Commit 57076e64a6f8158e259a60446f3f5085fce07899
Committed by
Andrew Shvayka
Andrew Shvayka
1 parent
7ffd5a0e
Add full DataStax Java Driver SSL configs
Showing
3 changed files
with
51 additions
and
6 deletions
| @@ -194,8 +194,21 @@ cassandra: | @@ -194,8 +194,21 @@ cassandra: | ||
| 194 | url: "${CASSANDRA_URL:127.0.0.1:9042}" | 194 | url: "${CASSANDRA_URL:127.0.0.1:9042}" |
| 195 | # Specify local datacenter name | 195 | # Specify local datacenter name |
| 196 | local_datacenter: "${CASSANDRA_LOCAL_DATACENTER:datacenter1}" | 196 | local_datacenter: "${CASSANDRA_LOCAL_DATACENTER:datacenter1}" |
| 197 | - # Enable/disable secure connection | ||
| 198 | - ssl: "${CASSANDRA_USE_SSL:false}" | 197 | + ssl: |
| 198 | + # Enable/disable secure connection | ||
| 199 | + enabled: "${CASSANDRA_USE_SSL:false}" | ||
| 200 | + # Enable/disable validation of Cassandra server hostname | ||
| 201 | + # If enabled, hostname of Cassandra server must match CN of server certificate | ||
| 202 | + hostname_validation: "${CASSANDRA_SSL_HOSTNAME_VALIDATION:true}" | ||
| 203 | + # Set trust store for client authentication of server (optional, uses trust store from default SSLContext if not set) | ||
| 204 | + trust_store: "${CASSANDRA_SSL_TRUST_STORE:}" | ||
| 205 | + trust_store_password: "${CASSANDRA_SSL_TRUST_STORE_PASSWORD:}" | ||
| 206 | + # Set key store for server authentication of client (optional, uses key store from default SSLContext if not set) | ||
| 207 | + # A key store is only needed if the Cassandra server requires client authentication | ||
| 208 | + key_store: "${CASSANDRA_SSL_KEY_STORE:}" | ||
| 209 | + key_store_password: "${CASSANDRA_SSL_KEY_STORE_PASSWORD:}" | ||
| 210 | + # Comma separated list of cipher suites (optional, uses Java default cipher suites if not set) | ||
| 211 | + cipher_suites: "${CASSANDRA_SSL_CIPHER_SUITES:}" | ||
| 199 | # Enable/disable JMX | 212 | # Enable/disable JMX |
| 200 | jmx: "${CASSANDRA_USE_JMX:false}" | 213 | jmx: "${CASSANDRA_USE_JMX:false}" |
| 201 | # Enable/disable metrics collection. | 214 | # Enable/disable metrics collection. |
| @@ -797,4 +810,4 @@ management: | @@ -797,4 +810,4 @@ management: | ||
| 797 | web: | 810 | web: |
| 798 | exposure: | 811 | exposure: |
| 799 | # Expose metrics endpoint (use value 'prometheus' to enable prometheus metrics). | 812 | # Expose metrics endpoint (use value 'prometheus' to enable prometheus metrics). |
| 800 | - include: '${METRICS_ENDPOINTS_EXPOSE:info}' | ||
| 813 | + include: '${METRICS_ENDPOINTS_EXPOSE:info}' |
| @@ -80,8 +80,22 @@ public class CassandraDriverOptions { | @@ -80,8 +80,22 @@ public class CassandraDriverOptions { | ||
| 80 | 80 | ||
| 81 | @Value("${cassandra.compression}") | 81 | @Value("${cassandra.compression}") |
| 82 | private String compression; | 82 | private String compression; |
| 83 | - @Value("${cassandra.ssl}") | 83 | + |
