Author: xedin Date: Mon Dec 5 20:28:37 2011 New Revision: 1210611 URL: http://svn.apache.org/viewvc?rev=1210611&view=rev Log: merge from 1.0
Modified: cassandra/trunk/ (props changed) cassandra/trunk/CHANGES.txt cassandra/trunk/bin/cqlsh cassandra/trunk/conf/cassandra.yaml cassandra/trunk/contrib/ (props changed) cassandra/trunk/interface/thrift/gen-java/org/apache/cassandra/thrift/Cassandra.java (props changed) cassandra/trunk/interface/thrift/gen-java/org/apache/cassandra/thrift/Column.java (props changed) cassandra/trunk/interface/thrift/gen-java/org/apache/cassandra/thrift/InvalidRequestException.java (props changed) cassandra/trunk/interface/thrift/gen-java/org/apache/cassandra/thrift/NotFoundException.java (props changed) cassandra/trunk/interface/thrift/gen-java/org/apache/cassandra/thrift/SuperColumn.java (props changed) cassandra/trunk/src/java/org/apache/cassandra/config/EncryptionOptions.java cassandra/trunk/src/java/org/apache/cassandra/security/SSLFactory.java Propchange: cassandra/trunk/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Dec 5 20:28:37 2011 @@ -4,7 +4,7 @@ /cassandra/branches/cassandra-0.8:1090934-1125013,1125019-1198724,1198726-1205453,1206184,1206235,1206257,1207262 /cassandra/branches/cassandra-0.8.0:1125021-1130369 /cassandra/branches/cassandra-0.8.1:1101014-1125018 -/cassandra/branches/cassandra-1.0:1167085-1206088,1206095,1206099,1206108,1206131,1207427,1207432,1207436,1207810,1207969,1208000,1209390,1209397,1209399 +/cassandra/branches/cassandra-1.0:1167085-1207969,1208000,1209390,1209397,1209399 /cassandra/branches/cassandra-1.0.0:1167104-1167229,1167232-1181093,1181741,1181816,1181820,1182951,1183243 /cassandra/tags/cassandra-0.7.0-rc3:1051699-1053689 /cassandra/tags/cassandra-0.8.0-rc1:1102511-1125020 Modified: cassandra/trunk/CHANGES.txt URL: http://svn.apache.org/viewvc/cassandra/trunk/CHANGES.txt?rev=1210611&r1=1210610&r2=1210611&view=diff ============================================================================== --- cassandra/trunk/CHANGES.txt (original) +++ cassandra/trunk/CHANGES.txt Mon Dec 5 20:28:37 2011 @@ -44,7 +44,6 @@ Merged from 0.8: * add command to stop compactions (CASSANDRA-1740) * fix assertion error when forwarding to local nodes (CASSANDRA-3539) - 1.0.4 * fix self-hinting of timed out read repair updates and make hinted handoff less prone to OOMing a coordinator (CASSANDRA-3440) Modified: cassandra/trunk/bin/cqlsh URL: http://svn.apache.org/viewvc/cassandra/trunk/bin/cqlsh?rev=1210611&r1=1210610&r2=1210611&view=diff ============================================================================== --- cassandra/trunk/bin/cqlsh (original) +++ cassandra/trunk/bin/cqlsh Mon Dec 5 20:28:37 2011 @@ -183,7 +183,9 @@ def complete_assume_col(ctxt, cqlsh): ks = cql_dequote(ks) if ks is not None else None cf = cql_dequote(ctxt.get_binding('cf')) cfdef = cqlsh.get_columnfamily(cf, ksname=ks) - return map(maybe_cql_escape, [cm.name for cm in cfdef.column_metadata]) + cols = [cm.name for cm in cfdef.column_metadata] + cols.append(cfdef.key_alias or 'KEY') + return map(maybe_cql_escape, cols) class NoKeyspaceError(Exception): pass @@ -466,8 +468,11 @@ class Shell(cmd.Cmd): HELP SELECT_LIMIT HELP CONSISTENCYLEVEL """ + ksname = parsed.get_binding('selectks') + if ksname is not None: + ksname = cql_dequote(ksname) cfname = cql_dequote(parsed.get_binding('selectsource')) - decoder = self.determine_decoder_for(cfname) + decoder = self.determine_decoder_for(cfname, ksname=ksname) self.perform_statement_as_tokens(parsed.matched, decoder=decoder) def perform_statement_as_tokens(self, tokens, decoder=None): @@ -501,8 +506,10 @@ class Shell(cmd.Cmd): self.print_result() return True - def determine_decoder_for(self, cfname): - schema = self.schema_overrides.get((self.current_keyspace, cfname), None) + def determine_decoder_for(self, cfname, ksname=None): + if ksname is None: + ksname = self.current_keyspace + schema = self.schema_overrides.get((ksname, cfname), None) if schema: def use_my_schema_decoder(real_schema): return cql.decoders.SchemaDecoder(schema.join(real_schema)) Modified: cassandra/trunk/conf/cassandra.yaml URL: http://svn.apache.org/viewvc/cassandra/trunk/conf/cassandra.yaml?rev=1210611&r1=1210610&r2=1210611&view=diff ============================================================================== --- cassandra/trunk/conf/cassandra.yaml (original) +++ cassandra/trunk/conf/cassandra.yaml Mon Dec 5 20:28:37 2011 @@ -415,9 +415,15 @@ index_interval: 128 # The passwords used in these options must match the passwords used when generating # the keystore and truststore. For instructions on generating these files, see: # http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore +# encryption_options: internode_encryption: none keystore: conf/.keystore keystore_password: cassandra truststore: conf/.truststore truststore_password: cassandra + # More advanced defaults below: + # protocol: TLS + # algorithm: SunX509 + # store_type: JKS + # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA] Propchange: cassandra/trunk/contrib/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Dec 5 20:28:37 2011 @@ -4,7 +4,7 @@ /cassandra/branches/cassandra-0.8/contrib:1090934-1125013,1125019-1198724,1198726-1205453,1206184,1206235,1206257,1207262 /cassandra/branches/cassandra-0.8.0/contrib:1125021-1130369 /cassandra/branches/cassandra-0.8.1/contrib:1101014-1125018 -/cassandra/branches/cassandra-1.0/contrib:1167085-1206088,1206095,1206099,1206108,1206131,1207427,1207432,1207436,1207810,1207969,1208000,1209390,1209397,1209399 +/cassandra/branches/cassandra-1.0/contrib:1167085-1207969,1208000,1209390,1209397,1209399 /cassandra/branches/cassandra-1.0.0/contrib:1167104-1167229,1167232-1181093,1181741,1181816,1181820,1182951,1183243 /cassandra/tags/cassandra-0.7.0-rc3/contrib:1051699-1053689 /cassandra/tags/cassandra-0.8.0-rc1/contrib:1102511-1125020 Propchange: cassandra/trunk/interface/thrift/gen-java/org/apache/cassandra/thrift/Cassandra.java ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Dec 5 20:28:37 2011 @@ -4,7 +4,7 @@ /cassandra/branches/cassandra-0.8/interface/thrift/gen-java/org/apache/cassandra/thrift/Cassandra.java:1090934-1125013,1125019-1198724,1198726-1205453,1206184,1206235,1206257,1207262 /cassandra/branches/cassandra-0.8.0/interface/thrift/gen-java/org/apache/cassandra/thrift/Cassandra.java:1125021-1130369 /cassandra/branches/cassandra-0.8.1/interface/thrift/gen-java/org/apache/cassandra/thrift/Cassandra.java:1101014-1125018 -/cassandra/branches/cassandra-1.0/interface/thrift/gen-java/org/apache/cassandra/thrift/Cassandra.java:1167085-1206088,1206095,1206099,1206108,1206131,1207427,1207432,1207436,1207810,1207969,1208000,1209390,1209397,1209399 +/cassandra/branches/cassandra-1.0/interface/thrift/gen-java/org/apache/cassandra/thrift/Cassandra.java:1167085-1207969,1208000,1209390,1209397,1209399 /cassandra/branches/cassandra-1.0.0/interface/thrift/gen-java/org/apache/cassandra/thrift/Cassandra.java:1167104-1167229,1167232-1181093,1181741,1181816,1181820,1182951,1183243 /cassandra/tags/cassandra-0.7.0-rc3/interface/thrift/gen-java/org/apache/cassandra/thrift/Cassandra.java:1051699-1053689 /cassandra/tags/cassandra-0.8.0-rc1/interface/thrift/gen-java/org/apache/cassandra/thrift/Cassandra.java:1102511-1125020 