Skip to content

Commit 8590737

Browse files
avelanariusavelanarius
committed
Properly set SSL configuration options for Scylla
Extend withSSL() and withAuth() methods of CCMBridge to correctly set up SSL keys on Scylla. Convert keys to a format usable by Scylla.
1 parent 177cc65 commit 8590737

File tree

4 files changed

+114
-9
lines changed

4 files changed

+114
-9
lines changed

driver-core/src/test/java/com/datastax/driver/core/CCMBridge.java

Lines changed: 36 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -96,14 +96,26 @@ public class CCMBridge implements CCMAccess {
9696
public static final String DEFAULT_SERVER_TRUSTSTORE_PASSWORD = "scylla1sfun";
9797
public static final String DEFAULT_SERVER_TRUSTSTORE_PATH = "/server.truststore";
9898

99+
public static final String DEFAULT_SERVER_TRUSTSTORE_PEM_PATH = "/server.truststore.pem";
100+
99101
private static final File DEFAULT_SERVER_TRUSTSTORE_FILE =
100102
createTempStore(DEFAULT_SERVER_TRUSTSTORE_PATH);
103+
private static final File DEFAULT_SERVER_TRUSTSTORE_PEM_FILE =
104+
createTempStore(DEFAULT_SERVER_TRUSTSTORE_PEM_PATH);
101105

102106
public static final String DEFAULT_SERVER_KEYSTORE_PASSWORD = "scylla1sfun";
103107
public static final String DEFAULT_SERVER_KEYSTORE_PATH = "/server.keystore";
104108

109+
// Contain the same keypair as the server keystore, but in format usable by Scylla
110+
public static final String DEFAULT_SERVER_PRIVATE_KEY_PATH = "/server.key";
111+
public static final String DEFAULT_SERVER_CERT_CHAIN_PATH = "/server.crt";
112+
105113
private static final File DEFAULT_SERVER_KEYSTORE_FILE =
106114
createTempStore(DEFAULT_SERVER_KEYSTORE_PATH);
115+
private static final File DEFAULT_SERVER_PRIVATE_KEY_FILE =
116+
createTempStore(DEFAULT_SERVER_PRIVATE_KEY_PATH);
117+
private static final File DEFAULT_SERVER_CERT_CHAIN_FILE =
118+
createTempStore(DEFAULT_SERVER_CERT_CHAIN_PATH);
107119

108120
/**
109121
* The environment variables to use when invoking CCM. Inherits the current processes environment,
@@ -951,22 +963,37 @@ public Builder withoutNodes() {
951963
/** Enables SSL encryption. */
952964
public Builder withSSL() {
953965
cassandraConfiguration.put("client_encryption_options.enabled", "true");
954-
cassandraConfiguration.put("client_encryption_options.optional", "false");
955-
cassandraConfiguration.put(
956-
"client_encryption_options.keystore", DEFAULT_SERVER_KEYSTORE_FILE.getAbsolutePath());
957-
cassandraConfiguration.put(
958-
"client_encryption_options.keystore_password", DEFAULT_SERVER_KEYSTORE_PASSWORD);
966+
if (GLOBAL_SCYLLA_VERSION_NUMBER != null) {
967+
cassandraConfiguration.put(
968+
"client_encryption_options.certificate",
969+
DEFAULT_SERVER_CERT_CHAIN_FILE.getAbsolutePath());
970+
cassandraConfiguration.put(
971+
"client_encryption_options.keyfile", DEFAULT_SERVER_PRIVATE_KEY_FILE.getAbsolutePath());
972+
} else {
973+
cassandraConfiguration.put("client_encryption_options.optional", "false");
974+
cassandraConfiguration.put(
975+
"client_encryption_options.keystore", DEFAULT_SERVER_KEYSTORE_FILE.getAbsolutePath());
976+
cassandraConfiguration.put(
977+
"client_encryption_options.keystore_password", DEFAULT_SERVER_KEYSTORE_PASSWORD);
978+
}
959979
return this;
960980
}
961981

