通过DataStax Cassandra JAVA驱动程序通过SSL连接Cassandra。

huangapple go评论89阅读模式
英文:

connecting cassandra through ssl with datastax cassandra JAVA driver

问题

I am using datastax cassandra version 3.6.0 and trying to connect to cassandra with ssl.
I have a ca cert already stored in dir "/etc/ssl/certs/cassandra.crt".

I have a cassandra cluster creation in JAVA as:

    cluster = Cluster.builder().addContactPoints(hostArray).withPort(Integer.parseInt(port)).withCredentials(username, password).build();

I do see a with `withSSL(SSLOptions)` in a builder,
How can I create a SSLOPtions in java with the above cert file such that I can use it to create a cluster?

In PYTHON I have

    ssl_opts = {"ca_certs": "/etc/ssl/certs/cassandra.crt"}
    auth_provider = PlainTextAuthProvider(username, password)
    cluster = Cluster(
        cluster_ips,
        auth_provider=auth_provider,
        port=20102,
        ssl_options=ssl_opts,
        load_balancing_policy=DCAwareRoundRobinPolicy()
    )

How do I do the same with the crt file to create cluster in java?
英文:

I am using datastax cassandra version 3.6.0 and trying to connect to cassandra with ssl.
I have a ca cert already stored in dir "/etc/ssl/certs/cassandra.crt".

I have a cassandra cluster creation in JAVA as:

cluster = Cluster.builder().addContactPoints(hostArray).withPort(Integer.parseInt(port)).withCredentials(username, password).build();

I do see a with withSSL(SSLOptions) in a builder,
How can I create a SSLOPtions in java with the above cert file such that I can use it to create a cluster?

In PYTHON I have

        ssl_opts = {"ca_certs": "/etc/ssl/certs/cassandra.crt"}
        auth_provider = PlainTextAuthProvider( username , password )
        cluster = Cluster(
            cluster_ips,
            auth_provider=auth_provider,
            port=20102,
            ssl_options=ssl_opts,
            load_balancing_policy=DCAwareRoundRobinPolicy()
        )

How do I do the same with the crt file to create cluster in java?

答案1

得分: 1

你需要首先创建SSLContext。有关创建SSLContext的示例,请参阅此处的示例SSLContext示例。一旦你有了SSLContext对象,你可以按如下方式获取SSLOptions:

JdkSSLOptions sslOptions = JdkSSLOptions.builder().withSSLContext(context).withCipherSuites(theCipherSuites).build();

然后你可以将这个sslOptions传递给withSSL方法中:

cluster = Cluster.builder().addContactPoints(hostArray).withPort(Integer.parseInt(port)).withCredentials(username, password).withSSL(sslOptions).build();
英文:

You need to create SSLContext first. For creating SSLContext you can refer example here SSLContext Example. Once you have SSLConext object, you can get SSLOptions as below

 JdkSSLOptions sslOptions = JdkSSLOptions.builder().withSSLContext(context).withCipherSuites(theCipherSuites).build();

Then you can pass this sslOptions in withSSL method as

cluster = Cluster.builder().addContactPoints(hostArray).withPort(Integer.parseInt(port)).withCredentials(username, password).withSSL(sslOptions).build();

答案2

得分: 0

在Java驱动程序v3.6中,您使用RemoteEndpointAwareSSLOptions类配置SSL,该类使用JSSE系统属性(由-Djavax.net.ssl.*指定)。

如果系统属性不足以满足您的需求,可以使用RemoteEndpointAwareJdkSSLOptions类以编程方式配置SSL。

有关详细信息,请参阅Java驱动程序3.6 SSL页面。

另外,需要注意的是,驱动程序的v3.6版本于2018年8月发布,因此非常旧。如果您正在开发新应用程序,建议您使用驱动程序的最新版本。如果在旧版本中遇到问题,您仍需要升级以获取修复。祝好!

英文:

In Java driver v3.6, you configure SSL with the RemoteEndpointAwareSSLOptions class which uses the JSSE system properties (specified by -Djavax.net.ssl.*).

If you need more than what the system properties allow, configure SSL programatically with the RemoteEndpointAwareJdkSSLOptions class.

For details, see the Java driver 3.6 SSL page.

On a side note, v3.6 of the driver was released in August 2018 so it's very old. If you're developing a new app, we recommend that you use the latest version of the driver. If you run into issues with the older version, you will need to upgrade anyway to get the fixes. Cheers!

huangapple
  • 本文由 发表于 2020年10月27日 22:39:43
  • 转载请务必保留本文链接:https://go.coder-hub.com/64556775.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定