private TServerTransport getSSLServerTransport() { try { TServerTransport transport; TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters(); params.setKeyStore(keystore, keystorePassword, getkeyManagerAlgorithm(), keystoreType); transport = TSSLTransportFactory.getServerSocket( port, 120000, InetAddress.getByName(bindAddress), params); ServerSocket serverSock = ((TServerSocket) transport).getServerSocket(); if (serverSock instanceof SSLServerSocket) { SSLServerSocket sslServerSock = (SSLServerSocket) serverSock; List<String> enabledProtocols = new ArrayList<String>(); for (String protocol : sslServerSock.getEnabledProtocols()) { if (!excludeProtocols.contains(protocol)) { enabledProtocols.add(protocol); } } sslServerSock.setEnabledProtocols(enabledProtocols.toArray(new String[0])); } return transport; } catch (Throwable throwable) { throw new FlumeException("Cannot start Thrift source.", throwable); } }
public void start() throws TTransportException, UnknownHostException { InetAddress inetAddress = InetAddress.getByName(hostName); TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters(); params.setKeyStore(keyStore, keyStorePassword); TServerSocket serverTransport; serverTransport = TSSLTransportFactory.getServerSocket(port, clientTimeout, inetAddress, params); AuthenticatorService.Processor<AuthenticatorServiceImpl> processor = new AuthenticatorService.Processor<AuthenticatorServiceImpl>( new AuthenticatorServiceImpl(thriftAuthenticatorService)); authenticationServer = new TThreadPoolServer( new TThreadPoolServer.Args(serverTransport).processor(processor)); Thread thread = new Thread(new ServerRunnable(authenticationServer)); if (log.isDebugEnabled()) { log.debug("Thrift Authentication Service started at ssl://" + hostName + ":" + port); } thread.start(); }
@Override protected TServer getServer(TProcessor processor) throws TTransportException { LOGGER.debug("Setting Secured Server on port {} and keystore", remotePort, keystoreFile); TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters(); params.setKeyStore(keystoreFile, keystorePass); TServerSocket serverTransport; try { serverTransport = TSSLTransportFactory.getServerSocket(remotePort, 1000, InetAddress.getByName("localhost"), params); } catch (UnknownHostException e) { throw new TTransportException(e); } return new TThreadPoolServer(new TThreadPoolServer.Args(serverTransport).processor(processor)); }
/** * This method returns a Airavata Client that talks to the API Server exposed over TLS. * * @param serverHost * @param serverPort * @param trustStorePath * @param trustStorePassword * @param clientTimeOut * @return * @throws AiravataClientConnectException */ public static Airavata.Client createAiravataSecureClient(String serverHost, int serverPort, String trustStorePath, String trustStorePassword, int clientTimeOut) throws AiravataClientException { try { TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters(); params.setTrustStore(trustStorePath, trustStorePassword); TSocket transport = TSSLTransportFactory.getClientSocket(serverHost, serverPort, clientTimeOut, params); TProtocol protocol = new TBinaryProtocol(transport); return new Airavata.Client(protocol); } catch (TTransportException e) { logger.error(e.getMessage(), e); AiravataClientException clientError = new AiravataClientException(); clientError.setParameter("Unable to connect to the server at " + serverHost + ":" + serverPort); throw clientError; } }
