diff --git a/.github/workflows/multi-language-client.yml b/.github/workflows/multi-language-client.yml index b6dda5eb4b0e..5d02d39b3c73 100644 --- a/.github/workflows/multi-language-client.yml +++ b/.github/workflows/multi-language-client.yml @@ -56,12 +56,14 @@ jobs: run: | sudo apt-get update sudo apt-get install libboost-all-dev + sudo apt-get install openssl libssl-dev - name: Install CPP Dependencies (Mac) # remove some xcode to release disk space if: runner.os == 'macOS' shell: bash run: | brew install boost + brew install openssl sudo rm -rf /Applications/Xcode_14.3.1.app sudo rm -rf /Applications/Xcode_15.0.1.app sudo rm -rf /Applications/Xcode_15.1.app @@ -74,6 +76,11 @@ jobs: choco install boost-msvc-14.3 $boost_path = (Get-ChildItem -Path 'C:\local\' -Filter 'boost_*').FullName echo $boost_path >> $env:GITHUB_PATH + + choco install openssl + $sslPath = (Get-ChildItem 'C:\Program Files\OpenSSL*' -Directory | Select-Object -First 1).FullName + echo "$sslPath\bin" >> $env:GITHUB_PATH + echo "OPENSSL_ROOT_DIR=$sslPath" >> $env:GITHUB_ENV - name: Cache Maven packages uses: actions/cache@v4 with: diff --git a/iotdb-client/client-cpp/src/main/AbstractSessionBuilder.h b/iotdb-client/client-cpp/src/main/AbstractSessionBuilder.h index 3ec6da9b399a..ed57a7eaae7e 100644 --- a/iotdb-client/client-cpp/src/main/AbstractSessionBuilder.h +++ b/iotdb-client/client-cpp/src/main/AbstractSessionBuilder.h @@ -39,6 +39,8 @@ class AbstractSessionBuilder { bool enableRedirections = true; bool enableRPCCompression = false; std::vector nodeUrls; + bool useSSL = false; + std::string trustCertFilePath; }; #endif // IOTDB_ABSTRACTSESSIONBUILDER_H \ No newline at end of file diff --git a/iotdb-client/client-cpp/src/main/CMakeLists.txt b/iotdb-client/client-cpp/src/main/CMakeLists.txt index 5cf503c4efce..6ded7457c121 100644 --- a/iotdb-client/client-cpp/src/main/CMakeLists.txt +++ b/iotdb-client/client-cpp/src/main/CMakeLists.txt @@ -26,6 +26,15 @@ SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11 -Wall -g -O2 ") # Add Thrift include directory INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/../../thrift/include) +# Find OpenSSL Library +FIND_PACKAGE(OpenSSL REQUIRED) +IF(OpenSSL_FOUND) + MESSAGE(STATUS "OpenSSL found: ${OPENSSL_VERSION}") + INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR}) +ELSE() + MESSAGE(FATAL_ERROR "OpenSSL not found") +ENDIF() + # Add Boost include path for MacOS INCLUDE_DIRECTORIES(/usr/local/include) @@ -55,4 +64,10 @@ ELSE() ENDIF() # Link with Thrift static library -TARGET_LINK_LIBRARIES(iotdb_session ${THRIFT_STATIC_LIB}) +target_link_libraries(iotdb_session + PUBLIC + OpenSSL::SSL + OpenSSL::Crypto + PRIVATE + ${THRIFT_STATIC_LIB} +) diff --git a/iotdb-client/client-cpp/src/main/NodesSupplier.cpp b/iotdb-client/client-cpp/src/main/NodesSupplier.cpp index 2cec43c4448a..3f309ce3af32 100644 --- a/iotdb-client/client-cpp/src/main/NodesSupplier.cpp +++ b/iotdb-client/client-cpp/src/main/NodesSupplier.cpp @@ -68,32 +68,57 @@ std::vector StaticNodesSupplier::getEndPointList() { StaticNodesSupplier::~StaticNodesSupplier() = default; std::shared_ptr NodesSupplier::create( - std::vector endpoints, - std::string userName, std::string password, std::string zoneId, - int32_t thriftDefaultBufferSize, int32_t