Example 1 with ServerEncryptionOptions
use of org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions in project cassandra by apache.
the class SSLFactoryTest method testServerSocketCiphers.
@Test
public void testServerSocketCiphers() throws IOException {
ServerEncryptionOptions options = new EncryptionOptions.ServerEncryptionOptions();
options.keystore = "test/conf/keystore.jks";
options.keystore_password = "cassandra";
options.truststore = options.keystore;
options.truststore_password = options.keystore_password;
options.cipher_suites = new String[] { "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" };
// enabled ciphers must be a subset of configured ciphers with identical order
try (SSLServerSocket socket = SSLFactory.getServerSocket(options, InetAddress.getLocalHost(), 55123)) {
String[] enabled = socket.getEnabledCipherSuites();
String[] wanted = Iterables.toArray(Iterables.filter(Lists.newArrayList(options.cipher_suites), Predicates.in(Lists.newArrayList(enabled))), String.class);
assertArrayEquals(wanted, enabled);
}
}
Also used :
ServerEncryptionOptions(org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions)
SSLServerSocket(javax.net.ssl.SSLServerSocket)
Test(org.junit.Test)
Example 2 with ServerEncryptionOptions
use of org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions in project cassandra by apache.
the class InboundConnectionSettings method withLegacySslStoragePortDefaults.
public InboundConnectionSettings withLegacySslStoragePortDefaults() {
ServerEncryptionOptions encryption = this.encryption;
if (encryption == null)
encryption = DatabaseDescriptor.getInternodeMessagingEncyptionOptions();
encryption = encryption.withOptional(false).withInternodeEncryption(ServerEncryptionOptions.InternodeEncryption.all);
return this.withBindAddress(bindAddress.withPort(DatabaseDescriptor.getSSLStoragePort())).withEncryption(encryption).withDefaults();
}
Also used :
ServerEncryptionOptions(org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions)
Example 3 with ServerEncryptionOptions
use of org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions in project cassandra by apache.
the class InboundConnectionSettings method withDefaults.
// note that connectTo is updated even if specified, in the case of pre40 messaging and using encryption (to update port)
public InboundConnectionSettings withDefaults() {
// this is for the socket that can be plain, only ssl, or optional plain/ssl
if (bindAddress.getPort() != DatabaseDescriptor.getStoragePort() && bindAddress.getPort() != DatabaseDescriptor.getSSLStoragePort())
throw new ConfigurationException(format("Local endpoint port %d doesn't match YAML configured port %d or legacy SSL port %d", bindAddress.getPort(), DatabaseDescriptor.getStoragePort(), DatabaseDescriptor.getSSLStoragePort()));
IInternodeAuthenticator authenticator = this.authenticator;
ServerEncryptionOptions encryption = this.encryption;
Integer socketReceiveBufferSizeInBytes = this.socketReceiveBufferSizeInBytes;
Integer applicationReceiveQueueCapacityInBytes = this.applicationReceiveQueueCapacityInBytes;
AcceptVersions acceptMessaging = this.acceptMessaging;
AcceptVersions acceptStreaming = this.acceptStreaming;
SocketFactory socketFactory = this.socketFactory;
Function<InetAddressAndPort, InboundMessageHandlers> handlersFactory = this.handlers;
if (authenticator == null)
authenticator = DatabaseDescriptor.getInternodeAuthenticator();
if (encryption == null)
encryption = DatabaseDescriptor.getInternodeMessagingEncyptionOptions();
if (socketReceiveBufferSizeInBytes == null)
socketReceiveBufferSizeInBytes = DatabaseDescriptor.getInternodeSocketReceiveBufferSizeInBytes();
if (applicationReceiveQueueCapacityInBytes == null)
applicationReceiveQueueCapacityInBytes = DatabaseDescriptor.getInternodeApplicationReceiveQueueCapacityInBytes();
