THRIFT-106. java: TSSLServerSocket
This patch adds support for SSL-encrypted client and server sockets.
Patch: Nirmal Ranganathan
git-svn-id: https://svn.apache.org/repos/asf/incubator/thrift/trunk@1024328 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/lib/java/build.xml b/lib/java/build.xml
index 4975068..a80f749 100644
--- a/lib/java/build.xml
+++ b/lib/java/build.xml
@@ -195,6 +195,10 @@
>
<sysproperty key="build.test" value="${build.test}"/>
<sysproperty key="test.port" value="${test.port}" />
+ <sysproperty key="javax.net.ssl.trustStore" value="${src.test}/.truststore"/>
+ <sysproperty key="javax.net.ssl.trustStorePassword" value="thrift"/>
+ <sysproperty key="javax.net.ssl.keyStore" value="${src.test}/.keystore"/>
+ <sysproperty key="javax.net.ssl.keyStorePassword" value="thrift"/>
<classpath refid="test.classpath"/>
<formatter type="${test.junit.output.format}" />
<batchtest todir="${test.log.dir}" unless="testcase">
diff --git a/lib/java/src/org/apache/thrift/transport/TSSLTransportFactory.java b/lib/java/src/org/apache/thrift/transport/TSSLTransportFactory.java
new file mode 100644
index 0000000..1e1c4c9
--- /dev/null
+++ b/lib/java/src/org/apache/thrift/transport/TSSLTransportFactory.java
@@ -0,0 +1,332 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.thrift.transport;
+
+import java.io.FileInputStream;
+import java.net.InetAddress;
+import java.security.KeyStore;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManagerFactory;
+
+/**
+ * A Factory for providing and setting up Client and Server SSL wrapped
+ * TSocket and TServerSocket
+ */
+public class TSSLTransportFactory {
+
+ /**
+ * Get a SSL wrapped TServerSocket bound to the specified port. In this
+ * configuration the default settings are used. Default settings are retrieved
+ * from System properties that are set.
+ *
+ * Example system properties:
+ * -Djavax.net.ssl.trustStore=<truststore location>
+ * -Djavax.net.ssl.trustStorePassword=password
+ * -Djavax.net.ssl.keyStore=<keystore location>
+ * -Djavax.net.ssl.keyStorePassword=password
+ *
+ * @param port
+ * @return A SSL wrapped TServerSocket
+ * @throws TTransportException
+ */
+ public static TServerSocket getServerSocket(int port) throws TTransportException {
+ return getServerSocket(port, 0);
+ }
+
+ /**
+ * Get a default SSL wrapped TServerSocket bound to the specified port
+ *
+ * @param port
+ * @param clientTimeout
+ * @return A SSL wrapped TServerSocket
+ * @throws TTransportException
+ */
+ public static TServerSocket getServerSocket(int port, int clientTimeout) throws TTransportException {
+ return getServerSocket(port, clientTimeout, false, null);
+ }
+
+ /**
+ * Get a default SSL wrapped TServerSocket bound to the specified port and interface
+ *
+ * @param port
+ * @param clientTimeout
+ * @param ifAddress
+ * @return A SSL wrapped TServerSocket
+ * @throws TTransportException
+ */
+ public static TServerSocket getServerSocket(int port, int clientTimeout, boolean clientAuth, InetAddress ifAddress) throws TTransportException {
+ SSLServerSocketFactory factory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
+ return createServer(factory, port, clientTimeout, clientAuth, ifAddress, null);
+ }
+
+ /**
+ * Get a configured SSL wrapped TServerSocket bound to the specified port and interface.
+ * Here the TSSLTransportParameters are used to set the values for the algorithms, keystore,
+ * truststore and other settings
+ *
+ * @param port
+ * @param clientTimeout
+ * @param ifAddress
+ * @param params
+ * @return A SSL wrapped TServerSocket
+ * @throws TTransportException
+ */
+ public static TServerSocket getServerSocket(int port, int clientTimeout, InetAddress ifAddress, TSSLTransportParameters params) throws TTransportException {
+ if (params == null || !(params.isKeyStoreSet || params.isTrustStoreSet)) {
+ throw new TTransportException("Either one of the KeyStore or TrustStore must be set for SSLTransportParameters");
+ }
+
+ SSLContext ctx = createSSLContext(params);
+ return createServer(ctx.getServerSocketFactory(), port, clientTimeout, params.clientAuth, ifAddress, params);
+ }
+
+ private static TServerSocket createServer(SSLServerSocketFactory factory, int port, int timeout, boolean clientAuth,
+ InetAddress ifAddress, TSSLTransportParameters params) throws TTransportException {
+ try {
+ SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(port, 100, ifAddress);
+ serverSocket.setSoTimeout(timeout);
+ serverSocket.setNeedClientAuth(clientAuth);
+ if (params != null && params.cipherSuites != null) {
+ serverSocket.setEnabledCipherSuites(params.cipherSuites);
+ }
+ return new TServerSocket(serverSocket);
+ } catch (Exception e) {
+ throw new TTransportException("Could not bind to port " + port, e);
+ }
+ }
+
+ /**
+ * Get a default SSL wrapped TSocket connected to the specified host and port. All
+ * the client methods return a bound connection. So there is no need to call open() on the
+ * TTransport.
