smiklosovic commented on a change in pull request #1027:
URL: https://github.com/apache/cassandra/pull/1027#discussion_r662502170
##########
File path: src/java/org/apache/cassandra/config/EncryptionOptions.java
##########
@@ -29,8 +30,17 @@
import org.apache.cassandra.locator.IEndpointSnitch;
import org.apache.cassandra.locator.InetAddressAndPort;
+import org.apache.cassandra.security.ISslContextFactory;
import org.apache.cassandra.security.SSLFactory;
+import org.apache.cassandra.utils.FBUtilities;
+/**
Review comment:
would you mind to make this Javadoc "nicer"? It is not formatted
correctly, I mean, empty line at the end, then the last sentence is short and
might be put on the same same line as "require" and so on ...
##########
File path:
src/java/org/apache/cassandra/security/DefaultSslContextFactoryImpl.java
##########
@@ -0,0 +1,248 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.cassandra.security;
+
+import java.io.File;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Map;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableList;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import io.netty.handler.ssl.CipherSuiteFilter;
+import io.netty.handler.ssl.ClientAuth;
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
+import org.apache.cassandra.config.EncryptionOptions;
+
+/**
+ * Cassandra's default implementation class for the configuration key {@code
ssl_context_factory}. It uses
+ * file based keystores.
+ */
+public final class DefaultSslContextFactoryImpl implements ISslContextFactory
+{
+ private static final Logger logger =
LoggerFactory.getLogger(DefaultSslContextFactoryImpl.class);
+
+ @VisibleForTesting
+ static volatile boolean checkedExpiry = false;
+
+ /**
+ * List of files that trigger hot reloading of SSL certificates
+ */
+ private static volatile List<HotReloadableFile> hotReloadableFiles =
ImmutableList.of();
+
+ private Map<String,String> parameters;
+
+ /* For test only */
+ DefaultSslContextFactoryImpl(){}
+
+ public DefaultSslContextFactoryImpl(Map<String,String> parameters) {
+ this.parameters = parameters;
+ }
+
+ @Override
+ public SSLContext createJSSESslContext(EncryptionOptions options, boolean
buildTruststore) throws SSLException
+ {
+ TrustManager[] trustManagers = null;
+ if (buildTruststore)
+ trustManagers =
buildTrustManagerFactory(options).getTrustManagers();
+
+ KeyManagerFactory kmf = buildKeyManagerFactory(options);
+
+ try
+ {
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ ctx.init(kmf.getKeyManagers(), trustManagers, null);
+ return ctx;
+ }
+ catch (Exception e)
+ {
+ throw new SSLException("Error creating/initializing the SSL
Context", e);
+ }
+ }
+
+ @Override
+ public SslContext createNettySslContext(EncryptionOptions options, boolean
buildTruststore, SocketType socketType
Review comment:
could be method parameters aligned? ideally below each other, same
column as the opening bracket (plus one char)
##########
File path: src/java/org/apache/cassandra/security/ISslContextFactory.java
##########
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.cassandra.security;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+
+import io.netty.handler.ssl.CipherSuiteFilter;
+import io.netty.handler.ssl.SslContext;
+import org.apache.cassandra.config.EncryptionOptions;
+
+/**
+ * The purpose of this interface is to provide pluggable mechanism for
creating custom JSSE and Netty SSLContext
+ * objects. Please use the Cassandra configuration key {@code
ssl_context_factory} as part of {@code
+ * client_encryption_options}/{@code server_encryption_options} and provide a
custom class-name implementing this
+ * interface with parameters to be used to plugin a your own way to load the
SSLContext.
+ *
+ * Implementation of this interface must have a constructor with argument of
type {@code Map<String,String>} to allow
+ * custom parameters, needed by the implementation, to be passed from the yaml
configuration.
+ *
+ * Since on top of Netty, Cassandra is internally using JSSE SSLContext also
for certain use-cases- this interface
+ * has methods for both.
+ *
+ * Below is an example of how to configure a custom implementation with
parameters
+ * <pre>
+ * ssl_context_factory:
+ * class_name: org.apache.cassandra.security.YourSslContextFactoryImpl
+ * parameters:
+ * key1: "value1"
+ * key2: "value2"
+ * key3: "value3"
+ * </pre>
+ */
+public interface ISslContextFactory
+{
+ /**
+ * Creates JSSE SSLContext.
+ *
+ * @param options EncryptionOptions that could be used for the SSL context
creation
+ * @param buildTruststore {@code true} if the caller requires Truststore;
{@code false} otherwise
+ * @return
Review comment:
would you mind to finish what it returns?
