Support Policy      Security Notices
  1. DataStax Support
  2. DataStax Enterprise
  3. Analytics

SSL with scala

Follow

Issue

Customer was trying to connect using scala, but was complaining of kerberos issues. He initially provided the following error:

scala> val session=cluster.connect 
com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s) tried for query failed (tried: sqaz002udw11.russellreynolds.com/172.27.2.73:9042 (com.datastax.driver.core.exceptions.TransportException: [sqaz002udw11.russellreynolds.com/172.27.2.73:9042] Connection has been closed)) 
at com.datastax.driver.core.ControlConnection.reconnectInternal(ControlConnection.java:237) 
at com.datastax.driver.core.ControlConnection.connect(ControlConnection.java:84) 
at com.datastax.driver.core.Cluster$Manager.negotiateProtocolVersionAndConnect(Cluster.java:1622) 
at com.datastax.driver.core.Cluster$Manager.init(Cluster.java:1540) 
at com.datastax.driver.core.Cluster.init(Cluster.java:151) 
at com.datastax.driver.core.Cluster.connectAsync(Cluster.java:333) 
at com.datastax.driver.core.Cluster.connectAsync(Cluster.java:308) 
at com.datastax.driver.core.Cluster.connect(Cluster.java:250) 
... 61 elided

Since the error is NoHostAvailableException, it's probably not kerberos related.

 

Solution

Instead, we found the customer was using ssl for client_encryption_options, so we had to get scala working with ssl, and here's the final code base: 

import io.netty.handler.ssl.SslContextBuilder
import javax.net.ssl.TrustManagerFactory
import java.security.KeyStore
import com.datastax.driver.core.RemoteEndpointAwareJdkSSLOptions

val ks = KeyStore.getInstance("JKS")
val trustStore = new java.io.FileInputStream("/path/to/truststore.jks")
ks.load(trustStore, "XXXXXXXX".toCharArray())

val tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
tmf.init(ks)

val sslContext = javax.net.ssl.SSLContext.getInstance("TLS")
sslContext.init(null,tmf.getTrustManagers,null)

val sslOptions = RemoteEndpointAwareJdkSSLOptions.builder().withSSLContext(sslContext).build()
 

import javax.security.auth.login.LoginContext
val lc = new LoginContext("DseClient")
lc.login

val subject = lc.getSubject
val hostAndPort = Seq("localhost","9042")

import com.datastax.driver.core.Cluster
import com.datastax.driver.dse.auth._

val cluster = Cluster.builder
.addContactPointsWithPorts(

new java.net.InetSocketAddress(
hostAndPort(0),hostAndPort(1).toInt))
.withAuthProvider(DseGSSAPIAuthProvider.builder().withSubject(subject).build())
.withSSL(sslOptions)
.build

val session = cluster.connect

val rs = session.execute("DROP TABLE IF EXISTS datascience.persons")

session.close

The key was moving away from RemoteEndpointAwareNettySSLOptions and toward RemoteEndpointAwareJdkSSLOptions. If using Netty, it seems there's a lot of dependencies that are required.

Steve Lacerda
Created: 2019-08-20 19:11:29 UTC
Last Update: 2019-08-20 19:16:01 UTC

Related articles

Comments

0 comments

Please sign in to leave a comment.