core SSL functionality

Author: madhav-db

src/main/java/com/databricks/jdbc/api/impl/volume/DBFSVolumeClient.java

@@ -16,6 +16,7 @@
 import com.databricks.jdbc.dbclient.IDatabricksHttpClient;
 import com.databricks.jdbc.dbclient.impl.common.ClientConfigurator;
 import com.databricks.jdbc.dbclient.impl.http.DatabricksHttpClientFactory;
+import com.databricks.jdbc.exception.DatabricksHttpException;
 import com.databricks.jdbc.exception.DatabricksSQLException;
 import com.databricks.jdbc.exception.DatabricksVolumeOperationException;
 import com.databricks.jdbc.log.JdbcLogger;
@@ -58,7 +59,8 @@ public DBFSVolumeClient(WorkspaceClient workspaceClient) {
     this.allowedVolumeIngestionPaths = "";
   }
 
-  public DBFSVolumeClient(IDatabricksConnectionContext connectionContext) {
+  public DBFSVolumeClient(IDatabricksConnectionContext connectionContext)
+      throws DatabricksHttpException {
     this.connectionContext = connectionContext;
     this.workspaceClient = getWorkspaceClientFromConnectionContext(connectionContext);
     this.apiClient = workspaceClient.apiClient();
@@ -392,7 +394,7 @@ public boolean deleteObject(String catalog, String schema, String volume, String
   }
 
   WorkspaceClient getWorkspaceClientFromConnectionContext(
-      IDatabricksConnectionContext connectionContext) {
+      IDatabricksConnectionContext connectionContext) throws DatabricksHttpException {
     ClientConfigurator clientConfigurator = new ClientConfigurator(connectionContext);
     DatabricksThreadContextHolder.setDatabricksConfig(clientConfigurator.getDatabricksConfig());
     return clientConfigurator.getWorkspaceClient();

src/main/java/com/databricks/jdbc/api/impl/volume/DatabricksVolumeClientFactory.java

@@ -3,6 +3,7 @@
 import com.databricks.jdbc.api.IDatabricksVolumeClient;
 import com.databricks.jdbc.api.internal.IDatabricksConnectionContext;
 import com.databricks.jdbc.common.util.DatabricksThreadContextHolder;
+import com.databricks.jdbc.exception.DatabricksHttpException;
 import com.databricks.jdbc.log.JdbcLogger;
 import com.databricks.jdbc.log.JdbcLoggerFactory;
 import java.sql.Connection;
@@ -33,7 +34,7 @@ public static IDatabricksVolumeClient getVolumeClient(Connection con) {
    * @return an instance of {@link IDatabricksVolumeClient}
    */
   public static IDatabricksVolumeClient getVolumeClient(
-      IDatabricksConnectionContext connectionContext) {
+      IDatabricksConnectionContext connectionContext) throws DatabricksHttpException {
     LOGGER.debug(
         String.format(
             "Entering public static IDatabricksVolumeClient getVolumeClient with IDatabricksConnectionContext connectionContext = {%s}",

src/main/java/com/databricks/jdbc/common/util/SocketFactoryUtil.java

@@ -5,75 +5,78 @@
 import com.databricks.sdk.core.DatabricksException;
 import java.security.SecureRandom;
 import java.security.cert.X509Certificate;
-import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 import org.apache.http.config.Registry;
 import org.apache.http.config.RegistryBuilder;
 import org.apache.http.conn.socket.ConnectionSocketFactory;
 import org.apache.http.conn.socket.PlainConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 
 public class SocketFactoryUtil {
-
   private static final JdbcLogger LOGGER = JdbcLoggerFactory.getLogger(SocketFactoryUtil.class);
 
