merge

madhav-db · madhav-db · commit 357f4008cb30 · 2025-04-21T18:07:26.000+05:30
diff --git a/src/main/java/com/databricks/jdbc/dbclient/impl/common/ConfiguratorUtils.java b/src/main/java/com/databricks/jdbc/dbclient/impl/common/ConfiguratorUtils.java
@@ -51,14 +51,6 @@ public static PoolingHttpClientConnectionManager getBaseConnectionManager(
           SocketFactoryUtil.getTrustAllSocketFactoryRegistry());
     }
 
-    // If self-signed certificates are allowed, use a trust-all socket factory
-    if (connectionContext.allowSelfSignedCerts()) {
-      LOGGER.warn(
-          "Self-signed certificates are allowed. Please only use this parameter (AllowSelfSignedCerts) when you're sure of what you're doing. This is not recommended for production use.");
-      return new PoolingHttpClientConnectionManager(
-          SocketFactoryUtil.getTrustAllSocketFactoryRegistry());
-    }
-
     // For standard SSL configuration, create a custom socket factory registry
     Registry<ConnectionSocketFactory> socketFactoryRegistry =
         createConnectionSocketFactoryRegistry(connectionContext);
@@ -75,59 +67,7 @@ public static PoolingHttpClientConnectionManager getBaseConnectionManager(
   public static Registry<ConnectionSocketFactory> createConnectionSocketFactoryRegistry(
       IDatabricksConnectionContext connectionContext) throws DatabricksHttpException {
 
-    // First check if a custom trust store is specified
-    if (connectionContext.getSSLTrustStore() != null) {
-      return createRegistryWithCustomTrustStore(connectionContext);
-    } else {
-      return createRegistryWithSystemOrDefaultTrustStore(connectionContext);
-    }
-  }
-
-  /**
-   * Creates a socket factory registry using a custom trust store.
-   *
-   * @param connectionContext The connection context containing the trust store information.
-   * @return A registry of connection socket factories.
-   * @throws DatabricksHttpException If there is an error setting up the trust store.
-   */
-  private static Registry<ConnectionSocketFactory> createRegistryWithCustomTrustStore(
-      IDatabricksConnectionContext connectionContext) throws DatabricksHttpException {
-
-    try {
-      KeyStore trustStore = loadTruststoreOrNull(connectionContext);
-      if (trustStore == null) {
-        String errorMessage =
-            "Specified trust store could not be loaded: " + connectionContext.getSSLTrustStore();
-        handleError(errorMessage, new IOException(errorMessage));
-      }
-
-      // Get trust anchors from custom store
-      Set<TrustAnchor> trustAnchors = getTrustAnchorsFromTrustStore(trustStore);
-      if (trustAnchors.isEmpty()) {
-        String errorMessage =
-            "Custom trust store contains no trust anchors. Certificate validation will fail.";
-        handleError(errorMessage, new KeyStoreException(errorMessage));
-      }
-
-      LOGGER.info("Using custom trust store: " + connectionContext.getSSLTrustStore());
-
-      // Create trust managers from trust store
-      TrustManager[] trustManagers =
-          createTrustManagers(
-              trustAnchors,
-              connectionContext.checkCertificateRevocation(),
-              connectionContext.acceptUndeterminedCertificateRevocation());
-
-      // Create socket factory registry
-      return createSocketFactoryRegistry(trustManagers);
-    } catch (DatabricksHttpException
-        | NoSuchAlgorithmException
-        | InvalidAlgorithmParameterException
-        | KeyManagementException e) {
-      handleError(
-          "Error while setting up custom trust store: " + connectionContext.getSSLTrustStore(), e);
-    }
-    return null; // This will never be reached, but is required for method signature.
+    return createRegistryWithSystemOrDefaultTrustStore(connectionContext);
   }
 
   /**
@@ -357,57 +297,6 @@ private static X509TrustManager findX509TrustManager(TrustManager[] trustManager
     return null;
   }
 