##########
File path:
src/java/org/apache/cassandra/security/DefaultSslContextFactoryImpl.java
##########
@@ -0,0 +1,248 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.cassandra.security;
+
+import java.io.File;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Map;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableList;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import io.netty.handler.ssl.CipherSuiteFilter;
+import io.netty.handler.ssl.ClientAuth;
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
+import org.apache.cassandra.config.EncryptionOptions;
+
+/**
+ * Cassandra's default implementation class for the configuration key {@code
ssl_context_factory}. It uses
+ * file based keystores.
+ */
+public final class DefaultSslContextFactoryImpl implements ISslContextFactory
+{
+ private static final Logger logger =
LoggerFactory.getLogger(DefaultSslContextFactoryImpl.class);
+
+ @VisibleForTesting
+ static volatile boolean checkedExpiry = false;
+
+ /**
+ * List of files that trigger hot reloading of SSL certificates
+ */
+ private static volatile List<HotReloadableFile> hotReloadableFiles =
ImmutableList.of();
+
+ private Map<String,String> parameters;
+
+ /* For test only */
+ DefaultSslContextFactoryImpl(){}
+
+ public DefaultSslContextFactoryImpl(Map<String,String> parameters) {
+ this.parameters = parameters;
+ }
+
+ @Override
+ public SSLContext createJSSESslContext(EncryptionOptions options, boolean
buildTruststore) throws SSLException
+ {
+ TrustManager[] trustManagers = null;
+ if (buildTruststore)
+ trustManagers =
buildTrustManagerFactory(options).getTrustManagers();
+
+ KeyManagerFactory kmf = buildKeyManagerFactory(options);
+
+ try
+ {
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ ctx.init(kmf.getKeyManagers(), trustManagers, null);
+ return ctx;
+ }
+ catch (Exception e)
+ {
+ throw new SSLException("Error creating/initializing the SSL
Context", e);
+ }
+ }
+
+ @Override
+ public SslContext createNettySslContext(EncryptionOptions options, boolean
buildTruststore, SocketType socketType
+ , boolean useOpenSsl, CipherSuiteFilter cipherFilter) throws SSLException
+ {
+ /*
+ There is a case where the netty/openssl combo might not support
using KeyManagerFactory. specifically,
Review comment:
Could you spent more time on wording and making this grammatically
correct? A sentence should start with an upper case letter and similar.
##########
File path:
src/java/org/apache/cassandra/security/DefaultSslContextFactoryImpl.java
##########
@@ -0,0 +1,248 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.cassandra.security;
+
+import java.io.File;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Map;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableList;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import io.netty.handler.ssl.CipherSuiteFilter;
+import io.netty.handler.ssl.ClientAuth;
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
+import org.apache.cassandra.config.EncryptionOptions;
+
+/**
+ * Cassandra's default implementation class for the configuration key {@code
ssl_context_factory}. It uses
+ * file based keystores.
+ */
+public final class DefaultSslContextFactoryImpl implements ISslContextFactory
+{
+ private static final Logger logger =
LoggerFactory.getLogger(DefaultSslContextFactoryImpl.class);
+
+ @VisibleForTesting
+ static volatile boolean checkedExpiry = false;
+
+ /**
+ * List of files that trigger hot reloading of SSL certificates
+ */
+ private static volatile List<HotReloadableFile> hotReloadableFiles =
ImmutableList.of();
+
+ private Map<String,String> parameters;
+
+ /* For test only */
+ DefaultSslContextFactoryImpl(){}
+
+ public DefaultSslContextFactoryImpl(Map<String,String> parameters) {
+ this.parameters = parameters;
+ }
+
+ @Override
+ public SSLContext createJSSESslContext(EncryptionOptions options, boolean
buildTruststore) throws SSLException
+ {
+ TrustManager[] trustManagers = null;
+ if (buildTruststore)
+ trustManagers =
buildTrustManagerFactory(options).getTrustManagers();
+
+ KeyManagerFactory kmf = buildKeyManagerFactory(options);
+
+ try
+ {
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ ctx.init(kmf.getKeyManagers(), trustManagers, null);
+ return ctx;
+ }
+ catch (Exception e)
+ {
+ throw new SSLException("Error creating/initializing the SSL
Context", e);
+ }
+ }
+
+ @Override
+ public SslContext createNettySslContext(EncryptionOptions options, boolean
buildTruststore, SocketType socketType
+ , boolean useOpenSsl, CipherSuiteFilter cipherFilter) throws SSLException
+ {
+ /*
+ There is a case where the netty/openssl combo might not support
using KeyManagerFactory. specifically,
+ I've seen this with the netty-tcnative dynamic openssl
implementation. using the netty-tcnative static-boringssl
+ works fine with KeyManagerFactory. If we want to support all of
the netty-tcnative options, we would need
+ to fall back to passing in a file reference for both a x509 and
PKCS#8 private key file in PEM format (see
+ {@link SslContextBuilder#forServer(File, File, String)}). However,
we are not supporting that now to keep
+ the config/yaml API simple.
