Add revocation checking, trust anchor validation, and trust store type detection (PR 3 of 3) by madhav-db · Pull Request #787 · databricks/databricks-jdbc

madhav-db · 2025-04-11T11:43:43Z

Description

This PR implements the extended SSL functionality including revocation checking, trust anchor validation, and fallback logic. It also includes improvements to error handling and deeper test coverage.

Flow explanation: https://docs.google.com/document/d/1TSfUsci3n9dXzXcnaYCNG7i7bmQo-PkXBQY1QrHzkpg/edit?tab=t.0#heading=h.ofrwhzeixs4q

Changes

Implement certificate revocation checking and trust anchor validation
Add support for auto-detection of trust store types
Improve error messages for missing or invalid trust store paths
Add fallback to default trust stores with revocation configuration
Update ConfiguratorUtilsTest with extended test cases
Add coverage for invalid anchors, type fallbacks, and precedence behavior

Testing

All unit tests pass with full trust-store validation and revocation paths. Extended integration tests validate cert behavior and proxy scenarios.

Did manual testing for 5 key scenarios:

Vanilla scenario
Custom Trust Store
System Trust Store
AllowSelfSignedCerts
Invalid trust store

Additional Notes to the Reviewer

Depends on PR #786
Final PR for the SSL configuration enhancement work.

…-and-ci

madhav-db added 3 commits April 11, 2025 16:24

add core ssl config params

58e7daa

core SSL functionality

3193e0d

adds comprehensive ssl tests and ci integration

f1adb5e

madhav-db changed the title ~~Add Comprehensive SSL Testing Framework~~ Add Comprehensive SSL Testing Framework (PR 3 of 3) Apr 11, 2025

madhav-db temporarily deployed to azure-prod April 11, 2025 11:44 — with GitHub Actions Inactive

madhav-db added 7 commits April 16, 2025 10:35

core SSL functionality

a792846

fix error order

85eebec

address comments and adds more comprehensive tests

7a90adf

adds specific exceptions

151ba50

streamline exception handling

4f6672d

fmt

a5d32a1

merge

518faeb

madhav-db had a problem deploying to azure-prod April 21, 2025 06:47 — with GitHub Actions Failure

madhav-db added 3 commits April 21, 2025 12:35

Merge branch 'main' into ssl-truststore-handling-2

cdb13bb

Merge branch 'ssl-truststore-handling-2' into ssl-tests-and-ci

98dba93

merge

cd07ad2

madhav-db temporarily deployed to azure-prod April 21, 2025 08:11 — with GitHub Actions Inactive

madhav-db added 10 commits April 21, 2025 15:48

break down tasks

400f7be

modify test

f36879f

modify test

fbf56b2

modify yaml

55e7660

modify yaml

646a3df

modify yaml

638f41b

modify yaml

5a791aa

modify yaml

1919005

modify yaml

f919802

merge

357f400

madhav-db added 7 commits April 25, 2025 11:45

undo comment

26bf7bd

Merge branch 'ssl-truststore-handling-2' into ssl-tests-and-ci

945e5f0

res conflicts

eca70cf

merge

d3c4cba

fmt

b4613cc

Merge remote-tracking branch 'origin/ssl-tests-and-ci' into ssl-tests…

42fcd9b

…-and-ci

Merge branch 'main' into ssl-tests-and-ci

02a443e

madhav-db temporarily deployed to azure-prod April 25, 2025 07:26 — with GitHub Actions Inactive

fmt

d2d4a9a

madhav-db requested review from gopalldb and vikrantpuppala April 25, 2025 07:35

madhav-db temporarily deployed to azure-prod April 25, 2025 07:36 — with GitHub Actions Inactive

modifies changelog

1fff2a9

madhav-db temporarily deployed to azure-prod April 25, 2025 08:37 — with GitHub Actions Inactive

vikrantpuppala reviewed Apr 25, 2025

View reviewed changes

Comment thread NEXT_CHANGELOG.md Outdated

Comment thread src/main/java/com/databricks/jdbc/dbclient/impl/common/ConfiguratorUtils.java Outdated

addresses comments

d939b99

madhav-db had a problem deploying to azure-prod April 25, 2025 14:36 — with GitHub Actions Error

madhav-db had a problem deploying to azure-prod April 25, 2025 14:36 — with GitHub Actions Failure

post final manual testing

ab9c4f8

madhav-db had a problem deploying to azure-prod April 28, 2025 04:28 — with GitHub Actions Error

madhav-db had a problem deploying to azure-prod April 28, 2025 04:28 — with GitHub Actions Failure

madhav-db requested a review from vikrantpuppala April 28, 2025 04:57

Merge branch 'main' into ssl-tests-and-ci

e15e958

madhav-db temporarily deployed to azure-prod April 28, 2025 05:01 — with GitHub Actions Inactive

vikrantpuppala approved these changes Apr 28, 2025

View reviewed changes

madhav-db merged commit 8b1e4df into databricks:main Apr 28, 2025
16 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add revocation checking, trust anchor validation, and trust store type detection (PR 3 of 3)#787

Add revocation checking, trust anchor validation, and trust store type detection (PR 3 of 3)#787
madhav-db merged 53 commits into
mainfrom
ssl-tests-and-ci

madhav-db commented Apr 11, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

madhav-db commented Apr 11, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Changes

Testing

Additional Notes to the Reviewer

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

madhav-db commented Apr 11, 2025 •

edited

Loading