Merge pull request apache#23 from rafael-telles/ssl-without-certificate

[JAVA] [JDBC] Jdbc tls connection with disable certification verification

java/flight/flight-jdbc-driver/src/main/java/org/apache/arrow/driver/jdbc/ArrowFlightConnection.java

@@ -100,6 +100,7 @@ private static ArrowFlightSqlClientHandler createNewClientHandler(
           .withKeyStorePassword(config.keystorePassword())
           .withBufferAllocator(allocator)
           .withTlsEncryption(config.useTls())
+          .withDisableCertificateVerification(config.getDisableCertificateVerification())
           .withToken(config.getToken())
           .withCallOptions(config.toCallOption())
           .build();

java/flight/flight-jdbc-driver/src/main/java/org/apache/arrow/driver/jdbc/client/ArrowFlightSqlClientHandler.java

@@ -346,6 +346,7 @@ public static final class Builder {
     private String keyStorePassword;
     private String token;
     private boolean useTls;
+    private boolean disableCertificateVerification;
     private BufferAllocator allocator;
 
     /**
@@ -425,6 +426,11 @@ public Builder withTlsEncryption(final boolean useTls) {
       return this;
     }
 
+    public Builder withDisableCertificateVerification(final boolean disableCertificateVerification) {
+      this.disableCertificateVerification = disableCertificateVerification;
+      return this;
+    }
+
     /**
      * Sets the token used in the token authetication.
      * @param token the token value.
@@ -516,6 +522,11 @@ public ArrowFlightSqlClientHandler build() throws SQLException {
           location = Location.forGrpcInsecure(host, port);
         }
         clientBuilder.location(location);
+
+        if (disableCertificateVerification) {
+          clientBuilder.verifyServer(false);
+        }
+
         if (keyStorePath != null) {
           clientBuilder.trustedCertificates(
               ClientAuthenticationUtils.getCertificateStream(keyStorePath, keyStorePassword));

java/flight/flight-jdbc-driver/src/main/java/org/apache/arrow/driver/jdbc/utils/ArrowFlightConnectionConfigImpl.java

@@ -101,6 +101,10 @@ public boolean useTls() {
     return ArrowFlightConnectionProperty.USE_TLS.getBoolean(properties);
   }
 
+  public boolean getDisableCertificateVerification() {
+    return ArrowFlightConnectionProperty.CERTIFICATE_VERIFICATION.getBoolean(properties);
+  }
+
   /**
    * Gets the thread pool size.
    *
@@ -129,7 +133,8 @@ public enum ArrowFlightConnectionProperty implements ConnectionProperty {
     PORT("port", null, Type.NUMBER, true),
     USER("user", null, Type.STRING, false),
     PASSWORD("password", null, Type.STRING, false),
-    USE_TLS("useTls", false, Type.BOOLEAN, false),
+    USE_TLS("useTls", true, Type.BOOLEAN, false),
+    CERTIFICATE_VERIFICATION("disableCertificateVerification", false, Type.BOOLEAN, false),
     THREAD_POOL_SIZE("threadPoolSize", 1, Type.NUMBER, false),
     TOKEN("token", null, Type.STRING, false);
 

java/flight/flight-jdbc-driver/src/test/java/org/apache/arrow/driver/jdbc/ArrowDatabaseMetadataTest.java

@@ -304,7 +304,7 @@ public class ArrowDatabaseMetadataTest {
 
   @BeforeClass
   public static void setUpBeforeClass() throws SQLException {
-    connection = FLIGHT_SERVER_TEST_RULE.getConnection();
+    connection = FLIGHT_SERVER_TEST_RULE.getConnection(false);
 
     final Message commandGetCatalogs = CommandGetCatalogs.getDefaultInstance();
     final Consumer<ServerStreamListener> commandGetCatalogsResultProducer = listener -> {

java/flight/flight-jdbc-driver/src/test/java/org/apache/arrow/driver/jdbc/ArrowFlightJdbcConnectionCookieTest.java

@@ -39,7 +39,7 @@ public class ArrowFlightJdbcConnectionCookieTest {
 
   @Test
   public void testCookies() throws SQLException {
-    try (Connection connection = FLIGHT_SERVER_TEST_RULE.getConnection();
+    try (Connection connection = FLIGHT_SERVER_TEST_RULE.getConnection(false);
          Statement statement = connection.createStatement()) {
 
