feat: Add SSL/TLS Support to DataCloud JDBC Driver

[praveen2450]

🔒 Add SSL/TLS Support to DataCloud JDBC Driver

This PR implements comprehensive SSL/TLS support for the DataCloud JDBC driver, enabling secure connections with automatic SSL mode detection and flexible certificate configuration.

📋 Changes Made

Core SSL Implementation

• New SslProperties class with SSL/TLS auto-detection
  • Added SslMode enum with four auto-detected modes: DISABLED, DEFAULT_TLS, ONE_SIDED_TLS, MUTUAL_TLS
  • Automatic SSL mode detection based on certificate properties provided
  • Implemented SSL context creation using GrpcSslContexts and NettyChannelBuilder
  • Support for both JKS truststore and PEM certificate formats

SSL Mode

The driver automatically determines the SSL mode based on certificate properties:

1. DEFAULT_TLS - SSL with Java's system truststore (secure by default)
2. ONE_SIDED_TLS - SSL with custom trust verification (JKS truststore or PEM CA cert)
3. MUTUAL_TLS - Two-sided TLS with client certificate authentication
4. DISABLED - Plaintext connections (testing only, via ssl.disabled=true)

⚠️ Breaking Changes

This wont break for clients using salesforce-datacloud jdbc driver, this is only a breaking change for salesforce-hyper,
Plaintext Connections: For plaintext connections (local testing), you must now explicitly pass ssl.disabled=true:

// Before: Plaintext was the default
String url = "jdbc:salesforce-hyper://localhost:port";
Connection conn = DriverManager.getConnection(url);

// After: Must explicitly disable SSL for plaintext
String url = "jdbc:salesforce-hyper://localhost:port?ssl.disabled=true";
Connection conn = DriverManager.getConnection(url);

This change ensures security by default - all connections now use SSL unless explicitly disabled.

🔧 Configuration Examples

System Truststore SSL (Default - No Config Needed)

// No SSL properties needed - automatically uses secure system truststore
Connection conn = DriverManager.getConnection(url, props);

Custom Trust with JKS Truststore

props.setProperty("ssl.truststore.path", "/path/to/truststore.jks");
props.setProperty("ssl.truststore.password", "password");
props.setProperty("ssl.truststore.type", "JKS");

Custom Trust with PEM CA Certificate

props.setProperty("ssl.ca.certPath", "/etc/identity/ca/cacerts.pem");

Mutual TLS with PEM Certificates

props.setProperty("ssl.client.certPath", "/etc/identity/client/certificates/client.pem");
props.setProperty("ssl.client.keyPath", "/etc/identity/client/keys/client-key.pem");
props.setProperty("ssl.ca.certPath", "/etc/identity/ca/cacerts.pem");

Mixed Configuration (JKS Trust + PEM Client Certs)

props.setProperty("ssl.truststore.path", "/path/to/truststore.jks");
props.setProperty("ssl.truststore.password", "password");
props.setProperty("ssl.client.certPath", "/etc/identity/client/certificates/client.pem");
props.setProperty("ssl.client.keyPath", "/etc/identity/client/keys/client-key.pem");

Plaintext Connection (Testing Only)

props.setProperty("ssl.disabled", "true");

Spark DataSource Integration

val df = spark.read()
  .format("com.salesforce.datacloud.spark.HyperResultSource")
  .option("queryId", "your-query-id")
  .option("jdbcUrl", "jdbc:salesforce-hyper://host:port")
  .option("ssl.disabled", "false")
  .option("ssl.truststore.path", "/path/to/truststore.jks")
  .option("ssl.truststore.password", "password")
  .option("ssl.client.certPath", "/path/to/client.pem")
  .option("ssl.client.keyPath", "/path/to/client-key.pem")
  .load()

[vogelsgesang]

the overall behavior looks good now. I think we should implement the logic in a slightly different way, though

[codecov]

Codecov Report

❌ Patch coverage is 33.87097% with 82 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.41%. Comparing base (26bf99c) to head (be4d04e).
⚠️ Report is 7 commits behind head on main.

Files with missing lines	Patch %	Lines
.../salesforce/datacloud/jdbc/core/SslProperties.java	29.82%	63 Missing and 17 partials ⚠️
...com/salesforce/datacloud/jdbc/HyperDatasource.java	66.66%	1 Missing and 1 partial ⚠️

❌ Your patch check has failed because the patch coverage (31.66%) is below the target coverage (90.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@             Coverage Diff              @@
##               main      #89      +/-   ##
============================================
- Coverage     83.22%   82.41%   -0.82%     
- Complexity     1245     1297      +52     
============================================
  Files           103      107       +4     
  Lines          3709     3929     +220     
  Branches        369      407      +38     
============================================
+ Hits           3087     3238     +151     
- Misses          462      508      +46     
- Partials        160      183      +23     

Components	Coverage Δ
JDBC Core	83.54% <31.66%> (-1.74%)	⬇️
JDBC Main	40.69% <ø> (ø)
JDBC HTTP	91.09% <100.00%> (ø)
JDBC Utilities	66.07% <ø> (+5.10%)	⬆️
Spark Datasource	∅ <ø> (∅)

Files with missing lines	Coverage Δ
.../datacloud/jdbc/auth/SalesforceAuthProperties.java	94.59% <100.00%> (ø)
...com/salesforce/datacloud/jdbc/HyperDatasource.java	51.35% <66.66%> (-1.43%)	⬇️
.../salesforce/datacloud/jdbc/core/SslProperties.java	29.82% <29.82%> (ø)

... and 22 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.