AMashenkov commented on code in PR #1680:
URL: https://github.com/apache/ignite-3/pull/1680#discussion_r1107337760
##########
modules/jdbc/src/main/java/org/apache/ignite/internal/jdbc/JdbcConnection.java:
##########
@@ -149,13 +151,14 @@ public JdbcConnection(ConnectionProperties props) throws
SQLException {
int reconnectThrottlingRetries =
connProps.getReconnectThrottlingRetries();
try {
- client = ((TcpIgniteClient) IgniteClient
- .builder()
+ Builder builder = IgniteClient.builder()
.addresses(addrs)
.connectTimeout(netTimeout)
.reconnectThrottlingPeriod(reconnectThrottlingPeriod)
- .reconnectThrottlingRetries(reconnectThrottlingRetries)
- .build());
+ .reconnectThrottlingRetries(reconnectThrottlingRetries);
+ setupSsl(builder);
Review Comment:
```suggestion
.reconnectThrottlingRetries(reconnectThrottlingRetries)
.ssl(extractSslConfiguration(connProps)
.build();
```
##########
modules/jdbc/src/main/java/org/apache/ignite/internal/jdbc/JdbcConnection.java:
##########
@@ -170,6 +173,23 @@ public JdbcConnection(ConnectionProperties props) throws
SQLException {
holdability = HOLD_CURSORS_OVER_COMMIT;
}
+ private void setupSsl(Builder builder) {
+ if (connProps.isSslEnabled()) {
+ builder.ssl(
+ SslConfiguration.builder()
+ .enabled(true)
+ .trustStoreType(connProps.getTrustStoreType())
+ .trustStorePath(connProps.getTrustStorePath())
+
.trustStorePassword(connProps.getTrustStorePassword())
+ .clientAuth(connProps.getClientAuth())
+ .keyStoreType(connProps.getKeyStoreType())
+ .keyStorePath(connProps.getKeyStorePath())
+ .keyStorePassword(connProps.getKeyStorePassword())
+ .build()
+ );
+ }
+ }
Review Comment:
```suggestion
private @Nullable SslConfiguration
extractSslConfiguration(ConnectionProperties connProps) {
if (connProps.isSslEnabled()) {
return SslConfiguration.builder()
.enabled(true)
.trustStoreType(connProps.getTrustStoreType())
.trustStorePath(connProps.getTrustStorePath())
.trustStorePassword(connProps.getTrustStorePassword())
.clientAuth(connProps.getClientAuth())
.keyStoreType(connProps.getKeyStoreType())
.keyStorePath(connProps.getKeyStorePath())
.keyStorePassword(connProps.getKeyStorePassword())
.build();
} else {
return null;
}
}
```
##########
modules/runner/src/integrationTest/java/org/apache/ignite/internal/ssl/ItSslTest.java:
##########
@@ -305,5 +338,23 @@ void clientCanConnectWithSslAndClientAuth() throws
Exception {
assertThat(client.clusterNodes(), hasSize(2));
}
}
+
+ @Test
+ @DisplayName("Jdbc client can connect with SSL configured")
+ void jdbcCanConnectWithSslAndClientAuth() throws SQLException {
+ var url =
+ "jdbc:ignite:thin://127.0.0.1:10800"
+ + "?sslEnabled=true"
+ + "&trustStorePath=" + trustStorePath
+ + "&trustStoreType=JKS"
+ + "&trustStorePassword=" + password
+ + "&clientAuth=require"
Review Comment:
Do we support clientAuth=optional\none ?
##########
modules/runner/src/integrationTest/java/org/apache/ignite/internal/ssl/ItSslTest.java:
##########
@@ -104,10 +104,18 @@ void clientCouldConnectWithoutSsl() throws Exception {
assertThat(client.clusterNodes(), hasSize(2));
}
}
+
+ @Test
+ @DisplayName("Jdbc driver could establish the connection when SSL
disabled")
+ void jdbcCouldConnectWithoutSsl() throws SQLException {
Review Comment:
```suggestion
void jdbcCanConnectWithoutSsl() throws SQLException {
```
Also,
Can secure jdbc connection be established with insecure server?
I guess we should expect an exception in that case, as client requirements
looks more strict.
Let's add a test for this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
