Skip to content

Commit e9fe467

Browse files
authored
Support Thrift client mutual TLS (#18026)
1 parent 127eff0 commit e9fe467

41 files changed

Lines changed: 1099 additions & 61 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

integration-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppCommonConfig.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -632,6 +632,12 @@ public CommonConfig setEnableThriftClientSSL(boolean enableThriftClientSSL) {
632632
return this;
633633
}
634634

635+
@Override
636+
public CommonConfig setThriftSSLClientAuth(boolean thriftSSLClientAuth) {
637+
setProperty("thrift_ssl_client_auth", String.valueOf(thriftSSLClientAuth));
638+
return this;
639+
}
640+
635641
@Override
636642
public CommonConfig setEnableInternalSSL(boolean enableInternalSSL) {
637643
setProperty("enable_internal_ssl", String.valueOf(enableInternalSSL));

integration-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppSharedCommonConfig.java

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -658,6 +658,13 @@ public CommonConfig setEnableThriftClientSSL(boolean enableThriftClientSSL) {
658658
return this;
659659
}
660660

661+
@Override
662+
public CommonConfig setThriftSSLClientAuth(boolean thriftSSLClientAuth) {
663+
cnConfig.setThriftSSLClientAuth(thriftSSLClientAuth);
664+
dnConfig.setThriftSSLClientAuth(thriftSSLClientAuth);
665+
return this;
666+
}
667+
661668
@Override
662669
public CommonConfig setEnableInternalSSL(boolean enableInternalSSL) {
663670
cnConfig.setEnableInternalSSL(enableInternalSSL);

integration-test/src/main/java/org/apache/iotdb/it/env/cluster/env/AbstractEnv.java

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -692,6 +692,10 @@ private boolean isThriftClientSSLEnabled() {
692692
return Boolean.parseBoolean(getDataNodeCommonConfigProperty("enable_thrift_ssl", "false"));
693693
}
694694

695+
private boolean isThriftSSLClientAuthEnabled() {
696+
return Boolean.parseBoolean(getDataNodeCommonConfigProperty("thrift_ssl_client_auth", "false"));
697+
}
698+
695699
private String getDataNodeCommonConfigProperty(final String key, final String defaultValue) {
696700
return ((MppCommonConfig) clusterConfig.getDataNodeCommonConfig())
697701
.getProperty(key, defaultValue);
@@ -711,6 +715,11 @@ private Properties constructConnectionProperties(
711715
putIfPresent(
712716
info, Config.TRUST_STORE_PWD, getDataNodeCommonConfigProperty("trust_store_pwd", ""));
713717
putIfPresent(info, Config.SSL_PROTOCOL, getClientSSLProtocol());
718+
if (isThriftSSLClientAuthEnabled()) {
719+
putIfPresent(info, Config.KEY_STORE, getDataNodeCommonConfigProperty("key_store_path", ""));
720+
putIfPresent(
721+
info, Config.KEY_STORE_PWD, getDataNodeCommonConfigProperty("key_store_pwd", ""));
722+
}
714723
}
715724
return info;
716725
}
@@ -728,6 +737,11 @@ private Session.Builder configureClientSSL(final Session.Builder builder) {
728737
.trustStore(getDataNodeCommonConfigProperty("trust_store_path", ""))
729738
.trustStorePwd(getDataNodeCommonConfigProperty("trust_store_pwd", ""))
730739
.sslProtocol(getClientSSLProtocol());
740+
if (isThriftSSLClientAuthEnabled()) {
741+
builder
742+
.keyStore(getDataNodeCommonConfigProperty("key_store_path", ""))
743+
.keyStorePwd(getDataNodeCommonConfigProperty("key_store_pwd", ""));
744+
}
731745
}
732746
return builder;
733747
}
@@ -739,6 +753,11 @@ private TableSessionBuilder configureClientSSL(final TableSessionBuilder builder
739753
.trustStore(getDataNodeCommonConfigProperty("trust_store_path", ""))
740754
.trustStorePwd(getDataNodeCommonConfigProperty("trust_store_pwd", ""))
741755
.sslProtocol(getClientSSLProtocol());
756+
if (isThriftSSLClientAuthEnabled()) {
757+
builder
758+
.keyStore(getDataNodeCommonConfigProperty("key_store_path", ""))
759+
.keyStorePwd(getDataNodeCommonConfigProperty("key_store_pwd", ""));
760+
}
742761
}
743762
return builder;
744763
}
@@ -750,6 +769,11 @@ private SessionPool.Builder configureClientSSL(final SessionPool.Builder builder
750769
.trustStore(getDataNodeCommonConfigProperty("trust_store_path", ""))
751770
.trustStorePwd(getDataNodeCommonConfigProperty("trust_store_pwd", ""))
752771
.sslProtocol(getClientSSLProtocol());
772+
if (isThriftSSLClientAuthEnabled()) {
773+
builder
774+
.keyStore(getDataNodeCommonConfigProperty("key_store_path", ""))
775+
.keyStorePwd(getDataNodeCommonConfigProperty("key_store_pwd", ""));
776+
}
753777
}
754778
return builder;
755779
}
@@ -761,6 +785,11 @@ private TableSessionPoolBuilder configureClientSSL(final TableSessionPoolBuilder
761785
.trustStore(getDataNodeCommonConfigProperty("trust_store_path", ""))
762786
.trustStorePwd(getDataNodeCommonConfigProperty("trust_store_pwd", ""))
763787
.sslProtocol(getClientSSLProtocol());
788+
if (isThriftSSLClientAuthEnabled()) {
789+
builder
790+
.keyStore(getDataNodeCommonConfigProperty("key_store_path", ""))
791+
.keyStorePwd(getDataNodeCommonConfigProperty("key_store_pwd", ""));
792+
}
764793
}
765794
return builder;
766795
}

integration-test/src/main/java/org/apache/iotdb/it/env/remote/config/RemoteCommonConfig.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -447,6 +447,11 @@ public CommonConfig setEnableThriftClientSSL(boolean enableThriftClientSSL) {
447447
return this;
448448
}
449449

450+
@Override
451+
public CommonConfig setThriftSSLClientAuth(boolean thriftSSLClientAuth) {
452+
return this;
453+
}
454+
450455
@Override
451456
public CommonConfig setSubscriptionPrefetchTsFileBatchMaxDelayInMs(
452457
int subscriptionPrefetchTsFileBatchMaxDelayInMs) {

integration-test/src/main/java/org/apache/iotdb/itbase/env/CommonConfig.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -203,6 +203,8 @@ default CommonConfig setDefaultDatabaseLevel(int defaultDatabaseLevel) {
203203

204204
CommonConfig setEnableThriftClientSSL(boolean enableThriftClientSSL);
205205

206+
CommonConfig setThriftSSLClientAuth(boolean thriftSSLClientAuth);
207+
206208
CommonConfig setEnableInternalSSL(boolean enableInternalSSL);
207209

208210
CommonConfig setKeyStorePath(String keyStorePath);

0 commit comments

Comments
 (0)