+ */
+ KeyManagerFactory kmf = buildKeyManagerFactory(options);
+ SslContextBuilder builder;
+ if (socketType == SocketType.SERVER)
+ {
+ builder = SslContextBuilder.forServer(kmf);
+ builder.clientAuth(options.require_client_auth ?
ClientAuth.REQUIRE : ClientAuth.NONE);
Review comment:
Can not be this just chained after .forServer(kmf) like "builder =
SslContextBuilder.forServer(kmf).clientAuth(...);"
##########
File path:
src/java/org/apache/cassandra/security/DefaultSslContextFactoryImpl.java
##########
@@ -0,0 +1,248 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.cassandra.security;
+
+import java.io.File;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Map;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableList;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import io.netty.handler.ssl.CipherSuiteFilter;
+import io.netty.handler.ssl.ClientAuth;
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
+import org.apache.cassandra.config.EncryptionOptions;
+
+/**
+ * Cassandra's default implementation class for the configuration key {@code
ssl_context_factory}. It uses
+ * file based keystores.
+ */
+public final class DefaultSslContextFactoryImpl implements ISslContextFactory
+{
+ private static final Logger logger =
LoggerFactory.getLogger(DefaultSslContextFactoryImpl.class);
+
+ @VisibleForTesting
+ static volatile boolean checkedExpiry = false;
+
+ /**
+ * List of files that trigger hot reloading of SSL certificates
+ */
+ private static volatile List<HotReloadableFile> hotReloadableFiles =
ImmutableList.of();
+
+ private Map<String,String> parameters;
+
+ /* For test only */
+ DefaultSslContextFactoryImpl(){}
+
+ public DefaultSslContextFactoryImpl(Map<String,String> parameters) {
+ this.parameters = parameters;
+ }
+
+ @Override
+ public SSLContext createJSSESslContext(EncryptionOptions options, boolean
buildTruststore) throws SSLException
+ {
+ TrustManager[] trustManagers = null;
+ if (buildTruststore)
+ trustManagers =
buildTrustManagerFactory(options).getTrustManagers();
+
+ KeyManagerFactory kmf = buildKeyManagerFactory(options);
+
+ try
+ {
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ ctx.init(kmf.getKeyManagers(), trustManagers, null);
+ return ctx;
+ }
+ catch (Exception e)
+ {
+ throw new SSLException("Error creating/initializing the SSL
Context", e);
+ }
+ }
+
+ @Override
+ public SslContext createNettySslContext(EncryptionOptions options, boolean
buildTruststore, SocketType socketType
+ , boolean useOpenSsl, CipherSuiteFilter cipherFilter) throws SSLException
+ {
+ /*
+ There is a case where the netty/openssl combo might not support
using KeyManagerFactory. specifically,
+ I've seen this with the netty-tcnative dynamic openssl
implementation. using the netty-tcnative static-boringssl
+ works fine with KeyManagerFactory. If we want to support all of
the netty-tcnative options, we would need
+ to fall back to passing in a file reference for both a x509 and
PKCS#8 private key file in PEM format (see
+ {@link SslContextBuilder#forServer(File, File, String)}). However,
we are not supporting that now to keep
+ the config/yaml API simple.
+ */
+ KeyManagerFactory kmf = buildKeyManagerFactory(options);
+ SslContextBuilder builder;
+ if (socketType == SocketType.SERVER)
+ {
+ builder = SslContextBuilder.forServer(kmf);
+ builder.clientAuth(options.require_client_auth ?
