IGNITE-24490 Handshake error when running sql command

modules/cli/src/integrationTest/java/org/apache/ignite/internal/cli/commands/sql/CliSqlConnectCommandTestBase.java

@@ -18,15 +18,28 @@
 package org.apache.ignite.internal.cli.commands.sql;
 
 import jakarta.inject.Inject;
+import org.apache.ignite.internal.cli.CliIntegrationTest;
 import org.apache.ignite.internal.cli.commands.TopLevelCliReplCommand;
 import org.apache.ignite.internal.cli.core.repl.SessionDefaultValueProvider;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
 
 /** Base class for testing CLI REPL sql command in the connected state. */
-public class CliSqlConnectCommandTestBase extends CliSqlCommandTestBase {
+class CliSqlConnectCommandTestBase extends CliIntegrationTest {
     @Inject
     private SessionDefaultValueProvider defaultValueProvider;
 
+    @BeforeAll
+    public static void createTable() {
+        createAndPopulateTable();
+    }
+
+    @AfterAll
+    public static void dropTables() {
+        dropAllTables();
+    }
+
     @BeforeEach
     public void setDefaultValueProvider() {
         commandLine().setDefaultValueProvider(defaultValueProvider);
@@ -36,5 +49,4 @@ public void setDefaultValueProvider() {
     protected Class<?> getCommandClass() {
         return TopLevelCliReplCommand.class;
     }
-
 }

modules/cli/src/integrationTest/java/org/apache/ignite/internal/cli/commands/sql/ItSqlConnectBasicTest.java

@@ -68,8 +68,8 @@ void jdbcFailWithoutBasicConfiguredAfterConnect() {
         // Then the query is failed
         assertAll(
                 this::assertOutputIsEmpty,
-                () -> assertErrOutputContains("Connection failed"),
-                () -> assertErrOutputContains("Handshake error")
+                () -> assertErrOutputIs("Could not connect to node. Check authentication configuration" + System.lineSeparator()
+                        + "Authentication failed" + System.lineSeparator())
         );
     }
 }

modules/cli/src/integrationTest/java/org/apache/ignite/internal/cli/ssl/ItJdbcSslCustomCipherTest.java

@@ -22,8 +22,8 @@
 
 import org.apache.ignite.internal.NodeConfig;
 import org.apache.ignite.internal.cli.CliIntegrationTest;
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 
 /** Tests for JDBC SSL. */
@@ -36,13 +36,13 @@ protected String getNodeBootstrapConfigTemplate() {
         return clientConnectorSslBootstrapConfig(CIPHER1);
     }
 
-    @BeforeEach
-    public void createTable() {
+    @BeforeAll
+    public static void createTable() {
         createAndPopulateTable();
     }
 
-    @AfterEach
-    public void dropTables() {
+    @AfterAll
+    public static void dropTables() {
         dropAllTables();
     }
 
@@ -92,8 +92,8 @@ void jdbcIncompatibleCiphers() {
         assertAll(
                 () -> assertExitCodeIs(1),
                 this::assertOutputIsEmpty,
-                () -> assertErrOutputContains("Connection failed"),
-                () -> assertErrOutputContains("Handshake error")
+                () -> assertErrOutputIs("Could not connect to node. Check SSL configuration" + System.lineSeparator()
+                        + "Received fatal alert: protocol_version" + System.lineSeparator())
         );
     }
 }

modules/cli/src/integrationTest/java/org/apache/ignite/internal/cli/ssl/ItJdbcSslTest.java

@@ -20,21 +20,26 @@
 import static org.junit.jupiter.api.Assertions.assertAll;
 
 import org.apache.ignite.internal.NodeConfig;
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeEach;
+import org.apache.ignite.internal.cli.CliIntegrationTest;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
 