private void secure(Asker.Processor processor) { try { /* * Use TSSLTransportParameters to setup the required SSL parameters. In this example * we are setting the keystore and the keystore password. Other things like algorithms, * cipher suites, client auth etc can be set. */ TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters(); // The Keystore contains the private key params.setKeyStore(keyStore, keyPass, null, null); /* * Use any of the TSSLTransportFactory to get a server transport with the appropriate * SSL configuration. You can use the default settings if properties are set in the command line. * Ex: -Djavax.net.ssl.keyStore=.keystore and -Djavax.net.ssl.keyStorePassword=thrift * * Note: You need not explicitly call open(). The underlying server socket is bound on return * from the factory class. */ TServerTransport serverTransport = TSSLTransportFactory.getServerSocket(port, 0, null, params); TServer server = new TSimpleServer(new Args(serverTransport).processor(processor)); // Use this for a multi threaded server // TServer server = new TThreadPoolServer(new TThreadPoolServer.Args(serverTransport).processor(processor)); System.out.println("Starting the secure server..."); server.serve(); } catch (Exception e) { e.printStackTrace(); } }
public ThriftTestingSource(String handlerName, int port, String protocol, String keystore, String keystorePassword, String keyManagerType, String keystoreType) throws Exception { TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters(); params.setKeyStore(keystore, keystorePassword, keyManagerType, keystoreType); TServerSocket serverTransport = TSSLTransportFactory.getServerSocket( port, 10000, InetAddress.getByName("0.0.0.0"), params); ThriftSourceProtocol.Iface handler = getHandler(handlerName); Class serverClass = Class.forName("org.apache.thrift" + ".server.TThreadPoolServer"); Class argsClass = Class.forName("org.apache.thrift.server" + ".TThreadPoolServer$Args"); TServer.AbstractServerArgs args = (TServer.AbstractServerArgs) argsClass .getConstructor(TServerTransport.class) .newInstance(serverTransport); Method m = argsClass.getDeclaredMethod("maxWorkerThreads", int.class); m.invoke(args, Integer.MAX_VALUE); TProtocolFactory transportProtocolFactory = null; if (protocol != null && protocol == ThriftRpcClient.BINARY_PROTOCOL) { transportProtocolFactory = new TBinaryProtocol.Factory(); } else { transportProtocolFactory = new TCompactProtocol.Factory(); } args.protocolFactory(transportProtocolFactory); args.inputTransportFactory(new TFastFramedTransport.Factory()); args.outputTransportFactory(new TFastFramedTransport.Factory()); args.processor(new ThriftSourceProtocol.Processor<ThriftSourceProtocol.Iface>(handler)); server = (TServer) serverClass.getConstructor(argsClass).newInstance(args); Executors.newSingleThreadExecutor().submit(new Runnable() { @Override public void run() { server.serve(); } }); }
public synchronized void init() throws TTransportException { if (null != client) { return; } if (null == truststore) { transport = new TSocket(ip, port); transport.open(); } else { /* * Similar to the server, you can use the parameters to setup * client parameters or use the default settings. On the client * side, you will need a TrustStore which contains the trusted * certificate along with the public key. For this example it's * a self-signed cert. */ String truststore_arr[] = truststore.split("@"); if (truststore_arr.length != 2) { throw new RuntimeException("client.truststore 格式错误(缺少 @密码):" + truststore); } TSSLTransportParameters params = new TSSLTransportParameters(); if (truststore_arr[0].endsWith(".truststore")) { params.setTrustStore(truststore_arr[0], truststore_arr[1], "SunX509", "JKS"); } else { params.setTrustStore(truststore_arr[0], truststore_arr[1], "X509", "BKS"); } /* * Get a client transport instead of a server transport. The * connection is opened on invocation of the factory method, no * need to specifically call open() */ transport = TSSLTransportFactory.getClientSocket(ip, port, RemoteSyncConfig.getTimeout(), params); } TProtocol protocol = new TBinaryProtocol(transport); client = new SyncFileServer.Client(protocol); }
@Override public TTransport openTransport(String host, int port) throws Exception { TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters(protocol, cipherSuites); params.setTrustStore(truststore, truststorePassword); if (null != keystore) params.setKeyStore(keystore, keystorePassword); TTransport trans = TSSLTransportFactory.getClientSocket(host, port, SOCKET_TIMEOUT, params); int frameSize = 15 * 1024 * 1024; // 15 MiB return new TFramedTransport(trans, frameSize); }
