OneSizeFitsQuorum commented on code in PR #11218:
URL: https://github.com/apache/iotdb/pull/11218#discussion_r1366442011
##########
iotdb-client/cli/src/main/java/org/apache/iotdb/cli/Cli.java:
##########
@@ -161,10 +173,17 @@ private static void executeSql() throws TException {
}
private static void receiveCommands(LineReader reader) throws TException {
+ Properties info = new Properties();
Review Comment:
make it a class field?
##########
iotdb-client/cli/src/main/java/org/apache/iotdb/cli/Cli.java:
##########
@@ -137,17 +141,25 @@ private static void serve() {
password = lineReader.readLine("please input your password:", '\0');
}
receiveCommands(lineReader);
+
Review Comment:
remove empty line
##########
iotdb-client/session/src/main/java/org/apache/iotdb/session/SessionConnection.java:
##########
@@ -118,17 +118,29 @@ public SessionConnection(Session session, ZoneId zoneId)
throws IoTDBConnectionE
initClusterConn();
}
- private void init(TEndPoint endPoint) throws IoTDBConnectionException {
+ private void init(TEndPoint endPoint, boolean useSSL, String trustStore,
String trustStorePwd)
+ throws IoTDBConnectionException {
RpcTransportFactory.setDefaultBufferCapacity(session.thriftDefaultBufferSize);
RpcTransportFactory.setThriftMaxFrameSize(session.thriftMaxFrameSize);
try {
- transport =
- RpcTransportFactory.INSTANCE.getTransport(
- // as there is a try-catch already, we do not need to use
TSocket.wrap
- endPoint.getIp(), endPoint.getPort(),
session.connectionTimeoutInMs);
- if (!transport.isOpen()) {
- transport.open();
+ if (useSSL) {
+ transport =
+ RpcTransportFactory.INSTANCE.getTransport(
+ endPoint.getIp(),
+ endPoint.getPort(),
+ session.connectionTimeoutInMs,
+ trustStore,
+ trustStorePwd);
+ } else {
+ transport =
+ RpcTransportFactory.INSTANCE.getTransport(
+ // as there is a try-catch already, we do not need to use
TSocket.wrap
+ endPoint.getIp(), endPoint.getPort(),
session.connectionTimeoutInMs);
+ if (!transport.isOpen()) {
Review Comment:
move to line 142
##########
iotdb-client/cli/src/main/java/org/apache/iotdb/cli/Cli.java:
##########
@@ -137,17 +141,25 @@ private static void serve() {
password = lineReader.readLine("please input your password:", '\0');
}
receiveCommands(lineReader);
+
} catch (Exception e) {
println(IOTDB_ERROR_PREFIX + ": Exit cli with error: " + e.getMessage());
System.exit(CODE_ERROR);
}
}
private static void executeSql() throws TException {
+ Properties info = new Properties();
Review Comment:
make it a class field?
##########
iotdb-client/session/src/main/java/org/apache/iotdb/session/Session.java:
##########
@@ -316,6 +319,230 @@ public Session(
this.version = version;
}
+ public Session(
+ String host, int rpcPort, boolean useSSL, String trustStore, String
trustStorePwd) {
+ this(
+ host,
+ rpcPort,
+ SessionConfig.DEFAULT_USER,
+ SessionConfig.DEFAULT_PASSWORD,
+ SessionConfig.DEFAULT_FETCH_SIZE,
+ null,
+ SessionConfig.DEFAULT_INITIAL_BUFFER_CAPACITY,
+ SessionConfig.DEFAULT_MAX_FRAME_SIZE,
+ SessionConfig.DEFAULT_REDIRECTION_MODE,
+ SessionConfig.DEFAULT_VERSION,
+ useSSL,
+ trustStore,
+ trustStorePwd);
+ }
+
+ public Session(
Review Comment:
no need to add so many new constructor.
