diff --git a/core/trino-main/src/main/java/io/trino/server/InternalCommunicationModule.java b/core/trino-main/src/main/java/io/trino/server/InternalCommunicationModule.java index bb70fd45e3748..843cd1ff2e96b 100644 --- a/core/trino-main/src/main/java/io/trino/server/InternalCommunicationModule.java +++ b/core/trino-main/src/main/java/io/trino/server/InternalCommunicationModule.java @@ -16,6 +16,7 @@ import com.google.inject.Binder; import io.airlift.configuration.AbstractConfigurationAwareModule; import io.airlift.http.client.HttpClientConfig; +import io.airlift.http.server.HttpServerConfig; import static io.airlift.configuration.ConfigBinder.configBinder; import static io.airlift.http.client.HttpClientBinder.httpClientBinder; @@ -26,20 +27,32 @@ public class InternalCommunicationModule @Override protected void setup(Binder binder) { + // Set defaults for all HttpClients in the same guice context + // so in case of any additions or alternations here an update in: + // io.trino.server.security.jwt.JwtAuthenticatorSupportModule.JwkModule.configure + // and + // io.trino.server.security.oauth2.OAuth2ServiceModule.setup + // may also be required. InternalCommunicationConfig internalCommunicationConfig = buildConfigObject(InternalCommunicationConfig.class); - configBinder(binder).bindConfigGlobalDefaults(HttpClientConfig.class, config -> { - // Set defaults for all HttpClients in the same guice context - // so in case of any additions or alternations here an update in: - // io.trino.server.security.jwt.JwtAuthenticatorSupportModule.JwkModule.configure - // and - // io.trino.server.security.oauth2.OAuth2ServiceModule.setup - // may also be required. - config.setHttp2Enabled(internalCommunicationConfig.isHttp2Enabled()); - config.setKeyStorePath(internalCommunicationConfig.getKeyStorePath()); - config.setKeyStorePassword(internalCommunicationConfig.getKeyStorePassword()); - config.setTrustStorePath(internalCommunicationConfig.getTrustStorePath()); - config.setTrustStorePassword(internalCommunicationConfig.getTrustStorePassword()); - }); + if (internalCommunicationConfig.isHttpsRequired() && internalCommunicationConfig.getKeyStorePath() == null && internalCommunicationConfig.getTrustStorePath() == null) { + String sharedSecret = internalCommunicationConfig.getSharedSecret() + .orElseThrow(() -> new IllegalArgumentException("Internal shared secret must be set when internal HTTPS is enabled")); + configBinder(binder).bindConfigDefaults(HttpServerConfig.class, config -> config.setAutomaticHttpsSharedSecret(sharedSecret)); + configBinder(binder).bindConfigGlobalDefaults(HttpClientConfig.class, config -> { + config.setHttp2Enabled(internalCommunicationConfig.isHttp2Enabled()); + config.setAutomaticHttpsSharedSecret(sharedSecret); + }); + } + else { + configBinder(binder).bindConfigGlobalDefaults(HttpClientConfig.class, config -> { + config.setHttp2Enabled(internalCommunicationConfig.isHttp2Enabled()); + config.setKeyStorePath(internalCommunicationConfig.getKeyStorePath()); + config.setKeyStorePassword(internalCommunicationConfig.getKeyStorePassword()); + config.setTrustStorePath(internalCommunicationConfig.getTrustStorePath()); + config.setTrustStorePassword(internalCommunicationConfig.getTrustStorePassword()); + config.setAutomaticHttpsSharedSecret(null); + }); + } binder.bind(InternalAuthenticationManager.class); httpClientBinder(binder).bindGlobalFilter(InternalAuthenticationManager.class); diff --git a/core/trino-main/src/main/java/io/trino/server/security/jwt/JwtAuthenticatorSupportModule.java b/core/trino-main/src/main/java/io/trino/server/security/jwt/JwtAuthenticatorSupportModule.java index 3f866e31d9344..1eb25cfc9a5e2 100644 --- a/core/trino-main/src/main/java/io/trino/server/security/jwt/JwtAuthenticatorSupportModule.java +++ b/core/trino-main/src/main/java/io/trino/server/security/jwt/JwtAuthenticatorSupportModule.java @@ -61,7 +61,8 @@ public void configure(Binder binder) .setKeyStorePath(null) .setKeyStorePassword(null) .setTrustStorePath(null) - .setTrustStorePassword(null)); + .setTrustStorePassword(null) + .setAutomaticHttpsSharedSecret(null)); } // this module can be added multiple times, and this prevents multiple processing by Guice diff --git a/core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2ServiceModule.java b/core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2ServiceModule.java index b3358457cecf9..be3ee7621ff07 100644 --- a/core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2ServiceModule.java +++ b/core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2ServiceModule.java @@ -59,7 +59,8 @@ protected void setup(Binder binder) .setKeyStorePath(null) .setKeyStorePassword(null) .setTrustStorePath(null) - .setTrustStorePassword(null)); + .setTrustStorePassword(null) + .setAutomaticHttpsSharedSecret(null)); } @Provides diff --git a/pom.xml b/pom.xml index e0a12fd03a6c6..8cbe51f143c6e 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ 1.7.4 2.7.7-1 4.9 - 206 + 207 ${dep.airlift.version} 1.11.946 3.14.9