public TTransport getTransport(TTransport trans) { final CliSessionState sessionState = CliMain.sessionState; try { TSSLTransportParameters params = new TSSLTransportParameters(sessionState.encOptions.protocol, sessionState.encOptions.cipher_suites); params.setTrustStore(sessionState.encOptions.truststore, sessionState.encOptions.truststore_password); trans = TSSLTransportFactory.getClientSocket(sessionState.hostName, sessionState.thriftPort, SOCKET_TIMEOUT, params); return new FramedTransportFactory().getTransport(trans); } catch (TTransportException e) { throw new RuntimeException("Failed to create a client SSL connection.", e); } }
public static void secure(Calculator.Processor<CalculatorHandler> processor) throws Exception { /* * Use TSSLTransportParameters to setup the required SSL parameters. In this * example we are setting the keystore and the keystore password. Other things * like algorithms, cipher suites, client auth etc can be set. */ TSSLTransportParameters params = new TSSLTransportParameters(); // The Keystore contains the private key params.setKeyStore("../../lib/java/test/.keystore", "thrift", null, null); /* * Use any of the TSSLTransportFactory to get a server transport with the * appropriate SSL configuration. You can use the default settings if properties * are set in the command line. Ex: -Djavax.net.ssl.keyStore=.keystore and * -Djavax.net.ssl.keyStorePassword=thrift * * Note: You need not explicitly call open(). The underlying server socket is * bound on return from the factory class. */ TServerTransport serverTransport = TSSLTransportFactory.getServerSocket(9091, 0, null, params); TServer server = new TSimpleServer(new Args(serverTransport).processor(processor)); // Use this for a multi threaded server // TServer server = new TThreadPoolServer(new // TThreadPoolServer.Args(serverTransport).processor(processor)); System.out.println("Starting the secure server..."); server.serve(); }
public static TSSLTransportFactory.TSSLTransportParameters getTransportParams(final Properties configuration) { SslConfigurationHelper sslHelper = new SslConfigurationHelper(configuration); TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters( sslHelper.getSslProtocol(), sslHelper.getSslCiphers() ); File ks = getCertificatesDirectoryFile(configuration, sslHelper.getKeystoreFile()); String ksUrl = ks.getAbsolutePath(); params.setKeyStore( ksUrl, sslHelper.getKeystorePass(), null, sslHelper.getKeystoreType() ); File ts = getCertificatesDirectoryFile(configuration, sslHelper.getTruststoreFile()); String tsUrl = ts.getAbsolutePath(); params.setTrustStore( tsUrl, sslHelper.getTruststorePass(), null, sslHelper.getTruststoreType() ); params.requireClientAuth(sslHelper.isPeerAuthRequired()); return params; }
@Override @SuppressWarnings("resource") public TTransport openTransport(String host, int port) throws Exception { TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters(protocol, cipherSuites); params.setTrustStore(truststore, truststorePassword); if (null != keystore) params.setKeyStore(keystore, keystorePassword); TTransport trans = TSSLTransportFactory.getClientSocket(host, port, SOCKET_TIMEOUT, params); return new TFramedTransport(trans, DEFAULT_MAX_FRAME_SIZE); }
private EntitlementThriftClient.Client getThriftClient() throws Exception { TSSLTransportFactory.TSSLTransportParameters param = new TSSLTransportFactory.TSSLTransportParameters(); param.setTrustStore(trustStore, trustStorePass); TTransport transport; transport = TSSLTransportFactory.getClientSocket(thriftHost, thriftPort, ProxyConstants.THRIFT_TIME_OUT, param); TProtocol protocol = new TBinaryProtocol(transport); return new EntitlementThriftClient.Client(protocol); }