 /** Tests for SSL connection with JDBC URL. */
-public class ItJdbcSslTest extends CliSslClientConnectorIntegrationTestBase {
+public class ItJdbcSslTest extends CliIntegrationTest {
+    @Override
+    protected String getNodeBootstrapConfigTemplate() {
+        return NodeConfig.CLIENT_CONNECTOR_SSL_BOOTSTRAP_CONFIG;
+    }
 
-    @BeforeEach
-    public void createTable() {
+    @BeforeAll
+    public static void createTable() {
         createAndPopulateTable();
     }
 
-    @AfterEach
-    public void dropTables() {
+    @AfterAll
+    public static void dropTables() {
         dropAllTables();
     }
 
@@ -81,8 +86,9 @@ void jdbcFailWithSslConfiguredButTruststoreNotConfigured() {
         assertAll(
                 () -> assertExitCodeIs(1),
                 this::assertOutputIsEmpty,
-                () -> assertErrOutputContains("Connection failed"),
-                () -> assertErrOutputContains("Handshake error")
+                () -> assertErrOutputIs("Could not connect to node. Check SSL configuration" + System.lineSeparator()
+                        + "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: "
+                        + "unable to find valid certification path to requested target" + System.lineSeparator())
         );
     }
 

modules/cli/src/main/java/org/apache/ignite/internal/cli/core/exception/handler/SqlExceptionHandler.java

@@ -24,6 +24,7 @@
 import java.util.Map;
 import java.util.UUID;
 import java.util.function.Function;
+import javax.net.ssl.SSLHandshakeException;
 import org.apache.ignite.client.IgniteClientConnectionException;
 import org.apache.ignite.internal.cli.core.exception.ExceptionHandler;
 import org.apache.ignite.internal.cli.core.exception.ExceptionWriter;
@@ -37,6 +38,8 @@
 import org.apache.ignite.lang.ErrorGroups.Sql;
 import org.apache.ignite.lang.IgniteCheckedException;
 import org.apache.ignite.lang.IgniteException;
+import org.apache.ignite.security.exception.InvalidCredentialsException;
+import org.jetbrains.annotations.Nullable;
 
 /**
  * Exception handler for {@link SQLException}.
@@ -75,12 +78,40 @@ private static ErrorComponentBuilder unrecognizedErrComponent(IgniteException e)
     private static ErrorComponentBuilder connectionErrUiComponent(IgniteException e) {
         if (e.getCause() instanceof IgniteClientConnectionException) {
             IgniteClientConnectionException cause = (IgniteClientConnectionException) e.getCause();
+
+            InvalidCredentialsException invalidCredentialsException = findCause(cause, InvalidCredentialsException.class);
+            if (invalidCredentialsException != null) {
+                return ErrorUiComponent.builder()
+                        .header("Could not connect to node. Check authentication configuration")
+                        .details(invalidCredentialsException.getMessage())
+                        .verbose(extractCauseMessage(cause.getMessage()));
+            }
+
+            SSLHandshakeException sslHandshakeException = findCause(cause, SSLHandshakeException.class);
+            if (sslHandshakeException != null) {
+                return ErrorUiComponent.builder()
+                        .header("Could not connect to node. Check SSL configuration")
+                        .details(sslHandshakeException.getMessage())
+                        .verbose(extractCauseMessage(cause.getMessage()));
+            }
+
             return fromExWithHeader(CLIENT_CONNECTION_FAILED_MESSAGE, cause.code(), cause.traceId(), cause.getMessage());
         }
 
         return fromExWithHeader(CLIENT_CONNECTION_FAILED_MESSAGE, e.code(), e.traceId(), e.getMessage());
     }
 
+    @Nullable
+    private static <T extends Throwable> T findCause(Throwable e, Class<T> type) {
+        while (e != null) {
+            if (type.isInstance(e)) {
+                return (T) e;
+            }
+            e = e.getCause();
+        }
+        return null;
+    }
+
     private static ErrorComponentBuilder fromExWithHeader(String header, int errorCode, UUID traceId, String message) {
         return ErrorUiComponent.builder()
                 .header(header)