Support Client TLS

HTHou · HTHou · commit 74cc483c6222 · 2026-01-09T18:42:48.000+08:00
diff --git a/src/Apache.IoTDB/SessionPool.Builder.cs b/src/Apache.IoTDB/SessionPool.Builder.cs
@@ -17,7 +17,6 @@
  * under the License.
  */
 
-using System;
 using System.Collections.Generic;
 
 namespace Apache.IoTDB;
@@ -35,6 +34,8 @@ public class Builder
         private int _poolSize = 8;
         private bool _enableRpcCompression = false;
         private int _connectionTimeoutInMs = 500;
+        private bool _useSsl = false;
+        private string _certificatePath = null;
         private string _sqlDialect = IoTDBConstant.TREE_SQL_DIALECT;
         private string _database = "";
         private List<string> _nodeUrls = new List<string>();
@@ -93,6 +94,18 @@ public Builder SetConnectionTimeoutInMs(int timeout)
             return this;
         }
 
+        public Builder SetUseSsl(bool useSsl)
+        {
+            _useSsl = useSsl;
+            return this;
+        }
+
+        public Builder SetCertificatePath(string certificatePath)
+        {
+            _certificatePath = certificatePath;
+            return this;
+        }
+
         public Builder SetNodeUrl(List<string> nodeUrls)
         {
             _nodeUrls = nodeUrls;
@@ -122,6 +135,8 @@ public Builder()
             _poolSize = 8;
             _enableRpcCompression = false;
             _connectionTimeoutInMs = 500;
+            _useSsl = false;
+            _certificatePath = null;
             _sqlDialect = IoTDBConstant.TREE_SQL_DIALECT;
             _database = "";
         }
@@ -131,9 +146,9 @@ public SessionPool Build()
             // if nodeUrls is not empty, use nodeUrls to create session pool
             if (_nodeUrls.Count > 0)
             {
-                return new SessionPool(_nodeUrls, _username, _password, _fetchSize, _zoneId, _poolSize, _enableRpcCompression, _connectionTimeoutInMs, _sqlDialect, _database);
+                return new SessionPool(_nodeUrls, _username, _password, _fetchSize, _zoneId, _poolSize, _enableRpcCompression, _connectionTimeoutInMs, _useSsl, _certificatePath ,_sqlDialect, _database);
             }
-            return new SessionPool(_host, _port, _username, _password, _fetchSize, _zoneId, _poolSize, _enableRpcCompression, _connectionTimeoutInMs, _sqlDialect, _database);
+            return new SessionPool(_host, _port, _username, _password, _fetchSize, _zoneId, _poolSize, _enableRpcCompression, _connectionTimeoutInMs, _useSsl, _certificatePath,  _sqlDialect, _database);
         }
     }
 }
diff --git a/src/Apache.IoTDB/SessionPool.cs b/src/Apache.IoTDB/SessionPool.cs
@@ -19,13 +19,12 @@
 