+ *
+ * @param host
+ * @param port
+ * @param timeout
+ * @return A SSL wrapped TSocket
+ * @throws TTransportException
+ */
+ public static TSocket getClientSocket(String host, int port, int timeout) throws TTransportException {
+ SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
+ return createClient(factory, host, port, timeout);
+ }
+
+ /**
+ * Get a default SSL wrapped TSocket connected to the specified host and port.
+ *
+ * @param host
+ * @param port
+ * @return A SSL wrapped TSocket
+ * @throws TTransportException
+ */
+ public static TSocket getClientSocket(String host, int port) throws TTransportException {
+ return getClientSocket(host, port, 0);
+ }
+
+ /**
+ * Get a custom configured SSL wrapped TSocket. The SSL settings are obtained from the
+ * passed in TSSLTransportParameters.
+ *
+ * @param host
+ * @param port
+ * @param timeout
+ * @param params
+ * @return A SSL wrapped TSocket
+ * @throws TTransportException
+ */
+ public static TSocket getClientSocket(String host, int port, int timeout, TSSLTransportParameters params) throws TTransportException {
+ if (params == null || !(params.isKeyStoreSet || params.isTrustStoreSet)) {
+ throw new TTransportException("Either one of the KeyStore or TrustStore must be set for SSLTransportParameters");
+ }
+
+ SSLContext ctx = createSSLContext(params);
+ return createClient(ctx.getSocketFactory(), host, port, timeout);
+ }
+
+ private static SSLContext createSSLContext(TSSLTransportParameters params) throws TTransportException {
+ SSLContext ctx;
+ try {
+ ctx = SSLContext.getInstance(params.protocol);
+ TrustManagerFactory tmf = null;
+ KeyManagerFactory kmf = null;
+
+ if (params.isTrustStoreSet) {
+ tmf = TrustManagerFactory.getInstance(params.trustManagerType);
+ KeyStore ts = KeyStore.getInstance(params.trustStoreType);
+ ts.load(new FileInputStream(params.trustStore), params.trustPass.toCharArray());
+ tmf.init(ts);
+ }
+
+ if (params.isKeyStoreSet) {
+ kmf = KeyManagerFactory.getInstance(params.keyManagerType);
+ KeyStore ks = KeyStore.getInstance(params.keyStoreType);
+ ks.load(new FileInputStream(params.keyStore), params.keyPass.toCharArray());
+ kmf.init(ks, params.keyPass.toCharArray());
+ }
+
+ if (params.isKeyStoreSet && params.isTrustStoreSet) {
+ ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+ }
+ else if (params.isKeyStoreSet) {
+ ctx.init(kmf.getKeyManagers(), null, null);
+ }
+ else {
+ ctx.init(null, tmf.getTrustManagers(), null);
+ }
+
+ } catch (Exception e) {
+ throw new TTransportException("Error creating the transport", e);
+ }
+ return ctx;
+ }
+
+ private static TSocket createClient(SSLSocketFactory factory, String host, int port, int timeout) throws TTransportException {
+ try {
+ SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
+ socket.setSoTimeout(timeout);
+ return new TSocket(socket);
+ } catch (Exception e) {
+ throw new TTransportException("Could not connect to " + host + " on port " + port, e);
+ }
+ }
+
+
+ /**
+ * A Class to hold all the SSL parameters
+ */
+ public static class TSSLTransportParameters {
+ protected String protocol = "TLS";
+ protected String keyStore;
+ protected String keyPass;
+ protected String keyManagerType = "SunX509";
+ protected String keyStoreType = "JKS";
+ protected String trustStore;
+ protected String trustPass;
+ protected String trustManagerType = "SunX509";
+ protected String trustStoreType = "JKS";
+ protected String[] cipherSuites;
+ protected boolean clientAuth = false;
+ protected boolean isKeyStoreSet = false;
+ protected boolean isTrustStoreSet = false;
+
+ public TSSLTransportParameters() {}
+
+ /**
+ * Create parameters specifying the protocol and cipher suites
+ *
+ * @param protocol The specific protocol (TLS/SSL) can be specified with versions
+ * @param cipherSuites
+ */
