You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by vi...@apache.org on 2012/11/27 09:21:21 UTC
git commit: client_encryption_options to use enabled Patch by aleksey
reviewed by vijay for CASSANDRA-4994
Updated Branches:
refs/heads/cassandra-1.2.0 f31c53049 -> 24cf1d125
client_encryption_options to use enabled
Patch by aleksey reviewed by vijay for CASSANDRA-4994
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/24cf1d12
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/24cf1d12
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/24cf1d12
Branch: refs/heads/cassandra-1.2.0
Commit: 24cf1d1256dd837cfb9b310195c83f9bb1aa697a
Parents: f31c530
Author: Vijay Parthasarathy <vi...@gmail.com>
Authored: Tue Nov 27 00:17:08 2012 -0800
Committer: Vijay Parthasarathy <vi...@gmail.com>
Committed: Tue Nov 27 00:17:08 2012 -0800
----------------------------------------------------------------------
conf/cassandra.yaml | 6 +----
.../org/apache/cassandra/cli/CliSessionState.java | 3 +-
src/java/org/apache/cassandra/config/Config.java | 8 ++++--
.../cassandra/config/DatabaseDescriptor.java | 6 +++-
.../apache/cassandra/config/EncryptionOptions.java | 18 +++++++++-----
.../org/apache/cassandra/net/MessagingService.java | 4 +-
.../apache/cassandra/thrift/CustomTHsHaServer.java | 3 +-
.../cassandra/thrift/CustomTNonBlockingServer.java | 3 +-
.../cassandra/thrift/CustomTThreadPoolServer.java | 7 ++---
.../src/org/apache/cassandra/stress/Session.java | 3 +-
10 files changed, 32 insertions(+), 29 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/24cf1d12/conf/cassandra.yaml
----------------------------------------------------------------------
diff --git a/conf/cassandra.yaml b/conf/cassandra.yaml
index a79e150..8aaeb38 100644
--- a/conf/cassandra.yaml
+++ b/conf/cassandra.yaml
@@ -623,20 +623,16 @@ server_encryption_options:
# cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
# enable or disable client/server encryption.
-# The available internode options are: none, all
client_encryption_options:
- internode_encryption: none
+ enabled: false
keystore: conf/.keystore
keystore_password: cassandra
- truststore: conf/.truststore
- truststore_password: cassandra
# More advanced defaults below:
# protocol: TLS
# algorithm: SunX509
# store_type: JKS
# cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
-
# internode_compression controls whether traffic between nodes is
# compressed.
# can be: all - all traffic is compressed
http://git-wip-us.apache.org/repos/asf/cassandra/blob/24cf1d12/src/java/org/apache/cassandra/cli/CliSessionState.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/cli/CliSessionState.java b/src/java/org/apache/cassandra/cli/CliSessionState.java
index 08375bb..d36b7f3 100644
--- a/src/java/org/apache/cassandra/cli/CliSessionState.java
+++ b/src/java/org/apache/cassandra/cli/CliSessionState.java
@@ -22,6 +22,7 @@ import java.io.PrintStream;
import org.apache.cassandra.cli.transport.FramedTransportFactory;
import org.apache.cassandra.config.EncryptionOptions;
+import org.apache.cassandra.config.EncryptionOptions.ClientEncryptionOptions;
import org.apache.cassandra.tools.NodeProbe;
import org.apache.thrift.transport.TTransportFactory;
@@ -43,7 +44,7 @@ public class CliSessionState
public boolean verbose = false; // verbose output
public int schema_mwt = 10 * 1000; // Schema migration wait time (secs.)
public TTransportFactory transportFactory = new FramedTransportFactory();
- public EncryptionOptions encOptions = new EncryptionOptions();
+ public EncryptionOptions encOptions = new ClientEncryptionOptions();
/*
* Streams to read/write from
http://git-wip-us.apache.org/repos/asf/cassandra/blob/24cf1d12/src/java/org/apache/cassandra/config/Config.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/config/Config.java b/src/java/org/apache/cassandra/config/Config.java
index c605a3a..6395690 100644
--- a/src/java/org/apache/cassandra/config/Config.java
+++ b/src/java/org/apache/cassandra/config/Config.java
@@ -18,6 +18,8 @@
package org.apache.cassandra.config;
import org.apache.cassandra.cache.SerializingCacheProvider;
+import org.apache.cassandra.config.EncryptionOptions.ClientEncryptionOptions;
+import org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions;
/**
* A class that contains configuration properties for the cassandra node it runs within.