ClientAuth.REQUIRE : ClientAuth.NONE);
+ }
+ else
+ {
+ builder = SslContextBuilder.forClient().keyManager(kmf);
+ }
+
+ builder.sslProvider(useOpenSsl ? SslProvider.OPENSSL :
SslProvider.JDK);
+
+ builder.protocols(options.acceptedProtocols());
+
+ // only set the cipher suites if the opertor has explicity configured
values for it; else, use the default
+ // for each ssl implemention (jdk or openssl)
+ if (options.cipher_suites != null && !options.cipher_suites.isEmpty())
+ builder.ciphers(options.cipher_suites, cipherFilter);
+
+ if (buildTruststore)
+ builder.trustManager(buildTrustManagerFactory(options));
+
+ SslContext sslContext;
+ try
+ {
+ sslContext = builder.build();
+ }
+ catch (SSLException e)
+ {
+ throw new SSLException("failed to build the final SslContext
object for secure connections", e);
+ }
+ return sslContext;
+ }
+
+ @Override
+ public synchronized void initHotReloading(EncryptionOptions options)
throws SSLException {
+
+ List<HotReloadableFile> fileList = new ArrayList<>();
+
+ if (options != null && options.tlsEncryptionPolicy() !=
EncryptionOptions.TlsEncryptionPolicy.UNENCRYPTED)
+ {
+ fileList.add(new HotReloadableFile(options.keystore));
+ fileList.add(new HotReloadableFile(options.truststore));
+ }
+
+ hotReloadableFiles = ImmutableList.copyOf(fileList);
+ }
+
+ @Override
+ public boolean shouldReload()
+ {
+ return
hotReloadableFiles.stream().anyMatch(HotReloadableFile::shouldReload);
+ }
+
+ @Override
+ public boolean hasKeystore(EncryptionOptions options) {
+ return new File(options.keystore).exists();
+ }
+
+ /**
+ * Helper class for hot reloading SSL Contexts
+ */
+ private static class HotReloadableFile
+ {
+ private final File file;
+ private volatile long lastModTime;
+
+ HotReloadableFile(String path)
+ {
+ file = new File(path);
+ lastModTime = file.lastModified();
+ }
+
+ boolean shouldReload()
+ {
+ long curModTime = file.lastModified();
+ boolean result = curModTime != lastModTime;
+ lastModTime = curModTime;
+ return result;
+ }
+
+ @Override
+ public String toString()
+ {
+ return "HotReloadableFile{" +
+ "file=" + file +
+ ", lastModTime=" + lastModTime +
+ '}';
+ }
+ }
+
+ KeyManagerFactory buildKeyManagerFactory(EncryptionOptions options) throws
SSLException
+ {
+ try (InputStream ksf =
Files.newInputStream(Paths.get(options.keystore)))
+ {
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(
+ options.algorithm == null ?
KeyManagerFactory.getDefaultAlgorithm() : options.algorithm);
+ KeyStore ks = KeyStore.getInstance(options.store_type);
+ ks.load(ksf, options.keystore_password.toCharArray());
+ if (!checkedExpiry)
+ {
+ for (Enumeration<String> aliases = ks.aliases();
aliases.hasMoreElements(); )
+ {
+ String alias = aliases.nextElement();
+ if (ks.getCertificate(alias).getType().equals("X.509"))
+ {
+ Date expires = ((X509Certificate)
ks.getCertificate(alias)).getNotAfter();
+ if (expires.before(new Date()))
+ logger.warn("Certificate for {} expired on {}",
alias, expires);
Review comment:
we just warn and that is it? are we ok with using expired certificate?
##########
File path:
src/java/org/apache/cassandra/security/DefaultSslContextFactoryImpl.java
##########
@@ -0,0 +1,248 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.cassandra.security;
+
+import java.io.File;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Map;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableList;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import io.netty.handler.ssl.CipherSuiteFilter;
+import io.netty.handler.ssl.ClientAuth;
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
+import org.apache.cassandra.config.EncryptionOptions;
+
+/**
+ * Cassandra's default implementation class for the configuration key {@code
ssl_context_factory}. It uses
+ * file based keystores.
+ */
+public final class DefaultSslContextFactoryImpl implements ISslContextFactory
+{
+ private static final Logger logger =
LoggerFactory.getLogger(DefaultSslContextFactoryImpl.class);
+
+ @VisibleForTesting
+ static volatile boolean checkedExpiry = false;
+
+ /**
+ * List of files that trigger hot reloading of SSL certificates
+ */
+ private static volatile List<HotReloadableFile> hotReloadableFiles =
ImmutableList.of();
+
+ private Map<String,String> parameters;
+
+ /* For test only */
+ DefaultSslContextFactoryImpl(){}
+
+ public DefaultSslContextFactoryImpl(Map<String,String> parameters) {
+ this.parameters = parameters;
+ }
+
+ @Override
+ public SSLContext createJSSESslContext(EncryptionOptions options, boolean
buildTruststore) throws SSLException
+ {
+ TrustManager[] trustManagers = null;
+ if (buildTruststore)
+ trustManagers =
buildTrustManagerFactory(options).getTrustManagers();
+
+ KeyManagerFactory kmf = buildKeyManagerFactory(options);
+
+ try
+ {
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ ctx.init(kmf.getKeyManagers(), trustManagers, null);
+ return ctx;
+ }
+ catch (Exception e)
+ {
+ throw new SSLException("Error creating/initializing the SSL
Context", e);
+ }
+ }
+
+ @Override
+ public SslContext createNettySslContext(EncryptionOptions options, boolean
buildTruststore, SocketType socketType
+ , boolean useOpenSsl, CipherSuiteFilter cipherFilter) throws SSLException
+ {
+ /*
+ There is a case where the netty/openssl combo might not support
using KeyManagerFactory. specifically,
+ I've seen this with the netty-tcnative dynamic openssl
implementation. using the netty-tcnative static-boringssl
+ works fine with KeyManagerFactory. If we want to support all of
the netty-tcnative options, we would need
+ to fall back to passing in a file reference for both a x509 and
PKCS#8 private key file in PEM format (see
+ {@link SslContextBuilder#forServer(File, File, String)}). However,
we are not supporting that now to keep
+ the config/yaml API simple.
