private void connect(String seeds) { if (getWithSSL()) { LOGGER.info("SSL mode enabled"); try { SSLOptions sslOptions = new SSLOptions(SSLContext.getDefault(), CIPHERS); builder = Cluster.builder().withSSL(sslOptions); } catch (NoSuchAlgorithmException e) { LOGGER.error("Unable to setup SSL Options for Cassandra"); } } String[] contactPoints = seeds.split(","); for (String contactPoint : contactPoints) { LOGGER.info("Adding Cassandra contact point " + contactPoint); builder.addContactPoints(contactPoint); } cluster = builder.build(); Metadata metadata = cluster.getMetadata(); for (Host host : metadata.getAllHosts()) { LOGGER.info("Datacenter "+ host.getDatacenter() + "Host " + host.getAddress() + "Rack " + host.getRack()); session = cluster.connect(); } }
private SSLOptions createSSLOptions() throws KeyStoreException, FileNotFoundException, IOException, NoSuchAlgorithmException, KeyManagementException, CertificateException, UnrecoverableKeyException { TrustManagerFactory tmf = null; KeyStore tks = KeyStore.getInstance("JKS"); tks.load((InputStream) new FileInputStream(new File(truststorePath)), truststorePwd.toCharArray()); tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(tks); KeyManagerFactory kmf = null; if (null != keystorePath) { KeyStore kks = KeyStore.getInstance("JKS"); kks.load((InputStream) new FileInputStream(new File(keystorePath)), keystorePwd.toCharArray()); kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(kks, keystorePwd.toCharArray()); } SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(kmf != null? kmf.getKeyManagers() : null, tmf != null ? tmf.getTrustManagers() : null, new SecureRandom()); return JdkSSLOptions.builder().withSSLContext(sslContext).build(); //SSLOptions.DEFAULT_SSL_CIPHER_SUITES); }
private SSLOptions createSSLOptions() throws KeyStoreException, FileNotFoundException, IOException, NoSuchAlgorithmException, KeyManagementException, CertificateException, UnrecoverableKeyException { TrustManagerFactory tmf = null; KeyStore tks = KeyStore.getInstance("JKS"); tks.load((InputStream) new FileInputStream(new File(truststorePath)), truststorePwd.toCharArray()); tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(tks); KeyManagerFactory kmf = null; if (null != keystorePath) { KeyStore kks = KeyStore.getInstance("JKS"); kks.load((InputStream) new FileInputStream(new File(keystorePath)), keystorePwd.toCharArray()); kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(kks, keystorePwd.toCharArray()); } SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(kmf != null? kmf.getKeyManagers() : null, tmf != null ? tmf.getTrustManagers() : null, new SecureRandom()); return RemoteEndpointAwareJdkSSLOptions.builder().withSSLContext(sslContext).build(); }
private static SSLOptions buildSSLOptions(EncryptionOptions.ClientEncryptionOptions clientEncryptionOptions) { if (!clientEncryptionOptions.enabled) return null; SSLContext sslContext; try { sslContext = SSLFactory.createSSLContext(clientEncryptionOptions, true); } catch (IOException e) { throw new RuntimeException("Could not create SSL Context.", e); } return JdkSSLOptions.builder() .withSSLContext(sslContext) .withCipherSuites(clientEncryptionOptions.cipher_suites) .build(); }