+ public TSSLTransportParameters(String protocol, String[] cipherSuites) {
+ this(protocol, cipherSuites, false);
+ }
+
+ /**
+ * Create parameters specifying the protocol, cipher suites and if client authentication
+ * is required
+ *
+ * @param protocol The specific protocol (TLS/SSL) can be specified with versions
+ * @param cipherSuites
+ * @param clientAuth
+ */
+ public TSSLTransportParameters(String protocol, String[] cipherSuites, boolean clientAuth) {
+ if (protocol != null) {
+ this.protocol = protocol;
+ }
+ this.cipherSuites = cipherSuites;
+ this.clientAuth = clientAuth;
+ }
+
+ /**
+ * Set the keystore, password, certificate type and the store type
+ *
+ * @param keyStore Location of the Keystore on disk
+ * @param keyPass Keystore password
+ * @param keyManagerType The default is X509
+ * @param keyStoreType The default is JKS
+ */
+ public void setKeyStore(String keyStore, String keyPass, String keyManagerType, String keyStoreType) {
+ this.keyStore = keyStore;
+ this.keyPass = keyPass;
+ if (keyManagerType != null) {
+ this.keyManagerType = keyManagerType;
+ }
+ if (keyStoreType != null) {
+ this.keyStoreType = keyStoreType;
+ }
+ isKeyStoreSet = true;
+ }
+
+ /**
+ * Set the keystore and password
+ *
+ * @param keyStore Location of the Keystore on disk
+ * @param keyPass Keystore password
+ */
+ public void setKeyStore(String keyStore, String keyPass) {
+ setKeyStore(keyStore, keyPass, null, null);
+ }
+
+ /**
+ * Set the truststore, password, certificate type and the store type
+ *
+ * @param trustStore Location of the Truststore on disk
+ * @param trustPass Truststore password
+ * @param trustManagerType The default is X509
+ * @param trustStoreType The default is JKS
+ */
+ public void setTrustStore(String trustStore, String trustPass, String trustManagerType, String trustStoreType) {
+ this.trustStore = trustStore;
+ this.trustPass = trustPass;
+ if (trustManagerType != null) {
+ this.trustManagerType = trustManagerType;
+ }
+ if (trustStoreType != null) {
+ this.trustStoreType = trustStoreType;
+ }
+ isTrustStoreSet = true;
+ }
+
+ /**
+ * Set the truststore and password
+ *
+ * @param trustStore Location of the Truststore on disk
+ * @param trustPass Truststore password
+ */
+ public void setTrustStore(String trustStore, String trustPass) {
+ setTrustStore(trustStore, trustPass, null, null);
+ }
+
+ /**
+ * Set if client authentication is required
+ *
+ * @param auth
+ */
+ public void requireClientAuth(boolean clientAuth) {
+ this.clientAuth = clientAuth;
+ }
+ }
+}
diff --git a/lib/java/src/org/apache/thrift/transport/TServerSocket.java b/lib/java/src/org/apache/thrift/transport/TServerSocket.java
index aae390d..9dad36d 100644
--- a/lib/java/src/org/apache/thrift/transport/TServerSocket.java
+++ b/lib/java/src/org/apache/thrift/transport/TServerSocket.java
@@ -136,4 +136,7 @@
close();
}
+ public ServerSocket getServerSocket() {
+ return serverSocket_;
+ }
}
diff --git a/lib/java/test/.keystore b/lib/java/test/.keystore
new file mode 100644
index 0000000..0c85111
--- /dev/null
+++ b/lib/java/test/.keystore
Binary files differ
diff --git a/lib/java/test/.truststore b/lib/java/test/.truststore
new file mode 100644
index 0000000..c24b4a2
--- /dev/null
+++ b/lib/java/test/.truststore
Binary files differ
diff --git a/lib/java/test/org/apache/thrift/server/ServerTestBase.java b/lib/java/test/org/apache/thrift/server/ServerTestBase.java
index 3bfc8d7..9542520 100644
--- a/lib/java/test/org/apache/thrift/server/ServerTestBase.java
+++ b/lib/java/test/org/apache/thrift/server/ServerTestBase.java
@@ -367,7 +367,7 @@
public void testIt() throws Exception {
- for (TProtocolFactory protoFactory : PROTOCOLS) {
+ for (TProtocolFactory protoFactory : getProtocols()) {
TestHandler handler = new TestHandler();
