Support Client TLS

[HTHou]

1. Genarate keystore

keytool -genkeypair -alias mykey -keyalg RSA -validity 3650 -keystore .keystore -ext san=dns:localhost,ip:127.0.0.1

Notice: must add -ext san=ip or dns:<DN address> in your command.

2. Export certificate.cer file

keytool -export -alias mykey -keystore .keystore -rfc -file certificate.cer

3. Manually import the certificate.cer into the system's trust store.
4. Enable client SSL in IoTDB side.
5. Configurate TLS in Client side.

var sessionPool = new SessionPool.Builder()
                .SetNodeUrls(sessionPoolTest.nodeUrls)
                .SetUsername(sessionPoolTest.username)
                .SetPassword(sessionPoolTest.password)
                .SetUseSsl(true)
                .SetCertificatePath("/path/to/certificate.cer")
                .Build();

var tableSessionPool = new TableSessionPool.Builder()
                .SetNodeUrls(sessionPoolTest.nodeUrls)
                .SetUsername(sessionPoolTest.username)
                .SetPassword(sessionPoolTest.password)
                .SetUseSsl(true)
                .SetCertificatePath("/path/to/certificate.cer")
                .Build();

[CritasWang]

LGTM

[Copilot]

Pull request overview

This pull request adds TLS/SSL support to the Apache IoTDB C# client, allowing secure connections between clients and IoTDB servers using X.509 certificates.

Changes:

• Added SSL configuration options (SetUseSsl and SetCertificatePath) to both SessionPool and TableSessionPool builders
• Updated SessionPool constructors and connection logic to support SSL/TLS transport using TTlsSocketTransport
• Cleaned up unused imports (System.Net.Sockets, System.Numerics, Microsoft.Extensions.Configuration)

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.

File	Description
src/Apache.IoTDB/SessionPool.Builder.cs	Added SSL configuration fields and builder methods; updated constructor calls to pass SSL parameters
src/Apache.IoTDB/TableSessionPool.Builder.cs	Added SSL configuration fields and builder methods; updated SessionPool instantiation with SSL parameters
src/Apache.IoTDB/SessionPool.cs	Added SSL fields, updated constructors, and modified CreateAndOpen to conditionally use TLS transport based on SSL configuration

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The new SSL functionality lacks test coverage. Since the repository has test infrastructure in place, consider adding tests that verify SSL connections work correctly when SSL is enabled, and that appropriate error handling occurs when certificate paths are invalid or SSL configuration is incorrect.

[Copilot]

The certificate file is loaded synchronously using File.ReadAllBytes without any validation. This could cause runtime exceptions if the certificate path is invalid, the file doesn't exist, is not accessible, or contains invalid certificate data. Consider validating that the certificate path is provided when SSL is enabled and that the file exists before attempting to load it.

Suggested change

	TTransport socket = useSsl ?
	new TTlsSocketTransport(host, port, null, timeout, new X509Certificate2(File.ReadAllBytes(cert))) :
	new TSocketTransport(host, port, null, timeout);
	TTransport socket;
	if (useSsl)
	{
	if (string.IsNullOrWhiteSpace(cert))
	{
	throw new ArgumentException("Certificate path must be provided when SSL is enabled.", nameof(cert));
	}
	if (!File.Exists(cert))
	{
	throw new FileNotFoundException($"Certificate file not found at path '{cert}'.", cert);
	}
	X509Certificate2 certificate;
	try
	{
	var certificateBytes = File.ReadAllBytes(cert);
	certificate = new X509Certificate2(certificateBytes);
	}
	catch (Exception ex)
	{
	throw new InvalidOperationException($"Failed to load SSL certificate from path '{cert}'.", ex);
	}
	socket = new TTlsSocketTransport(host, port, null, timeout, certificate);
	}
	else
	{
	socket = new TSocketTransport(host, port, null, timeout);
	}