osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cassandra Client Program not Working with NettySSLOptions


Is the server configured to use encryption?

On Tue, Jun 19, 2018 at 3:59 AM Jahar Tyagi <jahartyagi@xxxxxxxxx> wrote:
Hi,

I referred to this link https://docs.datastax.com/en/developer/java-driver/3.0/manual/ssl/   to implement a simple Cassandra client using datastax driver 3.0.0 on SSL with OpenSSL options but unable to run it. 

Getting generic exception as " com.datastax.driver.core.exceptions.NoHostAvailableException" at line
mySession = myCluster.connect();  

Code snippet to setup cluster connection is below.

    public void connectToCluster()
    {
        String[] theCassandraHosts = {"myip"};
        myCluster =
                Cluster.builder().withSSL(getSSLOption()).withReconnectionPolicy(new ConstantReconnectionPolicy(2000)).addContactPoints(theCassandraHosts).withPort(10742)
                        .withCredentials("username", "password").withLoadBalancingPolicy(DCAwareRoundRobinPolicy.builder().build())
                        .withSocketOptions(new SocketOptions().setConnectTimeoutMillis(800).setKeepAlive(true)).build();
        try {
        mySession = myCluster.connect();
        }
        catch(Exception e) {
            e.printStackTrace();
        }
        System.out.println("Session Established");
    }


 private SSLOptions getSSLOption()
    {
        InputStream trustStore = null;
        try
        {
            String theTrustStorePath = "/var/opt/SecureInterface/myTrustStore.jks";
            String theTrustStorePassword = "mypassword";
            List<String> theCipherSuites = new ArrayList<String>();
            theCipherSuites.add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
            KeyStore ks = KeyStore.getInstance("JKS");
            trustStore = new FileInputStream(theTrustStorePath);

            ks.load(trustStore, theTrustStorePassword.toCharArray());
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            tmf.init(ks);
            SslContextBuilder builder =
                    SslContextBuilder.forClient()
                            .sslProvider(SslProvider.OPENSSL)
                            .trustManager(tmf)
                            .ciphers(theCipherSuites)
                            // only if you use client authentication
                            .keyManager(new File("/var/opt/SecureInterface/keystore/Cass.crt"),
                                    new File("/var/opt/vs/SecureInterface/keystore/Cass_enc.key"));
            SSLOptions sslOptions = new NettySSLOptions(builder.build());
            return sslOptions;
        }
        catch (Exception e)
        {
            e.printStackTrace();
        }
        finally
        {
            try
            {
                trustStore.close();
            }
            catch (IOException e)
            {
                e.printStackTrace();
            }
        }
        return null;
    }

Cassandra server is running fine with client and server encryption options. Moreover  I am able to run my client using JdkSSLOptions but have problem with NettySSLOptions.

Has anyone implemented the  NettySSLOptions for Cassandra client application?


Regards,
Jahar Tyagi
--
Jon Haddad
http://www.rustyrazorblade.com
twitter: rustyrazorblade