Package com.databricks.jdbc.dbclient.impl.common

Class ConfiguratorUtils

java.lang.Object

com.databricks.jdbc.dbclient.impl.common.ConfiguratorUtils

public class ConfiguratorUtils
extends Object

Utility class for configuring SSL/TLS for Databricks JDBC connections.

SSL/TLS Configuration Flow:

1. getBaseConnectionManager(IDatabricksConnectionContext connectionContext): - Entry point for HTTP client SSL configuration. - Determines if a custom trust store (SSLTrustStore), system trust store, or default JDK trust store should be used based on connectionContext parameters. - Handles test and self-signed certificate scenarios via allowSelfSignedCerts() and isJDBCTestEnv().

2. createConnectionSocketFactoryRegistry(IDatabricksConnectionContext connectionContext): - Chooses between createRegistryWithCustomTrustStore and createRegistryWithSystemOrDefaultTrustStore based on the presence of SSLTrustStore in the connection context.

3. Trust Store Handling: - loadTruststoreOrNull(): Loads the trust store from the path specified by connectionContext.getSSLTrustStore(). If the path is null, a debug log is emitted and null is returned. - If the trust store cannot be loaded or contains no trust anchors, an error is logged and a DatabricksSSLException is thrown.

4. Key Store Handling: - loadKeystoreOrNull(): Loads the client keystore from the path specified by connectionContext.getSSLKeyStore(). If the path is null, a debug log is emitted and null is returned. - If the keystore is present, it is used for client certificate authentication (mutual TLS). If not, a debug log is emitted and only server certificate validation is performed.

5. Socket Factory Registry Construction: - createRegistryFromTrustAnchors(): Builds the registry using trust anchors and, if available, key managers from the keystore. - Handles both one-way (server) and two-way (mutual) TLS authentication.

Key Parameters: - SSLTrustStore, SSLTrustStorePwd, SSLTrustStoreType: Custom trust store configuration - SSLKeyStore, SSLKeyStorePwd, SSLKeyStoreType: Client keystore for mutual TLS - AllowSelfSignedCerts, UseSystemTrustStore: Control trust strategy

Constructor Summary

Constructors

Constructor	Description
ConfiguratorUtils()

Method Summary

Modifier and Type	Method	Description
static CertPathTrustManagerParameters	buildTrustManagerParameters(Set<TrustAnchor> trustAnchors, boolean checkCertificateRevocation, boolean acceptUndeterminedCertificateRevocation)	Builds trust manager parameters for certificate path validation including certificate revocation checking.
static org.apache.http.config.Registry<org.apache.http.conn.socket.ConnectionSocketFactory>	createConnectionSocketFactoryRegistry(IDatabricksConnectionContext connectionContext)	Creates a registry of connection socket factories based on the connection context.
static org.apache.http.impl.conn.PoolingHttpClientConnectionManager	getBaseConnectionManager(IDatabricksConnectionContext connectionContext)	Creates and configures the connection manager based on the connection context.
static Set<TrustAnchor>	getTrustAnchorsFromTrustStore(KeyStore trustStore)	Extracts trust anchors from a KeyStore.
static KeyStore	loadKeystoreOrNull(IDatabricksConnectionContext connectionContext)	Loads a key store from the path specified in the connection context.
static KeyStore	loadTruststoreOrNull(IDatabricksConnectionContext connectionContext)	Loads a trust store from the path specified in the connection context.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ConfiguratorUtils

public ConfiguratorUtils()

Method Detail

getBaseConnectionManager

public static org.apache.http.impl.conn.PoolingHttpClientConnectionManager getBaseConnectionManager(IDatabricksConnectionContext connectionContext)
                                                                                             throws DatabricksSSLException

Creates and configures the connection manager based on the connection context.

Parameters:

connectionContext - The connection context to use for configuration.

Returns:

A configured PoolingHttpClientConnectionManager.

Throws:

DatabricksSSLException - If there is an error during configuration.

createConnectionSocketFactoryRegistry

public static org.apache.http.config.Registry<org.apache.http.conn.socket.ConnectionSocketFactory> createConnectionSocketFactoryRegistry(IDatabricksConnectionContext connectionContext)
                                                                                                                                  throws DatabricksSSLException

Creates a registry of connection socket factories based on the connection context.

Parameters:

connectionContext - The connection context to use for configuration.

Returns:

A configured Registry of ConnectionSocketFactory.

Throws:

DatabricksSSLException - If there is an error during configuration.

loadTruststoreOrNull

public static KeyStore loadTruststoreOrNull(IDatabricksConnectionContext connectionContext)
                                     throws DatabricksSSLException

Loads a trust store from the path specified in the connection context.

Parameters:

connectionContext - The connection context containing trust store configuration.

Returns:

The loaded KeyStore or null if it could not be loaded.

Throws:

DatabricksSSLException - If there is an error during loading.

loadKeystoreOrNull

public static KeyStore loadKeystoreOrNull(IDatabricksConnectionContext connectionContext)
                                   throws DatabricksSSLException

Loads a key store from the path specified in the connection context. The key store contains the client's private key and certificate for client authentication.

Parameters:

connectionContext - The connection context containing key store configuration.

Returns:

The loaded KeyStore or null if no key store was specified or it could not be loaded.

Throws:

DatabricksSSLException - If there is an error during loading.

getTrustAnchorsFromTrustStore

public static Set<TrustAnchor> getTrustAnchorsFromTrustStore(KeyStore trustStore)
                                                      throws DatabricksSSLException

Extracts trust anchors from a KeyStore.

Parameters:

trustStore - The KeyStore from which to extract trust anchors.

Returns:

A Set of TrustAnchor objects extracted from the KeyStore.

Throws:

DatabricksSSLException - If there is an error during extraction.

buildTrustManagerParameters

public static CertPathTrustManagerParameters buildTrustManagerParameters(Set<TrustAnchor> trustAnchors,
                                                                         boolean checkCertificateRevocation,
                                                                         boolean acceptUndeterminedCertificateRevocation)
                                                                  throws DatabricksSSLException

Builds trust manager parameters for certificate path validation including certificate revocation checking.

Parameters:

trustAnchors - The trust anchors to use in the trust manager.

checkCertificateRevocation - Whether to check certificate revocation.

acceptUndeterminedCertificateRevocation - Whether to accept undetermined certificate revocation status.

Returns:

The trust manager parameters based on the input parameters.

Throws:

DatabricksSSLException - If there is an error during configuration.