diff --git a/README.md b/README.md index 10f71ea..86cf81b 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,8 @@ Before make test: This is to prevent accidentally dropping keyspaces that might in use. +For running tests with SSL configuration, use $params in config.inc for setting certificate path, private/public key etc. + # Create a debian package from the sources add "deb http://debian.datastax.com/community stable main" in your apt sources list diff --git a/cassandra_driver.cpp b/cassandra_driver.cpp index 78675df..5e9b384 100644 --- a/cassandra_driver.cpp +++ b/cassandra_driver.cpp @@ -272,6 +272,7 @@ static int pdo_cassandra_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSR H->has_description = 0; H->preserve_values = 0; + H->factory.reset(new PasswordCallbackTSSLSocketFactory); H->socket.reset(new TSocketPool); H->transport.reset(new TFramedTransport(H->socket)); H->protocol.reset(new TBinaryProtocol(H->transport)); @@ -280,6 +281,9 @@ static int pdo_cassandra_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSR /* set possible connection timeout */ long timeout = 0; + /* set SSL propeties */ + char *ssl_key = NULL, *ssl_key_passphrase = NULL, *ssl_cert = NULL, *ssl_cipher = NULL, *ssl_capath = NULL; + int ssl_validate = 0, ssl_verify_host = 1; if (driver_options) { timeout = pdo_attr_lval(driver_options, PDO_ATTR_TIMEOUT, timeout TSRMLS_CC); @@ -296,6 +300,47 @@ static int pdo_cassandra_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSR if (pdo_attr_lval(driver_options, static_cast (PDO_CASSANDRA_ATTR_PRESERVE_VALUES), 0 TSRMLS_CC)) { H->preserve_values = 1; } + + ssl_key = pdo_attr_strval(driver_options, static_cast (PDO_CASSANDRA_ATTR_SSL_KEY), NULL TSRMLS_CC); + ssl_key_passphrase = pdo_attr_strval(driver_options, static_cast (PDO_CASSANDRA_ATTR_SSL_KEY_PASSPHRASE), NULL TSRMLS_CC); + ssl_cert = pdo_attr_strval(driver_options, static_cast (PDO_CASSANDRA_ATTR_SSL_CERT), NULL TSRMLS_CC); + ssl_capath = pdo_attr_strval(driver_options, static_cast (PDO_CASSANDRA_ATTR_SSL_CAPATH), NULL TSRMLS_CC); + ssl_cipher = pdo_attr_strval(driver_options, static_cast (PDO_CASSANDRA_ATTR_SSL_CIPHER), NULL TSRMLS_CC); + ssl_validate = pdo_attr_lval(driver_options, static_cast (PDO_CASSANDRA_ATTR_SSL_VALIDATE), 0 TSRMLS_CC); + ssl_verify_host = pdo_attr_lval(driver_options, static_cast (PDO_CASSANDRA_ATTR_SSL_VERIFY_HOST), 1 TSRMLS_CC); + + if (ssl_key || ssl_cert || ssl_cipher || ssl_capath) { + H->ssl = 1; + + if (ssl_cert) { + H->factory->loadCertificate(ssl_cert); + } + + if (ssl_key) { + if (ssl_key_passphrase) { + H->factory->setPassword(ssl_key_passphrase); + H->factory->overrideDefaultPasswordCallback(); + } + H->factory->loadPrivateKey(ssl_key); + } + + if (ssl_capath) { + H->factory->loadTrustedCertificates(ssl_capath); + } + + if (ssl_validate) { + H->factory->authenticate(TRUE); + } + + if (ssl_cipher) { + H->factory->ciphers(ssl_cipher); + } + + if (!ssl_verify_host) { + boost::shared_ptr accessManager(new NoHostVerificationAccessManager); + H->factory->access(accessManager); + } + } } /* Break down the values */ @@ -311,6 +356,18 @@ static int pdo_cassandra_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSR } try { + H->socket->open(); + + if (H->ssl) { + /* Remeber at this point the socket is already open */ + H->sslSocket = H->factory->createSocket(H->socket->getSocketFD()); + H->sslSocket->setHost(H->socket->getHost()); + H->sslSocket->setPort(H->socket->getPort()); + H->transport.reset(new TFramedTransport(H->sslSocket)); + H->protocol.reset(new TBinaryProtocol(H->transport)); + H->client.reset(new CassandraClient(H->protocol)); + } + H->transport->open(); php_cassandra_handle_auth (dbh, H); @@ -338,6 +395,8 @@ static int pdo_cassandra_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSR pdo_cassandra_error_exception(dbh, PDO_CASSANDRA_AUTHORIZATION_ERROR, "%s", e.why.c_str()); } catch (SchemaDisagreementException &e) { pdo_cassandra_error_exception(dbh, PDO_CASSANDRA_SCHEMA_DISAGREEMENT, "%s", e.what()); + } catch (TSSLException &e) { + pdo_cassandra_error_exception(dbh, PDO_CASSANDRA_SSL_ERROR, "%s", e.what()); } catch (TTransportException &e) { pdo_cassandra_error_exception(dbh, PDO_CASSANDRA_TRANSPORT_ERROR, "%s", e.what()); } catch (TException &e) { @@ -484,6 +543,8 @@ static long pdo_cassandra_handle_execute(pdo_dbh_t *dbh, const char *sql, long s pdo_cassandra_error(dbh, PDO_CASSANDRA_AUTHORIZATION_ERROR, "%s", e.why.c_str()); } catch (SchemaDisagreementException &e) { pdo_cassandra_error(dbh, PDO_CASSANDRA_SCHEMA_DISAGREEMENT, "%s", e.what()); + } catch (TSSLException &e) { + pdo_cassandra_error(dbh, PDO_CASSANDRA_SSL_ERROR, "%s", e.what()); } catch (TTransportException &e) { pdo_cassandra_error(dbh, PDO_CASSANDRA_TRANSPORT_ERROR, "%s", e.what()); } catch (TException &e) { @@ -614,6 +675,9 @@ static int pdo_cassandra_handle_close(pdo_dbh_t *dbh TSRMLS_DC) pdo_cassandra_einfo *einfo = &H->einfo; H->transport->close(); + if (H->ssl) { + H->sslSocket.reset(); + } H->socket.reset(); H->transport.reset(); H->protocol.reset(); @@ -636,6 +700,11 @@ static int pdo_cassandra_handle_set_attribute(pdo_dbh_t *dbh, long attr, zval *v { pdo_cassandra_db_handle *H = static_cast (dbh->driver_data); pdo_cassandra_constant attribute = static_cast (attr); + boost::shared_ptr sock = H->socket; + + if (H->ssl) { + sock = H->sslSocket; + } switch (attribute) { @@ -668,30 +737,30 @@ static int pdo_cassandra_handle_set_attribute(pdo_dbh_t *dbh, long attr, zval *v convert_to_long(val); if (Z_LVAL_P(val) == 0) { - H->socket->setLinger(false, 0); + sock->setLinger(false, 0); } else { - H->socket->setLinger(true, Z_LVAL_P(val)); + sock->setLinger(true, Z_LVAL_P(val)); } break; case PDO_CASSANDRA_ATTR_NO_DELAY: convert_to_boolean(val); - H->socket->setNoDelay(Z_BVAL_P(val)); + sock->setNoDelay(Z_BVAL_P(val)); break; case PDO_CASSANDRA_ATTR_CONN_TIMEOUT: convert_to_long(val); - H->socket->setConnTimeout(Z_LVAL_P(val)); + sock->setConnTimeout(Z_LVAL_P(val)); break; case PDO_CASSANDRA_ATTR_RECV_TIMEOUT: convert_to_long(val); - H->socket->setRecvTimeout(Z_LVAL_P(val)); + sock->setRecvTimeout(Z_LVAL_P(val)); break; case PDO_CASSANDRA_ATTR_SEND_TIMEOUT: convert_to_long(val); - H->socket->setSendTimeout(Z_LVAL_P(val)); + sock->setSendTimeout(Z_LVAL_P(val)); break; case PDO_CASSANDRA_ATTR_COMPRESSION: @@ -820,6 +889,37 @@ pdo_driver_t pdo_cassandra_driver = { pdo_cassandra_handle_factory }; +/** + * Default implementation of AccessManager + */ +Decision NoHostVerificationAccessManager::verify(const sockaddr_storage& sa) +throw() { + (void) sa; + return SKIP; +} + +Decision