sarankk commented on code in PR #148:
URL: https://github.com/apache/cassandra-sidecar/pull/148#discussion_r1854866100
##########
server/src/main/java/org/apache/cassandra/sidecar/cluster/CQLSessionProviderImpl.java:
##########
@@ -203,4 +248,85 @@ public void close()
}
}
}
+
+ private SslContext createSslContext(SslConfiguration sslConfiguration)
+ {
+ if (sslConfiguration == null || !sslConfiguration.enabled())
+ {
+ return null;
+ }
+
+ SslContextBuilder sslContextBuilder;
+ try
+ {
+ sslContextBuilder = SslContextBuilder.forClient()
+
.protocols(sslConfiguration.secureTransportProtocols());
+
+ if (sslConfiguration.isKeystoreConfigured())
+ {
+ KeyStore keyStore =
createKeystore(sslConfiguration.keystore());
+ KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmf.init(keyStore,
sslConfiguration.keystore().password().toCharArray());
+ sslContextBuilder.keyManager(kmf);
+ }
+
+ if (sslConfiguration.isTrustStoreConfigured())
+ {
+ KeyStore truststore =
createKeystore(sslConfiguration.truststore());
+ TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(truststore);
+ sslContextBuilder.trustManager(tmf);
+ }
+ return sslContextBuilder.build();
+ }
+ catch (Exception e)
+ {
+ throw new ConfigurationException("Error creating SsLContext for
Cassandra connections", e);
+ }
+ }
+
+ private KeyStore createKeystore(KeyStoreConfiguration config)
+ throws KeyStoreException, IOException, CertificateException,
NoSuchAlgorithmException
+ {
+ KeyStore keystore = KeyStore.getInstance(config.type());
+ try (FileInputStream inputStream = new FileInputStream(config.path()))
+ {
+ keystore.load(inputStream, config.password().toCharArray());
+ }
+ return keystore;
+ }
+
+ /**
+ * {@link MtlsAuthProvider} is a custom AuthProvider. It is required when
driver needs to connect to Cassandra with
+ * mutual TLS.
+ */
+ private static class MtlsAuthProvider implements AuthProvider
+ {
+ @Override
+ public Authenticator newAuthenticator(InetSocketAddress
inetSocketAddress, String s) throws AuthenticationException
+ {
+ return new MutualTLSAuthenticator();
+ }
+
+ private static class MutualTLSAuthenticator implements Authenticator
+ {
+ @Override
+ public byte[] initialResponse()
+ {
+ return new byte[]{ 0, 0 };
Review Comment:
We figured it wasn't necessary, even a empty array would work. But removed
this `MtlsAuthProvider`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