Propchange: cassandra/trunk/interface/thrift/gen-java/org/apache/cassandra/thrift/Column.java ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Dec 5 20:28:37 2011 @@ -4,7 +4,7 @@ /cassandra/branches/cassandra-0.8/interface/thrift/gen-java/org/apache/cassandra/thrift/Column.java:1090934-1125013,1125019-1198724,1198726-1205453,1206184,1206235,1206257,1207262 /cassandra/branches/cassandra-0.8.0/interface/thrift/gen-java/org/apache/cassandra/thrift/Column.java:1125021-1130369 /cassandra/branches/cassandra-0.8.1/interface/thrift/gen-java/org/apache/cassandra/thrift/Column.java:1101014-1125018 -/cassandra/branches/cassandra-1.0/interface/thrift/gen-java/org/apache/cassandra/thrift/Column.java:1167085-1206088,1206095,1206099,1206108,1206131,1207427,1207432,1207436,1207810,1207969,1208000,1209390,1209397,1209399 +/cassandra/branches/cassandra-1.0/interface/thrift/gen-java/org/apache/cassandra/thrift/Column.java:1167085-1207969,1208000,1209390,1209397,1209399 /cassandra/branches/cassandra-1.0.0/interface/thrift/gen-java/org/apache/cassandra/thrift/Column.java:1167104-1167229,1167232-1181093,1181741,1181816,1181820,1182951,1183243 /cassandra/tags/cassandra-0.7.0-rc3/interface/thrift/gen-java/org/apache/cassandra/thrift/Column.java:1051699-1053689 /cassandra/tags/cassandra-0.8.0-rc1/interface/thrift/gen-java/org/apache/cassandra/thrift/Column.java:1102511-1125020 Propchange: cassandra/trunk/interface/thrift/gen-java/org/apache/cassandra/thrift/InvalidRequestException.java ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Dec 5 20:28:37 2011 @@ -4,7 +4,7 @@ /cassandra/branches/cassandra-0.8/interface/thrift/gen-java/org/apache/cassandra/thrift/InvalidRequestException.java:1090934-1125013,1125019-1198724,1198726-1205453,1206184,1206235,1206257,1207262 /cassandra/branches/cassandra-0.8.0/interface/thrift/gen-java/org/apache/cassandra/thrift/InvalidRequestException.java:1125021-1130369 /cassandra/branches/cassandra-0.8.1/interface/thrift/gen-java/org/apache/cassandra/thrift/InvalidRequestException.java:1101014-1125018 -/cassandra/branches/cassandra-1.0/interface/thrift/gen-java/org/apache/cassandra/thrift/InvalidRequestException.java:1167085-1206088,1206095,1206099,1206108,1206131,1207427,1207432,1207436,1207810,1207969,1208000,1209390,1209397,1209399 +/cassandra/branches/cassandra-1.0/interface/thrift/gen-java/org/apache/cassandra/thrift/InvalidRequestException.java:1167085-1207969,1208000,1209390,1209397,1209399 /cassandra/branches/cassandra-1.0.0/interface/thrift/gen-java/org/apache/cassandra/thrift/InvalidRequestException.java:1167104-1167229,1167232-1181093,1181741,1181816,1181820,1182951,1183243 /cassandra/tags/cassandra-0.7.0-rc3/interface/thrift/gen-java/org/apache/cassandra/thrift/InvalidRequestException.java:1051699-1053689 /cassandra/tags/cassandra-0.8.0-rc1/interface/thrift/gen-java/org/apache/cassandra/thrift/InvalidRequestException.java:1102511-1125020 Propchange: cassandra/trunk/interface/thrift/gen-java/org/apache/cassandra/thrift/NotFoundException.java ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Dec 5 20:28:37 2011 @@ -4,7 +4,7 @@ /cassandra/branches/cassandra-0.8/interface/thrift/gen-java/org/apache/cassandra/thrift/NotFoundException.java:1090934-1125013,1125019-1198724,1198726-1205453,1206184,1206235,1206257,1207262 /cassandra/branches/cassandra-0.8.0/interface/thrift/gen-java/org/apache/cassandra/thrift/NotFoundException.java:1125021-1130369 /cassandra/branches/cassandra-0.8.1/interface/thrift/gen-java/org/apache/cassandra/thrift/NotFoundException.java:1101014-1125018 -/cassandra/branches/cassandra-1.0/interface/thrift/gen-java/org/apache/cassandra/thrift/NotFoundException.java:1167085-1206088,1206095,1206099,1206108,1206131,1207427,1207432,1207436,1207810,1207969,1208000,1209390,1209397,1209399 +/cassandra/branches/cassandra-1.0/interface/thrift/gen-java/org/apache/cassandra/thrift/NotFoundException.java:1167085-1207969,1208000,1209390,1209397,1209399 /cassandra/branches/cassandra-1.0.0/interface/thrift/gen-java/org/apache/cassandra/thrift/NotFoundException.java:1167104-1167229,1167232-1181093,1181741,1181816,1181820,1182951,1183243 /cassandra/tags/cassandra-0.7.0-rc3/interface/thrift/gen-java/org/apache/cassandra/thrift/NotFoundException.java:1051699-1053689 /cassandra/tags/cassandra-0.8.0-rc1/interface/thrift/gen-java/org/apache/cassandra/thrift/NotFoundException.java:1102511-1125020 Propchange: cassandra/trunk/interface/thrift/gen-java/org/apache/cassandra/thrift/SuperColumn.java ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Dec 5 20:28:37 2011 @@ -4,7 +4,7 @@ /cassandra/branches/cassandra-0.8/interface/thrift/gen-java/org/apache/cassandra/thrift/SuperColumn.java:1090934-1125013,1125019-1198724,1198726-1205453,1206184,1206235,1206257,1207262 /cassandra/branches/cassandra-0.8.0/interface/thrift/gen-java/org/apache/cassandra/thrift/SuperColumn.java:1125021-1130369 /cassandra/branches/cassandra-0.8.1/interface/thrift/gen-java/org/apache/cassandra/thrift/SuperColumn.java:1101014-1125018 -/cassandra/branches/cassandra-1.0/interface/thrift/gen-java/org/apache/cassandra/thrift/SuperColumn.java:1167085-1206088,1206095,1206099,1206108,1206131,1207427,1207432,1207436,1207810,1207969,1208000,1209390,1209397,1209399 +/cassandra/branches/cassandra-1.0/interface/thrift/gen-java/org/apache/cassandra/thrift/SuperColumn.java:1167085-1207969,1208000,1209390,1209397,1209399 /cassandra/branches/cassandra-1.0.0/interface/thrift/gen-java/org/apache/cassandra/thrift/SuperColumn.java:1167104-1167229,1167232-1181093,1181741,1181816,1181820,1182951,1183243 /cassandra/tags/cassandra-0.7.0-rc3/interface/thrift/gen-java/org/apache/cassandra/thrift/SuperColumn.java:1051699-1053689 /cassandra/tags/cassandra-0.8.0-rc1/interface/thrift/gen-java/org/apache/cassandra/thrift/SuperColumn.java:1102511-1125020 Modified: cassandra/trunk/src/java/org/apache/cassandra/config/EncryptionOptions.java URL: http://svn.apache.org/viewvc/cassandra/trunk/src/java/org/apache/cassandra/config/EncryptionOptions.java?rev=1210611&r1=1210610&r2=1210611&view=diff ============================================================================== --- cassandra/trunk/src/java/org/apache/cassandra/config/EncryptionOptions.java (original) +++ cassandra/trunk/src/java/org/apache/cassandra/config/EncryptionOptions.java Mon Dec 5 20:28:37 2011 @@ -28,7 +28,11 @@ public class EncryptionOptions public String keystore_password = "cassandra"; public String truststore = "conf/.truststore"; public String truststore_password = "cassandra"; - public String[] cipherSuites = {"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"}; + public String[] cipher_suites = {"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"}; + public String protocol = "TLS"; + public String algorithm = "SunX509"; + public String store_type = "JKS"; + public static enum InternodeEncryption { Modified: cassandra/trunk/src/java/org/apache/cassandra/security/SSLFactory.java URL: http://svn.apache.org/viewvc/cassandra/trunk/src/java/org/apache/cassandra/security/SSLFactory.java?rev=1210611&r1=1210610&r2=1210611&view=diff ============================================================================== --- cassandra/trunk/src/java/org/apache/cassandra/security/SSLFactory.java (original) +++ cassandra/trunk/src/java/org/apache/cassandra/security/SSLFactory.java Mon Dec 5 20:28:37 2011 @@ -26,6 +26,7 @@ import java.io.IOException; import java.net.InetAddress; import java.net.InetSocketAddress; import java.security.KeyStore; +import java.util.Set; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; @@ -35,6 +36,11 @@ import javax.net.ssl.TrustManagerFactory import org.apache.cassandra.config.EncryptionOptions; import org.apache.cassandra.io.util.FileUtils; +import org.apache.commons.lang.