SettingsTransport.java

package org.apache.cassandra.stress.settings;
/*
 * 
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 * 
 *   http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 * 
 */


import java.io.Serializable;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.apache.cassandra.config.EncryptionOptions;
import org.apache.cassandra.thrift.ITransportFactory;
import org.apache.cassandra.thrift.SSLTransportFactory;
import org.apache.cassandra.thrift.TFramedTransportFactory;

public class SettingsTransport implements Serializable
{

    private final String fqFactoryClass;
    private final TOptions options;
    private ITransportFactory factory;

    public SettingsTransport(TOptions options)
    {
        this.options = options;
        this.fqFactoryClass = options.factory.value();
        try
        {
            Class<?> clazz = Class.forName(fqFactoryClass);
            if (!ITransportFactory.class.isAssignableFrom(clazz))
                throw new IllegalArgumentException(clazz + " is not a valid transport factory");
            // check we can instantiate it
            clazz.newInstance();
        }
        catch (Exception e)
        {
            throw new IllegalArgumentException("Invalid transport factory class: " + options.factory.value(), e);
        }
    }

    private void configureTransportFactory(ITransportFactory transportFactory, TOptions options)
    {
        Map<String, String> factoryOptions = new HashMap<>();
        // If the supplied factory supports the same set of options as our SSL impl, set those
        if (transportFactory.supportedOptions().contains(SSLTransportFactory.TRUSTSTORE))
            factoryOptions.put(SSLTransportFactory.TRUSTSTORE, options.trustStore.value());
        if (transportFactory.supportedOptions().contains(SSLTransportFactory.TRUSTSTORE_PASSWORD))
            factoryOptions.put(SSLTransportFactory.TRUSTSTORE_PASSWORD, options.trustStorePw.value());
        if (transportFactory.supportedOptions().contains(SSLTransportFactory.KEYSTORE))
            factoryOptions.put(SSLTransportFactory.KEYSTORE, options.keyStore.value());
        if (transportFactory.supportedOptions().contains(SSLTransportFactory.KEYSTORE_PASSWORD))
            factoryOptions.put(SSLTransportFactory.KEYSTORE_PASSWORD, options.keyStorePw.value());
        if (transportFactory.supportedOptions().contains(SSLTransportFactory.PROTOCOL))
            factoryOptions.put(SSLTransportFactory.PROTOCOL, options.protocol.value());
        if (transportFactory.supportedOptions().contains(SSLTransportFactory.CIPHER_SUITES))
            factoryOptions.put(SSLTransportFactory.CIPHER_SUITES, options.ciphers.value());
        // Now check if any of the factory's supported options are set as system properties
        for (String optionKey : transportFactory.supportedOptions())
            if (System.getProperty(optionKey) != null)
                factoryOptions.put(optionKey, System.getProperty(optionKey));

        transportFactory.setOptions(factoryOptions);
    }

    public synchronized ITransportFactory getFactory()
    {
        if (factory == null)
        {
            try
            {
                this.factory = (ITransportFactory) Class.forName(fqFactoryClass).newInstance();
                configureTransportFactory(this.factory, this.options);
            }
            catch (Exception e)
            {
                throw new RuntimeException(e);
            }
        }
        return factory;
    }

    public EncryptionOptions.ClientEncryptionOptions getEncryptionOptions()
    {
        EncryptionOptions.ClientEncryptionOptions encOptions = new EncryptionOptions.ClientEncryptionOptions();
        if (options.trustStore.present())
        {
            encOptions.enabled = true;
            encOptions.truststore = options.trustStore.value();
            encOptions.truststore_password = options.trustStorePw.value();
            if (options.keyStore.present())
            {
                encOptions.keystore = options.keyStore.value();
                encOptions.keystore_password = options.keyStorePw.value();
            }
            else
            {
                // mandatory for SSLFactory.createSSLContext(), see CASSANDRA-9325
                encOptions.keystore = encOptions.truststore;
            }
            encOptions.algorithm = options.alg.value();
            encOptions.protocol = options.protocol.value();
            encOptions.cipher_suites = options.ciphers.value().split(",");
        }
        return encOptions;
    }

    // Option Declarations

    static class TOptions extends GroupedOptions implements Serializable
    {
        final OptionSimple factory = new OptionSimple("factory=", ".*", TFramedTransportFactory.class.getName(), "Fully-qualified ITransportFactory class name for creating a connection. Note: For Thrift over SSL, use org.apache.cassandra.thrift.SSLTransportFactory.", false);
        final OptionSimple trustStore = new OptionSimple("truststore=", ".*", null, "SSL: full path to truststore", false);
        final OptionSimple trustStorePw = new OptionSimple("truststore-password=", ".*", null, "SSL: truststore password", false);
        final OptionSimple keyStore = new OptionSimple("keystore=", ".*", null, "SSL: full path to keystore", false);
        final OptionSimple keyStorePw = new OptionSimple("keystore-password=", ".*", null, "SSL: keystore password", false);
        final OptionSimple protocol = new OptionSimple("ssl-protocol=", ".*", "TLS", "SSL: connection protocol to use", false);
        final OptionSimple alg = new OptionSimple("ssl-alg=", ".*", "SunX509", "SSL: algorithm", false);
        final OptionSimple storeType = new OptionSimple("store-type=", ".*", "JKS", "SSL: keystore format", false);
        final OptionSimple ciphers = new OptionSimple("ssl-ciphers=", ".*", "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA", "SSL: comma delimited list of encryption suites to use", false);

        @Override
        public List<? extends Option> options()
        {
            return Arrays.asList(factory, trustStore, trustStorePw, keyStore, keyStorePw, protocol, alg, storeType, ciphers);
        }
    }

    // CLI Utility Methods

    public static SettingsTransport get(Map<String, String[]> clArgs)
    {
        String[] params = clArgs.remove("-transport");
        if (params == null)
            return new SettingsTransport(new TOptions());

        GroupedOptions options = GroupedOptions.select(params, new TOptions());
        if (options == null)
        {
            printHelp();
            System.out.println("Invalid -transport options provided, see output for valid options");
            System.exit(1);
        }
        return new SettingsTransport((TOptions) options);
    }

    public static void printHelp()
    {
        GroupedOptions.printOptions(System.out, "-transport", new TOptions());
    }

    public static Runnable helpPrinter()
    {
        return new Runnable()
        {
            @Override
            public void run()
            {
                printHelp();
            }
        };
    }

}