public synchronized void init() throws TTransportException { if (null != client) { return; } if (null == truststore) { transport = new TSocket(ip, port); transport.open(); } else { /* * Similar to the server, you can use the parameters to setup * client parameters or use the default settings. On the client * side, you will need a TrustStore which contains the trusted * certificate along with the public key. For this example it's * a self-signed cert. */ String truststore_arr[] = truststore.split("@"); if (truststore_arr.length != 2) { throw new RuntimeException("client.truststore 格式错误(缺少 @密码):" + truststore); } TSSLTransportParameters params = new TSSLTransportParameters(); if (truststore_arr[0].endsWith(".truststore")) { params.setTrustStore(truststore_arr[0], truststore_arr[1], "SunX509", "JKS"); } else { params.setTrustStore(truststore_arr[0], truststore_arr[1], "X509", "BKS"); } /* * Get a client transport instead of a server transport. The * connection is opened on invocation of the factory method, no * need to specifically call open() */ transport = TSSLTransportFactory.getClientSocket(ip, port, RemoteSyncConfig.getTimeout(), params); } TProtocol protocol = new TBinaryProtocol(transport); client = new SyncFileServer.Client(protocol); }
public TTransport getTransport(TTransport trans) { final CliSessionState sessionState = CliMain.sessionState; try { TSSLTransportParameters params = new TSSLTransportParameters(sessionState.encOptions.protocol, sessionState.encOptions.cipher_suites); params.setTrustStore(sessionState.encOptions.truststore, sessionState.encOptions.truststore_password); trans = TSSLTransportFactory.getClientSocket(sessionState.hostName, sessionState.thriftPort, SOCKET_TIMEOUT, params); return new FramedTransportFactory().getTransport(trans); } catch (TTransportException e) { throw new RuntimeException("Failed to create a client SSL connection.", e); } }
public static void secure(Calculator.Processor<CalculatorHandler> processor) throws Exception { /* * Use TSSLTransportParameters to setup the required SSL parameters. In this * example we are setting the keystore and the keystore password. Other things * like algorithms, cipher suites, client auth etc can be set. */ TSSLTransportParameters params = new TSSLTransportParameters(); // The Keystore contains the private key params.setKeyStore("../../lib/java/test/.keystore", "thrift", null, null); /* * Use any of the TSSLTransportFactory to get a server transport with the * appropriate SSL configuration. You can use the default settings if properties * are set in the command line. Ex: -Djavax.net.ssl.keyStore=.keystore and * -Djavax.net.ssl.keyStorePassword=thrift * * Note: You need not explicitly call open(). The underlying server socket is * bound on return from the factory class. */ TServerTransport serverTransport = TSSLTransportFactory.getServerSocket(9091, 0, null, params); TServer server = new TSimpleServer(new Args(serverTransport).processor(processor)); // Use this for a multi threaded server // TServer server = new TThreadPoolServer(new // TThreadPoolServer.Args(serverTransport).processor(processor)); System.out.println("Starting the secure server..."); server.serve(); }
private TSocket createTLSSocket(String host) throws TTransportException { TSSLTransportParameters sslParams = new TSSLTransportParameters("SSL", m_dbtls_cipher_suites); if (!Utils.isEmpty(m_keystore)) { sslParams.setKeyStore(m_keystore, m_keystorepassword); } if (!Utils.isEmpty(m_truststore)) { sslParams.setTrustStore(m_truststore, m_truststorepassword); } return TSSLTransportFactory.getClientSocket(host, m_dbport, m_db_timeout_millis, sslParams); }
public static void secure(Calculator.Processor processor) { try { /* * Use TSSLTransportParameters to setup the required SSL parameters. In this example * we are setting the keystore and the keystore password. Other things like algorithms, * cipher suites, client auth etc can be set. */ TSSLTransportParameters params = new TSSLTransportParameters(); // The Keystore contains the private key params.setKeyStore("../../lib/java/test/.keystore", "thrift", null, null); /* * Use any of the TSSLTransportFactory to get a server transport with the appropriate * SSL configuration. You can use the default settings if properties are set in the command line. * Ex: -Djavax.net.ssl.keyStore=.keystore and -Djavax.net.ssl.keyStorePassword=thrift * * Note: You need not explicitly call open(). The underlying server socket is bound on return * from the factory class. */ TServerTransport serverTransport = TSSLTransportFactory.getServerSocket(9091, 0, null, params); TServer server = new TSimpleServer(new Args(serverTransport).processor(processor)); // Use this for a multi threaded server // TServer server = new TThreadPoolServer(new TThreadPoolServer.Args(serverTransport).processor(processor)); System.out.println("Starting the secure server..."); server.serve(); } catch (Exception e) { e.printStackTrace(); } }
