[ZEPPELIN-4324]: Support two-way SSL authentication.

[fdeantoni]

What is this PR for?

Livy can run behind a reverse proxy that requires SSL authentication.
To support this, three additional properties have been added:

• zeppelin.livy.ssl.keyStore
• zeppelin.livy.ssl.keyStorePassword
• zeppelin.livy.ssl.keyStoreType

The keystore type can either be JKS or PKCS12. The default is JKS. To
keep things streamlined, a property zeppelin.livy.ssl.trustStoreType
has been been added as well. Default value is also JKS.

What type of PR is it?

Improvement

What is the Jira issue?

https://issues.apache.org/jira/browse/ZEPPELIN-4324

How should this be tested?

Set up a livy instance behind a reverse proxy (e.g. HAProxy) that requires two way SSL authentication to access it. Configure the Livy interpreter to access this instance by setting the following properties:

• zeppelin.livy.ssl.keyStore: Path to keystore containing client certificate and key
• zeppelin.livy.ssl.keyStorePassword: Password of keystore
• zeppelin.livy.ssl.keyStoreType: Either JKS or PKCS12
• zeppelin.livy.ssl.trustStore: Path to trust store containing proxy host certificate
• zeppelin.livy.ssl.trustStorePassword: Password of trust store
• zeppelin.livy.ssl.keyStoreType: Either JKS or PKCS12

[zjffdu]

Thanks for the contribution @fdeantoni Does it keep backward compatibility ? I mean does it work in the non-proxy mode with the old configuration.

And have you configured your travis ? I don't see the travis build link here.

[fdeantoni]

The changes should be backwards compatible. The keyStore is only added if the property zeppelin.livy.ssl.keyStore is non-empty. If not provided behaviour should be exactly the same as before.

I just set up travis and triggered a build: https://travis-ci.org/fdeantoni/zeppelin

[zjffdu]

Thanks, PR LGTM