   /**
-   * <b>NOTE: </b> Only for testing purposes and should never be used in production.
-   *
-   * <p>Builds a registry of connection socket factories that trusts all SSL certificates.
+   * Builds a registry of connection socket factories that trusts all SSL certificates. This should
+   * only be used in testing environments or when explicitly configured to allow self-signed
+   * certificates.
    *
    * @return A registry of connection socket factories.
    */
   public static Registry<ConnectionSocketFactory> getTrustAllSocketFactoryRegistry() {
     LOGGER.warn(
-        "This driver is configured to trust all SSL certificates. This is insecure and should be never used in production.");
-    LOGGER.debug("Entering the getTrustAllSocketFactoryRegistry method");
-
+        "This driver is configured to trust all SSL certificates. This is insecure and should never be used in production.");
     try {
       // Create a TrustManager that trusts all certificates
-      TrustManager[] trustAllCerts =
-          new TrustManager[] {
-            new X509TrustManager() {
-              @Override
-              public X509Certificate[] getAcceptedIssuers() {
-                return null; // Accept all issuers
-              }
-
-              @Override
-              public void checkClientTrusted(X509Certificate[] certs, String authType) {
-                // No-op: Trust all client certificates
-              }
-
-              @Override
-              public void checkServerTrusted(X509Certificate[] certs, String authType) {
-                // No-op: Trust all server certificates
-              }
-            }
-          };
+      TrustManager[] trustAllCerts = getTrustManagerThatTrustsAllCertificates();
 
       // Initialize the SSLContext with trust-all settings
       SSLContext sslContext = SSLContext.getInstance("TLS");
       sslContext.init(null, trustAllCerts, new SecureRandom());
 
-      // Disable hostname verification
-      HostnameVerifier allHostsValid = (hostname, session) -> true;
-
-      // Configure SSLConnectionSocketFactory with the trust-all SSLContext
+      // Use the NoopHostnameVerifier to disable hostname verification
       SSLConnectionSocketFactory sslSocketFactory =
-          new SSLConnectionSocketFactory(sslContext, allHostsValid);
+          new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
 
       // Build and return the registry
       return RegistryBuilder.<ConnectionSocketFactory>create()
           .register("https", sslSocketFactory)
           .register("http", new PlainConnectionSocketFactory())
           .build();
-
     } catch (Exception e) {
       String errorMessage = "Error while setting up trust-all SSL context.";
-      LOGGER.error(errorMessage, e);
+      LOGGER.error(e, errorMessage);
       throw new DatabricksException(errorMessage, e);
     }
   }
+
+  /**
+   * Creates a TrustManager array that accepts all certificates without validation. This should only
+   * be used in testing environments or when explicitly configured to allow self-signed
+   * certificates.
+   *
+   * @return An array containing a single TrustManager that trusts all certificates.
+   */
+  public static TrustManager[] getTrustManagerThatTrustsAllCertificates() {
+    return new TrustManager[] {
+      new X509TrustManager() {
+        @Override
+        public X509Certificate[] getAcceptedIssuers() {
+          return new X509Certificate[0]; // Empty array instead of null for better compatibility
+        }
+
+        @Override
+        public void checkClientTrusted(X509Certificate[] certs, String authType) {
+          // No-op: Trust all client certificates
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] certs, String authType) {
+          // No-op: Trust all server certificates
+        }
+      }
+    };
+  }
 }

src/main/java/com/databricks/jdbc/dbclient/impl/common/ClientConfigurator.java

@@ -10,6 +10,7 @@
 import com.databricks.jdbc.common.AuthMech;
 import com.databricks.jdbc.common.DatabricksJdbcConstants;
 import com.databricks.jdbc.common.util.DriverUtil;
+import com.databricks.jdbc.exception.DatabricksHttpException;
 import com.databricks.jdbc.exception.DatabricksParsingException;
 import com.databricks.jdbc.log.JdbcLogger;
 import com.databricks.jdbc.log.JdbcLoggerFactory;
@@ -39,7 +40,8 @@ public class ClientConfigurator {
   private final IDatabricksConnectionContext connectionContext;
   private DatabricksConfig databricksConfig;
 
-  public ClientConfigurator(IDatabricksConnectionContext connectionContext) {
+  public ClientConfigurator(IDatabricksConnectionContext connectionContext)
+      throws DatabricksHttpException {
     this.connectionContext = connectionContext;
     this.databricksConfig = new DatabricksConfig();
     CommonsHttpClient.Builder httpClientBuilder = new CommonsHttpClient.Builder();
@@ -57,7 +59,8 @@ public ClientConfigurator(IDatabricksConnectionContext connectionContext) {
    *
    * @param httpClientBuilder The builder to which the SSL configuration should be added.
    */
-  void setupConnectionManager(CommonsHttpClient.Builder httpClientBuilder) {
+  void setupConnectionManager(CommonsHttpClient.Builder httpClientBuilder)
+      throws DatabricksHttpException {
     PoolingHttpClientConnectionManager connManager =
         ConfiguratorUtils.getBaseConnectionManager(connectionContext);
     // Default value is 100 which is consistent with the value in the SDK