public static void main(String [] args) { if (args.length != 1) { System.out.println("Please enter 'simple' or 'secure'"); System.exit(0); } try { TTransport transport; if (args[0].contains("simple")) { transport = new TSocket("localhost", 9090); transport.open(); } else { /* * Similar to the server, you can use the parameters to setup client parameters or * use the default settings. On the client side, you will need a TrustStore which * contains the trusted certificate along with the public key. * For this example it's a self-signed cert. */ TSSLTransportParameters params = new TSSLTransportParameters(); params.setTrustStore("../../lib/java/test/.truststore", "thrift", "SunX509", "JKS"); /* * Get a client transport instead of a server transport. The connection is opened on * invocation of the factory method, no need to specifically call open() */ transport = TSSLTransportFactory.getClientSocket("localhost", 9091, 0, params); } TProtocol protocol = new TBinaryProtocol(transport); Calculator.Client client = new Calculator.Client(protocol); perform(client); transport.close(); } catch (TException x) { x.printStackTrace(); } }
public TServer buildTServer(Args args) { final InetSocketAddress addr = args.addr; TServerTransport serverTransport; try { final ClientEncryptionOptions clientEnc = DatabaseDescriptor.getClientEncryptionOptions(); if (clientEnc.enabled) { logger.info("enabling encrypted thrift connections between client and server"); TSSLTransportParameters params = new TSSLTransportParameters(clientEnc.protocol, clientEnc.cipher_suites); params.setKeyStore(clientEnc.keystore, clientEnc.keystore_password); if (clientEnc.require_client_auth) { params.setTrustStore(clientEnc.truststore, clientEnc.truststore_password); params.requireClientAuth(true); } TServerSocket sslServer = TSSLTransportFactory.getServerSocket(addr.getPort(), 0, addr.getAddress(), params); SSLServerSocket sslServerSocket = (SSLServerSocket) sslServer.getServerSocket(); sslServerSocket.setEnabledProtocols(SSLFactory.ACCEPTED_PROTOCOLS); serverTransport = new TCustomServerSocket(sslServer.getServerSocket(), args.keepAlive, args.sendBufferSize, args.recvBufferSize); } else { serverTransport = new TCustomServerSocket(addr, args.keepAlive, args.sendBufferSize, args.recvBufferSize, args.listenBacklog); } } catch (TTransportException e) { throw new RuntimeException(String.format("Unable to create thrift socket to %s:%s", addr.getAddress(), addr.getPort()), e); } // ThreadPool Server and will be invocation per connection basis... TThreadPoolServer.Args serverArgs = new TThreadPoolServer.Args(serverTransport) .minWorkerThreads(DatabaseDescriptor.getRpcMinThreads()) .maxWorkerThreads(DatabaseDescriptor.getRpcMaxThreads()) .inputTransportFactory(args.inTransportFactory) .outputTransportFactory(args.outTransportFactory) .inputProtocolFactory(args.tProtocolFactory) .outputProtocolFactory(args.tProtocolFactory) .processor(args.processor); ExecutorService executorService = new ThreadPoolExecutor(serverArgs.minWorkerThreads, serverArgs.maxWorkerThreads, 60, TimeUnit.SECONDS, new SynchronousQueue<Runnable>(), new NamedThreadFactory("Thrift")); return new CustomTThreadPoolServer(serverArgs, executorService); }
public TServer buildTServer(Args args) { final InetSocketAddress addr = args.addr; TServerTransport serverTransport; try { final ClientEncryptionOptions clientEnc = DatabaseDescriptor.getClientEncryptionOptions(); if (clientEnc.enabled) { logger.info("enabling encrypted thrift connections between client and server"); TSSLTransportParameters params = new TSSLTransportParameters(clientEnc.protocol, clientEnc.cipher_suites); params.setKeyStore(clientEnc.keystore, clientEnc.keystore_password); if (clientEnc.require_client_auth) { params.setTrustStore(clientEnc.truststore, clientEnc.truststore_password); params.requireClientAuth(true); } TServerSocket sslServer = TSSLTransportFactory.getServerSocket(addr.getPort(), 0, addr.getAddress(), params); serverTransport = new TCustomServerSocket(sslServer.getServerSocket(), args.keepAlive, args.sendBufferSize, args.recvBufferSize); } else { serverTransport = new TCustomServerSocket(addr, args.keepAlive, args.sendBufferSize, args.recvBufferSize); } } catch (TTransportException e) { throw new RuntimeException(String.format("Unable to create thrift socket to %s:%s", addr.getAddress(), addr.getPort()), e); } // ThreadPool Server and will be invocation per connection basis... TThreadPoolServer.Args serverArgs = new TThreadPoolServer.Args(serverTransport) .minWorkerThreads(DatabaseDescriptor.getRpcMinThreads()) .maxWorkerThreads(DatabaseDescriptor.getRpcMaxThreads()) .inputTransportFactory(args.inTransportFactory) .outputTransportFactory(args.outTransportFactory) .inputProtocolFactory(args.tProtocolFactory) .outputProtocolFactory(args.tProtocolFactory) .processor(args.processor); ExecutorService executorService = new ThreadPoolExecutor(serverArgs.minWorkerThreads, serverArgs.maxWorkerThreads, 60, TimeUnit.SECONDS, new SynchronousQueue<Runnable>(), new NamedThreadFactory("Thrift")); return new CustomTThreadPoolServer(serverArgs, executorService); }