if (acceptMessaging == null)
acceptMessaging = accept_messaging;
if (acceptStreaming == null)
acceptStreaming = accept_streaming;
if (socketFactory == null)
socketFactory = instance().socketFactory;
if (handlersFactory == null)
handlersFactory = instance()::getInbound;
Preconditions.checkArgument(socketReceiveBufferSizeInBytes == 0 || socketReceiveBufferSizeInBytes >= 1 << 10, "illegal socket send buffer size: " + socketReceiveBufferSizeInBytes);
Preconditions.checkArgument(applicationReceiveQueueCapacityInBytes >= 1 << 10, "illegal application receive queue capacity: " + applicationReceiveQueueCapacityInBytes);
return new InboundConnectionSettings(authenticator, bindAddress, encryption, socketReceiveBufferSizeInBytes, applicationReceiveQueueCapacityInBytes, acceptMessaging, acceptStreaming, socketFactory, handlersFactory);
}
Also used :
InetAddressAndPort(org.apache.cassandra.locator.InetAddressAndPort)
ConfigurationException(org.apache.cassandra.exceptions.ConfigurationException)
IInternodeAuthenticator(org.apache.cassandra.auth.IInternodeAuthenticator)
ServerEncryptionOptions(org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions)
Example 4 with ServerEncryptionOptions
use of org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions in project cassandra by apache.
the class MessagingServiceTest method listenPlainConnection.
// @Test
// public void reconnectWithNewIp() throws Exception
// {
// InetAddressAndPort publicIp = InetAddressAndPort.getByName("127.0.0.2");
// InetAddressAndPort privateIp = InetAddressAndPort.getByName("127.0.0.3");
//
// // reset the preferred IP value, for good test hygene
// SystemKeyspace.updatePreferredIP(publicIp, publicIp);
//
// // create pool/conn with public addr
// Assert.assertEquals(publicIp, messagingService.getCurrentEndpoint(publicIp));
// messagingService.maybeReconnectWithNewIp(publicIp, privateIp).await(1L, TimeUnit.SECONDS);
// Assert.assertEquals(privateIp, messagingService.getCurrentEndpoint(publicIp));
//
// messagingService.closeOutbound(publicIp);
//
// // recreate the pool/conn, and make sure the preferred ip addr is used
// Assert.assertEquals(privateIp, messagingService.getCurrentEndpoint(publicIp));
// }
@Test
public void listenPlainConnection() throws InterruptedException {
ServerEncryptionOptions serverEncryptionOptions = new ServerEncryptionOptions().withInternodeEncryption(ServerEncryptionOptions.InternodeEncryption.none);
listen(serverEncryptionOptions, false);
}
Also used :
ServerEncryptionOptions(org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions)
Test(org.junit.Test)
Example 5 with ServerEncryptionOptions
use of org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions in project cassandra by apache.
the class MessagingServiceTest method listenRequiredSecureConnectionWithLegacyPort.
@Test
public void listenRequiredSecureConnectionWithLegacyPort() throws InterruptedException {
ServerEncryptionOptions serverEncryptionOptions = new ServerEncryptionOptions().withInternodeEncryption(ServerEncryptionOptions.InternodeEncryption.all).withOptional(false).withLegacySslStoragePort(true);
listen(serverEncryptionOptions, false);
}
Also used :
ServerEncryptionOptions(org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions)
Test(org.junit.Test)
Aggregations
ServerEncryptionOptions (org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions)16
Test (org.junit.Test)14
SslContext (io.netty.handler.ssl.SslContext)4
File (org.apache.cassandra.io.util.File)4
IOException (java.io.IOException)3
CertificateException (java.security.cert.CertificateException)3
SSLServerSocket (javax.net.ssl.SSLServerSocket)1
IInternodeAuthenticator (org.apache.cassandra.auth.IInternodeAuthenticator)1
ConfigurationException (org.apache.cassandra.exceptions.ConfigurationException)1
InetAddressAndPort (org.apache.cassandra.locator.InetAddressAndPort)1