thriftMaxFrameSize, - int32_t connectionTimeoutInMs, bool useSSL, bool enableRPCCompression, - std::string version, std::chrono::milliseconds refreshInterval, + const std::vector& endpoints, + const std::string& userName, + const std::string& password, + bool useSSL, + const std::string& trustCertFilePath, + const std::string& zoneId, + int32_t thriftDefaultBufferSize, + int32_t thriftMaxFrameSize, + int32_t connectionTimeoutInMs, + bool enableRPCCompression, + const std::string& version, + std::chrono::milliseconds refreshInterval, NodeSelectionPolicy policy) { if (endpoints.empty()) { return nullptr; } auto supplier = std::make_shared( - userName, password, zoneId, thriftDefaultBufferSize, - thriftMaxFrameSize, connectionTimeoutInMs, useSSL, - enableRPCCompression, version, std::move(endpoints), std::move(policy) + userName, password, useSSL, trustCertFilePath, zoneId, + thriftDefaultBufferSize, thriftMaxFrameSize, connectionTimeoutInMs, + enableRPCCompression, + version, endpoints, policy ); supplier->startBackgroundRefresh(refreshInterval); return supplier; } NodesSupplier::NodesSupplier( - std::string userName, std::string password, const std::string& zoneId, - int32_t thriftDefaultBufferSize, int32_t thriftMaxFrameSize, - int32_t connectionTimeoutInMs, bool useSSL, bool enableRPCCompression, - std::string version, std::vector endpoints, NodeSelectionPolicy policy) : userName_(std::move(userName)), password_(std::move(password)), zoneId_(zoneId), - thriftDefaultBufferSize_(thriftDefaultBufferSize), thriftMaxFrameSize_(thriftMaxFrameSize), - connectionTimeoutInMs_(connectionTimeoutInMs), useSSL_(useSSL), enableRPCCompression_(enableRPCCompression), version(version), endpoints_(std::move(endpoints)), - selectionPolicy_(std::move(policy)) { + const std::string& userName, + const std::string& password, + bool useSSL, + const std::string& trustCertFilePath, + const std::string& zoneId, + int32_t thriftDefaultBufferSize, + int32_t thriftMaxFrameSize, + int32_t connectionTimeoutInMs, + bool enableRPCCompression, + const std::string& version, + const std::vector& endpoints, + NodeSelectionPolicy policy) + : userName_(userName) + , password_(password) + , zoneId_(zoneId) + , thriftDefaultBufferSize_(thriftDefaultBufferSize) + , thriftMaxFrameSize_(thriftMaxFrameSize) + , connectionTimeoutInMs_(connectionTimeoutInMs) + , useSSL_(useSSL) + , trustCertFilePath_(trustCertFilePath) + , enableRPCCompression_(enableRPCCompression) + , version_(version) + , endpoints_(endpoints) + , selectionPolicy_(policy) { deduplicateEndpoints(); } @@ -157,7 +182,7 @@ std::vector NodesSupplier::fetchLatestEndpoints() { try { if (client_ == nullptr) { client_ = std::make_shared(endpoint); - client_->init(userName_, password_, enableRPCCompression_, zoneId_, version); + client_->init(userName_, password_, enableRPCCompression_, useSSL_, trustCertFilePath_, zoneId_, version_); } auto sessionDataSet = client_->executeQueryStatement(SHOW_DATA_NODES_COMMAND); diff --git a/iotdb-client/client-cpp/src/main/NodesSupplier.h b/iotdb-client/client-cpp/src/main/NodesSupplier.h index 7e1a6e5af3fa..19b2d212bfa8 100644 --- a/iotdb-client/client-cpp/src/main/NodesSupplier.h +++ b/iotdb-client/client-cpp/src/main/NodesSupplier.h @@ -78,23 +78,36 @@ class