 using System;
 using System.Collections.Generic;
+using System.IO;
 using System.Linq;
-using System.Net.Sockets;
-using System.Numerics;
 using System.Threading;
 using System.Threading.Tasks;
+using System.Security.Cryptography.X509Certificates;
 using Apache.IoTDB.DataStructure;
-using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Logging;
 using Thrift;
 using Thrift.Protocol;
@@ -47,6 +46,8 @@ public partial class SessionPool : IDisposable
         private readonly List<TEndPoint> _endPoints = new();
         private readonly string _host;
         private readonly int _port;
+        private readonly bool _useSsl;
+        private readonly string _certificatePath;
         private readonly int _fetchSize;
         /// <summary>
         /// _timeout is the amount of time a Session will wait for a send operation to complete successfully.
@@ -86,10 +87,10 @@ public SessionPool(string host, int port) : this(host, port, "root", "root", 102
         {
         }
         public SessionPool(string host, int port, string username, string password, int fetchSize, string zoneId, int poolSize, bool enableRpcCompression, int timeout)
-                         : this(host, port, username, password, fetchSize, zoneId, poolSize, enableRpcCompression, timeout, IoTDBConstant.TREE_SQL_DIALECT, "")
+                         : this(host, port, username, password, fetchSize, zoneId, poolSize, enableRpcCompression, timeout, false, null, IoTDBConstant.TREE_SQL_DIALECT, "")
         {
         }
-        protected internal SessionPool(string host, int port, string username, string password, int fetchSize, string zoneId, int poolSize, bool enableRpcCompression, int timeout, string sqlDialect, string database)
+        protected internal SessionPool(string host, int port, string username, string password, int fetchSize, string zoneId, int poolSize, bool enableRpcCompression, int timeout, bool useSsl, string certificatePath, string sqlDialect, string database)
         {
             _host = host;
             _port = port;
@@ -101,6 +102,8 @@ protected internal SessionPool(string host, int port, string username, string pa
             _poolSize = poolSize;
             _enableRpcCompression = enableRpcCompression;
             _timeout = timeout;
+            _useSsl = useSsl;
+            _certificatePath = certificatePath;
             _sqlDialect = sqlDialect;
             _database = database;
         }
@@ -126,11 +129,11 @@ public SessionPool(List<string> nodeUrls, string username, string password, int
         {
         }
         public SessionPool(List<string> nodeUrls, string username, string password, int fetchSize, string zoneId, int poolSize, bool enableRpcCompression, int timeout)
-                        : this(nodeUrls, username, password, fetchSize, zoneId, poolSize, enableRpcCompression, timeout, IoTDBConstant.TREE_SQL_DIALECT, "")
+                        : this(nodeUrls, username, password, fetchSize, zoneId, poolSize, enableRpcCompression, timeout,false, null,  IoTDBConstant.TREE_SQL_DIALECT, "")
         {
 
         }
-        protected internal SessionPool(List<string> nodeUrls, string username, string password, int fetchSize, string zoneId, int poolSize, bool enableRpcCompression, int timeout, string sqlDialect, string database)
+        protected internal SessionPool(List<string> nodeUrls, string username, string password, int fetchSize, string zoneId, int poolSize, bool enableRpcCompression, int timeout, bool useSsl, string certificatePath, string sqlDialect, string database)
         {
             if (nodeUrls.Count == 0)
             {
@@ -146,6 +149,8 @@ protected internal SessionPool(List<string> nodeUrls, string username, string pa
             _poolSize = poolSize;
             _enableRpcCompression = enableRpcCompression;
             _timeout = timeout;
+            _useSsl = useSsl;
+            _certificatePath = certificatePath;
             _sqlDialect = sqlDialect;
             _database = database;
         }
@@ -241,7 +246,7 @@ public async Task Open(CancellationToken cancellationToken = default)
                 {
                     try
                     {
-                        _clients.Add(await CreateAndOpen(_host, _port, _enableRpcCompression, _timeout, _sqlDialect, _database, cancellationToken));
+                        _clients.Add(await CreateAndOpen(_host, _port, _enableRpcCompression, _timeout, _useSsl,_certificatePath, _sqlDialect, _database, cancellationToken));
                     }
                     catch (Exception e)
                     {
@@ -264,7 +269,7 @@ public async Task Open(CancellationToken cancellationToken = default)
                         var endPoint = _endPoints[endPointIndex];
                         try
                         {
-                            var client = await CreateAndOpen(endPoint.Ip, endPoint.Port, _enableRpcCompression, _timeout, _sqlDialect, _database, cancellationToken);
+                            var client = await CreateAndOpen(endPoint.Ip, endPoint.Port, _enableRpcCompression, _timeout, _useSsl,_certificatePath, _sqlDialect, _database, cancellationToken);
                             _clients.Add(client);
                             isConnected = true;
                             startIndex = (endPointIndex + 1) % _endPoints.Count;
@@ -303,7 +308,7 @@ public async Task<Client> Reconnect(Client originalClient = null, CancellationTo
                 {
                     try
                     {
-                        var client = await CreateAndOpen(_host, _port, _enableRpcCompression, _timeout, _sqlDialect, _database, cancellationToken);
+                        var client = await CreateAndOpen(_host, _port, _enableRpcCompression, _timeout, _useSsl,_certificatePath, _sqlDialect, _database, cancellationToken);
                         return client;
                     }
                     catch (Exception e)
@@ -330,7 +335,7 @@ public async Task<Client> Reconnect(Client originalClient = null, CancellationTo
                         int j = (startIndex + i) % _endPoints.Count;
                         try
                         {
-                            var client = await CreateAndOpen(_endPoints[j].Ip, _endPoints[j].Port, _enableRpcCompression, _timeout, _sqlDialect, _database, cancellationToken);
+                            var client = await CreateAndOpen(_endPoints[j].Ip, _endPoints[j].Port, _enableRpcCompression, _timeout, _useSsl,_certificatePath, _sqlDialect, _database, cancellationToken);
                             return client;
                         }
                         catch (Exception e)
@@ -423,12 +428,14 @@ public async Task<string> GetTimeZone()
             }
         }
 