| 84 | + @Value("${cassandra.ssl.enabled}") | ||
| 84 | private Boolean ssl; | 85 | private Boolean ssl; |
| 86 | + @Value("${cassandra.ssl.key_store}") | ||
| 87 | + private String sslKeyStore; | ||
| 88 | + @Value("${cassandra.ssl.key_store_password}") | ||
| 89 | + private String sslKeyStorePassword; | ||
| 90 | + @Value("${cassandra.ssl.trust_store}") | ||
| 91 | + private String sslTrustStore; | ||
| 92 | + @Value("${cassandra.ssl.trust_store_password}") | ||
| 93 | + private String sslTrustStorePassword; | ||
| 94 | + @Value("${cassandra.ssl.hostname_validation}") | ||
| 95 | + private Boolean sslHostnameValidation; | ||
| 96 | + @Value("${cassandra.ssl.cipher_suites}") | ||
| 97 | + private List<String> sslCipherSuites; | ||
| 98 | + | ||
| 85 | @Value("${cassandra.metrics}") | 99 | @Value("${cassandra.metrics}") |
| 86 | private Boolean metrics; | 100 | private Boolean metrics; |
| 87 | 101 | ||
| @@ -120,7 +134,19 @@ public class CassandraDriverOptions { | @@ -120,7 +134,19 @@ public class CassandraDriverOptions { | ||
| 120 | 134 | ||
| 121 | if (this.ssl) { | 135 | if (this.ssl) { |
| 122 | driverConfigBuilder.withString(DefaultDriverOption.SSL_ENGINE_FACTORY_CLASS, | 136 | driverConfigBuilder.withString(DefaultDriverOption.SSL_ENGINE_FACTORY_CLASS, |
| 123 | - "DefaultSslEngineFactory"); | 137 | + "DefaultSslEngineFactory") |
| 138 | + .withBoolean(DefaultDriverOption.SSL_HOSTNAME_VALIDATION, this.sslHostnameValidation); | ||
| 139 | + if(!this.sslTrustStore.isEmpty()) { | ||
| 140 | + driverConfigBuilder.withString(DefaultDriverOption.SSL_TRUSTSTORE_PATH, this.sslTrustStore) | ||
| 141 | + .withString(DefaultDriverOption.SSL_TRUSTSTORE_PASSWORD, this.sslTrustStorePassword); | ||
| 142 | + } | ||
| 143 | + if(!this.sslKeyStore.isEmpty()) { | ||
| 144 | + driverConfigBuilder.withString(DefaultDriverOption.SSL_KEYSTORE_PATH, this.sslKeyStore) | ||
| 145 | + .withString(DefaultDriverOption.SSL_KEYSTORE_PASSWORD, this.sslKeyStorePassword); | ||
| 146 | + } | ||
| 147 | + if(!this.sslCipherSuites.isEmpty()) { | ||
| 148 | + driverConfigBuilder.withStringList(DefaultDriverOption.SSL_CIPHER_SUITES, this.sslCipherSuites); | ||
| 149 | + } | ||
| 124 | } | 150 | } |
| 125 | 151 | ||
| 126 | if (this.metrics) { | 152 | if (this.metrics) { |
| @@ -6,7 +6,13 @@ cassandra.url=127.0.0.1:9142 | @@ -6,7 +6,13 @@ cassandra.url=127.0.0.1:9142 | ||
| 6 | 6 | ||
| 7 | cassandra.local_datacenter=datacenter1 | 7 | cassandra.local_datacenter=datacenter1 |
| 8 | 8 | ||
| 9 | -cassandra.ssl=false | 9 | +cassandra.ssl.enabled=false |
| 10 | +cassandra.ssl.hostname_validation=false | ||
| 11 | +cassandra.ssl.trust_store= | ||
| 12 | +cassandra.ssl.trust_store_password= | ||
| 13 | +cassandra.ssl.key_store= | ||
| 14 | +cassandra.ssl.key_store_password= | ||
| 15 | +cassandra.ssl.cipher_suites= | ||
| 10 | 16 | ||
| 11 | cassandra.jmx=false | 17 | cassandra.jmx=false |
| 12 | 18 |