+ */
+ KeyManagerFactory kmf = buildKeyManagerFactory(options);
+ SslContextBuilder builder;
+ if (socketType == SocketType.SERVER)
+ {
+ builder = SslContextBuilder.forServer(kmf);
+ builder.clientAuth(options.require_client_auth ?
ClientAuth.REQUIRE : ClientAuth.NONE);
+ }
+ else
+ {
+ builder = SslContextBuilder.forClient().keyManager(kmf);
+ }
+
+ builder.sslProvider(useOpenSsl ? SslProvider.OPENSSL :
SslProvider.JDK);
+
+ builder.protocols(options.acceptedProtocols());
+
+ // only set the cipher suites if the opertor has explicity configured
values for it; else, use the default
+ // for each ssl implemention (jdk or openssl)
+ if (options.cipher_suites != null && !options.cipher_suites.isEmpty())
+ builder.ciphers(options.cipher_suites, cipherFilter);
+
+ if (buildTruststore)
+ builder.trustManager(buildTrustManagerFactory(options));
+
+ SslContext sslContext;
+ try
+ {
+ sslContext = builder.build();
+ }
+ catch (SSLException e)
+ {
+ throw new SSLException("failed to build the final SslContext
object for secure connections", e);
+ }
+ return sslContext;
+ }
+
+ @Override
+ public synchronized void initHotReloading(EncryptionOptions options)
throws SSLException {
+
+ List<HotReloadableFile> fileList = new ArrayList<>();
+
+ if (options != null && options.tlsEncryptionPolicy() !=
EncryptionOptions.TlsEncryptionPolicy.UNENCRYPTED)
+ {
Review comment:
Why is `hotReloadableFiles` static and immutable? Can not it be just
cleared and new files added there again? Is not DefaultSslContextFactoryImpl
ever going to be initialised just once?
##########
File path: src/java/org/apache/cassandra/security/ISslContextFactory.java
##########
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.cassandra.security;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+
+import io.netty.handler.ssl.CipherSuiteFilter;
+import io.netty.handler.ssl.SslContext;
+import org.apache.cassandra.config.EncryptionOptions;
+
+/**
+ * The purpose of this interface is to provide pluggable mechanism for
creating custom JSSE and Netty SSLContext
+ * objects. Please use the Cassandra configuration key {@code
ssl_context_factory} as part of {@code
+ * client_encryption_options}/{@code server_encryption_options} and provide a
custom class-name implementing this
+ * interface with parameters to be used to plugin a your own way to load the
SSLContext.
+ *
+ * Implementation of this interface must have a constructor with argument of
type {@code Map<String,String>} to allow
+ * custom parameters, needed by the implementation, to be passed from the yaml
configuration.
+ *
+ * Since on top of Netty, Cassandra is internally using JSSE SSLContext also
for certain use-cases- this interface
+ * has methods for both.
+ *
+ * Below is an example of how to configure a custom implementation with
parameters
+ * <pre>
+ * ssl_context_factory:
+ * class_name: org.apache.cassandra.security.YourSslContextFactoryImpl
+ * parameters:
+ * key1: "value1"
+ * key2: "value2"
+ * key3: "value3"
+ * </pre>
+ */
+public interface ISslContextFactory
+{
+ /**
+ * Creates JSSE SSLContext.
+ *
+ * @param options EncryptionOptions that could be used for the SSL context
creation
+ * @param buildTruststore {@code true} if the caller requires Truststore;
{@code false} otherwise
+ * @return
+ * @throws SSLException in case the Ssl Context creation fails for some
reason
+ */
+ SSLContext createJSSESslContext(EncryptionOptions options, boolean
buildTruststore) throws SSLException;
+
+ /**
+ * Creates Netty's SslContext object.
+ *
+ * @param options EncryptionOptions that could be used for the SSL context
creation
+ * @param buildTruststore {@code true} if the caller requires Truststore;
{@code false} otherwise
+ * @param socketType {@link SocketType} for Netty's Inbound or Outbound
channels
+ * @param useOpenSsl {@code true} if openSsl is enabled;{@code false}
otherwise
+ * @param cipherFilter to allow Netty's cipher suite filtering, e.g.
+ * {@link io.netty.handler.ssl.SslContextBuilder#ciphers(Iterable,
CipherSuiteFilter)}
+ * @return
+ * @throws SSLException in case the Ssl Context creation fails for some
reason
+ */
+ SslContext createNettySslContext(EncryptionOptions options, boolean
buildTruststore, SocketType socketType,
+ boolean useOpenSsl, CipherSuiteFilter
cipherFilter) throws SSLException;
+
+ /**
+ * Initializes hot reloading of the security keys/certs. The
implementation must guarantee this to be thread safe.
