THRIFT-106. java: TSSLServerSocket
This patch adds support for SSL-encrypted client and server sockets.
Patch: Nirmal Ranganathan
git-svn-id: https://svn.apache.org/repos/asf/incubator/thrift/trunk@1024328 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/tutorial/java/JavaClient b/tutorial/java/JavaClient
index 77b6a05..bc518cf 100755
--- a/tutorial/java/JavaClient
+++ b/tutorial/java/JavaClient
@@ -22,4 +22,4 @@
LIB_DIR=$THIS_DIR/../../lib/java/
IVY_DIR=$LIB_DIR/build/ivy/lib/
-java -cp $IVY_DIR/*:$LIB_DIR/libthrift.jar:tutorial.jar JavaClient
+java -cp $IVY_DIR/*:$LIB_DIR/libthrift.jar:tutorial.jar JavaClient $1
diff --git a/tutorial/java/JavaServer b/tutorial/java/JavaServer
index 3ff9fd8..d821715 100755
--- a/tutorial/java/JavaServer
+++ b/tutorial/java/JavaServer
@@ -22,4 +22,11 @@
LIB_DIR=$THIS_DIR/../../lib/java/
IVY_DIR=$LIB_DIR/build/ivy/lib/
+# Optionally the following properties could be set for SSL instead
+# of configuring it in the code
+# -Djavax.net.ssl.trustStore=../../lib/java/test/.truststore
+# -Djavax.net.ssl.trustStorePassword=thrift
+# -Djavax.net.ssl.keyStore=../../lib/java/test/.keystore
+# -Djavax.net.ssl.keyStorePassword=thrift
+
java -cp $IVY_DIR/*:$LIB_DIR/libthrift.jar:tutorial.jar JavaServer
diff --git a/tutorial/java/src/JavaClient.java b/tutorial/java/src/JavaClient.java
index 5dc70ed..ad4730a 100644
--- a/tutorial/java/src/JavaClient.java
+++ b/tutorial/java/src/JavaClient.java
@@ -22,64 +22,85 @@
import shared.*;
import org.apache.thrift.TException;
+import org.apache.thrift.transport.TSSLTransportFactory;
import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TSocket;
-import org.apache.thrift.transport.TTransportException;
+import org.apache.thrift.transport.TSSLTransportFactory.TSSLTransportParameters;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.protocol.TProtocol;
-import java.util.AbstractMap;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.ArrayList;
-
public class JavaClient {
public static void main(String [] args) {
- try {
- TTransport transport = new TSocket("localhost", 9090);
- TProtocol protocol = new TBinaryProtocol(transport);
- Calculator.Client client = new Calculator.Client(protocol);
-
- transport.open();
-
- client.ping();
- System.out.println("ping()");
-
- int sum = client.add(1,1);
- System.out.println("1+1=" + sum);
-
- Work work = new Work();
-
- work.op = Operation.DIVIDE;
- work.num1 = 1;
- work.num2 = 0;
- try {
- int quotient = client.calculate(1, work);
- System.out.println("Whoa we can divide by 0");
- } catch (InvalidOperation io) {
- System.out.println("Invalid operation: " + io.why);
- }
-
- work.op = Operation.SUBTRACT;
- work.num1 = 15;
- work.num2 = 10;
- try {
- int diff = client.calculate(1, work);
- System.out.println("15-10=" + diff);
- } catch (InvalidOperation io) {
- System.out.println("Invalid operation: " + io.why);
- }
-
- SharedStruct log = client.getStruct(1);
- System.out.println("Check log: " + log.value);
-
- transport.close();
-
- } catch (TException x) {
- x.printStackTrace();
+ if (args.length != 1) {
+ System.out.println("Please enter 'simple' or 'secure'");
+ System.exit(0);
}
+ try {
+ TTransport transport;
+ if (args[0].contains("simple")) {
+ transport = new TSocket("localhost", 9090);
+ transport.open();
+ }
+ else {
+ /*
+ * Similar to the server, you can use the parametrs to setup client parameters or
+ * use the default settings. On the client side, you will need a TrustStore which
+ * contains the trusted certificate along with the public key.
+ * For this example it's a self-signed cert.
+ */
+ TSSLTransportParameters params = new TSSLTransportParameters();
+ params.setTrustStore("../../lib/java/test/.truststore", "thrift", "SunX509", "JKS");
+ /*
+ * Get a client transport instead of a server transport. The connection is opened on
+ * invocation of the factory method, no need to specifically call open()
+ */
+ transport = TSSLTransportFactory.getClientSocket("localhost", 9091, 0, params);
+ }
+
+ TProtocol protocol = new TBinaryProtocol(transport);
+ Calculator.Client client = new Calculator.Client(protocol);
+
+ perform(client);
+
+ transport.close();
+ } catch (TException x) {
+ x.printStackTrace();
+ }
}
+ private static void perform(Calculator.Client client) throws TException
+ {
+ client.ping();
+ System.out.println("ping()");
+
+ int sum = client.add(1,1);
+ System.out.println("1+1=" + sum);
+
+ Work work = new Work();
+
+ work.op = Operation.DIVIDE;
+ work.num1 = 1;
+ work.num2 = 0;
+ try {
+ int quotient = client.calculate(1, work);
+ System.out.println("Whoa we can divide by 0");
+ } catch (InvalidOperation io) {
+ System.out.println("Invalid operation: " + io.why);
+ }
+
+ work.op = Operation.SUBTRACT;
+ work.num1 = 15;
+ work.num2 = 10;
+ try {
+ int diff = client.calculate(1, work);
+ System.out.println("15-10=" + diff);
+ } catch (InvalidOperation io) {
+ System.out.println("Invalid operation: " + io.why);
+ }
+
+ SharedStruct log = client.getStruct(1);
+ System.out.println("Check log: " + log.value);
+ }
}
diff --git a/tutorial/java/src/JavaServer.java b/tutorial/java/src/JavaServer.java
index da84c32..29c4d58 100644
--- a/tutorial/java/src/JavaServer.java
+++ b/tutorial/java/src/JavaServer.java
@@ -17,13 +17,12 @@
* under the License.
