private SSLOptions createSSLOptions() throws KeyStoreException, FileNotFoundException, IOException, NoSuchAlgorithmException, KeyManagementException, CertificateException, UnrecoverableKeyException { TrustManagerFactory tmf = null; KeyStore tks = KeyStore.getInstance("JKS"); tks.load((InputStream) new FileInputStream(new File(truststorePath)), truststorePwd.toCharArray()); tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(tks); KeyManagerFactory kmf = null; if (null != keystorePath) { KeyStore kks = KeyStore.getInstance("JKS"); kks.load((InputStream) new FileInputStream(new File(keystorePath)), keystorePwd.toCharArray()); kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(kks, keystorePwd.toCharArray()); } SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(kmf != null? kmf.getKeyManagers() : null, tmf != null ? tmf.getTrustManagers() : null, new SecureRandom()); return JdkSSLOptions.builder().withSSLContext(sslContext).build(); //SSLOptions.DEFAULT_SSL_CIPHER_SUITES); }
@Override protected ClusterBuilderConfigurer getClusterBuilderConfigurer() { return new ClusterBuilderConfigurer() { @Override public Cluster.Builder configure(Cluster.Builder clusterBuilder) { if (CassandraConfiguration.this.cassandraProperties.isUseSsl()) { JdkSSLOptions.Builder optsBuilder = JdkSSLOptions.builder(); if (CassandraConfiguration.this.cassandraProperties.isSkipSslValidation()) { try { optsBuilder.withSSLContext(TrustAllSSLContextFactory.getSslContext()); } catch (NoSuchAlgorithmException | KeyManagementException e) { throw new RuntimeException("Unable to configure a Cassandra cluster using SSL.", e); } } return clusterBuilder.withSSL(optsBuilder.build()); } else { return clusterBuilder; } } }; }
private static SSLOptions buildSSLOptions(EncryptionOptions.ClientEncryptionOptions clientEncryptionOptions) { if (!clientEncryptionOptions.enabled) return null; SSLContext sslContext; try { sslContext = SSLFactory.createSSLContext(clientEncryptionOptions, true); } catch (IOException e) { throw new RuntimeException("Could not create SSL Context.", e); } return JdkSSLOptions.builder() .withSSLContext(sslContext) .withCipherSuites(clientEncryptionOptions.cipher_suites) .build(); }
private Session createSession() { Cluster.Builder clusterBuilder = new Cluster.Builder(); String nodes = System.getProperty("hawkular.metrics.cassandra.nodes", "hawkular-cassandra"); Arrays.stream(nodes.split(",")).forEach(clusterBuilder::addContactPoint); if (System.getProperty("hawkular.metrics.cassandra.use-ssl") != null && !System.getProperty("hawkular.metrics.cassandra.use-ssl").equals("false")) { SSLOptions sslOptions = null; try { String[] defaultCipherSuites = {"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"}; sslOptions = JdkSSLOptions.builder().withSSLContext(SSLContext.getDefault()) .withCipherSuites(defaultCipherSuites).build(); clusterBuilder.withSSL(sslOptions); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("SSL support is required but is not available in the JVM.", e); } } Cluster cluster = clusterBuilder.build(); cluster.init(); Session session = cluster.connect(); return session; }
public static Optional<SSLOptions> getSSLOptions(Configuration conf) { Optional<String> truststorePath = getInputNativeSSLTruststorePath(conf); Optional<String> keystorePath = getInputNativeSSLKeystorePath(conf); Optional<String> truststorePassword = getInputNativeSSLTruststorePassword(conf); Optional<String> keystorePassword = getInputNativeSSLKeystorePassword(conf); Optional<String> cipherSuites = getInputNativeSSLCipherSuites(conf); if (truststorePath.isPresent()) { SSLContext context; try { context = getSSLContext(truststorePath, truststorePassword, keystorePath, keystorePassword); } catch (UnrecoverableKeyException | KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException e) { throw new RuntimeException(e); } String[] css = null; if (cipherSuites.isPresent()) css = cipherSuites.get().split(","); return Optional.of(JdkSSLOptions.builder() .withSSLContext(context) .withCipherSuites(css) .build()); } return Optional.absent(); }
@Test public void returnsInstanceOfJdkSSLOptions() throws Exception { final JDKSSLOptionsFactory factory = new JDKSSLOptionsFactory(); final SSLOptions options = factory.build(); assertThat(options).isInstanceOf(JdkSSLOptions.class); }