+ * @param options Encryption options
+ * @throws SSLException
+ */
+ void initHotReloading(EncryptionOptions options) throws SSLException;
+
+ /**
+ * Returns if any changes require the reloading of the SSL context
returned by this factory.
+ * This will be called by Cassandra's periodic polling for any potential
changes that will reload the SSL context
+ * . However only newer connections established after the reload will use
the reloaded SSL context.
+ * @return
Review comment:
would you mind to finish what it returns?
##########
File path:
src/java/org/apache/cassandra/security/DefaultSslContextFactoryImpl.java
##########
@@ -0,0 +1,248 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.cassandra.security;
+
+import java.io.File;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Map;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableList;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import io.netty.handler.ssl.CipherSuiteFilter;
+import io.netty.handler.ssl.ClientAuth;
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
+import org.apache.cassandra.config.EncryptionOptions;
+
+/**
+ * Cassandra's default implementation class for the configuration key {@code
ssl_context_factory}. It uses
+ * file based keystores.
+ */
+public final class DefaultSslContextFactoryImpl implements ISslContextFactory
+{
+ private static final Logger logger =
LoggerFactory.getLogger(DefaultSslContextFactoryImpl.class);
+
+ @VisibleForTesting
+ static volatile boolean checkedExpiry = false;
+
+ /**
+ * List of files that trigger hot reloading of SSL certificates
+ */
+ private static volatile List<HotReloadableFile> hotReloadableFiles =
ImmutableList.of();
+
+ private Map<String,String> parameters;
+
+ /* For test only */
+ DefaultSslContextFactoryImpl(){}
+
+ public DefaultSslContextFactoryImpl(Map<String,String> parameters) {
+ this.parameters = parameters;
+ }
+
+ @Override
+ public SSLContext createJSSESslContext(EncryptionOptions options, boolean
buildTruststore) throws SSLException
+ {
+ TrustManager[] trustManagers = null;
+ if (buildTruststore)
+ trustManagers =
buildTrustManagerFactory(options).getTrustManagers();
+
+ KeyManagerFactory kmf = buildKeyManagerFactory(options);
+
+ try
+ {
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ ctx.init(kmf.getKeyManagers(), trustManagers, null);
+ return ctx;
+ }
+ catch (Exception e)
+ {
+ throw new SSLException("Error creating/initializing the SSL
Context", e);
+ }
+ }
+
+ @Override
+ public SslContext createNettySslContext(EncryptionOptions options, boolean
buildTruststore, SocketType socketType
+ , boolean useOpenSsl, CipherSuiteFilter cipherFilter) throws SSLException
+ {
+ /*
+ There is a case where the netty/openssl combo might not support
using KeyManagerFactory. specifically,
+ I've seen this with the netty-tcnative dynamic openssl
implementation. using the netty-tcnative static-boringssl
+ works fine with KeyManagerFactory. If we want to support all of
the netty-tcnative options, we would need
+ to fall back to passing in a file reference for both a x509 and
PKCS#8 private key file in PEM format (see
+ {@link SslContextBuilder#forServer(File, File, String)}). However,
we are not supporting that now to keep
+ the config/yaml API simple.
+ */
+ KeyManagerFactory kmf = buildKeyManagerFactory(options);
+ SslContextBuilder builder;
+ if (socketType == SocketType.SERVER)
+ {
+ builder = SslContextBuilder.forServer(kmf);
+ builder.clientAuth(options.require_client_auth ?
ClientAuth.REQUIRE : ClientAuth.NONE);
+ }
+ else
+ {
+ builder = SslContextBuilder.forClient().keyManager(kmf);
+ }
+
+ builder.sslProvider(useOpenSsl ? SslProvider.OPENSSL :
SslProvider.JDK);
+
+ builder.protocols(options.acceptedProtocols());
+
+ // only set the cipher suites if the opertor has explicity configured
values for it; else, use the default
+ // for each ssl implemention (jdk or openssl)
+ if (options.cipher_suites != null && !options.cipher_suites.isEmpty())
+ builder.ciphers(options.cipher_suites, cipherFilter);
+
+ if (buildTruststore)
+ builder.trustManager(buildTrustManagerFactory(options));
+
+ SslContext sslContext;
+ try
+ {
+ sslContext = builder.build();
Review comment:
Can't this just "return builder.build()"? There does not need to be
"SslContext sslContext" and returning at the end of the method.
##########
File path: src/java/org/apache/cassandra/config/EncryptionOptions.java
##########
@@ -76,8 +92,16 @@ public String description()
protected Boolean isEnabled = null;
protected Boolean isOptional = null;
+ /*
+ * We will wait to initialize this until applyConfig() call to make sure
we do it only when the caller is ready
+ * to use this option instance.