*/
-import org.apache.thrift.TException;
-import org.apache.thrift.protocol.TBinaryProtocol;
-import org.apache.thrift.protocol.TProtocol;
import org.apache.thrift.server.TServer;
import org.apache.thrift.server.TSimpleServer;
+import org.apache.thrift.transport.TSSLTransportFactory;
import org.apache.thrift.transport.TServerSocket;
import org.apache.thrift.transport.TServerTransport;
+import org.apache.thrift.transport.TSSLTransportFactory.TSSLTransportParameters;
// Generated code
import tutorial.*;
@@ -54,29 +53,29 @@
System.out.println("calculate(" + logid + ", {" + work.op + "," + work.num1 + "," + work.num2 + "})");
int val = 0;
switch (work.op) {
- case ADD:
- val = work.num1 + work.num2;
- break;
- case SUBTRACT:
- val = work.num1 - work.num2;
- break;
- case MULTIPLY:
- val = work.num1 * work.num2;
- break;
- case DIVIDE:
- if (work.num2 == 0) {
+ case ADD:
+ val = work.num1 + work.num2;
+ break;
+ case SUBTRACT:
+ val = work.num1 - work.num2;
+ break;
+ case MULTIPLY:
+ val = work.num1 * work.num2;
+ break;
+ case DIVIDE:
+ if (work.num2 == 0) {
+ InvalidOperation io = new InvalidOperation();
+ io.what = work.op.getValue();
+ io.why = "Cannot divide by 0";
+ throw io;
+ }
+ val = work.num1 / work.num2;
+ break;
+ default:
InvalidOperation io = new InvalidOperation();
io.what = work.op.getValue();
- io.why = "Cannot divide by 0";
+ io.why = "Unknown operation";
throw io;
- }
- val = work.num1 / work.num2;
- break;
- default:
- InvalidOperation io = new InvalidOperation();
- io.what = work.op.getValue();
- io.why = "Unknown operation";
- throw io;
}
SharedStruct entry = new SharedStruct();
@@ -98,22 +97,75 @@
}
+ public static Calculator.Processor processor;
+
public static void main(String [] args) {
try {
CalculatorHandler handler = new CalculatorHandler();
- Calculator.Processor processor = new Calculator.Processor(handler);
+ processor = new Calculator.Processor(handler);
+
+ Runnable simple = new Runnable() {
+ public void run() {
+ simple(processor);
+ }
+ };
+ Runnable secure = new Runnable() {
+ public void run() {
+ secure(processor);
+ }
+ };
+
+ new Thread(simple).start();
+ new Thread(secure).start();
+ } catch (Exception x) {
+ x.printStackTrace();
+ }
+ }
+
+ public static void simple(Calculator.Processor processor) {
+ try {
TServerTransport serverTransport = new TServerSocket(9090);
TServer server = new TSimpleServer(processor, serverTransport);
// Use this for a multithreaded server
// server = new TThreadPoolServer(processor, serverTransport);
- System.out.println("Starting the server...");
+ System.out.println("Starting the simple server...");
server.serve();
-
- } catch (Exception x) {
- x.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
}
- System.out.println("done.");
+ }
+
+ public static void secure(Calculator.Processor processor) {
+ try {
+ /*
+ * Use TSSLTransportParameters to setup the required SSL parameters. In this example
+ * we are setting the keystore and the keystore password. Other things like algorithms,
+ * cipher suites, client auth etc can be set.
+ */
+ TSSLTransportParameters params = new TSSLTransportParameters();
+ // The Keystore contains the private key
+ params.setKeyStore("../../lib/java/test/.keystore", "thrift", null, null);
+
+ /*
+ * Use any of the TSSLTransportFactory to get a server transport with the appropriate
+ * SSL configuration. You can use the default settings if properties are set in the command line.
+ * Ex: -Djavax.net.ssl.keyStore=.keystore and -Djavax.net.ssl.keyStorePassword=thrift
+ *
+ * Note: You need not explicitly call open(). The underlying server socket is bound on return
+ * from the factory class.
+ */
+ TServerTransport serverTransport = TSSLTransportFactory.getServerSocket(9091, 0, null, params);
+ TServer server = new TSimpleServer(processor, serverTransport);
+
+ // Use this for a multi threaded server
+ // server = new TThreadPoolServer(processor, serverTransport);
+
+ System.out.println("Starting the secure server...");
+ server.serve();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
}
}