chore：add rds connect

Author: sdk-liuzhaoliang

volcengine-java-sdk-core/src/main/java/com/volcengine/endpoint/DefaultEndpointProvider.java

@@ -836,6 +836,23 @@ private static boolean hasEnabledDualstack(Boolean useDualStack) {
         return useDualStack;
     }
 
+    /**
+     * Build a regional endpoint for the given service and region.
+     * <p>
+     * Format: {standardized_service}.{region}.volcengineapi.com
+     * e.g., rds_mysql -> rds-mysql.cn-beijing.volcengineapi.com
+     * <p>
+     * Supports dual-stack via VOLC_ENABLE_DUALSTACK=true env var.
+     *
+     * @param service Service code (e.g., "rds_mysql")
+     * @param region  Region code (e.g., "cn-beijing")
+     * @return Regional endpoint string (without scheme)
+     */
+    public static String getRegionalEndpoint(String service, String region) {
+        String endpointSuffix = hasEnabledDualstack(null) ? DUALSTACK_ENDPOINT_SUFFIX : ENDPOINT_SUFFIX;
+        return standardizeDomainServiceCode(service) + SEPARATOR + region + endpointSuffix;
+    }
+
     @Override
     public ResolvedEndpoint endpointFor(ResolveEndpointOption option) {
         String endpoint = DefaultEndpointProvider.getDefaultEndpointByServiceInfo(option.getService(),

volcengine-java-sdk-core/src/main/java/com/volcengine/feature/rds/auth/ConnectUtils.java

@@ -1,5 +1,7 @@
 package com.volcengine.feature.rds.auth;
 
+import com.volcengine.ApiClient;
+import com.volcengine.endpoint.DefaultEndpointProvider;
 import com.volcengine.sign.Credentials;
 import com.volcengine.sign.VolcstackSign;
 
@@ -9,7 +11,8 @@
 import java.util.*;
 
 /**
- * RDS MySQL database connection utility class
+ * RDS MySQL database connection utility class.
+ * Generates a presigned URL that can be used as the authentication token (password) for database connections.
  */
 public class ConnectUtils {
 
@@ -19,13 +22,38 @@ public class ConnectUtils {
     private static final int DEFAULT_EXPIRES_SECONDS = 900; // 15 minutes
 
     /**
-     * Generate an authorization token for database connection (used as password)
+     * Generate an authorization token for database connection (used as password).
+     * Extracts credentials, region, and disableSSL from the ApiClient, similar to Go SDK's Config.
+     *
+     * @param apiClient  ApiClient containing Credentials, Region, and DisableSSL settings
+     * @param dbUser     Database user account
+     * @param instanceId Database instance ID
+     * @param expires    Expiration time in seconds, defaults to 900 seconds (15 minutes) if <= 0
+     * @return Presigned URL string that can be used as the authorization token for database connection
+     * @throws Exception if parameters are invalid or signing fails
+     */
+    public static String buildAuthToken(
+            ApiClient apiClient,
+            String dbUser,
+            String instanceId,
+            int expires
+    ) throws Exception {
+        if (apiClient == null) {
+            throw new IllegalArgumentException("apiClient must not be null");
+        }
+        return buildAuthToken(apiClient.getCredentials(), apiClient.getRegion(),
+                dbUser, instanceId, expires, apiClient.getDisableSSL());
+    }
+
+    /**
+     * Generate an authorization token for database connection (used as password).
+     * Uses HTTPS by default.
      *
      * @param credentials Credentials containing AccessKey and SecretKey for signing
      * @param region      Region, e.g., "cn-beijing"
      * @param dbUser      Database user account
      * @param instanceId  Database instance ID
-     * @param expires     Expiration time in seconds, defaults to 900 seconds (15 minutes) if <= 0
+     * @param expires     Expiration time in seconds, defaults to 900 seconds (15 minutes) if &lt;= 0
      * @return Presigned URL string that can be used as the authorization token for database connection
      * @throws Exception if parameters are invalid or signing fails
      */
@@ -35,6 +63,29 @@ public static String buildAuthToken(
             String dbUser,
             String instanceId,
             int expires
+    ) throws Exception {
+        return buildAuthToken(credentials, region, dbUser, instanceId, expires, false);
+    }
+
+    /**
+     * Generate an authorization token for database connection (used as password).
+     *
+     * @param credentials Credentials containing AccessKey and SecretKey for signing
+     * @param region      Region, e.g., "cn-beijing"
+     * @param dbUser      Database user account
+     * @param instanceId  Database instance ID
+     * @param expires     Expiration time in seconds, defaults to 900 seconds (15 minutes) if &lt;= 0
+     * @param disableSSL  If true, use http:// scheme; otherwise use https://
+     * @return Presigned URL string that can be used as the authorization token for database connection
+     * @throws Exception if parameters are invalid or signing fails
+     */
+    public static String buildAuthToken(
+            Credentials credentials,
+            String region,
+            String dbUser,
+            String instanceId,
+            int expires,
+            boolean disableSSL
     ) throws Exception {
         // Parameter validation
         if (credentials == null ||
@@ -47,15 +98,27 @@ public static String buildAuthToken(
             throw new IllegalArgumentException("region must not be empty");
         }
 
-        if (StringUtils.isEmpty(dbUser) || StringUtils.isEmpty(instanceId)) {
-            throw new IllegalArgumentException("dbUser or instanceId must not be empty");
+        if (StringUtils.isEmpty(dbUser)) {
+            throw new IllegalArgumentException("dbUser must not be empty");
+        }
+
+        if (StringUtils.isEmpty(instanceId)) {
+            throw new IllegalArgumentException("instanceId must not be empty");
         }
 