@Override public TTransport openTransport(String host, int port) throws Exception { TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters(protocol, cipherSuites); params.setTrustStore(truststore, truststorePassword); if (null != keystore) params.setKeyStore(keystore, keystorePassword); TTransport trans = TSSLTransportFactory.getClientSocket(host, port, SOCKET_TIMEOUT, params); return new FramedTransportFactory().getTransport(trans); }
@Override public TProtocol getClientProtocol(String serviceInterfaceClassName, String host, Integer port) throws TTransportException { if(truststoreFile == null || truststorePass == null){ throw new IllegalStateException("truststore not defined. Initialize the Factory properly"); } TSSLTransportFactory.TSSLTransportParameters paramsClient = new TSSLTransportFactory.TSSLTransportParameters(); paramsClient.setTrustStore(truststoreFile, truststorePass); TTransport transport = TSSLTransportFactory.getClientSocket(host, port, 1000, paramsClient); TProtocol protocol = new TBinaryProtocol(transport); return new TMultiplexedProtocol(protocol, serviceInterfaceClassName); }
private TSocket createTLSSocket(String host) throws TTransportException { TSSLTransportParameters sslParams = new TSSLTransportParameters("SSL", m_dbtls_cipher_suites); if (!Utils.isEmpty(m_keystore)) { sslParams.setKeyStore(m_keystore, m_keystorepassword); } if (!Utils.isEmpty(m_truststore)) { sslParams.setTrustStore(m_truststore, m_truststorepassword); } return TSSLTransportFactory.getClientSocket(host, m_dbport, m_db_timeout_millis, sslParams); }
public static void secure(Calculator.Processor processor) { try { /* * Use TSSLTransportParameters to setup the required SSL parameters. In this example * we are setting the keystore and the keystore password. Other things like algorithms, * cipher suites, client auth etc can be set. */ TSSLTransportParameters params = new TSSLTransportParameters(); // The Keystore contains the private key params.setKeyStore("../../lib/java/test/.keystore", "thrift", null, null); /* * Use any of the TSSLTransportFactory to get a server transport with the appropriate * SSL configuration. You can use the default settings if properties are set in the command line. * Ex: -Djavax.net.ssl.keyStore=.keystore and -Djavax.net.ssl.keyStorePassword=thrift * * Note: You need not explicitly call open(). The underlying server socket is bound on return * from the factory class. */ TServerTransport serverTransport = TSSLTransportFactory.getServerSocket(9091, 0, null, params); TServer server = new TSimpleServer(new Args(serverTransport).processor(processor)); // Use this for a multi threaded server // TServer server = new TThreadPoolServer(new TThreadPoolServer.Args(serverTransport).processor(processor)); System.out.println("Starting the secure server..."); server.serve(); } catch (Exception e) { e.printStackTrace(); } }
public static void main(String [] args) { if (args.length != 1) { System.out.println("Please enter 'simple' or 'secure'"); System.exit(0); } try { TTransport transport; if (args[0].contains("simple")) { transport = new TSocket("localhost", 9090); transport.open(); } else { /* * Similar to the server, you can use the parameters to setup client parameters or * use the default settings. On the client side, you will need a TrustStore which * contains the trusted certificate along with the public key. * For this example it's a self-signed cert. */ TSSLTransportParameters params = new TSSLTransportParameters(); params.setTrustStore("../../lib/java/test/.truststore", "thrift", "SunX509", "JKS"); /* * Get a client transport instead of a server transport. The connection is opened on * invocation of the factory method, no need to specifically call open() */ transport = TSSLTransportFactory.getClientSocket("localhost", 9091, 0, params); } TProtocol protocol = new TBinaryProtocol(transport); Calculator.Client client = new Calculator.Client(protocol); perform(client); transport.close(); } catch (TException x) { x.printStackTrace(); } }