NodesSupplier : public INodesSupplier { static const int CONNECTION_TIMEOUT_IN_MS; static std::shared_ptr create( - std::vector endpoints, - std::string userName, std::string password, std::string zoneId = "", + const std::vector& endpoints, + const std::string& userName, + const std::string& password, + bool useSSL = false, + const std::string& trustCertFilePath = "", + const std::string& zoneId = "", int32_t thriftDefaultBufferSize = ThriftConnection::THRIFT_DEFAULT_BUFFER_SIZE, int32_t thriftMaxFrameSize = ThriftConnection::THRIFT_MAX_FRAME_SIZE, int32_t connectionTimeoutInMs = ThriftConnection::CONNECTION_TIMEOUT_IN_MS, - bool useSSL = false, bool enableRPCCompression = false, - std::string version = "V_1_0", + bool enableRPCCompression = false, + const std::string& version = "V_1_0", std::chrono::milliseconds refreshInterval = std::chrono::milliseconds(TIMEOUT_IN_MS), NodeSelectionPolicy policy = RoundRobinPolicy::select ); NodesSupplier( - std::string userName, std::string password, const std::string& zoneId, - int32_t thriftDefaultBufferSize, int32_t thriftMaxFrameSize, - int32_t connectionTimeoutInMs, bool useSSL, bool enableRPCCompression, - std::string version, std::vector endpoints, NodeSelectionPolicy policy + const std::string& userName, + const std::string& password, + bool useSSL, + const std::string& trustCertFilePath, + const std::string& zoneId, + int32_t thriftDefaultBufferSize, + int32_t thriftMaxFrameSize, + int32_t connectionTimeoutInMs, + bool enableRPCCompression, + const std::string& version, + const std::vector& endpoints, + NodeSelectionPolicy policy ); + std::vector getEndPointList() override; boost::optional getQueryEndPoint() override; @@ -108,8 +121,9 @@ class NodesSupplier : public INodesSupplier { int32_t thriftMaxFrameSize_; int32_t connectionTimeoutInMs_; bool useSSL_; + std::string trustCertFilePath_; bool enableRPCCompression_; - std::string version; + std::string version_; std::string zoneId_; std::mutex mutex_; diff --git a/iotdb-client/client-cpp/src/main/Session.cpp b/iotdb-client/client-cpp/src/main/Session.cpp index 8182a67cccb6..b751e64d943b 100644 --- a/iotdb-client/client-cpp/src/main/Session.cpp +++ b/iotdb-client/client-cpp/src/main/Session.cpp @@ -763,7 +763,7 @@ void Session::initNodesSupplier(const std::vector& nodeUrls) { } if (enableAutoFetch_) { - nodesSupplier_ = NodesSupplier::create(endPoints, username_, password_); + nodesSupplier_ = NodesSupplier::create(endPoints, username_, password_, useSSL_, trustCertFilePath_); } else { nodesSupplier_ = make_shared(endPoints); diff --git a/iotdb-client/client-cpp/src/main/Session.h b/iotdb-client/client-cpp/src/main/Session.h index 35c05fad22c4..b2f619928769 100644 --- a/iotdb-client/client-cpp/src/main/Session.h +++ b/iotdb-client/client-cpp/src/main/Session.h @@ -535,6 +535,8 @@ class Session { private: std::string host_; int rpcPort_; + bool useSSL_; + std::string trustCertFilePath_; std::vector nodeUrls_; std::string username_; std::string password_; @@ -724,6 +726,8 @@ class Session { this->enableRedirection_ = builder->enableRedirections; this->connectTimeoutMs_ = builder->connectTimeoutMs; this->nodeUrls_ = builder->nodeUrls; + this->useSSL_ = builder->useSSL; + this->trustCertFilePath_ = builder->trustCertFilePath; initZoneId(); initNodesSupplier(this->nodeUrls_); } diff --git a/iotdb-client/client-cpp/src/main/SessionBuilder.h b/iotdb-client/client-cpp/src/main/SessionBuilder.h index 9eb66e7b6006..e180db1a292e 100644 --- a/iotdb-client/client-cpp/src/main/SessionBuilder.h +++ b/iotdb-client/client-cpp/src/main/SessionBuilder.h @@ -34,6 +34,16 @@ class SessionBuilder : public AbstractSessionBuilder { return this; } + SessionBuilder* useSSL(bool useSSL) { + AbstractSessionBuilder::useSSL = useSSL; + return this; + } + + SessionBuilder* trustCertFilePath(const std::string &trustCertFilePath) { + AbstractSessionBuilder::trustCertFilePath = trustCertFilePath; + return this; + } + SessionBuilder* username(const std::string &username) { AbstractSessionBuilder::username = username; return this; diff --git a/iotdb-client/client-cpp/src/main/SessionConnection.cpp b/iotdb-client/client-cpp/src/main/SessionConnection.cpp index a6928b14d297..0ab22cc79a60 100644 --- a/iotdb-client/client-cpp/src/main/SessionConnection.cpp +++ b/iotdb-client/client-cpp/src/main/SessionConnection.cpp @@ -50,7 +50,7 @@ SessionConnection::SessionConnection(Session* session_ptr, const TEndPoint& endp database(std::move(db)) { this->zoneId = zoneId.empty() ? getSystemDefaultZoneId() : zoneId; endPointList.push_back(endpoint); - init(endPoint); + init(endPoint, session->useSSL_, session->trustCertFilePath_); } void SessionConnection::close() { @@ -98,10 +98,18 @@ SessionConnection::~SessionConnection() { } } -void SessionConnection::init(const TEndPoint& endpoint) { - shared_ptr socket(new TSocket(endpoint.ip, endpoint.port)); - transport = std::make_shared(socket); - socket->setConnTimeout(connectionTimeoutInMs); +void SessionConnection::init(const TEndPoint& endpoint, bool useSSL, const std::string& trustCertFilePath) { + if (useSSL) { + socketFactory_->loadTrustedCertificates(trustCertFilePath.c_str()); + socketFactory_->authenticate(false); + auto sslSocket = socketFactory_->createSocket(endPoint.ip, endPoint.port); + sslSocket->setConnTimeout(connectionTimeoutInMs); + transport = std::make_shared(sslSocket); + } else { + auto socket = std::make_shared(endPoint.ip, endPoint.port); + socket->setConnTimeout(connectionTimeoutInMs); + transport = std::make_shared(socket); + } if (!transport->isOpen()) { try { transport->open(); @@ -341,7 +349,7 @@ bool SessionConnection::reconnect() { } tryHostNum++; try { - init(this->endPoint); + init(this->endPoint, this->session->useSSL_, this->session->trustCertFilePath_); reconnect = true; } catch (const IoTDBConnectionException& e) { diff --git a/iotdb-client/client-cpp/src/main/SessionConnection.h b/iotdb-client/client-cpp/src/main/SessionConnection.h index 7102222b216c..96d583609550 100644 --- a/iotdb-client/client-cpp/src/main/SessionConnection.h +++ b/iotdb-client/client-cpp/src/main/SessionConnection.h @@ -23,6 +23,7 @@ #include #include #include +#include #include "IClientRPCService.h" #include "common_types.h" #include "NodesSupplier.h" @@ -50,7 +51,7 @@ class SessionConnection : public std::enable_shared_from_this const TEndPoint& getEndPoint(); - void init(const TEndPoint& endpoint); + void init(const TEndPoint& endpoint, bool useSSL, const std::string& trustCertFilePath); void insertStringRecord(const