khvpj+HI/hrwm1wV8Cg5w2IvB831YjTSepSoos0Cc/qYC78zqol/NbwL
92+
7TdHtuZKukDrisRiCDdoKFmS1/IUVeVR2352CG8G3Zo0wwfzoKLxLUtunnrKMmmO
93+
r2jXykqP2hb1dApBNFM7FoaJ7a0j6EcURW8wYl4I+b9ymftPnnZ8mgrjwvLh5ETj
94+
RgGsIBychLZoc1WWTZWu62+mvmSJnzEIFfaiSeYZLaL6qFHm6kqsAUn4s1Looj8/
95+
XoCNjMecchWbpHGCPwMFH1k2smxu7bKk/RJNuWSVn1IPUceJnOBHZGj92aJGZpjr
96+
8j39T3dK9F2r5rHwjZpeEIhyhbLw6pYKif+lBgAWJD3waG0ycwURA02/POHN4CpT
97+
FKu5ZAlRfb2aYegr49DHhzoVAdInWQmP+5EZEUD1
98+
-----END CERTIFICATE-----`
99+
c := &Config{
100+
ServerURI: "https://foobar@localhost:8080",
101+
SessionProperties: map[string]string{"query_priority": "1"},
102+
SSLCert: sslCert,
103+
}
104+
105+
dsn, err := c.FormatDSN()
106+
require.NoError(t, err)
107+
108+
want := "https://foobar@localhost:8080?SSLCert=" + url.QueryEscape(sslCert) + "&session_properties=query_priority%3D1&source=trino-go-client"
109+
110+
assert.Equal(t, want, dsn)
111+
}
112+
65113
func TestExtraCredentials(t *testing.T) {
66114
c := &Config{
67115
ServerURI: "http://foobar@localhost:8080",

0 commit comments

Comments
 (0)