public TServer buildTServer(Args args) { final InetSocketAddress addr = args.addr; TServerTransport serverTransport; try { final ClientEncryptionOptions clientEnc = DatabaseDescriptor.getClientEncryptionOptions(); if (clientEnc.enabled) { logger.info("enabling encrypted thrift connections between client and server"); TSSLTransportParameters params = new TSSLTransportParameters(clientEnc.protocol, clientEnc.cipher_suites); params.setKeyStore(clientEnc.keystore, clientEnc.keystore_password); if (clientEnc.require_client_auth) { params.setTrustStore(clientEnc.truststore, clientEnc.truststore_password); params.requireClientAuth(true); } TServerSocket sslServer = TSSLTransportFactory.getServerSocket(addr.getPort(), 0, addr.getAddress(), params); SSLServerSocket sslServerSocket = (SSLServerSocket) sslServer.getServerSocket(); sslServerSocket.setEnabledProtocols(SSLFactory.ACCEPTED_PROTOCOLS); serverTransport = new TCustomServerSocket(sslServer.getServerSocket(), args.keepAlive, args.sendBufferSize, args.recvBufferSize); } else { serverTransport = new TCustomServerSocket(addr, args.keepAlive, args.sendBufferSize, args.recvBufferSize, args.listenBacklog); } } catch (TTransportException e) { throw new RuntimeException(String.format("Unable to create thrift socket to %s:%s", addr.getAddress(), addr.getPort()), e); } // ThreadPool Server and will be invocation per connection basis... TThreadPoolServer.Args serverArgs = new TThreadPoolServer.Args(serverTransport) .minWorkerThreads(DatabaseDescriptor.getRpcMinThreads()) .maxWorkerThreads(DatabaseDescriptor.getRpcMaxThreads()) .inputTransportFactory(args.inTransportFactory) .outputTransportFactory(args.outTransportFactory) .inputProtocolFactory(args.tProtocolFactory) .outputProtocolFactory(args.tProtocolFactory) .processor(args.processor); ExecutorService executorService = new ThreadPoolExecutor(serverArgs.minWorkerThreads, serverArgs.maxWorkerThreads, 60, TimeUnit.SECONDS, new SynchronousQueue<Runnable>(), new NamedThreadFactory("Thrift")); return new CustomTThreadPoolServer(serverArgs, executorService); }
public TServer buildTServer(Args args) { final InetSocketAddress addr = args.addr; TServerTransport serverTransport; try { final ClientEncryptionOptions clientEnc = DatabaseDescriptor.getClientEncryptionOptions(); if (clientEnc.enabled) { logger.info("enabling encrypted thrift connections between client and server"); TSSLTransportParameters params = new TSSLTransportParameters(clientEnc.protocol, clientEnc.cipher_suites); params.setKeyStore(clientEnc.keystore, clientEnc.keystore_password); if (clientEnc.require_client_auth) { params.setTrustStore(clientEnc.truststore, clientEnc.truststore_password); params.requireClientAuth(true); } TServerSocket sslServer = TSSLTransportFactory.getServerSocket(addr.getPort(), 0, addr.getAddress(), params); serverTransport = new TCustomServerSocket(sslServer.getServerSocket(), args.keepAlive, args.sendBufferSize, args.recvBufferSize); } else { serverTransport = new TCustomServerSocket(addr, args.keepAlive, args.sendBufferSize, args.recvBufferSize); } } catch (TTransportException e) { throw new RuntimeException(String.format("Unable to create thrift socket to %s:%s", addr.getAddress(), addr.getPort()), e); } // ThreadPool Server and will be invocation per connection basis... TThreadPoolServer.Args serverArgs = new TThreadPoolServer.Args(serverTransport) .minWorkerThreads(DatabaseDescriptor.getRpcMinThreads()) .maxWorkerThreads(DatabaseDescriptor.getRpcMaxThreads()) .inputTransportFactory(args.inTransportFactory) .outputTransportFactory(args.outTransportFactory) .inputProtocolFactory(args.tProtocolFactory) .outputProtocolFactory(args.tProtocolFactory) .processor(args.processor); ExecutorService executorService = new ThreadPoolExecutor(serverArgs.minWorkerThreads, serverArgs.maxWorkerThreads, 60, TimeUnit.SECONDS, new SynchronousQueue<Runnable>(), new NamedThreadFactory("Thrift")); return new CustomTThreadPoolServer(serverArgs, executorService); }