-  /**
-   * Loads a trust store from the path specified in the connection context.
-   *
-   * @param connectionContext The connection context containing trust store configuration.
-   * @return The loaded KeyStore or null if it could not be loaded.
-   * @throws DatabricksHttpException If there is an error during loading.
-   */
-  public static KeyStore loadTruststoreOrNull(IDatabricksConnectionContext connectionContext)
-      throws DatabricksHttpException {
-    String trustStorePath = connectionContext.getSSLTrustStore();
-    if (trustStorePath == null) {
-      return null;
-    }
-
-    // If the specified file doesn't exist, throw a specific error
-    File trustStoreFile = new File(trustStorePath);
-    if (!trustStoreFile.exists()) {
-      String errorMessage = "Specified trust store file does not exist: " + trustStorePath;
-      handleError(errorMessage, new IOException(errorMessage));
-    }
-
-    char[] password = null;
-    if (connectionContext.getSSLTrustStorePassword() != null) {
-      password = connectionContext.getSSLTrustStorePassword().toCharArray();
-    }
-
-    // Get the specified type, defaulting to JKS if not specified
-    String trustStoreType = connectionContext.getSSLTrustStoreType();
-    if (trustStoreType == null || trustStoreType.isEmpty()) {
-      trustStoreType = "JKS"; // Default to JKS if not specified
-    }
-
-    try (FileInputStream trustStoreStream = new FileInputStream(trustStorePath)) {
-      LOGGER.info("Loading trust store as type: " + trustStoreType);
-      KeyStore trustStore = KeyStore.getInstance(trustStoreType);
-      trustStore.load(trustStoreStream, password);
-      LOGGER.info("Successfully loaded trust store: " + trustStorePath);
-      return trustStore;
-    } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) {
-      String errorMessage =
-          "Failed to load trust store: "
-              + trustStorePath
-              + " with type "
-              + trustStoreType
-              + ": "
-              + e.getMessage();
-      handleError(errorMessage, e);
-    }
-    return null; // This will never be reached, but is required for method signature.
-  }
-
   /**
    * Extracts trust anchors from a KeyStore.
    *
diff --git a/src/test/java/com/databricks/client/jdbc/SSLTest.java b/src/test/java/com/databricks/client/jdbc/SSLTest.java
@@ -289,6 +289,67 @@ public void testWithSystemTrustStore() {
     }
   }
 
+  @Test
+  public void testDirectConnectionSystemTrustStoreFallback() {
+    System.out.println(
+        "Scenario: UseSystemTrustStore=1 with no system property -> fallback to cacerts (direct)");
+
+    // ensure the property is *unset* for this test run
+    String savedProp = System.getProperty("javax.net.ssl.trustStore");
+    try {
+      System.clearProperty("javax.net.ssl.trustStore");
+
+      for (boolean thrift : new boolean[] {true, false}) {
+        String url = buildJdbcUrl(thrift, false, false, false, true, false);
+        try {
+          verifyConnect(url);
+        } catch (Exception e) {
+          fail(
+              "Fallback‑to‑cacerts direct connect failed (thrift="
+                  + thrift
+                  + "): "
+                  + e.getMessage());
+        }
+      }
+    } finally {
+      // restore original system state
+      if (savedProp != null) {
+        System.setProperty("javax.net.ssl.trustStore", savedProp);
+      }
+    }
+  }
+
+  @Test
+  public void testIgnoreSystemPropertyWhenUseSystemTrustStoreDisabled() {
+    System.out.println(
+        "Scenario: bogus javax.net.ssl.trustStore present but UseSystemTrustStore=0 (driver must ignore)");
+
+    String savedProp = System.getProperty("javax.net.ssl.trustStore");
+    try {
+      System.setProperty("javax.net.ssl.trustStore", "/path/that/does/not/exist.jks");
+
+      for (boolean thrift : new boolean[] {true, false}) {
+        String url = buildJdbcUrl(thrift, false, false, false, false, false);
+        try {
+          verifyConnect(url);
+        } catch (Exception e) {
+          fail(
+              "Driver failed to ignore bogus system trust store (thrift="
+                  + thrift
+                  + "): "
+                  + e.getMessage());
+        }
+      }
+    } finally {
+      // restore original value
+      if (savedProp != null) {
+        System.setProperty("javax.net.ssl.trustStore", savedProp);
+      } else {
+        System.clearProperty("javax.net.ssl.trustStore");
+      }
+    }
+  }
+
   @Test
   public void testWithCustomTrustStore() {
     System.out.println("Scenario: Testing with custom trust store");
diff --git a/src/test/java/com/databricks/jdbc/dbclient/impl/common/ConfiguratorUtilsTest.java b/src/test/java/com/databricks/jdbc/dbclient/impl/common/ConfiguratorUtilsTest.java