@@ -126,10 +128,10 @@ public class Config
public RequestSchedulerId request_scheduler_id;
public RequestSchedulerOptions request_scheduler_options;
- public EncryptionOptions server_encryption_options = new EncryptionOptions();
- public EncryptionOptions client_encryption_options = new EncryptionOptions();
+ public ServerEncryptionOptions server_encryption_options = new ServerEncryptionOptions();
+ public ClientEncryptionOptions client_encryption_options = new ClientEncryptionOptions();
// this encOptions is for backward compatibility (a warning is logged by DatabaseDescriptor)
- public EncryptionOptions encryption_options;
+ public ServerEncryptionOptions encryption_options;
public InternodeCompression internode_compression = InternodeCompression.none;
http://git-wip-us.apache.org/repos/asf/cassandra/blob/24cf1d12/src/java/org/apache/cassandra/config/DatabaseDescriptor.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/config/DatabaseDescriptor.java b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java
index e615887..bb3e7c1 100644
--- a/src/java/org/apache/cassandra/config/DatabaseDescriptor.java
+++ b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java
@@ -33,6 +33,8 @@ import org.slf4j.LoggerFactory;
import org.apache.cassandra.auth.*;
import org.apache.cassandra.cache.IRowCacheProvider;
import org.apache.cassandra.config.Config.RequestSchedulerId;
+import org.apache.cassandra.config.EncryptionOptions.ClientEncryptionOptions;
+import org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions;
import org.apache.cassandra.db.ColumnFamilyStore;
import org.apache.cassandra.db.DefsTable;
import org.apache.cassandra.db.SystemTable;
@@ -1092,12 +1094,12 @@ public class DatabaseDescriptor
conf.dynamic_snitch_badness_threshold = dynamicBadnessThreshold;
}
- public static EncryptionOptions getServerEncryptionOptions()
+ public static ServerEncryptionOptions getServerEncryptionOptions()
{
return conf.server_encryption_options;
}
- public static EncryptionOptions getClientEncryptionOptions()
+ public static ClientEncryptionOptions getClientEncryptionOptions()
{
return conf.client_encryption_options;
}
http://git-wip-us.apache.org/repos/asf/cassandra/blob/24cf1d12/src/java/org/apache/cassandra/config/EncryptionOptions.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/config/EncryptionOptions.java b/src/java/org/apache/cassandra/config/EncryptionOptions.java
index b516b1b..b8a5a91 100644
--- a/src/java/org/apache/cassandra/config/EncryptionOptions.java
+++ b/src/java/org/apache/cassandra/config/EncryptionOptions.java
@@ -17,9 +17,8 @@
*/
package org.apache.cassandra.config;
-public class EncryptionOptions
+public abstract class EncryptionOptions
{
- public InternodeEncryption internode_encryption = InternodeEncryption.none;
public String keystore = "conf/.keystore";
public String keystore_password = "cassandra";
public String truststore = "conf/.truststore";
@@ -29,12 +28,17 @@ public class EncryptionOptions
public String algorithm = "SunX509";
public String store_type = "JKS";
+ public static class ClientEncryptionOptions extends EncryptionOptions
+ {
+ public boolean enabled = false;
+ }
- public static enum InternodeEncryption
+ public static class ServerEncryptionOptions extends EncryptionOptions
{
- all,
- none,
- dc,
- rack
+ public static enum InternodeEncryption
+ {
+ all, none, dc, rack
+ }
+ public InternodeEncryption internode_encryption = InternodeEncryption.none;
}
}
http://git-wip-us.apache.org/repos/asf/cassandra/blob/24cf1d12/src/java/org/apache/cassandra/net/MessagingService.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/net/MessagingService.java b/src/java/org/apache/cassandra/net/MessagingService.java