+ */
+ public ISslContextFactory sslContextFactoryInstance;
+
public EncryptionOptions()
{
+ ssl_context_factory = new
ParameterizedClass("org.apache.cassandra.security.DefaultSslContextFactoryImpl",
Review comment:
There is an empty constructor in DefaultSsl.... so after its creation,
`parameters` will be null but here you are setting it like an empty map, even
it is a detail, it should be same and that empty constructor should call the
one with map arg and create new map there.
##########
File path:
src/java/org/apache/cassandra/security/DefaultSslContextFactoryImpl.java
##########
@@ -0,0 +1,248 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.cassandra.security;
+
+import java.io.File;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Map;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableList;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import io.netty.handler.ssl.CipherSuiteFilter;
+import io.netty.handler.ssl.ClientAuth;
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
+import org.apache.cassandra.config.EncryptionOptions;
+
+/**
+ * Cassandra's default implementation class for the configuration key {@code
ssl_context_factory}. It uses
+ * file based keystores.
+ */
+public final class DefaultSslContextFactoryImpl implements ISslContextFactory
+{
+ private static final Logger logger =
LoggerFactory.getLogger(DefaultSslContextFactoryImpl.class);
+
+ @VisibleForTesting
+ static volatile boolean checkedExpiry = false;
+
+ /**
+ * List of files that trigger hot reloading of SSL certificates
+ */
+ private static volatile List<HotReloadableFile> hotReloadableFiles =
ImmutableList.of();
+
+ private Map<String,String> parameters;
+
+ /* For test only */
+ DefaultSslContextFactoryImpl(){}
+
+ public DefaultSslContextFactoryImpl(Map<String,String> parameters) {
+ this.parameters = parameters;
+ }
+
+ @Override
+ public SSLContext createJSSESslContext(EncryptionOptions options, boolean
buildTruststore) throws SSLException
+ {
+ TrustManager[] trustManagers = null;
+ if (buildTruststore)
+ trustManagers =
buildTrustManagerFactory(options).getTrustManagers();
+
+ KeyManagerFactory kmf = buildKeyManagerFactory(options);
+
+ try
+ {
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ ctx.init(kmf.getKeyManagers(), trustManagers, null);
+ return ctx;
+ }
+ catch (Exception e)
+ {
+ throw new SSLException("Error creating/initializing the SSL
Context", e);
+ }
+ }
+
+ @Override
+ public SslContext createNettySslContext(EncryptionOptions options, boolean
buildTruststore, SocketType socketType
+ , boolean useOpenSsl, CipherSuiteFilter cipherFilter) throws SSLException
+ {
+ /*
+ There is a case where the netty/openssl combo might not support
using KeyManagerFactory. specifically,
+ I've seen this with the netty-tcnative dynamic openssl
implementation. using the netty-tcnative static-boringssl
+ works fine with KeyManagerFactory. If we want to support all of
the netty-tcnative options, we would need
+ to fall back to passing in a file reference for both a x509 and
PKCS#8 private key file in PEM format (see
+ {@link SslContextBuilder#forServer(File, File, String)}). However,
we are not supporting that now to keep
+ the config/yaml API simple.
+ */
+ KeyManagerFactory kmf = buildKeyManagerFactory(options);
+ SslContextBuilder builder;
+ if (socketType == SocketType.SERVER)
+ {
+ builder = SslContextBuilder.forServer(kmf);
+ builder.clientAuth(options.require_client_auth ?
ClientAuth.REQUIRE : ClientAuth.NONE);
+ }
+ else
+ {
+ builder = SslContextBuilder.forClient().keyManager(kmf);
+ }
+
+ builder.sslProvider(useOpenSsl ? SslProvider.OPENSSL :
SslProvider.JDK);
Review comment:
same, can't be this chained (with protocols)?
##########
File path: src/java/org/apache/cassandra/security/ISslContextFactory.java
##########
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.cassandra.security;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+
+import io.netty.handler.ssl.CipherSuiteFilter;
+import io.netty.handler.ssl.SslContext;
+import org.apache.cassandra.config.EncryptionOptions;
+
+/**
+ * The purpose of this interface is to provide pluggable mechanism for
creating custom JSSE and Netty SSLContext
+ * objects. Please use the Cassandra configuration key {@code
ssl_context_factory} as part of {@code
+ * client_encryption_options}/{@code server_encryption_options} and provide a
custom class-name implementing this
+ * interface with parameters to be used to plugin a your own way to load the
SSLContext.
+ *
+ * Implementation of this interface must have a constructor with argument of
type {@code Map<String,String>} to allow
+ * custom parameters, needed by the implementation, to be passed from the yaml
configuration.
+ *
+ * Since on top of Netty, Cassandra is internally using JSSE SSLContext also
for certain use-cases- this interface
+ * has methods for both.