962982
/** Enables client authentication. This also enables encryption ({@link #withSSL()}. */
963983
public Builder withAuth() {
964984
withSSL();
965985
cassandraConfiguration.put("client_encryption_options.require_client_auth", "true");
966-
cassandraConfiguration.put(
967-
"client_encryption_options.truststore", DEFAULT_SERVER_TRUSTSTORE_FILE.getAbsolutePath());
968-
cassandraConfiguration.put(
969-
"client_encryption_options.truststore_password", DEFAULT_SERVER_TRUSTSTORE_PASSWORD);
986+
if (GLOBAL_SCYLLA_VERSION_NUMBER != null) {
987+
cassandraConfiguration.put(
988+
"client_encryption_options.truststore",
989+
DEFAULT_SERVER_TRUSTSTORE_PEM_FILE.getAbsolutePath());
990+
} else {
991+
cassandraConfiguration.put(
992+
"client_encryption_options.truststore",
993+
DEFAULT_SERVER_TRUSTSTORE_FILE.getAbsolutePath());
994+
cassandraConfiguration.put(
995+
"client_encryption_options.truststore_password", DEFAULT_SERVER_TRUSTSTORE_PASSWORD);
996+
}
970997
return this;
971998
}
972999

driver-core/src/test/resources/server.crt

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIEPTCCAyWgAwIBAgIUPFITBaxiUFYSeETN6rIB0xUkBJ4wDQYJKoZIhvcNAQEL
3+
BQAwgawxCzAJBgNVBAYTAlBMMREwDwYDVQQIDAhNYXpvdmlhbjEPMA0GA1UEBwwG
4+
V2Fyc2F3MRwwGgYDVQQKDBNTY3lsbGFEQiBTcC4geiBvLm8uMRYwFAYDVQQLDA1T
5+
Y3lsbGEgU2VydmVyMRYwFAYDVQQDDA1TY3lsbGEgU2VydmVyMSswKQYJKoZIhvcN
6+
AQkBFhxwaW90ci5ncmFib3dza2lAc2N5bGxhZGIuY29tMCAXDTIyMDYxNzEwNTgz
7+
M1oYDzIxMjIwNTI0MTA1ODMzWjCBrDELMAkGA1UEBhMCUEwxETAPBgNVBAgMCE1h
8+
em92aWFuMQ8wDQYDVQQHDAZXYXJzYXcxHDAaBgNVBAoME1NjeWxsYURCIFNwLiB6
9+
IG8uby4xFjAUBgNVBAsMDVNjeWxsYSBTZXJ2ZXIxFjAUBgNVBAMMDVNjeWxsYSBT
10+
ZXJ2ZXIxKzApBgkqhkiG9w0BCQEWHHBpb3RyLmdyYWJvd3NraUBzY3lsbGFkYi5j
11+
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwwh66j+kV2IxZbfZU
12+
o1iodP98lgy6TSSauPaiqcW3Pe82kOioQVRZspJMBYhPoAfiiibyVoyKVZD+NN3d
13+
BJe4q/qxgnH1thP2N8X73CsD9TOG5MxV4qQa8M/B8TbuQNS5NXW74Lx4g97RStsH
14+
+C5lHVpNiX32m5/LwK1JnoUx+7UAFBjn3VRfIlCCI7iGWeRdqcx4c5/kmG4N1KcM
15+
+/65lKOe0ppd4wPywlOuR7Mq6Pk0Z/jjNplJR+clICEqcqDYSvTz8i3aVGsCFFAM
16+
Sd66BVIF3/bXsUq0DY0QMn4ODoh4g5LAuzj+MRtoscziXIObXYHrcu1Y9loJIsKO
17+
MnmNAgMBAAGjUzBRMB0GA1UdDgQWBBQbUSOSsbqiAICHGLRg7Zrb+XGT2DAfBgNV
18+
HSMEGDAWgBQbUSOSsbqiAICHGLRg7Zrb+XGT2DAPBgNVHRMBAf8EBTADAQH/MA0G
19+
CSqGSIb3DQEBCwUAA4IBAQAfCtnXS3Mw8O86s8fF5jcPZDqPRhckh0iMQ6odh9f+
20+
WfWIo+NDIP7ELFvhl1s2GsIKAhAW39HRU51xW0VsCwK9rijNp5pwsjnCR7Gu+r5H
21+
P90EKld9o1+e4CNTd1djHGZFxKmTc7GCBOxrDaBPjyhTcSeNrVNjiomJacqZhHmY
22+
TXOOePN1sfU6zFH7gdjv+ydnaMxfTKuhJdQlyXH5Ny8ZOXH988kZcCtC0YdF6c/B
23+
xlHM7muPeyiEioerM+xmRYsiZPURBbnN7Du/4o4NQ+qlYR2+zH6zrCu5cpmG2ugz
24+
5UyzLR3AGVE9AeV+tLQepvIaCGO7aHQoNZWKd5bDJPkO
25+
-----END CERTIFICATE-----