private Session createSession() { Cluster.Builder clusterBuilder = new Cluster.Builder(); String nodes = System.getProperty("hawkular.metrics.cassandra.nodes", "hawkular-cassandra"); Arrays.stream(nodes.split(",")).forEach(clusterBuilder::addContactPoint); if (System.getProperty("hawkular.metrics.cassandra.use-ssl") != null && !System.getProperty("hawkular.metrics.cassandra.use-ssl").equals("false")) { SSLOptions sslOptions = null; try { String[] defaultCipherSuites = {"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"}; sslOptions = JdkSSLOptions.builder().withSSLContext(SSLContext.getDefault()) .withCipherSuites(defaultCipherSuites).build(); clusterBuilder.withSSL(sslOptions); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("SSL support is required but is not available in the JVM.", e); } } Cluster cluster = clusterBuilder.build(); cluster.init(); Session session = cluster.connect(); return session; }
private SSLOptions getSSLOptions() { SSLContext sslContext = null; try { sslContext = getSSLContext(getParamString("truststore"), getParamString("truststorepassword"), getParamString("keystore"), getParamString("keystorepassword")); } catch (Exception e) { throw new RuntimeException("Unable to build SSLContext", e); } List<String> cipherSuites = getParamList("dbtls_cipher_suites"); if (cipherSuites == null) { cipherSuites = new ArrayList<>(); } return new SSLOptions(sslContext, cipherSuites.toArray(new String[]{})); }
@Override public CassandraSession newSession(CassandraSinkConnectorConfig config) { Cluster.Builder clusterBuilder = Cluster.builder() .withPort(config.port) .addContactPoints(config.contactPoints) .withProtocolVersion(ProtocolVersion.NEWEST_SUPPORTED); if (config.securityEnabled) { clusterBuilder.withCredentials(config.username, config.password); } if (config.sslEnabled) { final SslContextBuilder sslContextBuilder = SslContextBuilder.forClient(); sslContextBuilder.sslProvider(config.sslProvider); final SslContext context; try { context = sslContextBuilder.build(); } catch (SSLException e) { throw new ConnectException(e); } final SSLOptions sslOptions = new RemoteEndpointAwareNettySSLOptions(context); clusterBuilder.withSSL(sslOptions); } clusterBuilder.withCompression(config.compression); Cluster cluster = clusterBuilder.build(); log.info("Creating session"); final Session session = cluster.newSession(); return new CassandraSessionImpl(config, cluster, session); }
public static Cluster getInputCluster(String[] hosts, Configuration conf) { int port = getInputNativePort(conf); Optional<AuthProvider> authProvider = getAuthProvider(conf); Optional<SSLOptions> sslOptions = getSSLOptions(conf); Optional<Integer> protocolVersion = getProtocolVersion(conf); LoadBalancingPolicy loadBalancingPolicy = getReadLoadBalancingPolicy(conf, hosts); SocketOptions socketOptions = getReadSocketOptions(conf); QueryOptions queryOptions = getReadQueryOptions(conf); PoolingOptions poolingOptions = getReadPoolingOptions(conf); Cluster.Builder builder = Cluster.builder() .addContactPoints(hosts) .withPort(port) .withCompression(ProtocolOptions.Compression.NONE); if (authProvider.isPresent()) builder.withAuthProvider(authProvider.get()); if (sslOptions.isPresent()) builder.withSSL(sslOptions.get()); if (protocolVersion.isPresent()) { builder.withProtocolVersion(protocolVersion.get()); } builder.withLoadBalancingPolicy(loadBalancingPolicy) .withSocketOptions(socketOptions) .withQueryOptions(queryOptions) .withPoolingOptions(poolingOptions); return builder.build(); }
private static Optional<SSLOptions> getSSLOptions(Configuration conf) { Optional<String> truststorePath = getInputNativeSSLTruststorePath(conf); Optional<String> keystorePath = getInputNativeSSLKeystorePath(conf); Optional<String> truststorePassword = getInputNativeSSLTruststorePassword(conf); Optional<String> keystorePassword = getInputNativeSSLKeystorePassword(conf); Optional<String> cipherSuites = getInputNativeSSLCipherSuites(conf); if (truststorePath.isPresent() && keystorePath.isPresent() && truststorePassword.isPresent() && keystorePassword.isPresent()) { SSLContext context; try { context = getSSLContext(truststorePath.get(), truststorePassword.get(), keystorePath.get(), keystorePassword.get()); } catch (UnrecoverableKeyException | KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException e) { throw new RuntimeException(e); } String[] css = SSLOptions.DEFAULT_SSL_CIPHER_SUITES; if (cipherSuites.isPresent()) css = cipherSuites.get().split(","); return Optional.of(new SSLOptions(context,css)); } return Optional.absent(); }