NoHostVerificationAccessManager::verify(const std::string& host, + const char* name, + int size) throw() { + return ALLOW;; +} + +Decision NoHostVerificationAccessManager::verify(const sockaddr_storage& sa, + const char* data, + int size) throw() { + bool match = false; + if (sa.ss_family == AF_INET && size == sizeof(in_addr)) { + match = (memcmp(&((sockaddr_in*)&sa)->sin_addr, data, size) == 0); + } else if (sa.ss_family == AF_INET6 && size == sizeof(in6_addr)) { + match = (memcmp(&((sockaddr_in6*)&sa)->sin6_addr, data, size) == 0); + } + return (match ? ALLOW : SKIP); +} + +void PasswordCallbackTSSLSocketFactory::getPassword(std::string& password/* password */, int length/* size */) { + password = sslkeyPassphrase_; +} + /* {{{ PHP_MINIT_FUNCTION */ PHP_MINIT_FUNCTION(pdo_cassandra) { @@ -854,6 +954,16 @@ PHP_MINIT_FUNCTION(pdo_cassandra) PHP_PDO_CASSANDRA_REGISTER_CONST_LONG("CASSANDRA_CONSISTENCYLEVEL_THREE", PDO_CASSANDRA_CONSISTENCYLEVEL_THREE); PHP_PDO_CASSANDRA_REGISTER_CONST_LONG("CASSANDRA_CONSISTENCYLEVEL_LOCAL_ONE", PDO_CASSANDRA_CONSISTENCYLEVEL_LOCAL_ONE); + // SSL properties + PHP_PDO_CASSANDRA_REGISTER_CONST_LONG("CASSANDRA_ATTR_SSL_KEY", PDO_CASSANDRA_ATTR_SSL_KEY); + PHP_PDO_CASSANDRA_REGISTER_CONST_LONG("CASSANDRA_ATTR_SSL_KEY_PASSPHRASE", PDO_CASSANDRA_ATTR_SSL_KEY_PASSPHRASE); + PHP_PDO_CASSANDRA_REGISTER_CONST_LONG("CASSANDRA_ATTR_SSL_CERT", PDO_CASSANDRA_ATTR_SSL_CERT); + PHP_PDO_CASSANDRA_REGISTER_CONST_LONG("CASSANDRA_ATTR_SSL_CAPATH", PDO_CASSANDRA_ATTR_SSL_CAPATH); + PHP_PDO_CASSANDRA_REGISTER_CONST_LONG("CASSANDRA_ATTR_SSL_VALIDATE", PDO_CASSANDRA_ATTR_SSL_VALIDATE); + PHP_PDO_CASSANDRA_REGISTER_CONST_LONG("CASSANDRA_ATTR_SSL_VERIFY_HOST", PDO_CASSANDRA_ATTR_SSL_VERIFY_HOST); + PHP_PDO_CASSANDRA_REGISTER_CONST_LONG("CASSANDRA_ATTR_SSL_CIPHER", PDO_CASSANDRA_ATTR_SSL_CIPHER); + + // Type exports PHP_PDO_CASSANDRA_REGISTER_CONST_LONG("CASSANDRA_INT", PDO_CASSANDRA_TYPE_INTEGER); PHP_PDO_CASSANDRA_REGISTER_CONST_LONG("CASSANDRA_FLOAT", PDO_CASSANDRA_TYPE_FLOAT); diff --git a/cassandra_statement.cpp b/cassandra_statement.cpp index 24b6bb3..91aba99 100755 --- a/cassandra_statement.cpp +++ b/cassandra_statement.cpp @@ -51,6 +51,8 @@ static zend_bool pdo_cassandra_describe_keyspace(pdo_stmt_t *stmt TSRMLS_DC) pdo_cassandra_error(stmt->dbh, PDO_CASSANDRA_AUTHORIZATION_ERROR, "%s", e.why.c_str()); } catch (SchemaDisagreementException &e) { pdo_cassandra_error(stmt->dbh, PDO_CASSANDRA_SCHEMA_DISAGREEMENT, "%s", e.what()); + } catch (TSSLException &e) { + pdo_cassandra_error_exception(stmt->dbh, PDO_CASSANDRA_SSL_ERROR, "%s", e.what()); } catch (TTransportException &e) { pdo_cassandra_error(stmt->dbh, PDO_CASSANDRA_TRANSPORT_ERROR, "%s", e.what()); } catch (TException &e) { @@ -123,6 +125,8 @@ static int pdo_cassandra_stmt_execute(pdo_stmt_t *stmt TSRMLS_DC) pdo_cassandra_error(stmt->dbh, PDO_CASSANDRA_AUTHORIZATION_ERROR, "%s", e.why.c_str()); } catch (SchemaDisagreementException &e) { pdo_cassandra_error(stmt->dbh, PDO_CASSANDRA_SCHEMA_DISAGREEMENT, "%s", e.what()); + } catch (TSSLException &e) { + pdo_cassandra_error_exception(stmt->dbh, PDO_CASSANDRA_SSL_ERROR, "%s", e.what()); } catch (TTransportException &e) { pdo_cassandra_error(stmt->dbh, PDO_CASSANDRA_TRANSPORT_ERROR, "%s", e.what()); } catch (TException &e) { diff --git a/php_pdo_cassandra_int.hpp