SSL should not be disable in IAM authentication

aws · Mar 15, 2021 · 6f18e48 · 6f18e48
1 parent 4020978
commit 6f18e48
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/src/main/java/com/amazon/redshift/jdbc/RedshiftConnectionImpl.java b/src/main/java/com/amazon/redshift/jdbc/RedshiftConnectionImpl.java
@@ -225,14 +225,19 @@ public RedshiftConnectionImpl(HostSpec[] hostSpecs,
     m_settings = new RedshiftJDBCSettings();
 
     // IAM 
-    setAuthMech(info);
+    boolean sslExplicitlyDisabled = setAuthMech(info);
 
     // This need to be called after setAuthMech() and before checking some required settings.
     // host, port, username and password may be set in setIAMProperties().
     String iamAuth = getOptionalSetting(RedshiftProperty.IAM_AUTH.getName(), info);
     m_settings.m_iamAuth = (iamAuth == null) ? false : Boolean.parseBoolean(iamAuth);
     if (m_settings.m_iamAuth)
     {
+    	if (sslExplicitlyDisabled) {
+	      	throw new RedshiftException(GT.tr("SSL should be enable in IAM authentication."),
+	      			RedshiftState.UNEXPECTED_ERROR);
+    	}
+
       if (RedshiftLogger.isEnable())
         logger.log(LogLevel.DEBUG, "Start IAM authentication");
 
@@ -2188,7 +2193,7 @@ public static String getRequiredConnSetting(String key, Properties info)
    *
    * @throws RedshiftException        If an unspecified error occurs.
    */
-  private void setAuthMech(Properties info) throws RedshiftException
+  private boolean setAuthMech(Properties info) throws RedshiftException
   {
       //If key word ssl is specified in connection string either with nothing or true,
       //SSL is set to be required.
@@ -2281,6 +2286,8 @@ else if (sslMode.equalsIgnoreCase(SslMode.VERIFY_CA.value))
       {
           m_settings.m_authMech = AuthMech.VERIFY_CA;
       }
+
+      return sslExplicitlyDisabled;
   }
 
   /**