+        // Use default expires if <= 0
+        if (expires <= 0) {
+            expires = DEFAULT_EXPIRES_SECONDS;
+        }
+
+        // Build regional endpoint
+        String endpoint = DefaultEndpointProvider.getRegionalEndpoint(SERVICE_NAME, region);
+
         // Build query parameters
         Map<String, String> queryParams = new HashMap<>();
         queryParams.put("Action", ACTION);
         queryParams.put("Version", VERSION);
-        queryParams.put("X-Expires", expires > 0 ? String.valueOf(expires) : String.valueOf(DEFAULT_EXPIRES_SECONDS));
+        queryParams.put("X-Expires", String.valueOf(expires));
         queryParams.put("DBUser", dbUser);
         queryParams.put("InstanceId", instanceId);
 
@@ -65,21 +128,26 @@ public static String buildAuthToken(
         sign.setService(SERVICE_NAME);
         sign.setMethod("GET");
 
-        // Generate presigned URL
-        Map<String, String> presignedParams = sign.presign(queryParams);
+        // Generate presigned URL with host signing
+        Map<String, String> presignedParams = sign.presign(queryParams, endpoint);
 
         // Build complete URL
-        return buildUrl(presignedParams);
+        String scheme = disableSSL ? "http" : "https";
+        return buildUrl(scheme, endpoint, presignedParams);
     }
 
     /**
-     * Build complete URL
+     * Build complete URL with scheme, host, and query parameters.
      *
+     * @param scheme          URL scheme ("http" or "https")
+     * @param endpoint        Host endpoint (e.g., "rds-mysql.cn-beijing.volcengineapi.com")
      * @param presignedParams Presigned query parameters
      * @return Complete URL string
      */
-    private static String buildUrl(Map<String, String> presignedParams) {
+    private static String buildUrl(String scheme, String endpoint, Map<String, String> presignedParams) {
         StringBuilder url = new StringBuilder();
+        url.append(scheme).append("://").append(endpoint).append("?");
+
         // Sort parameter keys
         List<String> keys = new ArrayList<>(presignedParams.keySet());
         Collections.sort(keys);

volcengine-java-sdk-core/src/main/java/com/volcengine/sign/VolcstackSign.java

@@ -327,12 +327,24 @@ public VolcstackSign copy() {
 
 
     /**
-     * Generate presigned URL query parameters
+     * Generate presigned URL query parameters (without host signing)
      *
      * @param queryParams Original query parameters
      * @return Complete query parameters Map containing all signature information
      */
     public Map<String, String> presign(Map<String, String> queryParams) throws Exception {
+        return presign(queryParams, null);
+    }
+
+    /**
+     * Generate presigned URL query parameters
+     *
+     * @param queryParams Original query parameters
+     * @param host        Host header value to include in signing (e.g., "rds-mysql.cn-beijing.volcengineapi.com").
+     *                    If null or empty, no host header is signed.
+     * @return Complete query parameters Map containing all signature information
+     */
+    public Map<String, String> presign(Map<String, String> queryParams, String host) throws Exception {
         Map<String, String> presignedParams = new HashMap<>(queryParams);
 
         // Generate timestamp
@@ -344,12 +356,15 @@ public Map<String, String> presign(Map<String, String> queryParams) throws Excep
         // Build credential scope
         String credentialScope = dateStamp + "/" + region + "/" + service + "/request";
 
+        // Determine if host header should be signed
+        boolean signHost = host != null && !host.isEmpty();
+
         // Add required query parameters for presigning
         presignedParams.put("X-Date", xDate);
         presignedParams.put("X-NotSignBody", "");
         presignedParams.put("X-Credential", credentials.getAccessKey() + "/" + credentialScope);
         presignedParams.put("X-Algorithm", "HMAC-SHA256");
-        presignedParams.put("X-SignedHeaders", "");
+        presignedParams.put("X-SignedHeaders", signHost ? "host" : "");
         presignedParams.put("X-SignedQueries", ""); // Set to empty first, will be updated later
 
         // Collect all query parameter keys (excluding X-Security-Token), sort and update X-SignedQueries
@@ -384,15 +399,23 @@ public Map<String, String> presign(Map<String, String> queryParams) throws Excep
         canonicalRequest.append(canonicalQueryString.substring(0, canonicalQueryString.length() - 1));
         canonicalRequest.append("\n");
 
-        // Canonical Headers - empty (because X-SignedHeaders is empty)
-        canonicalRequest.append("\n");
-
-        // Signed Headers - empty
-        canonicalRequest.append("");
-        canonicalRequest.append("\n");
-
-        // Extra newline before Payload Hash (required by volcstack presigning specification)
-        canonicalRequest.append("\n");
+        // Canonical Headers and Signed Headers
+        if (signHost) {
+            // Canonical Headers - include host header
+            canonicalRequest.append("host:").append(host).append("\n");
+            canonicalRequest.append("\n");
+            // Signed Headers
+            canonicalRequest.append("host");
+            canonicalRequest.append("\n");
+        } else {
+            // Canonical Headers - empty
+            canonicalRequest.append("\n");
+            // Signed Headers - empty
+            canonicalRequest.append("");
+            canonicalRequest.append("\n");
+            // Extra newline (required by volcstack presigning specification when no headers signed)
+            canonicalRequest.append("\n");
+        }
 
         // Payload Hash - use hash value of X-NotSignBody (empty string)
         canonicalRequest.append(getSHA256(""));