driver-core/src/test/resources/server.key

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
-----BEGIN PRIVATE KEY-----
2+
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwwh66j+kV2IxZ
3+
bfZUo1iodP98lgy6TSSauPaiqcW3Pe82kOioQVRZspJMBYhPoAfiiibyVoyKVZD+
4+
NN3dBJe4q/qxgnH1thP2N8X73CsD9TOG5MxV4qQa8M/B8TbuQNS5NXW74Lx4g97R
5+
StsH+C5lHVpNiX32m5/LwK1JnoUx+7UAFBjn3VRfIlCCI7iGWeRdqcx4c5/kmG4N
6+
1KcM+/65lKOe0ppd4wPywlOuR7Mq6Pk0Z/jjNplJR+clICEqcqDYSvTz8i3aVGsC
7+
FFAMSd66BVIF3/bXsUq0DY0QMn4ODoh4g5LAuzj+MRtoscziXIObXYHrcu1Y9loJ
8+
IsKOMnmNAgMBAAECggEAEPTeW8lYc+cNN7sLyXzOEYL/y2TdnbWu0ET0LBCbTgPc
9+
AeEO4K07uUsfK7nQJMtWVk4ohFD3NIIW4bwSmJRLNcURzJuV8RtheNpK3Ol3Gu8X
10+
3VXvoEGYupjlZVaNjXecsJPHUpmxmuITqwJCVtZhJQQW2J9a/SBayQIX3Zsebfft
11+
pHDZZgV2WLWYpLplmxqqxvEiSx+enTHRQYoiKMfmPcBlbzybgFatKe3vIRDTaMPL
12+
ORakqu1NE/mBOVLYUUNZn47xi36Kt8JGHsXPk31ReYh2Y5CYzU0miUhPrRfIVT36
13+
XjHtw6d/5WF17i/69/pgUYoTbfhuMxIH9FyOjtUXhQKBgQDnhc+1PnfQc0LBA290
14+
IpHvPWK72i7gQdkpwB/lebsBT7nPiAS575WjssKVdO0UkVL3yd38fGSlVWh0NSzb
15+
au07rGZkNMD4HzoeoXrPE+nxDUj3YIs5u8Lv6u1NYShpYSCcYcAvKzvI7/7VGcbh
16+
t3UbEzarEaFS0DzD4K6AyPRCpwKBgQDDchp0kLn9/WJ/j4T6li4V4Un8sjlwfFTj
17+
/RuAl101DL7OZ0Nci15Lav6E5Es/yD3ZecX5kZ30Y6nQZO7ZRLntYUsClEVbbKM9
18+
t3S4asyb1fIloO8W25jZ+VfpyoGIZdJKOVy8+qIGwtoQktcp4F/NWvp09euoJ49m
19+
lRJKWKjsqwKBgFk3AREQX08d+y0xS7Nu1tlfyDonG0UjWrFx7ViaDeu1cx57hYa4
20+
werwqXa6NdllHpmJWlc+//GN9dBB5WUv0PbbuiEHCw0Ry22eQBqny9AtlF5u/3dh
21+
2P5mgsb8l3v0B4L7T/ldKY6GnKY1ZqP389JZFwnYo1esEp5QaC4MQcOlAoGBAKyP
22+
Zuo6Ce1FtZyYk7lHtYLd+Zwho3M8Yxs0kv6zJbk7+o90PtZLusJtwjCE/CdhXbJQ
23+
wMn7lnF7OShkpTmxY1NCDp9FWANDZNGN04Er0mFYwUYV1GLjGg6CBuvFPx61f7jG
24+
8qlrxHihuzTc4Rn5H7zJMc7ofdtmqkbRIWgA5YynAoGALwtuVOjSKWHVPQJIOxpF
25+
AXMDw/2rgBHv8Ty/LCDRZTCLml34dCbESlBDLzzvn2kq5B4tfJcgXlKYrswLwc25
26+
5OTEvueg7JdkeyIYpznTU0ve4HRd21YKpPe0mAPxmwKZoBxXISlshAYgTaRcna3S
27+
f/Lx+nkNVqDCzb2Y3/89Cgk=
28+
-----END PRIVATE KEY-----