TSInsertStringRecordReq& request); @@ -179,6 +180,8 @@ class SessionConnection : public std::enable_shared_from_this TSStatus deleteDataInternal(TSDeleteDataReq request); + std::shared_ptr socketFactory_ = + std::make_shared();; std::shared_ptr transport; std::shared_ptr client; Session* session; diff --git a/iotdb-client/client-cpp/src/main/TableSessionBuilder.h b/iotdb-client/client-cpp/src/main/TableSessionBuilder.h index 7d58fc87073f..50009de441e0 100644 --- a/iotdb-client/client-cpp/src/main/TableSessionBuilder.h +++ b/iotdb-client/client-cpp/src/main/TableSessionBuilder.h @@ -45,6 +45,16 @@ class TableSessionBuilder : public AbstractSessionBuilder { AbstractSessionBuilder::rpcPort = rpcPort; return this; } + TableSessionBuilder* useSSL(bool useSSL) { + AbstractSessionBuilder::useSSL = useSSL; + return this; + } + + TableSessionBuilder* trustCertFilePath(const std::string &trustCertFilePath) { + AbstractSessionBuilder::trustCertFilePath = trustCertFilePath; + return this; + } + TableSessionBuilder* username(const std::string &username) { AbstractSessionBuilder::username = username; return this; diff --git a/iotdb-client/client-cpp/src/main/ThriftConnection.cpp b/iotdb-client/client-cpp/src/main/ThriftConnection.cpp index 1dab528fbd8a..2cb52bed6075 100644 --- a/iotdb-client/client-cpp/src/main/ThriftConnection.cpp +++ b/iotdb-client/client-cpp/src/main/ThriftConnection.cpp @@ -64,11 +64,21 @@ void ThriftConnection::initZoneId() { void ThriftConnection::init(const std::string& username, const std::string& password, bool enableRPCCompression, + bool useSSL, + const std::string& trustCertFilePath, const std::string& zoneId, const std::string& version) { - std::shared_ptr socket(new TSocket(endPoint_.ip, endPoint_.port)); - socket->setConnTimeout(connectionTimeoutInMs_); - transport_ = std::make_shared(socket); + if (useSSL) { + socketFactory_->loadTrustedCertificates(trustCertFilePath.c_str()); + socketFactory_->authenticate(false); + auto sslSocket = socketFactory_->createSocket(endPoint_.ip, endPoint_.port); + sslSocket->setConnTimeout(connectionTimeoutInMs_); + transport_ = std::make_shared(sslSocket); + } else { + auto socket = std::make_shared(endPoint_.ip, endPoint_.port); + socket->setConnTimeout(connectionTimeoutInMs_); + transport_ = std::make_shared(socket); + } if (!transport_->isOpen()) { try { transport_->open(); diff --git a/iotdb-client/client-cpp/src/main/ThriftConnection.h b/iotdb-client/client-cpp/src/main/ThriftConnection.h index d578e37b1b70..a308c95e3a20 100644 --- a/iotdb-client/client-cpp/src/main/ThriftConnection.h +++ b/iotdb-client/client-cpp/src/main/ThriftConnection.h @@ -20,7 +20,7 @@ #define IOTDB_THRIFTCONNECTION_H #include -#include +#include #include "IClientRPCService.h" class SessionDataSet; @@ -43,6 +43,8 @@ class ThriftConnection { void init(const std::string& username, const std::string& password, bool enableRPCCompression = false, + bool useSSL = false, + const std::string& trustCertFilePath = "", const std::string& zoneId = std::string(), const std::string& version = "V_1_0"); @@ -58,6 +60,8 @@ class ThriftConnection { int connectionTimeoutInMs_; int fetchSize_; + std::shared_ptr socketFactory_ = + std::make_shared(); std::shared_ptr transport_; std::shared_ptr client_; int64_t sessionId_{};