ThriftTest.Processor processor = new ThriftTest.Processor(handler);
@@ -380,7 +380,7 @@
TProtocol protocol = protoFactory.getProtocol(transport);
ThriftTest.Client testClient = new ThriftTest.Client(protocol);
- transport.open();
+ open(transport);
testVoid(testClient);
testString(testClient);
testByte(testClient);
@@ -403,6 +403,14 @@
}
}
+ public void open(TTransport transport) throws Exception {
+ transport.open();
+ }
+
+ public List<TProtocolFactory> getProtocols() {
+ return PROTOCOLS;
+ }
+
private void testList(ThriftTest.Client testClient) throws TException {
List<Integer> listout = new ArrayList<Integer>();
for (int i = -2; i < 3; ++i) {
diff --git a/lib/java/test/org/apache/thrift/transport/TestTSSLTransportFactory.java b/lib/java/test/org/apache/thrift/transport/TestTSSLTransportFactory.java
new file mode 100644
index 0000000..6066f00
--- /dev/null
+++ b/lib/java/test/org/apache/thrift/transport/TestTSSLTransportFactory.java
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.thrift.transport;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.thrift.TProcessor;
+import org.apache.thrift.protocol.TBinaryProtocol;
+import org.apache.thrift.protocol.TProtocolFactory;
+import org.apache.thrift.server.ServerTestBase;
+import org.apache.thrift.server.TServer;
+import org.apache.thrift.server.TSimpleServer;
+
+public class TestTSSLTransportFactory extends ServerTestBase {
+ private Thread serverThread;
+ private TServer server;
+
+ private static final List<TProtocolFactory> protocols = new ArrayList<TProtocolFactory>();
+ static {
+ // TODO: Only supported on TBinaryProtocol. Doesn't work for TCompactProtocol
+ protocols.add(new TBinaryProtocol.Factory());
+ }
+
+ @Override
+ public TTransport getClientTransport(TTransport underlyingTransport)
+ throws Exception {
+ return TSSLTransportFactory.getClientSocket(HOST, PORT);
+ }
+
+ @Override
+ public void startServer(final TProcessor processor, final TProtocolFactory protoFactory)
+ throws Exception {
+ serverThread = new Thread() {
+ public void run() {
+ try {
+ TServerTransport serverTransport = TSSLTransportFactory.getServerSocket(PORT);
+ server = new TSimpleServer(processor, serverTransport);
+ server.serve();
+ } catch (TTransportException e) {
+ e.printStackTrace();
+ assert false;
+ }
+ }
+ };
+
+ serverThread.start();
+ Thread.sleep(1000);
+ }
+
+ @Override
+ public void stopServer() throws Exception {
+ server.stop();
+ serverThread.join();
+ }
+
+ @Override
+ public void open(TTransport transport) throws Exception {}
+
+ @Override
+ public List<TProtocolFactory> getProtocols() {
+ return protocols;
+ }
+}
diff --git a/tutorial/java/JavaClient b/tutorial/java/JavaClient
index 77b6a05..bc518cf 100755
--- a/tutorial/java/JavaClient
+++ b/tutorial/java/JavaClient
@@ -22,4 +22,4 @@
LIB_DIR=$THIS_DIR/../../lib/java/
IVY_DIR=$LIB_DIR/build/ivy/lib/
-java -cp $IVY_DIR/*:$LIB_DIR/libthrift.jar:tutorial.jar JavaClient
+java -cp $IVY_DIR/*:$LIB_DIR/libthrift.jar:tutorial.jar JavaClient $1
diff --git a/tutorial/java/JavaServer b/tutorial/java/JavaServer
index 3ff9fd8..d821715 100755
--- a/tutorial/java/JavaServer
+++ b/tutorial/java/JavaServer
@@ -22,4 +22,11 @@
LIB_DIR=$THIS_DIR/../../lib/java/
IVY_DIR=$LIB_DIR/build/ivy/lib/
+# Optionally the following properties could be set for SSL instead
+# of configuring it in the code
+# -Djavax.net.ssl.trustStore=../../lib/java/test/.truststore
+# -Djavax.net.ssl.trustStorePassword=thrift
+# -Djavax.net.ssl.keyStore=../../lib/java/test/.keystore
+# -Djavax.net.ssl.keyStorePassword=thrift
+
java -cp $IVY_DIR/*:$LIB_DIR/libthrift.jar:tutorial.jar JavaServer
diff --git a/tutorial/java/src/JavaClient.java b/tutorial/java/src/JavaClient.java
index 5dc70ed..ad4730a 100644
--- a/tutorial/java/src/JavaClient.java
+++ b/tutorial/java/src/JavaClient.java
@@ -22,64 +22,85 @@