-        private async Task<Client> CreateAndOpen(string host, int port, bool enableRpcCompression, int timeout, string sqlDialect, string database, CancellationToken cancellationToken = default)
+        private async Task<Client> CreateAndOpen(string host, int port, bool enableRpcCompression, int timeout, bool useSsl, string cert, string sqlDialect, string database, CancellationToken cancellationToken = default)
         {
-            var tcpClient = new TcpClient(host, port);
-            tcpClient.SendTimeout = timeout;
-            tcpClient.ReceiveTimeout = timeout;
-            var transport = new TFramedTransport(new TSocketTransport(tcpClient, null));
+
+            TTransport socket = useSsl ?
+                new TTlsSocketTransport(host, port, null, timeout, new X509Certificate2(File.ReadAllBytes(cert))) :
+                new TSocketTransport(host, port, null, timeout);
+
+            var transport = new TFramedTransport(socket);
 
             if (!transport.IsOpen)
             {

Original file line number	Diff line number	Diff line change
`@@ -19,13 +19,12 @@`
`19`	`19`
`20`	`20`	`using System;`
`21`	`21`	`using System.Collections.Generic;`
	`22`	`+using System.IO;`
`22`	`23`	`using System.Linq;`
`23`		`-using System.Net.Sockets;`
`24`		`-using System.Numerics;`
`25`	`24`	`using System.Threading;`
`26`	`25`	`using System.Threading.Tasks;`
	`26`	`+using System.Security.Cryptography.X509Certificates;`
`27`	`27`	`using Apache.IoTDB.DataStructure;`
`28`		`-using Microsoft.Extensions.Configuration;`
`29`	`28`	`using Microsoft.Extensions.Logging;`
`30`	`29`	`using Thrift;`
`31`	`30`	`using Thrift.Protocol;`
`@@ -47,6 +46,8 @@ public partial class SessionPool : IDisposable`
`47`	`46`	`private readonly List<TEndPoint> _endPoints = new();`
`48`	`47`	`private readonly string _host;`
`49`	`48`	`private readonly int _port;`
	`49`	`+ private readonly bool _useSsl;`
	`50`	`+ private readonly string _certificatePath;`
`50`	`51`	`private readonly int _fetchSize;`
`51`	`52`	`/// <summary>`
`52`	`53`	`/// _timeout is the amount of time a Session will wait for a send operation to complete successfully.`
`@@ -86,10 +87,10 @@ public SessionPool(string host, int port) : this(host, port, "root", "root", 102`
`86`	`87`	`{`
`87`	`88`	`}`
`88`	`89`	`public SessionPool(string host, int port, string username, string password, int fetchSize, string zoneId, int poolSize, bool enableRpcCompression, int timeout)`
`89`		`- : this(host, port, username, password, fetchSize, zoneId, poolSize, enableRpcCompression, timeout, IoTDBConstant.TREE_SQL_DIALECT, "")`
	`90`	`+ : this(host, port, username, password, fetchSize, zoneId, poolSize, enableRpcCompression, timeout, false, null, IoTDBConstant.TREE_SQL_DIALECT, "")`
`90`	`91`	`{`
`91`	`92`	`}`
`92`		`- protected internal SessionPool(string host, int port, string username, string password, int fetchSize, string zoneId, int poolSize, bool enableRpcCompression, int timeout, string sqlDialect, string database)`