       // Expect client didn't receive cookies before any operation

java/flight/flight-jdbc-driver/src/test/java/org/apache/arrow/driver/jdbc/ArrowFlightJdbcConnectionPoolDataSourceTest.java

@@ -55,7 +55,7 @@ public class ArrowFlightJdbcConnectionPoolDataSourceTest {
 
   @Before
   public void setUp() {
-    dataSource = FLIGHT_SERVER_TEST_RULE.createConnectionPoolDataSource();
+    dataSource = FLIGHT_SERVER_TEST_RULE.createConnectionPoolDataSource(false);
   }
 
   @After

java/flight/flight-jdbc-driver/src/test/java/org/apache/arrow/driver/jdbc/ArrowFlightJdbcDriverTest.java

@@ -114,7 +114,8 @@ public void testShouldConnectWhenProvidedWithValidUrl() throws Exception {
     try (Connection connection =
              driver.connect("jdbc:arrow-flight://" +
                      dataSource.getConfig().getHost() + ":" +
-                     dataSource.getConfig().getPort(),
+                     dataSource.getConfig().getPort() + "?" +
+                     "useTls=false",
         dataSource.getProperties(dataSource.getConfig().getUser(), dataSource.getConfig().getPassword()))) {
       assert connection.isValid(300);
     }

java/flight/flight-jdbc-driver/src/test/java/org/apache/arrow/driver/jdbc/ArrowFlightPreparedStatementTest.java

@@ -45,7 +45,7 @@ public class ArrowFlightPreparedStatementTest {
 
   @BeforeClass
   public static void setup() throws SQLException {
-    connection = FLIGHT_SERVER_TEST_RULE.getConnection();
+    connection = FLIGHT_SERVER_TEST_RULE.getConnection(false);
   }
 
   @AfterClass

java/flight/flight-jdbc-driver/src/test/java/org/apache/arrow/driver/jdbc/ArrowFlightStatementExecuteTest.java

@@ -103,7 +103,7 @@ public static void setUpBeforeClass() {
 
   @Before
   public void setUp() throws SQLException {
-    connection = SERVER_TEST_RULE.getConnection();
+    connection = SERVER_TEST_RULE.getConnection(false);
     statement = connection.createStatement();
   }
 

java/flight/flight-jdbc-driver/src/test/java/org/apache/arrow/driver/jdbc/ArrowFlightStatementExecuteUpdateTest.java

@@ -94,7 +94,7 @@ public static void setUpBeforeClass() {
 
   @Before
   public void setUp() throws SQLException {
-    connection = SERVER_TEST_RULE.getConnection();
+    connection = SERVER_TEST_RULE.getConnection(false);
     statement = connection.createStatement();
   }
 

java/flight/flight-jdbc-driver/src/test/java/org/apache/arrow/driver/jdbc/ConnectionTest.java

@@ -91,6 +91,7 @@ public void testUnencryptedConnectionShouldOpenSuccessfullyWhenProvidedValidCred
         userTest);
     properties.put(ArrowFlightConnectionProperty.PASSWORD.camelName(),
         passTest);
+    properties.put("useTls", false);
 
     try (Connection connection = DriverManager.getConnection(
         "jdbc:arrow-flight://" + FLIGHT_SERVER_TEST_RULE.getHost() + ":" +
@@ -393,10 +394,11 @@ public void testThreadPoolSizeConnectionPropertyCorrectCastUrlWithDriverManager(
 
     Connection connection = DriverManager.getConnection(
         String.format(
-            "jdbc:arrow-flight://localhost:%s?user=%s&password=%s&threadPoolSize=1",
+            "jdbc:arrow-flight://localhost:%s?user=%s&password=%s&threadPoolSize=1&useTls=%s",
             FLIGHT_SERVER_TEST_RULE.getPort(),
             userTest,
-            passTest));
+            passTest,
+            false));
     Assert.assertTrue(connection.isValid(0));
     connection.close();
   }
@@ -420,6 +422,7 @@ public void testThreadPoolSizeConnectionPropertyCorrectCastUrlAndPropertiesUsing
     properties.setProperty(ArrowFlightConnectionProperty.PASSWORD.camelName(),
         passTest);
     properties.setProperty(ArrowFlightConnectionProperty.THREAD_POOL_SIZE.camelName(), "1");
+    properties.put("useTls", false);
 