@SuppressWarnings("resource") public TServer buildTServer(Args args) { final InetSocketAddress addr = args.addr; TServerTransport serverTransport; try { final ClientEncryptionOptions clientEnc = DatabaseDescriptor.getClientEncryptionOptions(); if (clientEnc.enabled) { logger.info("enabling encrypted thrift connections between client and server"); TSSLTransportParameters params = new TSSLTransportParameters(clientEnc.protocol, new String[0]); params.setKeyStore(clientEnc.keystore, clientEnc.keystore_password); if (clientEnc.require_client_auth) { params.setTrustStore(clientEnc.truststore, clientEnc.truststore_password); params.requireClientAuth(true); } TServerSocket sslServer = TSSLTransportFactory.getServerSocket(addr.getPort(), 0, addr.getAddress(), params); SSLServerSocket sslServerSocket = (SSLServerSocket) sslServer.getServerSocket(); String[] suites = SSLFactory.filterCipherSuites(sslServerSocket.getSupportedCipherSuites(), clientEnc.cipher_suites); sslServerSocket.setEnabledCipherSuites(suites); sslServerSocket.setEnabledProtocols(SSLFactory.ACCEPTED_PROTOCOLS); serverTransport = new TCustomServerSocket(sslServer.getServerSocket(), args.keepAlive, args.sendBufferSize, args.recvBufferSize); } else { serverTransport = new TCustomServerSocket(addr, args.keepAlive, args.sendBufferSize, args.recvBufferSize, args.listenBacklog); } } catch (TTransportException e) { throw new RuntimeException(String.format("Unable to create thrift socket to %s:%s", addr.getAddress(), addr.getPort()), e); } // ThreadPool Server and will be invocation per connection basis... TThreadPoolServer.Args serverArgs = new TThreadPoolServer.Args(serverTransport) .minWorkerThreads(DatabaseDescriptor.getRpcMinThreads()) .maxWorkerThreads(DatabaseDescriptor.getRpcMaxThreads()) .inputTransportFactory(args.inTransportFactory) .outputTransportFactory(args.outTransportFactory) .inputProtocolFactory(args.tProtocolFactory) .outputProtocolFactory(args.tProtocolFactory) .processor(args.processor); ExecutorService executorService = new ThreadPoolExecutor(serverArgs.minWorkerThreads, serverArgs.maxWorkerThreads, 60, TimeUnit.SECONDS, new SynchronousQueue<Runnable>(), new NamedThreadFactory("Thrift")); return new CustomTThreadPoolServer(serverArgs, executorService); }
public TServer buildTServer(Args args) { final InetSocketAddress addr = args.addr; TServerTransport serverTransport; try { final ClientEncryptionOptions clientEnc = DatabaseDescriptor.getClientEncryptionOptions(); if (clientEnc.enabled) { logger.info("enabling encrypted thrift connections between client and server"); TSSLTransportParameters params = new TSSLTransportParameters(clientEnc.protocol, clientEnc.cipher_suites); params.setKeyStore(clientEnc.keystore, clientEnc.keystore_password); if (clientEnc.require_client_auth) { params.setTrustStore(clientEnc.truststore, clientEnc.truststore_password); params.requireClientAuth(true); } TServerSocket sslServer = TSSLTransportFactory.getServerSocket(addr.getPort(), 0, addr.getAddress(), params); serverTransport = new TCustomServerSocket(sslServer.getServerSocket(), args.keepAlive, args.sendBufferSize, args.recvBufferSize); } else { serverTransport = new TCustomServerSocket(addr, args.keepAlive, args.sendBufferSize, args.recvBufferSize, args.listenBacklog); } } catch (TTransportException e) { throw new RuntimeException(String.format("Unable to create thrift socket to %s:%s", addr.getAddress(), addr.getPort()), e); } // ThreadPool Server and will be invocation per connection basis... TThreadPoolServer.Args serverArgs = new TThreadPoolServer.Args(serverTransport) .minWorkerThreads(DatabaseDescriptor.getRpcMinThreads()) .maxWorkerThreads(DatabaseDescriptor.getRpcMaxThreads()) .inputTransportFactory(args.inTransportFactory) .outputTransportFactory(args.outTransportFactory) .inputProtocolFactory(args.tProtocolFactory) .outputProtocolFactory(args.tProtocolFactory) .processor(args.processor); ExecutorService executorService = new ThreadPoolExecutor(serverArgs.minWorkerThreads, serverArgs.maxWorkerThreads, 60, TimeUnit.SECONDS, new SynchronousQueue<Runnable>(), new NamedThreadFactory("Thrift")); return new CustomTThreadPoolServer(serverArgs, executorService); }
