Add client SSL integration tests

HTHou · HTHou · commit a55227f16f9d · 2026-06-16T12:27:27.000+08:00
diff --git a/integration-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppBaseConfig.java b/integration-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppBaseConfig.java
@@ -120,6 +120,10 @@ protected final void setProperty(@NotNull String key, String value) {
     }
   }
 
+  public final String getProperty(@NotNull String key, String defaultValue) {
+    return properties.getProperty(key, defaultValue);
+  }
+
   /** Create an instance but with empty properties. */
   public abstract MppBaseConfig emptyClone();
 }
diff --git a/integration-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppCommonConfig.java b/integration-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppCommonConfig.java
@@ -635,6 +635,12 @@ public CommonConfig setEnforceStrongPassword(boolean enforceStrongPassword) {
     return this;
   }
 
+  @Override
+  public CommonConfig setEnableThriftClientSSL(boolean enableThriftClientSSL) {
+    setProperty("enable_thrift_ssl", String.valueOf(enableThriftClientSSL));
+    return this;
+  }
+
   @Override
   public CommonConfig setEnableInternalSSL(boolean enableInternalSSL) {
     setProperty("enable_internal_ssl", String.valueOf(enableInternalSSL));
diff --git a/integration-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppSharedCommonConfig.java b/integration-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppSharedCommonConfig.java
@@ -659,6 +659,13 @@ public CommonConfig setEnforceStrongPassword(boolean enforceStrongPassword) {
     return this;
   }
 
+  @Override
+  public CommonConfig setEnableThriftClientSSL(boolean enableThriftClientSSL) {
+    cnConfig.setEnableThriftClientSSL(enableThriftClientSSL);
+    dnConfig.setEnableThriftClientSSL(enableThriftClientSSL);
+    return this;
+  }
+
   @Override
   public CommonConfig setEnableInternalSSL(boolean enableInternalSSL) {
     cnConfig.setEnableInternalSSL(enableInternalSSL);
diff --git a/integration-test/src/main/java/org/apache/iotdb/it/env/cluster/env/AbstractEnv.java b/integration-test/src/main/java/org/apache/iotdb/it/env/cluster/env/AbstractEnv.java
@@ -614,6 +614,74 @@ public void cleanClusterEnvironment() {
     clusterConfig = new MppClusterConfig();
   }
 