b/php_pdo_cassandra_int.hpp index beda0cc..c1888fe 100644 --- a/php_pdo_cassandra_int.hpp +++ b/php_pdo_cassandra_int.hpp @@ -15,7 +15,7 @@ */ #ifndef _PHP_PDO_CASSANDRA_PRIVATE_H_ -# define _PHP_PDO_CASSANDRA_PRIVATE_H_ +#define _PHP_PDO_CASSANDRA_PRIVATE_H_ #ifndef CASSANDRA_CQL_VERSION #define CASSANDRA_CQL_VERSION "3.0.0" @@ -50,6 +50,7 @@ extern "C" { #include #include #include +#include #undef HAVE_ZLIB #define HAVE_ZLIB HAVE_ZLIB_CP @@ -63,6 +64,8 @@ using namespace apache::thrift::protocol; using namespace apache::thrift::transport; using namespace org::apache::cassandra; +class PasswordCallbackTSSLSocketFactory; + enum pdo_cassandra_type { PDO_CASSANDRA_TYPE_UTF8 = PDO_PARAM_STR, PDO_CASSANDRA_TYPE_INTEGER = PDO_PARAM_INT, @@ -103,6 +106,8 @@ typedef struct { typedef struct { zend_object zo; zend_bool compression; + boost::shared_ptr factory; + boost::shared_ptr sslSocket; boost::shared_ptr socket; boost::shared_ptr transport; boost::shared_ptr protocol; @@ -114,6 +119,7 @@ typedef struct { KsDef description; zend_bool has_description; zend_bool preserve_values; + zend_bool ssl; ConsistencyLevel::type consistency; ConsistencyLevel::type tmpConsistency; } pdo_cassandra_db_handle; @@ -152,7 +158,14 @@ enum pdo_cassandra_constant { PDO_CASSANDRA_ATTR_THRIFT_DEBUG, PDO_CASSANDRA_ATTR_PRESERVE_VALUES, PDO_CASSANDRA_ATTR_MAX, - PDO_CASSANDRA_ATTR_CONSISTENCYLEVEL + PDO_CASSANDRA_ATTR_CONSISTENCYLEVEL, + PDO_CASSANDRA_ATTR_SSL_KEY, + PDO_CASSANDRA_ATTR_SSL_KEY_PASSPHRASE, + PDO_CASSANDRA_ATTR_SSL_CERT, + PDO_CASSANDRA_ATTR_SSL_CAPATH, + PDO_CASSANDRA_ATTR_SSL_VALIDATE, + PDO_CASSANDRA_ATTR_SSL_VERIFY_HOST, + PDO_CASSANDRA_ATTR_SSL_CIPHER }; /* }}} */ @@ -180,6 +193,7 @@ enum pdo_cassandra_error { PDO_CASSANDRA_AUTHORIZATION_ERROR, PDO_CASSANDRA_SCHEMA_DISAGREEMENT, PDO_CASSANDRA_TRANSPORT_ERROR, + PDO_CASSANDRA_SSL_ERROR, PDO_CASSANDRA_INVALID_CONNECTION_STRING, PDO_CASSANDRA_INTEGER_CONVERSION_ERROR }; @@ -192,4 +206,22 @@ void pdo_cassandra_set_active_keyspace(pdo_cassandra_db_handle *H, const std::st void pdo_cassandra_set_active_columnfamily(pdo_cassandra_db_handle *H, const std::string &query TSRMLS_DC); std::string pdo_cassandra_get_first_sub_pattern(const std::string &subject, const std::string &pattern TSRMLS_DC); +class NoHostVerificationAccessManager: public AccessManager { +public: + // AccessManager interface + Decision verify(const sockaddr_storage& sa) throw(); + Decision verify(const std::string& host, const char* name, int size) throw(); + Decision verify(const sockaddr_storage& sa, const char* data, int size) throw(); +}; + +class PasswordCallbackTSSLSocketFactory: public TSSLSocketFactory { +public: + void setPassword(const char *passphrase) { + sslkeyPassphrase_ = passphrase; + } +protected: + void getPassword(std::string& /* password */, int /* size */); +private: + std::string sslkeyPassphrase_; +}; #endif /* _PHP_PDO_CASSANDRA_PRIVATE_H_ */ diff --git a/tests/001-construct.phpt b/tests/001-construct.phpt index 0be132f..fba8ede 100644 --- a/tests/001-construct.phpt +++ b/tests/001-construct.phpt @@ -7,7 +7,7 @@ Test pdo cassandra construction require_once(dirname(__FILE__) . '/config.inc'); -$db = new PDO($dsn, $username, $password); +$db = new PDO($dsn, $username, $password, $params); echo "OK"; diff --git