     Connection connection = DriverManager.getConnection(
         String.format(
@@ -449,6 +452,7 @@ public void testThreadPoolSizeConnectionPropertyCorrectCastUrlAndPropertiesUsing
     properties.put(ArrowFlightConnectionProperty.PASSWORD.camelName(),
         passTest);
     properties.put(ArrowFlightConnectionProperty.THREAD_POOL_SIZE.camelName(), 1);
+    properties.put("useTls", false);
 
     Connection connection = DriverManager.getConnection(
         String.format(
@@ -473,10 +477,11 @@ public void testPasswordConnectionPropertyIntegerCorrectCastUrlWithDriverManager
 
     Connection connection = DriverManager.getConnection(
         String.format(
-            "jdbc:arrow-flight://localhost:%s?user=%s&password=%s",
+            "jdbc:arrow-flight://localhost:%s?user=%s&password=%s&useTls=%s",
             FLIGHT_SERVER_TEST_RULE.getPort(),
             userTest,
-            passTest));
+            passTest,
+            false));
     Assert.assertTrue(connection.isValid(0));
     connection.close();
   }
@@ -499,6 +504,7 @@ public void testPasswordConnectionPropertyIntegerCorrectCastUrlAndPropertiesUsin
         userTest);
     properties.setProperty(ArrowFlightConnectionProperty.PASSWORD.camelName(),
         passTest);
+    properties.put("useTls", false);
 
     Connection connection = DriverManager.getConnection(
         String.format(
@@ -527,6 +533,7 @@ public void testPasswordConnectionPropertyIntegerCorrectCastUrlAndPropertiesUsin
         userTest);
     properties.put(ArrowFlightConnectionProperty.PASSWORD.camelName(),
         passTest);
+    properties.put("useTls", false);
 
     Connection connection = DriverManager.getConnection(
         String.format(

java/flight/flight-jdbc-driver/src/test/java/org/apache/arrow/driver/jdbc/ConnectionTlsTest.java

@@ -85,6 +85,30 @@ public void tearDown() throws Exception {
     AutoCloseables.close(allocator);
   }
 
+  /**
+   * Try to instantiate an encrypted FlightClient.
+   *
+   * @throws Exception on error.
+   */
+  @Test
+  public void testGetEncryptedClientAuthenticatedWithDisableCertVerification() throws Exception {
+    final UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(
+        userTest, passTest);
+
+    try (ArrowFlightSqlClientHandler client =
+             new ArrowFlightSqlClientHandler.Builder()
+                 .withHost(FLIGHT_SERVER_TEST_RULE.getHost())
+                 .withPort(FLIGHT_SERVER_TEST_RULE.getPort())
+                 .withUsername(credentials.getUserName())
+                 .withPassword(credentials.getPassword())
+                 .withDisableCertificateVerification(true)
+                 .withBufferAllocator(allocator)
+                 .withTlsEncryption(true)
+                 .build()) {
+      assertNotNull(client);
+    }
+  }
+
   /**
    * Try to instantiate an encrypted FlightClient.
    *
@@ -132,6 +156,33 @@ public void testGetEncryptedClientWithNoCertificateOnKeyStore() throws Exception
     }
   }
 
