This web page has links to Java code that demonstrates how to build a
basic SSL client server that uses the Apache Thrift SSL classes (from Thrift 0.9.0).
Apache Thrift allows communication objects, with marshaling and
unmarshaling, to be built via an abstract defintion and compiled for a
variety of languages (including Java and Python). Using SSL with
thrift can be a bit obscure.
To generate the key the SSL Keys for SSL communication in Java
Give a suitable password and answers to the prompts. After that it will create the key store keystore.jks containing generated private/ public key pair.
Again give a password and say yes to the prompt asking whether to
trust this certificate. Now the certificate setup is complete. Let's create the secure Thrift server and client to consume it.
From: Buddhika Chamith's blog
http://chamibuddhika.wordpress.com/2011/10/03/securing-a-thrift-service/
Give a suitable password and answers to the prompts. After that it will create the key store keystore.jks containing generated private/ public key pair.
Again give a password and say yes to the prompt asking whether to trust this certificate. Now the certificate setup is complete. Let’s create the secure Thrift server and client to consume it.
From: Buddhika Chamith's blog
http://chamibuddhika.wordpress.com/2011/10/03/securing-a-thrift-service/
*/
package ssl_test;
public interface ISSLInterface
{
static final String certPath = "/home/iank/ssl_cert_java";
static final String keystorePath = certPath + "/" + "keystore.jks";
static final String truststorePath = certPath + "/" + "truststore.jks";
static final String certPswd = "myPassWord";
static final int port = 7911;
static final int clientTimeout = 1000;
static final String host = "localhost";
}
thrift_ssl/SSLClient.java 0100644 0003362 0003363 00000004001 12133436321 014325 0 ustar iank iank /*
A Thrift SSL Client
Author: Ian Kaplan
April, 2013
*/
package ssl_test;
import java.io.File;
import java.net.InetAddress;
import java.net.UnknownHostException;
import org.apache.thrift.transport.TSSLTransportFactory;
import org.apache.thrift.transport.TSocket;
import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TTransportException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class SSLClient extends Thread implements ISSLInterface
{
private static final Logger LOGGER = LoggerFactory.getLogger(SSLClient.class.getName());
public SSLClient()
{
File pathToTruststore = new File( truststorePath );
if (pathToTruststore.exists()) {
if (! pathToTruststore.canRead()) {
System.err.println("Client: cannot read truststore file: " + truststorePath );
}
}
else {
System.err.println("Client: path to keystore does not exist: " + truststorePath );
}
}
@Override
public void run() {
System.out.println("SSLClient: entering run()");
TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters();
params.setTrustStore(truststorePath, certPswd);
TSocket clientSoc = null;
try
{
clientSoc = TSSLTransportFactory.getClientSocket(host, port, clientTimeout, params);
final String msg = "T'was brillag and the slithy toves";
final byte[] buf = msg.getBytes();
System.out.println("Client: Writing to server");
clientSoc.write(buf);
clientSoc.flush();
}
catch (TTransportException ex) {
System.out.println("Client: Error creating client socket: " + ex.getLocalizedMessage());
}
finally {
if (clientSoc != null) {
clientSoc.close();
}
}
System.out.println("Leaving SSLClient run()");
}
}
thrift_ssl/SSLServer.java 0100644 0003362 0003363 00000005756 12133436321 014377 0 ustar iank iank /*
A Thrift SSL Server
Author: Ian Kaplan
April, 2013
*/
package ssl_test;
import java.io.File;
import java.net.InetAddress;
import java.net.UnknownHostException;
import org.apache.thrift.transport.TSSLTransportFactory;
import org.apache.thrift.transport.TServerSocket;
import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TTransportException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class SSLServer extends Thread implements ISSLInterface
{
private static final Logger LOGGER = LoggerFactory.getLogger(SSLServer.class.getName());
public SSLServer()
{
File pathToKeystore = new File( keystorePath );
if (pathToKeystore.exists()) {
if (! pathToKeystore.canRead()) {
System.err.println("Server: cannot read keystore file: " + keystorePath );
}
}
else {
System.err.println("Server: path to keystore does not exist: " + keystorePath );
}
}
@Override
public void run()
{
System.out.println("SSLServer: entering run()");
TServerSocket serverTransport = null;
try {
final InetAddress netAddr = InetAddress.getByName(host);
TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters();
params.setKeyStore(keystorePath, certPswd);
serverTransport = TSSLTransportFactory.getServerSocket(port, clientTimeout, netAddr, params);
System.out.println("Server: Created TServerSocket object - now listen()");
serverTransport.listen();
System.out.println("Server: Returned from listen");
TTransport trans = serverTransport.accept();
System.out.println("Server: Accepted SSL socket connection");
if (trans.isOpen()) {
System.out.println("Server: Socket is open");
byte buf[] = new byte[1024];
System.out.println("Server: reading socket... bytes = " + buf.length);
int bytesRead = trans.read(buf, 0, buf.length);
System.out.println("Server: read " + bytesRead + " bytes");
if (bytesRead > 0) {
String str = new String(buf);
System.out.println("Server: Read: " + str);
}
}
else {
System.out.println("Server: socket is not open");
}
}
catch (UnknownHostException hostEx) {
System.out.println("Server: Unknown host exception:" + hostEx.getLocalizedMessage() );
}
catch (TTransportException transEx) {
System.out.println("Server: Error creating serverTransport:" + transEx.getLocalizedMessage() );
}
finally {
if (serverTransport != null) {
serverTransport.close();
}
}
System.out.println("Leaving SSLServer run()");
}
}