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.collect.Sets; /** * A Factory for providing and setting up Client and Server SSL wrapped @@ -42,16 +48,15 @@ import org.apache.cassandra.io.util.File */ public final class SSLFactory { - private static final String PROTOCOL = "TLS"; - private static final String ALGORITHM = "SunX509"; - private static final String STORE_TYPE = "JKS"; + private static final Logger logger_ = LoggerFactory.getLogger(SSLFactory.class); public static SSLServerSocket getServerSocket(EncryptionOptions options, InetAddress address, int port) throws IOException { SSLContext ctx = createSSLContext(options); SSLServerSocket serverSocket = (SSLServerSocket)ctx.getServerSocketFactory().createServerSocket(); serverSocket.setReuseAddress(true); - serverSocket.setEnabledCipherSuites(options.cipherSuites); + String[] suits = filterCipherSuites(serverSocket.getSupportedCipherSuites(), options.cipher_suites); + serverSocket.setEnabledCipherSuites(suits); serverSocket.bind(new InetSocketAddress(address, port), 100); return serverSocket; } @@ -61,7 +66,8 @@ public final class SSLFactory { SSLContext ctx = createSSLContext(options); SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket(address, port, localAddress, localPort); - socket.setEnabledCipherSuites(options.cipherSuites); + String[] suits = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites); + socket.setEnabledCipherSuites(suits); return socket; } @@ -70,7 +76,8 @@ public final class SSLFactory { SSLContext ctx = createSSLContext(options); SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket(); - socket.setEnabledCipherSuites(options.cipherSuites); + String[] suits = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites); + socket.setEnabledCipherSuites(suits); return socket; } @@ -81,17 +88,17 @@ public final class SSLFactory SSLContext ctx; try { - ctx = SSLContext.getInstance(PROTOCOL); + ctx = SSLContext.getInstance(options.protocol); TrustManagerFactory tmf; KeyManagerFactory kmf; - tmf = TrustManagerFactory.getInstance(ALGORITHM); - KeyStore ts = KeyStore.getInstance(STORE_TYPE); + tmf = TrustManagerFactory.getInstance(options.algorithm); + KeyStore ts = KeyStore.getInstance(options.store_type); ts.load(tsf, options.truststore_password.toCharArray()); tmf.init(ts); - kmf = KeyManagerFactory.getInstance(ALGORITHM); - KeyStore ks = KeyStore.getInstance(STORE_TYPE); + kmf = KeyManagerFactory.getInstance(options.algorithm); + KeyStore ks = KeyStore.getInstance(options.store_type); ks.load(ksf, options.keystore_password.toCharArray()); kmf.init(ks, options.keystore_password.toCharArray()); @@ -109,4 +116,13 @@ public final class SSLFactory } return ctx; } + + private static String[] filterCipherSuites(String[] supported, String[] desired) + { + Set<String> des = Sets.newHashSet(desired); + Set<String> return_ = Sets.intersection(Sets.newHashSet(supported), des); + if (des.size() > return_.size()) + logger_.warn("Filtering out {} as it isnt supported by the socket", StringUtils.join(Sets.difference(des, return_), ",")); + return return_.toArray(new String[return_.size()]); + } }