+  /**
+   * Try to instantiate an encrypted FlightClient with cert verification
+   * disabled and passing some valid certification.
+   *
+   * @throws Exception on error.
+   */
+  @Test(expected = SQLException.class)
+  public void testGetEncryptedClientWithDisableCertVerificationPassingCertification() throws Exception {
+    final UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(
+        userTest, passTest);
+
+    try (ArrowFlightSqlClientHandler client =
+             new ArrowFlightSqlClientHandler.Builder()
+                 .withHost(FLIGHT_SERVER_TEST_RULE.getHost())
+                 .withPort(FLIGHT_SERVER_TEST_RULE.getPort())
+                 .withUsername(credentials.getUserName())
+                 .withPassword(credentials.getPassword())
+                 .withDisableCertificateVerification(true)
+                 .withKeyStorePath(keyStorePath)
+                 .withKeyStorePassword(keyStorePass)
+                 .withBufferAllocator(allocator)
+                 .withTlsEncryption(true)
+                 .build()) {
+      Assert.fail();
+    }
+  }
+
   /**
    * Try to instantiate an encrypted FlightClient without credentials.
    *
@@ -190,7 +241,6 @@ public void testGetEncryptedConnectionWithValidCredentialsAndKeyStore() throws E
         userTest);
     properties.put(ArrowFlightConnectionProperty.PASSWORD.camelName(),
         passTest);
-    properties.put(ArrowFlightConnectionProperty.USE_TLS.camelName(), true);
     properties.put(BuiltInConnectionProperty.KEYSTORE.camelName(), keyStorePath);
     properties.put(BuiltInConnectionProperty.KEYSTORE_PASSWORD.camelName(), keyStorePass);
 

java/flight/flight-jdbc-driver/src/test/java/org/apache/arrow/driver/jdbc/FlightServerTestRule.java

@@ -115,14 +115,26 @@ public ArrowFlightJdbcConnectionPoolDataSource createConnectionPoolDataSource()
     return ArrowFlightJdbcConnectionPoolDataSource.createNewDataSource(properties);
   }
 
-  public Connection getConnectionFromToken(String token) throws SQLException {
-    return this.createDataSource(token).getConnection();
+  public ArrowFlightJdbcConnectionPoolDataSource createConnectionPoolDataSource(boolean useTls) {
+    setUseTls(useTls);
+    return ArrowFlightJdbcConnectionPoolDataSource.createNewDataSource(properties);
   }
 
-  public Connection getConnection() throws SQLException {
+  public Connection getConnection(boolean useTls, String token) throws SQLException {
+    properties.put("token", token);
+
+    return getConnection(useTls);
+  }
+
+  public Connection getConnection(boolean useTls) throws SQLException {
+    setUseTls(useTls);
     return this.createDataSource().getConnection();
   }
 
+  private void setUseTls(boolean useTls) {
+    properties.put("useTls", useTls);
+  }
+
   public MiddlewareCookie.Factory getMiddlewareCookieFactory() {
     return middlewareCookieFactory;
   }

java/flight/flight-jdbc-driver/src/test/java/org/apache/arrow/driver/jdbc/ResultSetMetadataTest.java

@@ -51,7 +51,7 @@ public class ResultSetMetadataTest {
 
   @BeforeClass
   public static void setup() throws SQLException {
-    connection = SERVER_TEST_RULE.getConnection();
+    connection = SERVER_TEST_RULE.getConnection(false);
 
     try (Statement statement = connection.createStatement();
          ResultSet resultSet = statement.executeQuery(

java/flight/flight-jdbc-driver/src/test/java/org/apache/arrow/driver/jdbc/ResultSetTest.java

@@ -57,7 +57,7 @@ public class ResultSetTest {
 
   @BeforeClass
   public static void setup() throws SQLException {
-    connection = SERVER_TEST_RULE.getConnection();
+    connection = SERVER_TEST_RULE.getConnection(false);
   }
 
   @AfterClass

java/flight/flight-jdbc-driver/src/test/java/org/apache/arrow/driver/jdbc/TokenAuthenticationTest.java

@@ -52,14 +52,14 @@ public static void tearDownAfterClass() {
 
   @Test(expected = SQLException.class)
   public void connectUsingTokenAuthenticationShouldFail() throws SQLException {
-    try (Connection ignored = FLIGHT_SERVER_TEST_RULE.getConnectionFromToken("invalid")) {
+    try (Connection ignored = FLIGHT_SERVER_TEST_RULE.getConnection(false, "invalid")) {
       Assert.fail();
     }
   }
 
   @Test
   public void connectUsingTokenAuthenticationShouldSuccess() throws SQLException {
-    try (Connection connection = FLIGHT_SERVER_TEST_RULE.getConnectionFromToken("1234")) {
+    try (Connection connection = FLIGHT_SERVER_TEST_RULE.getConnection(false, "1234")) {
       Assert.assertFalse(connection.isClosed());
     }
   }