/** * Sets SSL options. * * @param options SSL options. */ @SuppressWarnings("UnusedDeclaration") public void setSslOptions(SSLOptions options) { sslOptions = options; invalidate(); }
/** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException { fetchSize = (Integer)in.readObject(); readConsistency = (ConsistencyLevel)in.readObject(); writeConsistency = (ConsistencyLevel)in.readObject(); user = U.readString(in); pwd = U.readString(in); port = (Integer)in.readObject(); contactPoints = (List<InetAddress>)in.readObject(); contactPointsWithPorts = (List<InetSocketAddress>)in.readObject(); maxSchemaAgreementWaitSeconds = (Integer)in.readObject(); protoVer = (Integer)in.readObject(); compression = U.readString(in); useSSL = (Boolean)in.readObject(); collectMetrix = (Boolean)in.readObject(); jmxReporting = (Boolean)in.readObject(); creds = (Credentials)in.readObject(); loadBalancingPlc = (LoadBalancingPolicy)readObject(in); reconnectionPlc = (ReconnectionPolicy)readObject(in); addrTranslator = (AddressTranslator)readObject(in); speculativeExecutionPlc = (SpeculativeExecutionPolicy)readObject(in); authProvider = (AuthProvider)readObject(in); sslOptions = (SSLOptions)readObject(in); poolingOptions = (PoolingOptions)readObject(in); sockOptions = (SocketOptions)readObject(in); nettyOptions = (NettyOptions)readObject(in); }
public static Cluster getCluster(String[] hosts, Configuration conf, int port) { Optional<AuthProvider> authProvider = getAuthProvider(conf); Optional<SSLOptions> sslOptions = getSSLOptions(conf); Optional<Integer> protocolVersion = getProtocolVersion(conf); LoadBalancingPolicy loadBalancingPolicy = getReadLoadBalancingPolicy(hosts); SocketOptions socketOptions = getReadSocketOptions(conf); QueryOptions queryOptions = getReadQueryOptions(conf); PoolingOptions poolingOptions = getReadPoolingOptions(conf); Cluster.Builder builder = Cluster.builder() .addContactPoints(hosts) .withPort(port) .withCompression(ProtocolOptions.Compression.NONE); if (authProvider.isPresent()) builder.withAuthProvider(authProvider.get()); if (sslOptions.isPresent()) builder.withSSL(sslOptions.get()); if (protocolVersion.isPresent()) { builder.withProtocolVersion(ProtocolVersion.fromInt(protocolVersion.get())); } builder.withLoadBalancingPolicy(loadBalancingPolicy) .withSocketOptions(socketOptions) .withQueryOptions(queryOptions) .withPoolingOptions(poolingOptions); return builder.build(); }
public static Optional<SSLOptions> getSSLOptions(Configuration conf) { Optional<String> truststorePath = getInputNativeSSLTruststorePath(conf); Optional<String> keystorePath = getInputNativeSSLKeystorePath(conf); Optional<String> truststorePassword = getInputNativeSSLTruststorePassword(conf); Optional<String> keystorePassword = getInputNativeSSLKeystorePassword(conf); Optional<String> cipherSuites = getInputNativeSSLCipherSuites(conf); if (truststorePath.isPresent()) { SSLContext context; try { context = getSSLContext(truststorePath, truststorePassword, keystorePath, keystorePassword); } catch (UnrecoverableKeyException | KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException e) { throw new RuntimeException(e); } String[] css = null; if (cipherSuites.isPresent()) css = cipherSuites.get().split(","); return Optional.of(JdkSSLOptions.builder() .withSSLContext(context) .withCipherSuites(css) .build()); } return Optional.absent(); }
public ExternalClient(Set<InetAddress> hosts, int port, AuthProvider authProvider, int storagePort, int sslStoragePort, EncryptionOptions.ServerEncryptionOptions serverEncryptionOptions, SSLOptions sslOptions) { super(hosts, port, authProvider, sslOptions); this.storagePort = storagePort; this.sslStoragePort = sslStoragePort; this.serverEncOptions = serverEncryptionOptions; }
@Test public void returnsInstanceOfJdkSSLOptions() throws Exception { final JDKSSLOptionsFactory factory = new JDKSSLOptionsFactory(); final SSLOptions options = factory.build(); assertThat(options).isInstanceOf(JdkSSLOptions.class); }
@Test public void returnsInstanceOfNettySSLOptions() throws Exception { final NettySSLOptionsFactory factory = new NettySSLOptionsFactory(); final SSLOptions options = factory.build(); assertThat(options).isInstanceOf(NettySSLOptions.class); }
public static Cluster getInputCluster(String[] hosts, Configuration conf) { int port = getInputNativePort(conf); Optional<AuthProvider> authProvider = getAuthProvider(conf); Optional<SSLOptions> sslOptions = getSSLOptions(conf); LoadBalancingPolicy loadBalancingPolicy = getReadLoadBalancingPolicy(conf, hosts); SocketOptions socketOptions = getReadSocketOptions(conf); QueryOptions queryOptions = getReadQueryOptions(conf); PoolingOptions poolingOptions = getReadPoolingOptions(conf); Cluster.Builder builder = Cluster.builder() .addContactPoints(hosts) .withPort(port) .withCompression(ProtocolOptions.Compression.NONE); if (authProvider.isPresent()) builder.withAuthProvider(authProvider.get()); if (sslOptions.isPresent()) builder.withSSL(sslOptions.get()); builder.withLoadBalancingPolicy(loadBalancingPolicy) .withSocketOptions(socketOptions) .withQueryOptions(queryOptions) .withPoolingOptions(poolingOptions); return builder.build(); }
public static Cluster getInputCluster(String host, Configuration conf) { int port = getInputNativePort(conf); Optional<AuthProvider> authProvider = getAuthProvider(conf); Optional<SSLOptions> sslOptions = getSSLOptions(conf); LoadBalancingPolicy loadBalancingPolicy = getReadLoadBalancingPolicy(conf, host); SocketOptions socketOptions = getReadSocketOptions(conf); QueryOptions queryOptions = getReadQueryOptions(conf); PoolingOptions poolingOptions = getReadPoolingOptions(conf); Cluster.Builder builder = Cluster.builder() .addContactPoint(host) .withPort(port) .withCompression(ProtocolOptions.Compression.NONE); if (authProvider.isPresent()) builder.withAuthProvider(authProvider.get()); if (sslOptions.isPresent()) builder.withSSL(sslOptions.get()); builder.withLoadBalancingPolicy(loadBalancingPolicy) .withSocketOptions(socketOptions) .withQueryOptions(queryOptions) .withPoolingOptions(poolingOptions); return builder.build(); }
/** * Sets SSL options. * * @param options SSL options. */ @SuppressWarnings("UnusedDeclaration") public void setSslOptions(SSLOptions options) { this.sslOptions = options; invalidate(); }
public SSLOptions getSslOptions() { return sslOptions; }
public void setSslOptions(SSLOptions sslOptions) { this.sslOptions = sslOptions; }