+  private boolean isThriftClientSSLEnabled() {
+    return Boolean.parseBoolean(getDataNodeCommonConfigProperty("enable_thrift_ssl", "false"));
+  }
+
+  private String getDataNodeCommonConfigProperty(final String key, final String defaultValue) {
+    return ((MppCommonConfig) clusterConfig.getDataNodeCommonConfig())
+        .getProperty(key, defaultValue);
+  }
+
+  private Properties constructConnectionProperties(
+      final String username, final String password, final String sqlDialect) {
+    final Properties info = BaseEnv.constructProperties(username, password, sqlDialect);
+    if (isThriftClientSSLEnabled()) {
+      info.put(Config.USE_SSL, Boolean.TRUE.toString());
+      putIfPresent(
+          info, Config.TRUST_STORE, getDataNodeCommonConfigProperty("trust_store_path", ""));
+      putIfPresent(
+          info, Config.TRUST_STORE_PWD, getDataNodeCommonConfigProperty("trust_store_pwd", ""));
+    }
+    return info;
+  }
+
+  private void putIfPresent(final Properties properties, final String key, final String value) {
+    if (value != null && !value.isEmpty()) {
+      properties.put(key, value);
+    }
+  }
+
+  private Session.Builder configureClientSSL(final Session.Builder builder) {
+    if (isThriftClientSSLEnabled()) {
+      builder
+          .useSSL(true)
+          .trustStore(getDataNodeCommonConfigProperty("trust_store_path", ""))
+          .trustStorePwd(getDataNodeCommonConfigProperty("trust_store_pwd", ""));
+    }
+    return builder;
+  }
+
+  private TableSessionBuilder configureClientSSL(final TableSessionBuilder builder) {
+    if (isThriftClientSSLEnabled()) {
+      builder
+          .useSSL(true)
+          .trustStore(getDataNodeCommonConfigProperty("trust_store_path", ""))
+          .trustStorePwd(getDataNodeCommonConfigProperty("trust_store_pwd", ""));
+    }
+    return builder;
+  }
+
+  private SessionPool.Builder configureClientSSL(final SessionPool.Builder builder) {
+    if (isThriftClientSSLEnabled()) {
+      builder
+          .useSSL(true)
+          .trustStore(getDataNodeCommonConfigProperty("trust_store_path", ""))
+          .trustStorePwd(getDataNodeCommonConfigProperty("trust_store_pwd", ""));
+    }
+    return builder;
+  }
+
+  private TableSessionPoolBuilder configureClientSSL(final TableSessionPoolBuilder builder) {
+    if (isThriftClientSSLEnabled()) {
+      builder
+          .useSSL(true)
+          .trustStore(getDataNodeCommonConfigProperty("trust_store_path", ""))
+          .trustStorePwd(getDataNodeCommonConfigProperty("trust_store_pwd", ""));
+    }
+    return builder;
+  }
+
   @Override
   public Connection getConnection(
       final String username, final String password, final String sqlDialect) throws SQLException {
@@ -695,7 +763,8 @@ public ISession getSessionConnection() throws IoTDBConnectionException {
     final DataNodeWrapper dataNode =
         this.dataNodeWrapperList.get(rand.nextInt(this.dataNodeWrapperList.size()));
     final Session session =
-        new Session.Builder().host(dataNode.getIp()).port(dataNode.getPort()).build();
+        configureClientSSL(new Session.Builder().host(dataNode.getIp()).port(dataNode.getPort()))
+            .build();
     session.open();
     return session;
   }
@@ -705,10 +774,11 @@ public ISession getSessionConnection(ZoneId zoneId) throws IoTDBConnectionExcept
     final DataNodeWrapper dataNode =
         this.dataNodeWrapperList.get(rand.nextInt(this.dataNodeWrapperList.size()));
     final Session session =
-        new Session.Builder()
-            .host(dataNode.getIp())
-            .port(dataNode.getPort())
-            .zoneId(zoneId)
+        configureClientSSL(
+                new Session.Builder()
+                    .host(dataNode.getIp())
+                    .port(dataNode.getPort())
+                    .zoneId(zoneId))
             .build();
     session.open();
     return session;
@@ -720,11 +790,12 @@ public ISession getSessionConnection(final String userName, final String passwor
     final DataNodeWrapper dataNode =
         this.dataNodeWrapperList.get(rand.nextInt(this.dataNodeWrapperList.size()));
     final Session session =
-        new Session.Builder()
-            .host(dataNode.getIp())
-            .port(dataNode.getPort())
-            .username(userName)
-            .password(password)
+        configureClientSSL(
+                new Session.Builder()
+                    .host(dataNode.getIp())
+                    .port(dataNode.getPort())
+                    .username(userName)
+                    .password(password))
             .build();
     session.open();
     return session;
@@ -734,16 +805,17 @@ public ISession getSessionConnection(final String userName, final String passwor
   public ISession getSessionConnection(final List<String> nodeUrls)
       throws IoTDBConnectionException {
     final Session session =
-        new Session.Builder()
-            .nodeUrls(nodeUrls)
-            .username(SessionConfig.DEFAULT_USER)
-            .password(SessionConfig.DEFAULT_PASSWORD)
-            .fetchSize(SessionConfig.DEFAULT_FETCH_SIZE)
-            .zoneId(null)
-            .thriftDefaultBufferSize(SessionConfig.DEFAULT_INITIAL_BUFFER_CAPACITY)
-            .thriftMaxFrameSize(SessionConfig.DEFAULT_MAX_FRAME_SIZE)
-            .enableRedirection(SessionConfig.DEFAULT_REDIRECTION_MODE)
-            .version(SessionConfig.DEFAULT_VERSION)
+        configureClientSSL(
+                new Session.Builder()
+                    .nodeUrls(nodeUrls)
+                    .username(SessionConfig.DEFAULT_USER)
+                    .password(SessionConfig.DEFAULT_PASSWORD)
+                    .fetchSize(SessionConfig.DEFAULT_FETCH_SIZE)
+                    .zoneId(null)
+                    .thriftDefaultBufferSize(SessionConfig.DEFAULT_INITIAL_BUFFER_CAPACITY)
+                    .thriftMaxFrameSize(SessionConfig.DEFAULT_MAX_FRAME_SIZE)
+                    .enableRedirection(SessionConfig.DEFAULT_REDIRECTION_MODE)
+                    .version(SessionConfig.DEFAULT_VERSION))
             .build();
     session.open();
     return session;
@@ -753,8 +825,9 @@ public ISession getSessionConnection(final List<String> nodeUrls)
   public ITableSession getTableSessionConnection() throws IoTDBConnectionException {
     final DataNodeWrapper dataNode =
         this.dataNodeWrapperList.get(rand.nextInt(this.dataNodeWrapperList.size()));
-    return new TableSessionBuilder()
-        .nodeUrls(Collections.singletonList(dataNode.getIpAndPortString()))
+    return configureClientSSL(
+            new TableSessionBuilder()
+                .nodeUrls(Collections.singletonList(dataNode.getIpAndPortString())))
         .build();
   }
 