##########
iotdb-client/session/src/main/java/org/apache/iotdb/session/pool/SessionPool.java:
##########
@@ -278,6 +429,35 @@ public SessionPool(
SessionConfig.DEFAULT_MAX_FRAME_SIZE);
}
+ public SessionPool(
Review Comment:
same as above
##########
iotdb-client/session/src/main/java/org/apache/iotdb/session/pool/SessionPool.java:
##########
@@ -404,6 +725,40 @@ private Session constructNewSession() {
.thriftMaxFrameSize(thriftMaxFrameSize)
.enableRedirection(enableRedirection)
.version(version)
+ .useSSL(useSSL)
+ .trustStore(trustStore)
+ .trustStorePwd(trustStorePwd)
+ .build();
+ } else if (nodeUrls == null && !useSSL) {
Review Comment:
same as above
##########
iotdb-client/session/src/main/java/org/apache/iotdb/session/SessionConnection.java:
##########
@@ -118,17 +118,29 @@ public SessionConnection(Session session, ZoneId zoneId)
throws IoTDBConnectionE
initClusterConn();
}
- private void init(TEndPoint endPoint) throws IoTDBConnectionException {
+ private void init(TEndPoint endPoint, boolean useSSL, String trustStore,
String trustStorePwd)
+ throws IoTDBConnectionException {
RpcTransportFactory.setDefaultBufferCapacity(session.thriftDefaultBufferSize);
RpcTransportFactory.setThriftMaxFrameSize(session.thriftMaxFrameSize);
try {
- transport =
- RpcTransportFactory.INSTANCE.getTransport(
- // as there is a try-catch already, we do not need to use
TSocket.wrap
- endPoint.getIp(), endPoint.getPort(),
session.connectionTimeoutInMs);
- if (!transport.isOpen()) {
- transport.open();
+ if (useSSL) {
+ transport =
+ RpcTransportFactory.INSTANCE.getTransport(
+ endPoint.getIp(),
+ endPoint.getPort(),
+ session.connectionTimeoutInMs,
+ trustStore,
+ trustStorePwd);
+ } else {
+ transport =
+ RpcTransportFactory.INSTANCE.getTransport(
+ // as there is a try-catch already, we do not need to use
TSocket.wrap
+ endPoint.getIp(), endPoint.getPort(),
session.connectionTimeoutInMs);
+ if (!transport.isOpen()) {
+ transport.open();
+ }
}
+
Review Comment:
remove empty line
##########
iotdb-core/datanode/src/assembly/resources/conf/iotdb-datanode.properties:
##########
@@ -60,6 +60,19 @@ dn_data_region_consensus_port=10760
# The time of data node waiting for the next retry to join into the cluster.
# dn_join_cluster_retry_interval_ms=5000
+
+# is SSL enabled
+# enable_thrift_ssl=false
+
+# SSL key store path
+# key_store_path=
+
+# SSL key store password
+# key_store_pwd=
+
+# SSL client timeout (in millisecond)
+# client_timeout=300000
Review Comment:
What's the point of separating out a single parameter? Is there a problem if
we use dn_connection_timeout?
##########
iotdb-client/session/src/main/java/org/apache/iotdb/session/pool/SessionPool.java:
##########
@@ -3533,6 +3907,43 @@ public SessionPool build() {
version,
thriftDefaultBufferSize,
thriftMaxFrameSize);
+ } else if (nodeUrls == null && useSSL) {
Review Comment:
same as above
##########
iotdb-client/session/src/main/java/org/apache/iotdb/session/Session.java:
##########
@@ -3536,19 +3895,34 @@ public Session build() {
version);
newSession.setEnableQueryRedirection(true);
return newSession;
+ } else if (nodeUrls == null && useSSL) {
Review Comment:
please still use the same two branches as before, and don't have a separate
if else branch for ssl
##########
iotdb-client/jdbc/src/main/java/org/apache/iotdb/jdbc/IoTDBConnection.java:
##########
@@ -469,11 +469,22 @@ public void setClient(IClientRPCService.Iface client) {
private void openTransport() throws TTransportException {
RpcTransportFactory.setDefaultBufferCapacity(params.getThriftDefaultBufferSize());
RpcTransportFactory.setThriftMaxFrameSize(params.getThriftMaxFrameSize());
- transport =
- RpcTransportFactory.INSTANCE.getTransport(
- params.getHost(), params.getPort(), getNetworkTimeout());
- if (!transport.isOpen()) {
- transport.open();
+
+ if (params.isUseSSL()) {
+ transport =
+ RpcTransportFactory.INSTANCE.getTransport(
+ params.getHost(),
+ params.getPort(),
+ getNetworkTimeout(),
+ params.getTrustStore(),
+ params.getTrustStorePwd());
+ } else {
+ transport =
+ RpcTransportFactory.INSTANCE.getTransport(
+ params.getHost(), params.getPort(), getNetworkTimeout());
+ if (!transport.isOpen()) {
Review Comment:
move it to line 488?
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/conf/IoTDBConfig.java:
##########
@@ -124,6 +124,18 @@ public class IoTDBConfig {
/** Port which the JDBC server listens to. */
private int rpcPort = 6667;
+ /** Enable the thrift rpcPort Service ssl. */
+ private boolean enableSSL = false;
+
+ /** ssl key Store Path. */
+ private String keyStorePath = "";
Review Comment:
Initialize the defaults elsewhere to "" as well.
##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/conf/IoTDBConfig.java:
##########
@@ -124,6 +124,18 @@ public class IoTDBConfig {
/** Port which the JDBC server listens to. */
private int rpcPort = 6667;
+ /** Enable the thrift rpcPort Service ssl. */
+ private boolean enableSSL = false;
+
+ /** ssl key Store Path. */
+ private String keyStorePath = "";
+
+ /** ssl key Store password. */
+ private String keyStorePwd = "";
Review Comment:
same
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