a/tests/002-select.phpt b/tests/002-select.phpt index 839acfe..4b8c318 100644 --- a/tests/002-select.phpt +++ b/tests/002-select.phpt @@ -6,7 +6,7 @@ Test prepared statement emulation beginTransaction(); diff --git a/tests/004-columnmeta.phpt b/tests/004-columnmeta.phpt index 5e3faab..819731a 100644 --- a/tests/004-columnmeta.phpt +++ b/tests/004-columnmeta.phpt @@ -6,7 +6,7 @@ Test column metadata setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); diff --git a/tests/005-attributes.phpt b/tests/005-attributes.phpt index c43c24e..c57cf66 100644 --- a/tests/005-attributes.phpt +++ b/tests/005-attributes.phpt @@ -5,7 +5,7 @@ Test setting/getting attributes --FILE-- getAttribute (PDO::ATTR_SERVER_VERSION)); var_dump ($db->setAttribute (PDO::CASSANDRA_ATTR_NUM_RETRIES, 10)); diff --git a/tests/006-iterate.phpt b/tests/006-iterate.phpt index 4b56976..209119a 100644 --- a/tests/006-iterate.phpt +++ b/tests/006-iterate.phpt @@ -6,7 +6,7 @@ Test iterating prepared statement diff --git a/tests/011-persistentconnection.phpt b/tests/011-persistentconnection.phpt index f83917e..47a73c2 100644 --- a/tests/011-persistentconnection.phpt +++ b/tests/011-persistentconnection.phpt @@ -7,9 +7,9 @@ Test initialization of persistent connections require_once(dirname(__FILE__) . '/config.inc'); -$db = new PDO($dsn, $username, $password, array ( +$db = new PDO($dsn, $username, $password, array_merge($params, array ( PDO::ATTR_PERSISTENT => true - )); + ))); echo "OK"; diff --git a/tests/012-quoter.phpt b/tests/012-quoter.phpt index 4e6bf9f..1577687 100644 --- a/tests/012-quoter.phpt +++ b/tests/012-quoter.phpt @@ -7,7 +7,7 @@ Test quoting values require_once(dirname(__FILE__) . '/config.inc'); -$db = new PDO($dsn, $username, $password); +$db = new PDO($dsn, $username, $password, $params); var_dump ($db->quote ("'hello' 'world'")); var_dump ($db->quote ("Co'mpl''ex \"st'\"ring")); var_dump ($db->quote ("'''''''''", PDO::PARAM_LOB)); diff --git a/tests/013-errorhandling.phpt b/tests/013-errorhandling.phpt index d88ba0e..5a74e6d 100644 --- a/tests/013-errorhandling.phpt +++ b/tests/013-errorhandling.phpt @@ -7,7 +7,7 @@ Test different error handling modes require_once(dirname(__FILE__) . '/config.inc'); -$db = new PDO($dsn, $username, $password); +$db = new PDO($dsn, $username, $password, $params); pdo_cassandra_init ($db, $keyspace); diff --git a/tests/014-affectedrows.phpt b/tests/014-affectedrows.phpt index 32c07dc..86186ca 100644 --- a/tests/014-affectedrows.phpt +++ b/tests/014-affectedrows.phpt @@ -6,7 +6,7 @@ Test number of affected rows setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); diff --git a/tests/019-uuid.phpt b/tests/019-uuid.phpt index 7701961..85dc387 100644 --- a/tests/019-uuid.phpt +++ b/tests/019-uuid.phpt @@ -6,7 +6,7 @@ Test UUIDs setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); diff --git a/tests/020-types.phpt b/tests/020-types.phpt index 719f395..7373e0c 100644 --- a/tests/020-types.phpt +++ b/tests/020-types.phpt @@ -6,7 +6,7 @@ Test different data types setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); diff --git a/tests/021-cass_bindings.phpt b/tests/021-cass_bindings.phpt index 5a776c2..69c37ec 100644 --- a/tests/021-cass_bindings.phpt +++ b/tests/021-cass_bindings.phpt @@ -8,7 +8,7 @@ UUID tests setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { diff --git a/tests/022-counters.phpt b/tests/022-counters.phpt index 0701c07..f8b593c 100644 --- a/tests/022-counters.phpt +++ b/tests/022-counters.phpt @@ -6,7 +6,7 @@ Test counters setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); diff --git a/tests/024-multiplekeyspaces.phpt b/tests/024-multiplekeyspaces.phpt index f3fab10..0484445 100644 --- a/tests/024-multiplekeyspaces.phpt +++ b/tests/024-multiplekeyspaces.phpt @@ -6,7 +6,7 @@ Test multiple keyspaces setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); diff --git a/tests/029-timestamp.phpt b/tests/029-timestamp.phpt index 35f0b9e..59eee14 100644 --- a/tests/029-timestamp.phpt +++ b/tests/029-timestamp.phpt @@ -6,7 +6,7 @@ Test timestamp type setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); diff --git a/tests/030-ascii_string.phpt b/tests/030-ascii_string.phpt index add5626..cd32819 100644 --- a/tests/030-ascii_string.phpt +++ b/tests/030-ascii_string.phpt @@ -7,7 +7,7 @@ Test special characters in ascii strings PDO::CASSANDRA_CONSISTENCYLEVEL_ONE); +$params = array_merge($params, array(PDO::CASSANDRA_ATTR_CONSISTENCYLEVEL => PDO::CASSANDRA_CONSISTENCYLEVEL_ONE)); $db = new PDO($dsn, $username, $password, $params); pdo_cassandra_init ($db, $keyspace); diff --git a/tests/032-null_value.phpt b/tests/032-null_value.phpt index 92d9694..670b6d9 100644 --- a/tests/032-null_value.phpt +++ b/tests/032-null_value.phpt @@ -9,7 +9,7 @@ Test null returns on select queries setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { diff --git a/tests/033-float.phpt b/tests/033-float.phpt index 0bd2865..bd67652 100644 --- a/tests/033-float.phpt +++ b/tests/033-float.phpt @@ -8,7 +8,7 @@ FLOAT implementation test setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { diff --git a/tests/034-collections.phpt b/tests/034-collections.phpt index 8482dc3..7ed217e 100644 --- a/tests/034-collections.phpt +++ b/tests/034-collections.phpt @@ -7,7 +7,7 @@ Test collection types require_once(dirname(__FILE__) . '/config.inc'); -$db = new PDO($dsn, $username, $password); +$db = new PDO($dsn, $username, $password, $params); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { diff --git a/tests/035-null-return.phpt b/tests/035-null-return.phpt index 9497cc2..62f842e 100644 --- a/tests/035-null-return.phpt +++ b/tests/035-null-return.phpt @@ -8,7 +8,7 @@ NULL return test setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { diff --git a/tests/037-uuid.phpt b/tests/037-uuid.phpt index 7932491..f916a43 100644 --- a/tests/037-uuid.phpt +++ b/tests/037-uuid.phpt @@ -8,7 +8,7 @@ UUID tests setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { diff --git a/tests/038-decimal.phpt b/tests/038-decimal.phpt index 23b9819..3998322 100644 --- a/tests/038-decimal.phpt +++ b/tests/038-decimal.phpt @@ -8,7 +8,7 @@ Test decimal type setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); diff --git a/tests/039-boolean.phpt b/tests/039-boolean.phpt index e084e4a..d31ef0b 100644 --- a/tests/039-boolean.phpt +++ b/tests/039-boolean.phpt @@ -8,7 +8,7 @@ Boolean related tests setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { diff --git a/tests/config.inc-dist b/tests/config.inc-dist index 998be0d..62f5737 100644 --- a/tests/config.inc-dist +++ b/tests/config.inc-dist @@ -7,6 +7,16 @@ $dsn = 'cassandra:host=127.0.0.1;port=9160;cqlversion=3.0.0'; $username = YourCassandraUSERName; $password = YourCassandraPWD; +// Uncomment following block for SSL secured connections between PHP client and Cassandra server and set appropriate values in the array. +/* +$params = array (PDO_CASSANDRA_ATTR_SSL_KEY => YourSSLKeyPath, + PDO_CASSANDRA_ATTR_SSL_KEY_PASSPHRASE => YourKeyPassPhrase, + PDO_CASSANDRA_ATTR_SSL_CERT => YourSSLCertPath, + PDO::CASSANDRA_ATTR_SSL_CAPATH => YourTrustedCertPath, + PDO::CASSANDRA_ATTR_SSL_VERIFY_HOST => 0); +*/ +$params = array() + // Warning: the keyspace will be truncated during tests $keyspace = "phptests"; diff --git a/wikipage-edit.txt b/wikipage-edit.txt new file mode 100644 index 0000000..eab9026 --- /dev/null +++ b/wikipage-edit.txt @@ -0,0 +1,57 @@ + + +1. Following new Attributes have been added for using SSL while communicating with Cassandra which has client_encryption enabled. + + PDO_CASSANDRA_ATTR_SSL_KEY => Use this property to set client SSL private key Only if 'require_client_auth' is 'true' in Cassandra client ecryption options. + + PDO_CASSANDRA_ATTR_SSL_KEY_PASSPHRASE => Use this property to specify passphrase of the SSL key specified using PDO_CASSANDRA_ATTR_SSL_KEY. + + PDO_CASSANDRA_ATTR_SSL_CERT => Use this property to set client public key Only if 'require_client_auth' is 'true' in Cassandra client ecryption options. + + PDO_CASSANDRA_ATTR_SSL_CAPATH => Use this option to set all trusted certificates. + + PDO_CASSANDRA_ATTR_SSL_VALIDATE => If this option is set, server cert is validated for Trusted CA etc. + + PDO_CASSANDRA_ATTR_SSL_VERIFY_HOST => If this option is 'true' (1) by default, set it to false for skipping host name verification in server cert. + + PDO_CASSANDRA_ATTR_SSL_CIPHER => Use this options to set CIPHERS to be supported by your client, which should be super set of server ciphers. + +Example PHP code, + +$dsn = 'cassandra:host=127.0.0.1;port=9160;cqlversion=3.0.0'; + +// set username and password to null for no authentication +$username = YourCassandraUSERName; +$password = YourCassandraPWD; + +// For unsecured keys +//$params = array (PDO_CASSANDRA_ATTR_SSL_KEY => YourSSLKeyPath, + PDO_CASSANDRA_ATTR_SSL_CERT => YourSSLCertPath, + PDO::CASSANDRA_ATTR_SSL_CAPATH => YourTrustedCertPath, + PDO::CASSANDRA_ATTR_SSL_VERIFY_HOST => 0); + +// For secured keys +$params = array (PDO_CASSANDRA_ATTR_SSL_KEY => YourSSLKeyPath, + PDO_CASSANDRA_ATTR_SSL_KEY_PASSPHRASE => YourKeyPassPhrase, + PDO_CASSANDRA_ATTR_SSL_CERT => YourSSLCertPath, + PDO::CASSANDRA_ATTR_SSL_CAPATH => YourTrustedCertPath, + PDO::CASSANDRA_ATTR_SSL_VERIFY_HOST => 0); + +$db = new PDO($dsn, $username, $password, $params); + +2. For the reference, your Cassandra server configuration should look like as follows, + +# enable or disable client/server encryption. +client_encryption_options: + enabled: true + keystore: /etc/cassandra/conf/.keystore + keystore_password: ******* + truststore: /etc/cassandra/conf/.truststore + truststore_password: ******* + # require_client_auth: true + # Set trustore and truststore_password if require_client_auth is true + # More advanced defaults below: + # protocol: TLS + # algorithm: SunX509 + # store_type: JKS + # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]