public CQLClient(LoaderOptions options, String keyspace) throws NoSuchAlgorithmException, FileNotFoundException, IOException, KeyStoreException, CertificateException, UnrecoverableKeyException, KeyManagementException, ConfigurationException { // System.setProperty("com.datastax.driver.NON_BLOCKING_EXECUTOR_SIZE", // "64"); PoolingOptions poolingOptions = new PoolingOptions(); int connections = options.connectionsPerHost; if (connections == 0) { connections = 8; } poolingOptions.setCoreConnectionsPerHost(HostDistance.LOCAL, Math.max(1, connections / 2)); poolingOptions.setCoreConnectionsPerHost(HostDistance.REMOTE, Math.max(1, connections / 4)); poolingOptions.setMaxConnectionsPerHost(HostDistance.LOCAL, connections); poolingOptions.setMaxConnectionsPerHost(HostDistance.REMOTE, Math.max(1, connections / 2)); poolingOptions.setMaxRequestsPerConnection(HostDistance.LOCAL, 32768); poolingOptions.setMaxRequestsPerConnection(HostDistance.REMOTE, 2000); this.simulate = options.simulate; this.verbose = options.verbose; Cluster.Builder builder = builder().addContactPoints(options.hosts).withProtocolVersion(ProtocolVersion.V3) .withCompression(Compression.LZ4).withPoolingOptions(poolingOptions); if (options.user != null && options.passwd != null) { builder = builder.withCredentials(options.user, options.passwd); } if (options.ssl) { EncryptionOptions enco = options.encOptions; SSLContext ctx = SSLContext.getInstance(options.encOptions.protocol); try (FileInputStream tsf = new FileInputStream(enco.truststore); FileInputStream ksf = new FileInputStream(enco.keystore)) { KeyStore ts = KeyStore.getInstance(enco.store_type); ts.load(tsf, enco.truststore_password.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ts); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(ksf, enco.keystore_password.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, enco.keystore_password.toCharArray()); ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); } SSLOptions sslOptions = JdkSSLOptions.builder().withSSLContext(ctx).withCipherSuites(enco.cipher_suites) .build(); builder = builder.withSSL(sslOptions); } cluster = builder.build(); session = cluster.connect(keyspace); metadata = cluster.getMetadata(); keyspaceMetadata = metadata.getKeyspace(keyspace); org.apache.cassandra.schema.KeyspaceMetadata ksMetaData = org.apache.cassandra.schema.KeyspaceMetadata .create(keyspaceMetadata.getName(), KeyspaceParams.create(keyspaceMetadata.isDurableWrites(), keyspaceMetadata.getReplication())); Schema.instance.load(ksMetaData); loadUserTypes(keyspaceMetadata.getUserTypes(), keyspace); partitioner = FBUtilities.newPartitioner(metadata.getPartitioner()); if (options.throttle != 0) { rateLimiter = RateLimiter.create(options.throttle * 1000 * 1000 / 8); } this.batch = options.batch; this.preparedStatements = options.prepare ? new ConcurrentHashMap<>() : null; this.ignoreColumns = options.ignoreColumns; }
@Override public SSLOptions build() { SslContextBuilder sslContextBuilder = SslContextBuilder.forClient(); if (provider != null) { sslContextBuilder.sslProvider(provider); } if (ciphers != null) { sslContextBuilder.ciphers(ciphers); } if (clientAuth != null) { sslContextBuilder.clientAuth(clientAuth); } if (sessionCacheSize != null) { sslContextBuilder.sessionCacheSize(sessionCacheSize); } if (sessionTimeout != null) { sslContextBuilder.sessionTimeout(sessionTimeout.toSeconds()); } if (trustCertChainFile != null) { sslContextBuilder.trustManager(trustCertChainFile); } if (keyManager != null) { sslContextBuilder.keyManager( keyManager.getKeyCertChainFile(), keyManager.getKeyFile(), keyManager.getKeyPassword()); } SslContext sslContext; try { sslContext = sslContextBuilder.build(); } catch (SSLException e) { throw new RuntimeException("Unable to build Netty SslContext", e); } return new NettySSLOptions(sslContext); }
@Override public SSLOptions build() { return JdkSSLOptions.builder().build(); }
SSLOptions build();