	`93`	`+ protected internal SessionPool(string host, int port, string username, string password, int fetchSize, string zoneId, int poolSize, bool enableRpcCompression, int timeout, bool useSsl, string certificatePath, string sqlDialect, string database)`
`93`	`94`	`{`
`94`	`95`	`_host = host;`
`95`	`96`	`_port = port;`
`@@ -101,6 +102,8 @@ protected internal SessionPool(string host, int port, string username, string pa`
`101`	`102`	`_poolSize = poolSize;`
`102`	`103`	`_enableRpcCompression = enableRpcCompression;`
`103`	`104`	`_timeout = timeout;`
	`105`	`+ _useSsl = useSsl;`
	`106`	`+ _certificatePath = certificatePath;`
`104`	`107`	`_sqlDialect = sqlDialect;`
`105`	`108`	`_database = database;`
`106`	`109`	`}`
`@@ -126,11 +129,11 @@ public SessionPool(List<string> nodeUrls, string username, string password, int`
`126`	`129`	`{`
`127`	`130`	`}`
`128`	`131`	`public SessionPool(List<string> nodeUrls, string username, string password, int fetchSize, string zoneId, int poolSize, bool enableRpcCompression, int timeout)`
`129`		`- : this(nodeUrls, username, password, fetchSize, zoneId, poolSize, enableRpcCompression, timeout, IoTDBConstant.TREE_SQL_DIALECT, "")`
	`132`	`+ : this(nodeUrls, username, password, fetchSize, zoneId, poolSize, enableRpcCompression, timeout,false, null, IoTDBConstant.TREE_SQL_DIALECT, "")`
`130`	`133`	`{`
`131`	`134`
`132`	`135`	`}`
`133`		`- protected internal SessionPool(List<string> nodeUrls, string username, string password, int fetchSize, string zoneId, int poolSize, bool enableRpcCompression, int timeout, string sqlDialect, string database)`
	`136`	`+ protected internal SessionPool(List<string> nodeUrls, string username, string password, int fetchSize, string zoneId, int poolSize, bool enableRpcCompression, int timeout, bool useSsl, string certificatePath, string sqlDialect, string database)`
`134`	`137`	`{`
`135`	`138`	`if (nodeUrls.Count == 0)`
`136`	`139`	`{`
`@@ -146,6 +149,8 @@ protected internal SessionPool(List<string> nodeUrls, string username, string pa`
`146`	`149`	`_poolSize = poolSize;`
`147`	`150`	`_enableRpcCompression = enableRpcCompression;`
`148`	`151`	`_timeout = timeout;`
	`152`	`+ _useSsl = useSsl;`
	`153`	`+ _certificatePath = certificatePath;`
`149`	`154`	`_sqlDialect = sqlDialect;`
`150`	`155`	`_database = database;`
`151`	`156`	`}`
`@@ -241,7 +246,7 @@ public async Task Open(CancellationToken cancellationToken = default)`
`241`	`246`	`{`
`242`	`247`	`try`
`243`	`248`	`{`
`244`		`- _clients.Add(await CreateAndOpen(_host, _port, _enableRpcCompression, _timeout, _sqlDialect, _database, cancellationToken));`
	`249`	`+ _clients.Add(await CreateAndOpen(_host, _port, _enableRpcCompression, _timeout, _useSsl,_certificatePath, _sqlDialect, _database, cancellationToken));`
`245`	`250`	`}`
`246`	`251`	`catch (Exception e)`
`247`	`252`	`{`