@@ -763,10 +836,11 @@ public ITableSession getTableSessionConnection(String userName, String password)
       throws IoTDBConnectionException {
     final DataNodeWrapper dataNode =
         this.dataNodeWrapperList.get(rand.nextInt(this.dataNodeWrapperList.size()));
-    return new TableSessionBuilder()
-        .nodeUrls(Collections.singletonList(dataNode.getIpAndPortString()))
-        .username(userName)
-        .password(password)
+    return configureClientSSL(
+            new TableSessionBuilder()
+                .nodeUrls(Collections.singletonList(dataNode.getIpAndPortString()))
+                .username(userName)
+                .password(password))
         .build();
   }
 
@@ -775,61 +849,66 @@ public ITableSession getTableSessionConnectionWithDB(final String database)
       throws IoTDBConnectionException {
     final DataNodeWrapper dataNode =
         this.dataNodeWrapperList.get(rand.nextInt(this.dataNodeWrapperList.size()));
-    return new TableSessionBuilder()
-        .nodeUrls(Collections.singletonList(dataNode.getIpAndPortString()))
-        .database(database)
+    return configureClientSSL(
+            new TableSessionBuilder()
+                .nodeUrls(Collections.singletonList(dataNode.getIpAndPortString()))
+                .database(database))
         .build();
   }
 
   public ITableSession getTableSessionConnection(List<String> nodeUrls)
       throws IoTDBConnectionException {
-    return new TableSessionBuilder()
-        .nodeUrls(nodeUrls)
-        .username(SessionConfig.DEFAULT_USER)
-        .password(SessionConfig.DEFAULT_PASSWORD)
-        .fetchSize(SessionConfig.DEFAULT_FETCH_SIZE)
-        .zoneId(null)
-        .thriftDefaultBufferSize(SessionConfig.DEFAULT_INITIAL_BUFFER_CAPACITY)
-        .thriftMaxFrameSize(SessionConfig.DEFAULT_MAX_FRAME_SIZE)
-        .enableRedirection(SessionConfig.DEFAULT_REDIRECTION_MODE)
+    return configureClientSSL(
+            new TableSessionBuilder()
+                .nodeUrls(nodeUrls)
+                .username(SessionConfig.DEFAULT_USER)
+                .password(SessionConfig.DEFAULT_PASSWORD)
+                .fetchSize(SessionConfig.DEFAULT_FETCH_SIZE)
+                .zoneId(null)
+                .thriftDefaultBufferSize(SessionConfig.DEFAULT_INITIAL_BUFFER_CAPACITY)
+                .thriftMaxFrameSize(SessionConfig.DEFAULT_MAX_FRAME_SIZE)
+                .enableRedirection(SessionConfig.DEFAULT_REDIRECTION_MODE))
         .build();
   }
 
   @Override
   public ISessionPool getSessionPool(final int maxSize) {
     final DataNodeWrapper dataNode =
         this.dataNodeWrapperList.get(rand.nextInt(this.dataNodeWrapperList.size()));
-    return new SessionPool.Builder()
-        .host(dataNode.getIp())
-        .port(dataNode.getPort())
-        .user(SessionConfig.DEFAULT_USER)
-        .password(SessionConfig.DEFAULT_PASSWORD)
-        .maxSize(maxSize)
+    return configureClientSSL(
+            new SessionPool.Builder()
+                .host(dataNode.getIp())
+                .port(dataNode.getPort())
+                .user(SessionConfig.DEFAULT_USER)
+                .password(SessionConfig.DEFAULT_PASSWORD)
+                .maxSize(maxSize))
         .build();
   }
 
   @Override
   public ITableSessionPool getTableSessionPool(final int maxSize) {
     final DataNodeWrapper dataNode =
         this.dataNodeWrapperList.get(rand.nextInt(this.dataNodeWrapperList.size()));
-    return new TableSessionPoolBuilder()
-        .nodeUrls(Collections.singletonList(dataNode.getIpAndPortString()))
-        .user(SessionConfig.DEFAULT_USER)
-        .password(SessionConfig.DEFAULT_PASSWORD)
-        .maxSize(maxSize)
+    return configureClientSSL(
+            new TableSessionPoolBuilder()
+                .nodeUrls(Collections.singletonList(dataNode.getIpAndPortString()))
+                .user(SessionConfig.DEFAULT_USER)
+                .password(SessionConfig.DEFAULT_PASSWORD)
+                .maxSize(maxSize))
         .build();
   }
 
   @Override
   public ITableSessionPool getTableSessionPool(final int maxSize, final String database) {
     DataNodeWrapper dataNode =
         this.dataNodeWrapperList.get(rand.nextInt(this.dataNodeWrapperList.size()));
-    return new TableSessionPoolBuilder()
-        .nodeUrls(Collections.singletonList(dataNode.getIpAndPortString()))
-        .user(SessionConfig.DEFAULT_USER)
-        .password(SessionConfig.DEFAULT_PASSWORD)
-        .database(database)
-        .maxSize(maxSize)
+    return configureClientSSL(
+            new TableSessionPoolBuilder()
+                .nodeUrls(Collections.singletonList(dataNode.getIpAndPortString()))
+                .user(SessionConfig.DEFAULT_USER)
+                .password(SessionConfig.DEFAULT_PASSWORD)
+                .database(database)
+                .maxSize(maxSize))
         .build();
   }
 