driver-core/src/test/resources/server.truststore.pem

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIEPTCCAyWgAwIBAgIUXQymVOmOttUHZI7Gi5AsX+VNprwwDQYJKoZIhvcNAQEL
3+
BQAwgawxCzAJBgNVBAYTAlBMMREwDwYDVQQIDAhNYXpvdmlhbjEPMA0GA1UEBwwG
4+
V2Fyc2F3MRwwGgYDVQQKDBNTY3lsbGFEQiBTcC4geiBvLm8uMRYwFAYDVQQLDA1T
5+
Y3lsbGEgTm9kZSAxMRYwFAYDVQQDDA1TY3lsbGEgTm9kZSAxMSswKQYJKoZIhvcN
6+
AQkBFhxwaW90ci5ncmFib3dza2lAc2N5bGxhZGIuY29tMCAXDTIyMDYxNzEwNTkw
7+
NVoYDzIxMjIwNTI0MTA1OTA1WjCBrDELMAkGA1UEBhMCUEwxETAPBgNVBAgMCE1h
8+
em92aWFuMQ8wDQYDVQQHDAZXYXJzYXcxHDAaBgNVBAoME1NjeWxsYURCIFNwLiB6
9+
IG8uby4xFjAUBgNVBAsMDVNjeWxsYSBOb2RlIDExFjAUBgNVBAMMDVNjeWxsYSBO
10+
b2RlIDExKzApBgkqhkiG9w0BCQEWHHBpb3RyLmdyYWJvd3NraUBzY3lsbGFkYi5j
11+
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKYYuwE878o7A/h2eW
12+
tpmOCIX6iRLA0p+6Ndhsm6WVts/YqbxB9J0ICzZs4RWf2rbE55qz0FpLZol4qwWO
13+
WEizRfGSBnJPiUMKHEUyU51rGXjjwGbxBvV06dQlcfMT1wxhJ+pTEuYPsawQLoGR
14+
2ByUecELweQwZ+ynDIPqeoUZnUFxHi+r4Aszf6xlLFyb2ePU2op0n/RMqLpqtFPK
15+
BhjhXkbCcwk246C5M6bEjC0s09H9oyO4WM37cFjMcRMX+w8R0/VwKAtS0ztekXsg
16+
VYD94fEKAs8LafjoYTpPqhQ9XEKbKHB9WHedlaPw+5Vldvv1Wrbv1n1G7fc+X69D
17+
mnLnAgMBAAGjUzBRMB0GA1UdDgQWBBQEC/E0DYGLVULfF/fr1wgVbxGYoTAfBgNV
18+
HSMEGDAWgBQEC/E0DYGLVULfF/fr1wgVbxGYoTAPBgNVHRMBAf8EBTADAQH/MA0G
19+
CSqGSIb3DQEBCwUAA4IBAQC6voLj0O//6Mfc0FUb8S3v4QFd/1NY94PjTSL3jfVC
20+
5LVuynuLrhYXm8c985310DrsPwxpCuEFm7dDHC+WIo7gu1TZdNNP7NtFVUzHeJFo
21+
p+gIMUEEyou46glEx6pBJSj3DpvQu2BFLIotKfjAmc0qTLj4mL9/rWTjy0uKs5Ls
22+
6A5+xzIvVQF5GLP7vn6dD72DDzNxcUynrJXx4q/iczmYvQtGFjJ7gG+nrmefXF0T
23+
MDVftixHw5ZHT0pkH2FA8OzqzIDfU4hovkFiFb5fIea9kbbD1HpjAegZshHKql+y
24+
U8/8o09NhR7SLhZwZxiuhJo2d/qD2SvJcCyPWqrtczZ8
25+
-----END CERTIFICATE-----

0 commit comments

Comments
 (0)