Class ConfiguratorUtils

java.lang.Object
com.databricks.jdbc.dbclient.impl.common.ConfiguratorUtils
public class ConfiguratorUtils extends Object
Utility class for configuring SSL/TLS for Databricks JDBC connections.

SSL/TLS Configuration Flow:

1. getBaseConnectionManager(IDatabricksConnectionContext connectionContext): - Entry point for HTTP client SSL configuration. - Determines if a custom trust store (SSLTrustStore), system trust store, or default JDK trust store should be used based on connectionContext parameters. - Handles test and self-signed certificate scenarios via allowSelfSignedCerts() and isJDBCTestEnv().

2. createConnectionSocketFactoryRegistry(IDatabricksConnectionContext connectionContext): - Chooses between createRegistryWithCustomTrustStore and createRegistryWithSystemOrDefaultTrustStore based on the presence of SSLTrustStore in the connection context.

3. Trust Store Handling: - loadTruststoreOrNull(): Loads the trust store from the path specified by connectionContext.getSSLTrustStore(). If the path is null, a debug log is emitted and null is returned. - If the trust store cannot be loaded or contains no trust anchors, an error is logged and a DatabricksSSLException is thrown.

4. Key Store Handling: - loadKeystoreOrNull(): Loads the client keystore from the path specified by connectionContext.getSSLKeyStore(). If the path is null, a debug log is emitted and null is returned. - If the keystore is present, it is used for client certificate authentication (mutual TLS). If not, a debug log is emitted and only server certificate validation is performed.

5. Socket Factory Registry Construction: - createRegistryFromTrustAnchors(): Builds the registry using trust anchors and, if available, key managers from the keystore. - Handles both one-way (server) and two-way (mutual) TLS authentication.

Key Parameters: - SSLTrustStore, SSLTrustStorePwd, SSLTrustStoreType: Custom trust store configuration - SSLKeyStore, SSLKeyStorePwd, SSLKeyStoreType: Client keystore for mutual TLS - AllowSelfSignedCerts, UseSystemTrustStore: Control trust strategy

  • Constructor Details

    • ConfiguratorUtils

      public ConfiguratorUtils()

  • Method Details

    • getBaseConnectionManager

      public static org.apache.http.impl.conn.PoolingHttpClientConnectionManager getBaseConnectionManager(IDatabricksConnectionContext connectionContext) throws DatabricksSSLException
      Creates and configures the connection manager based on the connection context.
      Parameters:
      connectionContext - The connection context to use for configuration.
      Returns:
      A configured PoolingHttpClientConnectionManager.
      Throws:
      DatabricksSSLException - If there is an error during configuration.

    • createConnectionSocketFactoryRegistry

      public static org.apache.http.config.Registry<org.apache.http.conn.socket.ConnectionSocketFactory> createConnectionSocketFactoryRegistry(IDatabricksConnectionContext connectionContext) throws DatabricksSSLException
      Creates a registry of connection socket factories based on the connection context.
      Parameters:
      connectionContext - The connection context to use for configuration.
      Returns:
      A configured Registry of ConnectionSocketFactory.
      Throws:
      DatabricksSSLException - If there is an error during configuration.

    • loadTruststoreOrNull

      public static KeyStore loadTruststoreOrNull(IDatabricksConnectionContext connectionContext) throws DatabricksSSLException
      Loads a trust store from the path specified in the connection context.
      Parameters:
      connectionContext - The connection context containing trust store configuration.
      Returns:
      The loaded KeyStore or null if it could not be loaded.
      Throws:
      DatabricksSSLException - If there is an error during loading.

    • loadKeystoreOrNull

      public static KeyStore loadKeystoreOrNull(IDatabricksConnectionContext connectionContext) throws DatabricksSSLException
      Loads a key store from the path specified in the connection context. The key store contains the client's private key and certificate for client authentication.
      Parameters:
      connectionContext - The connection context containing key store configuration.
      Returns:
      The loaded KeyStore or null if no key store was specified or it could not be loaded.
      Throws:
      DatabricksSSLException - If there is an error during loading.

    • getTrustAnchorsFromTrustStore

      public static Set<TrustAnchor> getTrustAnchorsFromTrustStore(KeyStore trustStore) throws DatabricksSSLException
      Extracts trust anchors from a KeyStore.
      Parameters:
      trustStore - The KeyStore from which to extract trust anchors.
      Returns:
      A Set of TrustAnchor objects extracted from the KeyStore.
      Throws:
      DatabricksSSLException - If there is an error during extraction.

    • buildTrustManagerParameters

      public static CertPathTrustManagerParameters buildTrustManagerParameters(Set<TrustAnchor> trustAnchors, boolean checkCertificateRevocation, boolean acceptUndeterminedCertificateRevocation) throws DatabricksSSLException
      Builds trust manager parameters for certificate path validation including certificate revocation checking.
      Parameters:
      trustAnchors - The trust anchors to use in the trust manager.
      checkCertificateRevocation - Whether to check certificate revocation.
      acceptUndeterminedCertificateRevocation - Whether to accept undetermined certificate revocation status.
      Returns:
      The trust manager parameters based on the input parameters.
      Throws:
      DatabricksSSLException - If there is an error during configuration.