diff --git a/core/trino-main/src/main/java/io/trino/server/InternalCommunicationModule.java b/core/trino-main/src/main/java/io/trino/server/InternalCommunicationModule.java
index bb70fd45e3748..843cd1ff2e96b 100644
--- a/core/trino-main/src/main/java/io/trino/server/InternalCommunicationModule.java
+++ b/core/trino-main/src/main/java/io/trino/server/InternalCommunicationModule.java
@@ -16,6 +16,7 @@
import com.google.inject.Binder;
import io.airlift.configuration.AbstractConfigurationAwareModule;
import io.airlift.http.client.HttpClientConfig;
+import io.airlift.http.server.HttpServerConfig;
import static io.airlift.configuration.ConfigBinder.configBinder;
import static io.airlift.http.client.HttpClientBinder.httpClientBinder;
@@ -26,20 +27,32 @@ public class InternalCommunicationModule
@Override
protected void setup(Binder binder)
{
+ // Set defaults for all HttpClients in the same guice context
+ // so in case of any additions or alternations here an update in:
+ // io.trino.server.security.jwt.JwtAuthenticatorSupportModule.JwkModule.configure
+ // and
+ // io.trino.server.security.oauth2.OAuth2ServiceModule.setup
+ // may also be required.
InternalCommunicationConfig internalCommunicationConfig = buildConfigObject(InternalCommunicationConfig.class);
- configBinder(binder).bindConfigGlobalDefaults(HttpClientConfig.class, config -> {
- // Set defaults for all HttpClients in the same guice context
- // so in case of any additions or alternations here an update in:
- // io.trino.server.security.jwt.JwtAuthenticatorSupportModule.JwkModule.configure
- // and
- // io.trino.server.security.oauth2.OAuth2ServiceModule.setup
- // may also be required.
- config.setHttp2Enabled(internalCommunicationConfig.isHttp2Enabled());
- config.setKeyStorePath(internalCommunicationConfig.getKeyStorePath());
- config.setKeyStorePassword(internalCommunicationConfig.getKeyStorePassword());
- config.setTrustStorePath(internalCommunicationConfig.getTrustStorePath());
- config.setTrustStorePassword(internalCommunicationConfig.getTrustStorePassword());
- });
+ if (internalCommunicationConfig.isHttpsRequired() && internalCommunicationConfig.getKeyStorePath() == null && internalCommunicationConfig.getTrustStorePath() == null) {
+ String sharedSecret = internalCommunicationConfig.getSharedSecret()
+ .orElseThrow(() -> new IllegalArgumentException("Internal shared secret must be set when internal HTTPS is enabled"));
+ configBinder(binder).bindConfigDefaults(HttpServerConfig.class, config -> config.setAutomaticHttpsSharedSecret(sharedSecret));
+ configBinder(binder).bindConfigGlobalDefaults(HttpClientConfig.class, config -> {
+ config.setHttp2Enabled(internalCommunicationConfig.isHttp2Enabled());
+ config.setAutomaticHttpsSharedSecret(sharedSecret);
+ });
+ }
+ else {
+ configBinder(binder).bindConfigGlobalDefaults(HttpClientConfig.class, config -> {
+ config.setHttp2Enabled(internalCommunicationConfig.isHttp2Enabled());
+ config.setKeyStorePath(internalCommunicationConfig.getKeyStorePath());
+ config.setKeyStorePassword(internalCommunicationConfig.getKeyStorePassword());
+ config.setTrustStorePath(internalCommunicationConfig.getTrustStorePath());
+ config.setTrustStorePassword(internalCommunicationConfig.getTrustStorePassword());
+ config.setAutomaticHttpsSharedSecret(null);
+ });
+ }
binder.bind(InternalAuthenticationManager.class);
httpClientBinder(binder).bindGlobalFilter(InternalAuthenticationManager.class);
diff --git a/core/trino-main/src/main/java/io/trino/server/security/jwt/JwtAuthenticatorSupportModule.java b/core/trino-main/src/main/java/io/trino/server/security/jwt/JwtAuthenticatorSupportModule.java
index 3f866e31d9344..1eb25cfc9a5e2 100644
--- a/core/trino-main/src/main/java/io/trino/server/security/jwt/JwtAuthenticatorSupportModule.java
+++ b/core/trino-main/src/main/java/io/trino/server/security/jwt/JwtAuthenticatorSupportModule.java
@@ -61,7 +61,8 @@ public void configure(Binder binder)
.setKeyStorePath(null)
.setKeyStorePassword(null)
.setTrustStorePath(null)
- .setTrustStorePassword(null));
+ .setTrustStorePassword(null)
+ .setAutomaticHttpsSharedSecret(null));
}
// this module can be added multiple times, and this prevents multiple processing by Guice
diff --git a/core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2ServiceModule.java b/core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2ServiceModule.java
index b3358457cecf9..be3ee7621ff07 100644
--- a/core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2ServiceModule.java
+++ b/core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2ServiceModule.java
@@ -59,7 +59,8 @@ protected void setup(Binder binder)
.setKeyStorePath(null)
.setKeyStorePassword(null)
.setTrustStorePath(null)
- .setTrustStorePassword(null));
+ .setTrustStorePassword(null)
+ .setAutomaticHttpsSharedSecret(null));
}
@Provides
diff --git a/pom.xml b/pom.xml
index e0a12fd03a6c6..8cbe51f143c6e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,7 +49,7 @@
1.7.4
2.7.7-1
4.9
- 206
+ 207
${dep.airlift.version}
1.11.946
3.14.9