Enable client encryption in sstableloader with cli options patch by yukim; reviewed by Alex Petrov for CASSANDRA-11708
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/148f369d Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/148f369d Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/148f369d Branch: refs/heads/trunk Commit: 148f369d7658c60620c28f18442fcc4024dbb32a Parents: ffd10a9 Author: Yuki Morishita <[email protected]> Authored: Tue May 24 13:38:29 2016 -0500 Committer: Yuki Morishita <[email protected]> Committed: Tue May 24 13:38:29 2016 -0500 ---------------------------------------------------------------------- CHANGES.txt | 1 + .../org/apache/cassandra/tools/BulkLoader.java | 30 ++++++++++++-------- 2 files changed, 19 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/148f369d/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index d7ca9e5..acdf2e9 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 2.2.7 + * Enable client encryption in sstableloader with cli options (CASSANDRA-11708) * Possible memory leak in NIODataInputStream (CASSANDRA-11867) * Fix commit log replay after out-of-order flush completion (CASSANDRA-9669) * Add seconds to cqlsh tracing session duration (CASSANDRA-11753) http://git-wip-us.apache.org/repos/asf/cassandra/blob/148f369d/src/java/org/apache/cassandra/tools/BulkLoader.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/tools/BulkLoader.java b/src/java/org/apache/cassandra/tools/BulkLoader.java index 6d19f5e..7d0fdc8 100644 --- a/src/java/org/apache/cassandra/tools/BulkLoader.java +++ b/src/java/org/apache/cassandra/tools/BulkLoader.java @@ -80,7 +80,7 @@ public class BulkLoader options.storagePort, options.sslStoragePort, options.serverEncOptions, - buildSSLOptions((EncryptionOptions.ClientEncryptionOptions)options.encOptions)), + buildSSLOptions(options.clientEncOptions)), handler, options.connectionsPerHost); DatabaseDescriptor.setStreamThroughputOutboundMegabitsPerSec(options.throttle); @@ -313,7 +313,7 @@ public class BulkLoader public int interDcThrottle = 0; public int storagePort; public int sslStoragePort; - public EncryptionOptions encOptions = new EncryptionOptions.ClientEncryptionOptions(); + public EncryptionOptions.ClientEncryptionOptions clientEncOptions = new EncryptionOptions.ClientEncryptionOptions(); public int connectionsPerHost = 1; public EncryptionOptions.ServerEncryptionOptions serverEncOptions = new EncryptionOptions.ServerEncryptionOptions(); @@ -442,7 +442,7 @@ public class BulkLoader opts.sslStoragePort = config.ssl_storage_port; opts.throttle = config.stream_throughput_outbound_megabits_per_sec; opts.interDcThrottle = config.inter_dc_stream_throughput_outbound_megabits_per_sec; - opts.encOptions = config.client_encryption_options; + opts.clientEncOptions = config.client_encryption_options; opts.serverEncOptions = config.server_encryption_options; if (cmd.hasOption(THROTTLE_MBITS)) @@ -455,46 +455,52 @@ public class BulkLoader opts.interDcThrottle = Integer.parseInt(cmd.getOptionValue(INTER_DC_THROTTLE_MBITS)); } + if (cmd.hasOption(SSL_TRUSTSTORE) || cmd.hasOption(SSL_TRUSTSTORE_PW) || + cmd.hasOption(SSL_KEYSTORE) || cmd.hasOption(SSL_KEYSTORE_PW)) + { + opts.clientEncOptions.enabled = true; + } + if (cmd.hasOption(SSL_TRUSTSTORE)) { - opts.encOptions.truststore = cmd.getOptionValue(SSL_TRUSTSTORE); + opts.clientEncOptions.truststore = cmd.getOptionValue(SSL_TRUSTSTORE); } if (cmd.hasOption(SSL_TRUSTSTORE_PW)) { - opts.encOptions.truststore_password = cmd.getOptionValue(SSL_TRUSTSTORE_PW); + opts.clientEncOptions.truststore_password = cmd.getOptionValue(SSL_TRUSTSTORE_PW); } if (cmd.hasOption(SSL_KEYSTORE)) { - opts.encOptions.keystore = cmd.getOptionValue(SSL_KEYSTORE); + opts.clientEncOptions.keystore = cmd.getOptionValue(SSL_KEYSTORE); // if a keystore was provided, lets assume we'll need to use it - opts.encOptions.require_client_auth = true; + opts.clientEncOptions.require_client_auth = true; } if (cmd.hasOption(SSL_KEYSTORE_PW)) { - opts.encOptions.keystore_password = cmd.getOptionValue(SSL_KEYSTORE_PW); + opts.clientEncOptions.keystore_password = cmd.getOptionValue(SSL_KEYSTORE_PW); } if (cmd.hasOption(SSL_PROTOCOL)) { - opts.encOptions.protocol = cmd.getOptionValue(SSL_PROTOCOL); + opts.clientEncOptions.protocol = cmd.getOptionValue(SSL_PROTOCOL); } if (cmd.hasOption(SSL_ALGORITHM)) { - opts.encOptions.algorithm = cmd.getOptionValue(SSL_ALGORITHM); + opts.clientEncOptions.algorithm = cmd.getOptionValue(SSL_ALGORITHM); } if (cmd.hasOption(SSL_STORE_TYPE)) { - opts.encOptions.store_type = cmd.getOptionValue(SSL_STORE_TYPE); + opts.clientEncOptions.store_type = cmd.getOptionValue(SSL_STORE_TYPE); } if (cmd.hasOption(SSL_CIPHER_SUITES)) { - opts.encOptions.cipher_suites = cmd.getOptionValue(SSL_CIPHER_SUITES).split(","); + opts.clientEncOptions.cipher_suites = cmd.getOptionValue(SSL_CIPHER_SUITES).split(","); } return opts;