+ *
+ * Below is an example of how to configure a custom implementation with
parameters
+ * <pre>
+ * ssl_context_factory:
+ * class_name: org.apache.cassandra.security.YourSslContextFactoryImpl
+ * parameters:
+ * key1: "value1"
+ * key2: "value2"
+ * key3: "value3"
+ * </pre>
+ */
+public interface ISslContextFactory
+{
+ /**
+ * Creates JSSE SSLContext.
+ *
+ * @param options EncryptionOptions that could be used for the SSL context
creation
+ * @param buildTruststore {@code true} if the caller requires Truststore;
{@code false} otherwise
+ * @return
+ * @throws SSLException in case the Ssl Context creation fails for some
reason
+ */
+ SSLContext createJSSESslContext(EncryptionOptions options, boolean
buildTruststore) throws SSLException;
+
+ /**
+ * Creates Netty's SslContext object.
+ *
+ * @param options EncryptionOptions that could be used for the SSL context
creation
+ * @param buildTruststore {@code true} if the caller requires Truststore;
{@code false} otherwise
+ * @param socketType {@link SocketType} for Netty's Inbound or Outbound
channels
+ * @param useOpenSsl {@code true} if openSsl is enabled;{@code false}
otherwise
+ * @param cipherFilter to allow Netty's cipher suite filtering, e.g.
+ * {@link io.netty.handler.ssl.SslContextBuilder#ciphers(Iterable,
CipherSuiteFilter)}
+ * @return
Review comment:
same
##########
File path: src/java/org/apache/cassandra/security/ISslContextFactory.java
##########
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.cassandra.security;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+
+import io.netty.handler.ssl.CipherSuiteFilter;
+import io.netty.handler.ssl.SslContext;
+import org.apache.cassandra.config.EncryptionOptions;
+
+/**
+ * The purpose of this interface is to provide pluggable mechanism for
creating custom JSSE and Netty SSLContext
+ * objects. Please use the Cassandra configuration key {@code
ssl_context_factory} as part of {@code
+ * client_encryption_options}/{@code server_encryption_options} and provide a
custom class-name implementing this
+ * interface with parameters to be used to plugin a your own way to load the
SSLContext.
+ *
+ * Implementation of this interface must have a constructor with argument of
type {@code Map<String,String>} to allow
+ * custom parameters, needed by the implementation, to be passed from the yaml
configuration.
+ *
+ * Since on top of Netty, Cassandra is internally using JSSE SSLContext also
for certain use-cases- this interface
+ * has methods for both.
+ *
+ * Below is an example of how to configure a custom implementation with
parameters
+ * <pre>
+ * ssl_context_factory:
+ * class_name: org.apache.cassandra.security.YourSslContextFactoryImpl
+ * parameters:
+ * key1: "value1"
+ * key2: "value2"
+ * key3: "value3"
+ * </pre>
+ */
+public interface ISslContextFactory
+{
+ /**
+ * Creates JSSE SSLContext.
+ *
+ * @param options EncryptionOptions that could be used for the SSL context
creation
+ * @param buildTruststore {@code true} if the caller requires Truststore;
{@code false} otherwise
+ * @return
+ * @throws SSLException in case the Ssl Context creation fails for some
reason
+ */
+ SSLContext createJSSESslContext(EncryptionOptions options, boolean
buildTruststore) throws SSLException;
+
+ /**
+ * Creates Netty's SslContext object.
+ *
+ * @param options EncryptionOptions that could be used for the SSL context
creation
+ * @param buildTruststore {@code true} if the caller requires Truststore;
{@code false} otherwise
+ * @param socketType {@link SocketType} for Netty's Inbound or Outbound
channels
+ * @param useOpenSsl {@code true} if openSsl is enabled;{@code false}
otherwise
+ * @param cipherFilter to allow Netty's cipher suite filtering, e.g.
+ * {@link io.netty.handler.ssl.SslContextBuilder#ciphers(Iterable,
CipherSuiteFilter)}
+ * @return
+ * @throws SSLException in case the Ssl Context creation fails for some
reason
+ */
+ SslContext createNettySslContext(EncryptionOptions options, boolean
buildTruststore, SocketType socketType,
+ boolean useOpenSsl, CipherSuiteFilter
cipherFilter) throws SSLException;
+
+ /**
+ * Initializes hot reloading of the security keys/certs. The
implementation must guarantee this to be thread safe.
+ * @param options Encryption options
+ * @throws SSLException
+ */
+ void initHotReloading(EncryptionOptions options) throws SSLException;
+
+ /**
+ * Returns if any changes require the reloading of the SSL context
returned by this factory.
+ * This will be called by Cassandra's periodic polling for any potential
changes that will reload the SSL context
+ * . However only newer connections established after the reload will use
the reloaded SSL context.
Review comment:
Could you just move that dot at the end of the previous line please? :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
