[cassandra] branch trunk updated: Fix BulkLoader ignoring cipher suites options.

Tue, 01 Aug 2023 11:46:09 -0700 

This is an automated email from the ASF dual-hosted git repository.

edimitrova pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 1c7e7db2d0 Fix BulkLoader ignoring cipher suites options.
1c7e7db2d0 is described below

commit 1c7e7db2d062e54c38a05e073caa40889188657c
Author: Ekaterina Dimitrova <[email protected]>
AuthorDate: Tue Aug 1 14:37:26 2023 -0400

    Fix BulkLoader ignoring cipher suites options.
    
    patch by Dan Jatnieks; reviewed by Ekaterina Dimitrova and Jon Meredith for 
CASSANDRA-18582
---
 CHANGES.txt                                                          | 1 +
 src/java/org/apache/cassandra/config/EncryptionOptions.java          | 5 +++++
 src/java/org/apache/cassandra/tools/BulkLoader.java                  | 3 ++-
 .../distributed/test/SSTableLoaderEncryptionOptionsTest.java         | 1 +
 .../src/org/apache/cassandra/stress/util/JavaDriverClient.java       | 3 ++-
 5 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index 9875217ba8..cc40181f4c 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -179,6 +179,7 @@ Merged from 4.0:
 
 4.1.4
 Merged from 4.0:
+ * Fix BulkLoader ignoring cipher suites options (CASSANDRA-18582)
  * Migrate Python optparse to argparse (CASSANDRA-17914)
 Merged from 3.11:
 Merged from 3.0:
diff --git a/src/java/org/apache/cassandra/config/EncryptionOptions.java 
b/src/java/org/apache/cassandra/config/EncryptionOptions.java
index b223b6a896..9db2406a44 100644
--- a/src/java/org/apache/cassandra/config/EncryptionOptions.java
+++ b/src/java/org/apache/cassandra/config/EncryptionOptions.java
@@ -408,6 +408,11 @@ public class EncryptionOptions
         return ap == null ?  new String[0] : ap.toArray(new String[0]);
     }
 
+    public String[] cipherSuitesArray()
+    {
+        return cipher_suites == null ? null : cipher_suites.toArray(new 
String[0]);
+    }
+
     public TlsEncryptionPolicy tlsEncryptionPolicy()
     {
         if (getOptional())
diff --git a/src/java/org/apache/cassandra/tools/BulkLoader.java 
b/src/java/org/apache/cassandra/tools/BulkLoader.java
index 8d5a1d4c67..8802b9e837 100644
--- a/src/java/org/apache/cassandra/tools/BulkLoader.java
+++ b/src/java/org/apache/cassandra/tools/BulkLoader.java
@@ -273,8 +273,9 @@ public class BulkLoader
 
         // Temporarily override newSSLEngine to set accepted protocols until 
it is added to
         // RemoteEndpointAwareJdkSSLOptions.  See CASSANDRA-13325 and 
CASSANDRA-16362.
-        RemoteEndpointAwareJdkSSLOptions sslOptions = new 
RemoteEndpointAwareJdkSSLOptions(sslContext, null)
+        RemoteEndpointAwareJdkSSLOptions sslOptions = new 
RemoteEndpointAwareJdkSSLOptions(sslContext, 
clientEncryptionOptions.cipherSuitesArray())
         {
+            @Override
             protected SSLEngine newSSLEngine(SocketChannel channel, 
InetSocketAddress remoteEndpoint)
             {
                 SSLEngine engine = super.newSSLEngine(channel, remoteEndpoint);
diff --git 
a/test/distributed/org/apache/cassandra/distributed/test/SSTableLoaderEncryptionOptionsTest.java
 
b/test/distributed/org/apache/cassandra/distributed/test/SSTableLoaderEncryptionOptionsTest.java
index 00834bae58..94ea1d0441 100644
--- 
a/test/distributed/org/apache/cassandra/distributed/test/SSTableLoaderEncryptionOptionsTest.java
+++ 
b/test/distributed/org/apache/cassandra/distributed/test/SSTableLoaderEncryptionOptionsTest.java
@@ -98,6 +98,7 @@ public class SSTableLoaderEncryptionOptionsTest extends 
AbstractEncryptionOption
                                                             "--truststore", 
validTrustStorePath,
                                                             
"--truststore-password", validTrustStorePassword,
                                                             "--conf-path", 
"test/conf/sstableloader_with_encryption.yaml",
+                                                            "--ssl-ciphers", 
"TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA",
                                                             
sstables_to_upload.absolutePath());
         tool.assertOnCleanExit();
         assertTrue(tool.getStdout().contains("Summary statistics"));
diff --git 
a/tools/stress/src/org/apache/cassandra/stress/util/JavaDriverClient.java 
b/tools/stress/src/org/apache/cassandra/stress/util/JavaDriverClient.java
index f05c513c93..f938cd9887 100644
--- a/tools/stress/src/org/apache/cassandra/stress/util/JavaDriverClient.java
+++ b/tools/stress/src/org/apache/cassandra/stress/util/JavaDriverClient.java
@@ -165,8 +165,9 @@ public class JavaDriverClient
 
             // Temporarily override newSSLEngine to set accepted protocols 
until it is added to
             // RemoteEndpointAwareJdkSSLOptions.  See CASSANDRA-13325 and 
CASSANDRA-16362.
-            RemoteEndpointAwareJdkSSLOptions sslOptions = new 
RemoteEndpointAwareJdkSSLOptions(sslContext, null)
+            RemoteEndpointAwareJdkSSLOptions sslOptions = new 
RemoteEndpointAwareJdkSSLOptions(sslContext, 
encryptionOptions.cipherSuitesArray())
             {
+                @Override
                 protected SSLEngine newSSLEngine(SocketChannel channel, 
InetSocketAddress remoteEndpoint)
                 {
                     SSLEngine engine = super.newSSLEngine(channel, 
remoteEndpoint);


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to