@@ -853,7 +932,7 @@ protected NodeConnection getWriteConnectionWithSpecifiedDataNode(
             Config.IOTDB_URL_PREFIX
                 + endpoint
                 + getParam(version, NODE_NETWORK_TIMEOUT_MS, ZERO_TIME_ZONE),
-            BaseEnv.constructProperties(username, password, sqlDialect));
+            constructConnectionProperties(username, password, sqlDialect));
     return new NodeConnection(
         endpoint,
         NodeConnection.NodeRole.DATA_NODE,
@@ -910,7 +989,7 @@ protected List<NodeConnection> getReadConnections(
                               Config.IOTDB_URL_PREFIX
                                   + endpoint
                                   + getParam(version, NODE_NETWORK_TIMEOUT_MS, ZERO_TIME_ZONE),
-                              BaseEnv.constructProperties(username, password, sqlDialect))));
+                              constructConnectionProperties(username, password, sqlDialect))));
             });
     return readConnRequestDelegate.requestAll();
   }
@@ -957,7 +1036,7 @@ protected List<NodeConnection> getReadConnections(
                     Config.IOTDB_URL_PREFIX
                         + dataNode.getIpAndPortString()
                         + getParam(version, NODE_NETWORK_TIMEOUT_MS, ZERO_TIME_ZONE),
-                    BaseEnv.constructProperties(username, password, sqlDialect))));
+                    constructConnectionProperties(username, password, sqlDialect))));
 
     return readConnRequestDelegate.requestAll();
   }
@@ -988,8 +1067,10 @@ protected void testJDBCConnection() {
                           Config.IOTDB_URL_PREFIX
                               + dataNodeEndpoint
                               + getParam(null, NODE_NETWORK_TIMEOUT_MS, ZERO_TIME_ZONE),
-                          System.getProperty("User", "root"),
-                          System.getProperty("Password", "root"))) {
+                          constructConnectionProperties(
+                              System.getProperty("User", "root"),
+                              System.getProperty("Password", "root"),
+                              TREE_SQL_DIALECT))) {
                 logger.info("Successfully connecting to DataNode: {}.", dataNodeEndpoint);
                 return null;
               } catch (final Exception e) {
diff --git a/integration-test/src/main/java/org/apache/iotdb/it/env/remote/config/RemoteCommonConfig.java b/integration-test/src/main/java/org/apache/iotdb/it/env/remote/config/RemoteCommonConfig.java
@@ -447,6 +447,11 @@ public CommonConfig setEnforceStrongPassword(boolean enforceStrongPassword) {
     return this;
   }
 
+  @Override
+  public CommonConfig setEnableThriftClientSSL(boolean enableThriftClientSSL) {
+    return this;
+  }
+
   @Override
   public CommonConfig setSubscriptionPrefetchTsFileBatchMaxDelayInMs(
       int subscriptionPrefetchTsFileBatchMaxDelayInMs) {
diff --git a/integration-test/src/main/java/org/apache/iotdb/itbase/env/CommonConfig.java b/integration-test/src/main/java/org/apache/iotdb/itbase/env/CommonConfig.java
@@ -204,6 +204,8 @@ default CommonConfig setDefaultDatabaseLevel(int defaultDatabaseLevel) {
 
   CommonConfig setEnforceStrongPassword(boolean enforceStrongPassword);
 
+  CommonConfig setEnableThriftClientSSL(boolean enableThriftClientSSL);
+
   CommonConfig setEnableInternalSSL(boolean enableInternalSSL);
 
   CommonConfig setKeyStorePath(String keyStorePath);
diff --git a/integration-test/src/test/java/org/apache/iotdb/session/it/IoTDBClientSSLIT.java b/integration-test/src/test/java/org/apache/iotdb/session/it/IoTDBClientSSLIT.java

Original file line number	Diff line number	Diff line change
`@@ -120,6 +120,10 @@ protected final void setProperty(@NotNull String key, String value) {`
`120`	`120`	`}`
`121`	`121`	`}`
`122`	`122`
	`123`	`+ public final String getProperty(@NotNull String key, String defaultValue) {`
	`124`	`+ return properties.getProperty(key, defaultValue);`
	`125`	`+ }`
	`126`	`+`
`123`	`127`	`/** Create an instance but with empty properties. */`
`124`	`128`	`public abstract MppBaseConfig emptyClone();`
`125`	`129`	`}`