Uploaded image for project: 'Apache Cassandra'
  1. Apache Cassandra
  2. CASSANDRA-16666

Make SSLContext creation pluggable/extensible

    XMLWordPrintableJSON

Details

    Description

      Currently Cassandra creates the SSLContext via SSLFactory.java. SSLFactory is a final class with static methods and not overridable. The SSLFactory loads the keys and certs from the file based artifacts for the same. While this works for many, in the industry where security is stricter and contextual, this approach falls short. Many big organizations need flexibility to load the SSL artifacts from a custom resource (like custom Key Management Solution, HashiCorp Vault, Amazon KMS etc). While JSSE SecurityProvider architecture allows us flexibility to build our custom mechanisms to validate and process security artifacts, many times all we need is to build upon Java's existing extensibility that Trust/Key Manager interfaces provide to load keystores from various resources in the absence of any customized requirements on the Keys/Certificate formats.

      My proposal here is to make the SSLContext creation pluggable/extensible and have the current SSLFactory.java implement an extensible interface. 

      I contributed a similar change that is live now in Apache Kafka (2.6.0) - https://issues.apache.org/jira/browse/KAFKA-8890 

      I can spare some time writing the pluggable interface and run by the required reviewers.

       

      Created CEP-9: Make SSLContext creation pluggable 

       

      cc: dcapwell djoshi

      Attachments

        1. Screenshot from 2021-09-28 10-56-24.png
          638 kB
          Stefan Miklosovic

        Issue Links

          Activity

            People

              maulin.vasavada Maulin Vasavada
              maulin.vasavada Maulin Vasavada
              Maulin Vasavada
              Berenguer Blasi, Jon Meredith, Stefan Miklosovic
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: