Add generic SSL/TLS configuration support (#17854)

Author: HTHou

external-service-impl/rest/pom.xml

@@ -38,13 +38,6 @@
             <groupId>org.glassfish.jersey.inject</groupId>
             <artifactId>jersey-hk2</artifactId>
             <scope>runtime</scope>
-            <exclusions>
-                <!-- repeated in node commons -->
-                <exclusion>
-                    <groupId>jakarta.annotation</groupId>
-                    <artifactId>jakarta.annotation-api</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.apache.iotdb</groupId>
@@ -87,11 +80,6 @@
                     <groupId>jakarta.validation</groupId>
                     <artifactId>jakarta.validation-api</artifactId>
                 </exclusion>
-                <!-- repeated in node commons -->
-                <exclusion>
-                    <groupId>jakarta.annotation</groupId>
-                    <artifactId>jakarta.annotation-api</artifactId>
-                </exclusion>
             </exclusions>
         </dependency>
         <dependency>

external-service-impl/rest/src/main/java/org/apache/iotdb/rest/RestService.java

@@ -21,6 +21,7 @@
 import org.apache.iotdb.externalservice.api.IExternalService;
 import org.apache.iotdb.rest.i18n.RestMessages;
 import org.apache.iotdb.rest.protocol.filter.ApiOriginFilter;
+import org.apache.iotdb.rpc.RpcSslUtils;
 
 import org.eclipse.jetty.ee10.servlet.ServletContextHandler;
 import org.eclipse.jetty.ee10.servlet.ServletHolder;
@@ -52,6 +53,7 @@ private void startSSL(
       String trustStorePath,
       String keyStorePwd,
       String trustStorePwd,
+      String sslProtocol,
       int idleTime,
       boolean clientAuth) {
     server = new Server();
@@ -61,6 +63,7 @@ private void startSSL(
     httpsConfig.addCustomizer(new SecureRequestCustomizer());
 
     SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
+    configureSSL(sslContextFactory, sslProtocol);
     sslContextFactory.setKeyStorePath(keyStorePath);
     sslContextFactory.setKeyStorePassword(keyStorePwd);
     if (clientAuth) {
@@ -125,6 +128,7 @@ public void start() {
           config.getTrustStorePath(),
           config.getKeyStorePwd(),
           config.getTrustStorePwd(),
+          config.getSslProtocol(),
           config.getIdleTimeoutInSeconds(),
           config.isClientAuth());
     } else {
@@ -142,4 +146,9 @@ public void stop() {
       server.destroy();
     }
   }
+
+  private void configureSSL(SslContextFactory.Server sslContextFactory, String sslProtocol) {
+    String protocol = RpcSslUtils.normalizeProtocol(sslProtocol);
+    sslContextFactory.setProtocol(protocol);
+  }
 }

integration-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppBaseConfig.java

@@ -120,6 +120,10 @@ protected final void setProperty(@NotNull String key, String value) {
     }
   }
 
+  public final String getProperty(@NotNull String key, String defaultValue) {
+    return properties.getProperty(key, defaultValue);
+  }
+
   /** Create an instance but with empty properties. */
   public abstract MppBaseConfig emptyClone();
 }

integration-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppCommonConfig.java

@@ -626,6 +626,12 @@ public CommonConfig setEnforceStrongPassword(boolean enforceStrongPassword) {
     return this;
   }
 
+  @Override
+  public CommonConfig setEnableThriftClientSSL(boolean enableThriftClientSSL) {
+    setProperty("enable_thrift_ssl", String.valueOf(enableThriftClientSSL));
+    return this;
+  }
+
   @Override
   public CommonConfig setEnableInternalSSL(boolean enableInternalSSL) {
     setProperty("enable_internal_ssl", String.valueOf(enableInternalSSL));
@@ -656,6 +662,12 @@ public CommonConfig setTrustStorePwd(String trustStorePwd) {
     return this;
   }
 
+  @Override
+  public CommonConfig setSslProtocol(String sslProtocol) {
+    setProperty("ssl_protocol", sslProtocol);
+    return this;
+  }
+
   @Override
   public CommonConfig setDatanodeMemoryProportion(String datanodeMemoryProportion) {
     setProperty("datanode_memory_proportion", datanodeMemoryProportion);

integration-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppSharedCommonConfig.java

@@ -651,6 +651,13 @@ public CommonConfig setEnforceStrongPassword(boolean enforceStrongPassword) {
     return this;
   }
 
+  @Override
+  public CommonConfig setEnableThriftClientSSL(boolean enableThriftClientSSL) {
+    cnConfig.setEnableThriftClientSSL(enableThriftClientSSL);
+    dnConfig.setEnableThriftClientSSL(enableThriftClientSSL);
+    return this;
+  }
+
   @Override
   public CommonConfig setEnableInternalSSL(boolean enableInternalSSL) {
     cnConfig.setEnableInternalSSL(enableInternalSSL);
@@ -686,6 +693,13 @@ public CommonConfig setTrustStorePwd(String trustStorePwd) {
     return this;
   }
 
+  @Override
+  public CommonConfig setSslProtocol(String sslProtocol) {
+    cnConfig.setSslProtocol(sslProtocol);
+    dnConfig.setSslProtocol(sslProtocol);
+    return this;
+  }
+
   @Override
   public CommonConfig setDatanodeMemoryProportion(String datanodeMemoryProportion) {
     dnConfig.setDatanodeMemoryProportion(datanodeMemoryProportion);