import shared.*;
import org.apache.thrift.TException;
+import org.apache.thrift.transport.TSSLTransportFactory;
import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TSocket;
-import org.apache.thrift.transport.TTransportException;
+import org.apache.thrift.transport.TSSLTransportFactory.TSSLTransportParameters;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.protocol.TProtocol;
-import java.util.AbstractMap;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.ArrayList;
-
public class JavaClient {
public static void main(String [] args) {
- try {
- TTransport transport = new TSocket("localhost", 9090);
- TProtocol protocol = new TBinaryProtocol(transport);
- Calculator.Client client = new Calculator.Client(protocol);
-
- transport.open();
-
- client.ping();
- System.out.println("ping()");
-
- int sum = client.add(1,1);
- System.out.println("1+1=" + sum);
-
- Work work = new Work();
-
- work.op = Operation.DIVIDE;
- work.num1 = 1;
- work.num2 = 0;
- try {
- int quotient = client.calculate(1, work);
- System.out.println("Whoa we can divide by 0");
- } catch (InvalidOperation io) {
- System.out.println("Invalid operation: " + io.why);
- }
-
- work.op = Operation.SUBTRACT;
- work.num1 = 15;
- work.num2 = 10;
- try {
- int diff = client.calculate(1, work);
- System.out.println("15-10=" + diff);
- } catch (InvalidOperation io) {
- System.out.println("Invalid operation: " + io.why);
- }
-
- SharedStruct log = client.getStruct(1);
- System.out.println("Check log: " + log.value);
-
- transport.close();
-
- } catch (TException x) {
- x.printStackTrace();
+ if (args.length != 1) {
+ System.out.println("Please enter 'simple' or 'secure'");
+ System.exit(0);
}
+ try {
+ TTransport transport;
+ if (args[0].contains("simple")) {
+ transport = new TSocket("localhost", 9090);
+ transport.open();
+ }
+ else {
+ /*
+ * Similar to the server, you can use the parametrs to setup client parameters or
+ * use the default settings. On the client side, you will need a TrustStore which
+ * contains the trusted certificate along with the public key.
+ * For this example it's a self-signed cert.
+ */
+ TSSLTransportParameters params = new TSSLTransportParameters();
+ params.setTrustStore("../../lib/java/test/.truststore", "thrift", "SunX509", "JKS");
+ /*
+ * Get a client transport instead of a server transport. The connection is opened on
+ * invocation of the factory method, no need to specifically call open()
+ */
+ transport = TSSLTransportFactory.getClientSocket("localhost", 9091, 0, params);
+ }
+
+ TProtocol protocol = new TBinaryProtocol(transport);
+ Calculator.Client client = new Calculator.Client(protocol);
+
+ perform(client);
+
+ transport.close();
+ } catch (TException x) {
+ x.printStackTrace();
+ }
}
+ private static void perform(Calculator.Client client) throws TException
+ {
+ client.ping();
+ System.out.println("ping()");
+
+ int sum = client.add(1,1);
+ System.out.println("1+1=" + sum);
+
+ Work work = new Work();
+
+ work.op = Operation.DIVIDE;
+ work.num1 = 1;
+ work.num2 = 0;
+ try {
+ int quotient = client.calculate(1, work);
+ System.out.println("Whoa we can divide by 0");
+ } catch (InvalidOperation io) {
+ System.out.println("Invalid operation: " + io.why);
+ }
+
+ work.op = Operation.SUBTRACT;
+ work.num1 = 15;
+ work.num2 = 10;
+ try {
+ int diff = client.calculate(1, work);
+ System.out.println("15-10=" + diff);
+ } catch (InvalidOperation io) {
+ System.out.println("Invalid operation: " + io.why);
+ }
+
+ SharedStruct log = client.getStruct(1);
+ System.out.println("Check log: " + log.value);
+ }
}
diff --git a/tutorial/java/src/JavaServer.java b/tutorial/java/src/JavaServer.java
index da84c32..29c4d58 100644
--- a/tutorial/java/src/JavaServer.java
+++ b/tutorial/java/src/JavaServer.java
@@ -17,13 +17,12 @@
* under the License.