index cce3925..0b69014 100644
--- a/src/java/org/apache/cassandra/net/MessagingService.java
+++ b/src/java/org/apache/cassandra/net/MessagingService.java
@@ -43,7 +43,7 @@ import org.apache.cassandra.concurrent.DebuggableThreadPoolExecutor;
import org.apache.cassandra.concurrent.Stage;
import org.apache.cassandra.concurrent.StageManager;
import org.apache.cassandra.config.DatabaseDescriptor;
-import org.apache.cassandra.config.EncryptionOptions;
+import org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions;
import org.apache.cassandra.db.*;
import org.apache.cassandra.dht.BootStrapper;
import org.apache.cassandra.exceptions.ConfigurationException;
@@ -396,7 +396,7 @@ public final class MessagingService implements MessagingServiceMBean
private List<ServerSocket> getServerSocket(InetAddress localEp) throws ConfigurationException
{
final List<ServerSocket> ss = new ArrayList<ServerSocket>(2);
- if (DatabaseDescriptor.getServerEncryptionOptions().internode_encryption != EncryptionOptions.InternodeEncryption.none)
+ if (DatabaseDescriptor.getServerEncryptionOptions().internode_encryption != ServerEncryptionOptions.InternodeEncryption.none)
{
try
{
http://git-wip-us.apache.org/repos/asf/cassandra/blob/24cf1d12/src/java/org/apache/cassandra/thrift/CustomTHsHaServer.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/thrift/CustomTHsHaServer.java b/src/java/org/apache/cassandra/thrift/CustomTHsHaServer.java
index 0143136..250a549 100644
--- a/src/java/org/apache/cassandra/thrift/CustomTHsHaServer.java
+++ b/src/java/org/apache/cassandra/thrift/CustomTHsHaServer.java
@@ -36,7 +36,6 @@ import org.slf4j.LoggerFactory;
import org.apache.cassandra.concurrent.JMXEnabledThreadPoolExecutor;
import org.apache.cassandra.concurrent.NamedThreadFactory;
import org.apache.cassandra.config.DatabaseDescriptor;
-import org.apache.cassandra.config.EncryptionOptions;
import org.apache.thrift.server.TNonblockingServer;
import org.apache.thrift.server.TServer;
import org.apache.thrift.transport.TNonblockingServerTransport;
@@ -352,7 +351,7 @@ public class CustomTHsHaServer extends TNonblockingServer
{
public TServer buildTServer(Args args)
{
- if(!DatabaseDescriptor.getClientEncryptionOptions().internode_encryption.equals(EncryptionOptions.InternodeEncryption.none))
+ if (DatabaseDescriptor.getClientEncryptionOptions().enabled)
throw new RuntimeException("Client SSL is not supported for non-blocking sockets (hsha). Please remove client ssl from the configuration.");
final InetSocketAddress addr = args.addr;
http://git-wip-us.apache.org/repos/asf/cassandra/blob/24cf1d12/src/java/org/apache/cassandra/thrift/CustomTNonBlockingServer.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/thrift/CustomTNonBlockingServer.java b/src/java/org/apache/cassandra/thrift/CustomTNonBlockingServer.java
index af82896..779caf3 100644
--- a/src/java/org/apache/cassandra/thrift/CustomTNonBlockingServer.java
+++ b/src/java/org/apache/cassandra/thrift/CustomTNonBlockingServer.java
@@ -20,7 +20,6 @@ package org.apache.cassandra.thrift;
import java.net.InetSocketAddress;
import org.apache.cassandra.config.DatabaseDescriptor;
-import org.apache.cassandra.config.EncryptionOptions;
import org.apache.thrift.server.TNonblockingServer;
import org.apache.thrift.server.TServer;
import org.apache.thrift.transport.TNonblockingServerTransport;
@@ -47,7 +46,7 @@ public class CustomTNonBlockingServer extends TNonblockingServer
{
public TServer buildTServer(Args args)
{