@Override public void open() { final String[] addresses = getProperty(CASSANDRA_HOSTS).split(","); final int port = parseInt(getProperty(CASSANDRA_PORT)); StringBuilder hosts = new StringBuilder(); for (String address : addresses) { hosts.append(address).append(","); } LOGGER.info("Bootstrapping Cassandra Java Driver to connect to " + hosts.toString() + "on port " + port); Compression compression = driverConfig.getCompressionProtocol(this); clusterBuilder = Cluster.builder() .addContactPoints(addresses) .withPort(port) .withProtocolVersion(driverConfig.getProtocolVersion(this)) .withClusterName(getProperty(CASSANDRA_CLUSTER_NAME)) .withCompression(compression) .withCredentials(getProperty(CASSANDRA_CREDENTIALS_USERNAME), getProperty(CASSANDRA_CREDENTIALS_PASSWORD)) .withLoadBalancingPolicy(driverConfig.getLoadBalancingPolicy(this)) .withRetryPolicy(driverConfig.getRetryPolicy(this)) .withReconnectionPolicy(driverConfig.getReconnectionPolicy(this)) .withSpeculativeExecutionPolicy(driverConfig.getSpeculativeExecutionPolicy(this)) .withMaxSchemaAgreementWaitSeconds( parseInt(getProperty(CASSANDRA_MAX_SCHEMA_AGREEMENT_WAIT_SECONDS))) .withPoolingOptions(driverConfig.getPoolingOptions(this)) .withQueryOptions(driverConfig.getQueryOptions(this)) .withSocketOptions(driverConfig.getSocketOptions(this)); final String runWithSSL = getProperty(CASSANDRA_WITH_SSL); if (runWithSSL != null && runWithSSL.equals("true")) { LOGGER.debug("Cassandra Interpreter: Using SSL"); try { final SSLContext sslContext; { final KeyStore trustStore = KeyStore.getInstance("JKS"); final InputStream stream = Files.newInputStream(Paths.get( getProperty(CASSANDRA_TRUSTSTORE_PATH))); trustStore.load(stream, getProperty(CASSANDRA_TRUSTSTORE_PASSWORD).toCharArray()); final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, trustManagerFactory.getTrustManagers(), null); } clusterBuilder = clusterBuilder.withSSL(JdkSSLOptions.builder() .withSSLContext(sslContext) .build()); } catch (Exception e) { LOGGER.error(e.toString()); } } else { LOGGER.debug("Cassandra Interpreter: Not using SSL"); } cluster = clusterBuilder.build(); session = cluster.connect(); helper = new InterpreterLogic(session); }
public CQLClient(LoaderOptions options, String keyspace) throws NoSuchAlgorithmException, FileNotFoundException, IOException, KeyStoreException, CertificateException, UnrecoverableKeyException, KeyManagementException, ConfigurationException { // System.setProperty("com.datastax.driver.NON_BLOCKING_EXECUTOR_SIZE", // "64"); PoolingOptions poolingOptions = new PoolingOptions(); int connections = options.connectionsPerHost; if (connections == 0) { connections = 8; } poolingOptions.setCoreConnectionsPerHost(HostDistance.LOCAL, Math.max(1, connections / 2)); poolingOptions.setCoreConnectionsPerHost(HostDistance.REMOTE, Math.max(1, connections / 4)); poolingOptions.setMaxConnectionsPerHost(HostDistance.LOCAL, connections); poolingOptions.setMaxConnectionsPerHost(HostDistance.REMOTE, Math.max(1, connections / 2)); poolingOptions.setMaxRequestsPerConnection(HostDistance.LOCAL, 32768); poolingOptions.setMaxRequestsPerConnection(HostDistance.REMOTE, 2000); this.simulate = options.simulate; this.verbose = options.verbose; Cluster.Builder builder = builder().addContactPoints(options.hosts).withProtocolVersion(ProtocolVersion.V3) .withCompression(Compression.LZ4).withPoolingOptions(poolingOptions); if (options.user != null && options.passwd != null) { builder = builder.withCredentials(options.user, options.passwd); } if (options.ssl) { EncryptionOptions enco = options.encOptions; SSLContext ctx = SSLContext.getInstance(options.encOptions.protocol); try (FileInputStream tsf = new FileInputStream(enco.truststore); FileInputStream ksf = new FileInputStream(enco.keystore)) { KeyStore ts = KeyStore.getInstance(enco.store_type); ts.load(tsf, enco.truststore_password.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ts); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(ksf, enco.keystore_password.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, enco.keystore_password.toCharArray()); ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); } SSLOptions sslOptions = JdkSSLOptions.builder().withSSLContext(ctx).withCipherSuites(enco.cipher_suites) .build(); builder = builder.withSSL(sslOptions); } cluster = builder.build(); session = cluster.connect(keyspace); metadata = cluster.getMetadata(); keyspaceMetadata = metadata.getKeyspace(keyspace); org.apache.cassandra.schema.KeyspaceMetadata ksMetaData = org.apache.cassandra.schema.KeyspaceMetadata .create(keyspaceMetadata.getName(), KeyspaceParams.create(keyspaceMetadata.isDurableWrites(), keyspaceMetadata.getReplication())); Schema.instance.load(ksMetaData); loadUserTypes(keyspaceMetadata.getUserTypes(), keyspace); partitioner = FBUtilities.newPartitioner(metadata.getPartitioner()); if (options.throttle != 0) { rateLimiter = RateLimiter.create(options.throttle * 1000 * 1000 / 8); } this.batch = options.batch; this.preparedStatements = options.prepare ? new ConcurrentHashMap<>() : null; this.ignoreColumns = options.ignoreColumns; }
@Override public SSLOptions build() { return JdkSSLOptions.builder().build(); }