*/
-import org.apache.thrift.TException;
-import org.apache.thrift.protocol.TBinaryProtocol;
-import org.apache.thrift.protocol.TProtocol;
import org.apache.thrift.server.TServer;
import org.apache.thrift.server.TSimpleServer;
+import org.apache.thrift.transport.TSSLTransportFactory;
import org.apache.thrift.transport.TServerSocket;
import org.apache.thrift.transport.TServerTransport;
+import org.apache.thrift.transport.TSSLTransportFactory.TSSLTransportParameters;
// Generated code
import tutorial.*;
@@ -54,29 +53,29 @@
System.out.println("calculate(" + logid + ", {" + work.op + "," + work.num1 + "," + work.num2 + "})");
int val = 0;
switch (work.op) {
- case ADD:
- val = work.num1 + work.num2;
- break;
- case SUBTRACT:
- val = work.num1 - work.num2;
- break;
- case MULTIPLY:
- val = work.num1 * work.num2;
- break;
- case DIVIDE:
- if (work.num2 == 0) {
+ case ADD:
+ val = work.num1 + work.num2;
+ break;
+ case SUBTRACT:
+ val = work.num1 - work.num2;
+ break;
+ case MULTIPLY:
+ val = work.num1 * work.num2;
+ break;
+ case DIVIDE:
+ if (work.num2 == 0) {
+ InvalidOperation io = new InvalidOperation();
+ io.what = work.op.getValue();
+ io.why = "Cannot divide by 0";
+ throw io;
+ }
+ val = work.num1 / work.num2;
+ break;
+ default:
InvalidOperation io = new InvalidOperation();
io.what = work.op.getValue();
- io.why = "Cannot divide by 0";
+ io.why = "Unknown operation";
throw io;
- }
- val = work.num1 / work.num2;
- break;
- default:
- InvalidOperation io = new InvalidOperation();
- io.what = work.op.getValue();
- io.why = "Unknown operation";
- throw io;
}
SharedStruct entry = new SharedStruct();
@@ -98,22 +97,75 @@
}
+ public static Calculator.Processor processor;
+
public static void main(String [] args) {
try {
CalculatorHandler handler = new CalculatorHandler();
- Calculator.Processor processor = new Calculator.Processor(handler);
+ processor = new Calculator.Processor(handler);
+
+ Runnable simple = new Runnable() {
+ public void run() {
+ simple(processor);
+ }
+ };
+ Runnable secure = new Runnable() {
+ public void run() {
+ secure(processor);
+ }
+ };
+
+ new Thread(simple).start();
+ new Thread(secure).start();
+ } catch (Exception x) {
+ x.printStackTrace();
+ }
+ }
+
+ public static void simple(Calculator.Processor processor) {
+ try {
TServerTransport serverTransport = new TServerSocket(9090);
TServer server = new TSimpleServer(processor, serverTransport);
// Use this for a multithreaded server
// server = new TThreadPoolServer(processor, serverTransport);
- System.out.println("Starting the server...");
+ System.out.println("Starting the simple server...");
server.serve();
-
- } catch (Exception x) {
- x.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
}
- System.out.println("done.");
+ }
+
+ public static void secure(Calculator.Processor processor) {
+ try {
+ /*
+ * Use TSSLTransportParameters to setup the required SSL parameters. In this example
+ * we are setting the keystore and the keystore password. Other things like algorithms,
+ * cipher suites, client auth etc can be set.
+ */
+ TSSLTransportParameters params = new TSSLTransportParameters();
+ // The Keystore contains the private key
+ params.setKeyStore("../../lib/java/test/.keystore", "thrift", null, null);
+
+ /*
+ * Use any of the TSSLTransportFactory to get a server transport with the appropriate
+ * SSL configuration. You can use the default settings if properties are set in the command line.
+ * Ex: -Djavax.net.ssl.keyStore=.keystore and -Djavax.net.ssl.keyStorePassword=thrift
+ *
+ * Note: You need not explicitly call open(). The underlying server socket is bound on return
+ * from the factory class.
+ */
+ TServerTransport serverTransport = TSSLTransportFactory.getServerSocket(9091, 0, null, params);
+ TServer server = new TSimpleServer(processor, serverTransport);
+
+ // Use this for a multi threaded server
+ // server = new TThreadPoolServer(processor, serverTransport);
+
+ System.out.println("Starting the secure server...");
+ server.serve();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
}
}