@SuppressWarnings("resource") public TServer buildTServer(Args args) { final InetSocketAddress addr = args.addr; TServerTransport serverTransport; try { final ClientEncryptionOptions clientEnc = DatabaseDescriptor.getClientEncryptionOptions(); if (clientEnc.enabled) { logger.info("enabling encrypted thrift connections between client and server"); TSSLTransportParameters params = new TSSLTransportParameters(clientEnc.protocol, new String[0]); params.setKeyStore(clientEnc.keystore, clientEnc.keystore_password); if (clientEnc.require_client_auth) { params.setTrustStore(clientEnc.truststore, clientEnc.truststore_password); params.requireClientAuth(true); } TServerSocket sslServer = TSSLTransportFactory.getServerSocket(addr.getPort(), 0, addr.getAddress(), params); SSLServerSocket sslServerSocket = (SSLServerSocket) sslServer.getServerSocket(); String[] suites = SSLFactory.filterCipherSuites(sslServerSocket.getSupportedCipherSuites(), clientEnc.cipher_suites); sslServerSocket.setEnabledCipherSuites(suites); sslServerSocket.setEnabledProtocols(SSLFactory.ACCEPTED_PROTOCOLS); serverTransport = new TCustomServerSocket(sslServer.getServerSocket(), args.keepAlive, args.sendBufferSize, args.recvBufferSize); } else { serverTransport = new TCustomServerSocket(addr, args.keepAlive, args.sendBufferSize, args.recvBufferSize, args.listenBacklog); } } catch (TTransportException e) { throw new RuntimeException(String.format("Unable to create thrift socket to %s:%s", addr.getAddress(), addr.getPort()), e); } // ThreadPool Server and will be invocation per connection basis... TThreadPoolServer.Args serverArgs = new TThreadPoolServer.Args(serverTransport) .minWorkerThreads(DatabaseDescriptor.getRpcMinThreads()) .maxWorkerThreads(DatabaseDescriptor.getRpcMaxThreads()) .inputTransportFactory(args.inTransportFactory) .outputTransportFactory(args.outTransportFactory) .inputProtocolFactory(args.tProtocolFactory) .outputProtocolFactory(args.tProtocolFactory) .processor(args.processor); ExecutorService executorService = new ThreadPoolExecutor(serverArgs.minWorkerThreads, serverArgs.maxWorkerThreads, 60, TimeUnit.SECONDS, new SynchronousQueue<Runnable>(), new NamedThreadFactory("Thrift")); return new CustomTThreadPoolServer(serverArgs, executorService); }
public TServer buildTServer(Args args) { final InetSocketAddress addr = args.addr; TServerTransport serverTransport; try { final ClientEncryptionOptions clientEnc = DatabaseDescriptor.getClientEncryptionOptions(); if (clientEnc.enabled) { logger.info("enabling encrypted thrift connections between client and server"); TSSLTransportParameters params = new TSSLTransportParameters(clientEnc.protocol, clientEnc.cipher_suites); params.setKeyStore(clientEnc.keystore, clientEnc.keystore_password); if (clientEnc.require_client_auth) { params.setTrustStore(clientEnc.truststore, clientEnc.truststore_password); params.requireClientAuth(true); } TServerSocket sslServer = TSSLTransportFactory.getServerSocket(addr.getPort(), 0, addr.getAddress(), params); serverTransport = new TCustomServerSocket(sslServer.getServerSocket(), args.keepAlive, args.sendBufferSize, args.recvBufferSize); } else { serverTransport = new TCustomServerSocket(addr, args.keepAlive, args.sendBufferSize, args.recvBufferSize, args.listenBacklog); } } catch (TTransportException e) { throw new RuntimeException(String.format("Unable to create thrift socket to %s:%s", addr.getAddress(), addr.getPort()), e); } // ThreadPool Server and will be invocation per connection basis... TThreadPoolServer.Args serverArgs = new TThreadPoolServer.Args(serverTransport) .minWorkerThreads(DatabaseDescriptor.getRpcMinThreads()) .maxWorkerThreads(DatabaseDescriptor.getRpcMaxThreads()) .inputTransportFactory(args.inTransportFactory) .outputTransportFactory(args.outTransportFactory) .inputProtocolFactory(args.tProtocolFactory) .outputProtocolFactory(args.tProtocolFactory) .processor(args.processor); ExecutorService executorService = new ThreadPoolExecutor(serverArgs.minWorkerThreads, serverArgs.maxWorkerThreads, 60, TimeUnit.SECONDS, new SynchronousQueue<Runnable>(), new NamedThreadFactory("Thrift")); return new CustomTThreadPoolServer(serverArgs, executorService); }