`@@ -264,7 +269,7 @@ public async Task Open(CancellationToken cancellationToken = default)`
`264`	`269`	`var endPoint = _endPoints[endPointIndex];`
`265`	`270`	`try`
`266`	`271`	`{`
`267`		`- var client = await CreateAndOpen(endPoint.Ip, endPoint.Port, _enableRpcCompression, _timeout, _sqlDialect, _database, cancellationToken);`
	`272`	`+ var client = await CreateAndOpen(endPoint.Ip, endPoint.Port, _enableRpcCompression, _timeout, _useSsl,_certificatePath, _sqlDialect, _database, cancellationToken);`
`268`	`273`	`_clients.Add(client);`
`269`	`274`	`isConnected = true;`
`270`	`275`	`startIndex = (endPointIndex + 1) % _endPoints.Count;`
`@@ -303,7 +308,7 @@ public async Task<Client> Reconnect(Client originalClient = null, CancellationTo`
`303`	`308`	`{`
`304`	`309`	`try`
`305`	`310`	`{`
`306`		`- var client = await CreateAndOpen(_host, _port, _enableRpcCompression, _timeout, _sqlDialect, _database, cancellationToken);`
	`311`	`+ var client = await CreateAndOpen(_host, _port, _enableRpcCompression, _timeout, _useSsl,_certificatePath, _sqlDialect, _database, cancellationToken);`
`307`	`312`	`return client;`
`308`	`313`	`}`
`309`	`314`	`catch (Exception e)`
`@@ -330,7 +335,7 @@ public async Task<Client> Reconnect(Client originalClient = null, CancellationTo`
`330`	`335`	`int j = (startIndex + i) % _endPoints.Count;`
`331`	`336`	`try`
`332`	`337`	`{`
`333`		`- var client = await CreateAndOpen(_endPoints[j].Ip, _endPoints[j].Port, _enableRpcCompression, _timeout, _sqlDialect, _database, cancellationToken);`
	`338`	`+ var client = await CreateAndOpen(_endPoints[j].Ip, _endPoints[j].Port, _enableRpcCompression, _timeout, _useSsl,_certificatePath, _sqlDialect, _database, cancellationToken);`
`334`	`339`	`return client;`
`335`	`340`	`}`
`336`	`341`	`catch (Exception e)`
`@@ -423,12 +428,14 @@ public async Task<string> GetTimeZone()`
`423`	`428`	`}`
`424`	`429`	`}`
`425`	`430`
`426`		`- private async Task<Client> CreateAndOpen(string host, int port, bool enableRpcCompression, int timeout, string sqlDialect, string database, CancellationToken cancellationToken = default)`
	`431`	`+ private async Task<Client> CreateAndOpen(string host, int port, bool enableRpcCompression, int timeout, bool useSsl, string cert, string sqlDialect, string database, CancellationToken cancellationToken = default)`
`427`	`432`	`{`
`428`		`- var tcpClient = new TcpClient(host, port);`
`429`		`- tcpClient.SendTimeout = timeout;`
`430`		`- tcpClient.ReceiveTimeout = timeout;`
`431`		`- var transport = new TFramedTransport(new TSocketTransport(tcpClient, null));`
	`433`	`+`
	`434`	`+ TTransport socket = useSsl ?`
	`435`	`+ new TTlsSocketTransport(host, port, null, timeout, new X509Certificate2(File.ReadAllBytes(cert))) :`
	`436`	`+ new TSocketTransport(host, port, null, timeout);`
	`437`	`+`
	`438`	`+ var transport = new TFramedTransport(socket);`
`432`	`439`
`433`	`440`	`if (!transport.IsOpen)`
`434`	`441`	`{`