- if(!DatabaseDescriptor.getClientEncryptionOptions().internode_encryption.equals(EncryptionOptions.InternodeEncryption.none))
+ if (DatabaseDescriptor.getClientEncryptionOptions().enabled)
throw new RuntimeException("Client SSL is not supported for non-blocking sockets. Please remove client ssl from the configuration.");
final InetSocketAddress addr = args.addr;
http://git-wip-us.apache.org/repos/asf/cassandra/blob/24cf1d12/src/java/org/apache/cassandra/thrift/CustomTThreadPoolServer.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/thrift/CustomTThreadPoolServer.java b/src/java/org/apache/cassandra/thrift/CustomTThreadPoolServer.java
index 8b88e43..f6ab1f7 100644
--- a/src/java/org/apache/cassandra/thrift/CustomTThreadPoolServer.java
+++ b/src/java/org/apache/cassandra/thrift/CustomTThreadPoolServer.java
@@ -31,7 +31,7 @@ import org.slf4j.LoggerFactory;
import org.apache.cassandra.concurrent.NamedThreadFactory;
import org.apache.cassandra.config.DatabaseDescriptor;
-import org.apache.cassandra.config.EncryptionOptions;
+import org.apache.cassandra.config.EncryptionOptions.ClientEncryptionOptions;
import org.apache.thrift.TException;
import org.apache.thrift.TProcessor;
import org.apache.thrift.protocol.TProtocol;
@@ -243,13 +243,12 @@ public class CustomTThreadPoolServer extends TServer
TServerTransport serverTransport;
try
{
- final EncryptionOptions clientEnc = DatabaseDescriptor.getClientEncryptionOptions();
- if(EncryptionOptions.InternodeEncryption.all == clientEnc.internode_encryption)
+ final ClientEncryptionOptions clientEnc = DatabaseDescriptor.getClientEncryptionOptions();
+ if (clientEnc.enabled)
{
logger.info("enabling encrypted thrift connections between client and server");
TSSLTransportParameters params = new TSSLTransportParameters(clientEnc.protocol, clientEnc.cipher_suites);
params.setKeyStore(clientEnc.keystore, clientEnc.keystore_password);
- params.setTrustStore(clientEnc.truststore, clientEnc.truststore_password);
TServerSocket sslServer = TSSLTransportFactory.getServerSocket(addr.getPort(), 0, addr.getAddress(), params);
serverTransport = new TCustomServerSocket(sslServer.getServerSocket(), args.keepAlive, args.sendBufferSize, args.recvBufferSize);
}
http://git-wip-us.apache.org/repos/asf/cassandra/blob/24cf1d12/tools/stress/src/org/apache/cassandra/stress/Session.java
----------------------------------------------------------------------
diff --git a/tools/stress/src/org/apache/cassandra/stress/Session.java b/tools/stress/src/org/apache/cassandra/stress/Session.java
index ac109a1..a0c3617 100644
--- a/tools/stress/src/org/apache/cassandra/stress/Session.java
+++ b/tools/stress/src/org/apache/cassandra/stress/Session.java
@@ -28,6 +28,7 @@ import java.util.concurrent.atomic.AtomicLong;
import org.apache.cassandra.cli.transport.FramedTransportFactory;
import org.apache.cassandra.config.CFMetaData;
import org.apache.cassandra.config.EncryptionOptions;
+import org.apache.cassandra.config.EncryptionOptions.ClientEncryptionOptions;
import org.apache.cassandra.exceptions.ConfigurationException;
import org.apache.cassandra.exceptions.SyntaxException;
import org.apache.cassandra.db.marshal.*;
@@ -160,7 +161,7 @@ public class Session implements Serializable
public final String comparator;
public final boolean timeUUIDComparator;
public double traceProbability = 0.0;
- public EncryptionOptions encOptions = new EncryptionOptions();
+ public EncryptionOptions encOptions = new ClientEncryptionOptions();
public TTransportFactory transportFactory = new FramedTransportFactory();
public Session(String[] arguments) throws IllegalArgumentException, SyntaxException