thrift_ssl/0040700000336200033630000000000012133440374011663 5ustar iankiankthrift_ssl/index.html0100644000336200033630000000506212133440374013672 0ustar iankiank Topics in Quantitative Finance

SSL using Apache Thrift

This web page has links to Java code that demonstrates how to build a basic SSL client server that uses the Apache Thrift SSL classes (from Thrift 0.9.0).

Apache Thrift allows communication objects, with marshaling and unmarshaling, to be built via an abstract defintion and compiled for a variety of languages (including Java and Python). Using SSL with thrift can be a bit obscure.

To generate the key the SSL Keys for SSL communication in Java 

   keytool -genkeypair -alias certificatekey -keyalg RSA -validity 7 -keystore keystore.jks

Give a suitable password and answers to the prompts. After that it will create the key store keystore.jks containing generated private/ public key pair. 

  keytool -export -alias certificatekey -keystore keystore.jks -rfc -file cert.cer

Export the certificate (cret.cer) containing the public key from the key store using following command. 

  keytool -export -alias certificatekey -keystore keystore.jks -rfc -file cert.cer

Create trust store

Now let's create the trust store (truststore.jks) and import the certificate to it. This can be done using single command line as given below. 

keytool -import -alias certificatekey -file cert.cer -keystore truststore.jks

Again give a password and say yes to the prompt asking whether to
trust this certificate. Now the certificate setup is complete. Let's create the secure Thrift server and client to consume it.

From: Buddhika Chamith's blog
http://chamibuddhika.wordpress.com/2011/10/03/securing-a-thrift-service/

Java Code

ClientServerMain.java ISSLInterface.java SSLClient.java SSLServer.java

back to home page

thrift_ssl/index.html~0100600000336200033630000000051212133436773014063 0ustar iankiank Topics in Quantitative Finance

Topics in Quantitative Finance

thrift_ssl/ClientServerMain.java0100644000336200033630000000122712133436321015746 0ustar iankiank/* Author: Ian Kaplan April, 2013 */ package ssl_test; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class ClientServerMain { static final Logger LOGGER = LoggerFactory.getLogger(ClientServerMain.class.getName()); /** * @param args */ public static void main(String[] args) { SSLClient client = new SSLClient(); SSLServer server = new SSLServer(); server.start(); client.start(); try { Thread.sleep(10000); } catch (InterruptedException e) { System.out.println("Got woken up"); } } } thrift_ssl/ISSLInterface.java0100644000336200033630000000336112133437335015136 0ustar iankiank/**

Author: Ian Kaplan
April, 2013

To generate the key the SSL Keys for SSL communication in Java 

   keytool -genkeypair -alias certificatekey -keyalg RSA -validity 7 -keystore keystore.jks

Give a suitable password and answers to the prompts. After that it will create the key store keystore.jks containing generated private/ public key pair. 

  keytool -export -alias certificatekey -keystore keystore.jks -rfc -file cert.cer

Export the certificate (cret.cer) containing the public key from the key store using following command. 

  keytool -export -alias certificatekey -keystore keystore.jks -rfc -file cert.cer

Create trust store

Now let’s create the trust store (truststore.jks) and import the certificate to it. This can be done using single command line as given below. 

keytool -import -alias certificatekey -file cert.cer -keystore truststore.jks

Again give a password and say yes to the prompt asking whether to trust this certificate. Now the certificate setup is complete. Let’s create the secure Thrift server and client to consume it.

From: Buddhika Chamith's blog
http://chamibuddhika.wordpress.com/2011/10/03/securing-a-thrift-service/

*/ package ssl_test; public interface ISSLInterface { static final String certPath = "/home/iank/ssl_cert_java"; static final String keystorePath = certPath + "/" + "keystore.jks"; static final String truststorePath = certPath + "/" + "truststore.jks"; static final String certPswd = "myPassWord"; static final int port = 7911; static final int clientTimeout = 1000; static final String host = "localhost"; } thrift_ssl/SSLClient.java0100644000336200033630000000400112133436321014325 0ustar iankiank/* A Thrift SSL Client Author: Ian Kaplan April, 2013 */ package ssl_test; import java.io.File; import java.net.InetAddress; import java.net.UnknownHostException; import org.apache.thrift.transport.TSSLTransportFactory; import org.apache.thrift.transport.TSocket; import org.apache.thrift.transport.TTransport; import org.apache.thrift.transport.TTransportException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class SSLClient extends Thread implements ISSLInterface { private static final Logger LOGGER = LoggerFactory.getLogger(SSLClient.class.getName()); public SSLClient() { File pathToTruststore = new File( truststorePath ); if (pathToTruststore.exists()) { if (! pathToTruststore.canRead()) { System.err.println("Client: cannot read truststore file: " + truststorePath ); } } else { System.err.println("Client: path to keystore does not exist: " + truststorePath ); } } @Override public void run() { System.out.println("SSLClient: entering run()"); TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters(); params.setTrustStore(truststorePath, certPswd); TSocket clientSoc = null; try { clientSoc = TSSLTransportFactory.getClientSocket(host, port, clientTimeout, params); final String msg = "T'was brillag and the slithy toves"; final byte[] buf = msg.getBytes(); System.out.println("Client: Writing to server"); clientSoc.write(buf); clientSoc.flush(); } catch (TTransportException ex) { System.out.println("Client: Error creating client socket: " + ex.getLocalizedMessage()); } finally { if (clientSoc != null) { clientSoc.close(); } } System.out.println("Leaving SSLClient run()"); } } thrift_ssl/SSLServer.java0100644000336200033630000000575612133436321014377 0ustar iankiank/* A Thrift SSL Server Author: Ian Kaplan April, 2013 */ package ssl_test; import java.io.File; import java.net.InetAddress; import java.net.UnknownHostException; import org.apache.thrift.transport.TSSLTransportFactory; import org.apache.thrift.transport.TServerSocket; import org.apache.thrift.transport.TTransport; import org.apache.thrift.transport.TTransportException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class SSLServer extends Thread implements ISSLInterface { private static final Logger LOGGER = LoggerFactory.getLogger(SSLServer.class.getName()); public SSLServer() { File pathToKeystore = new File( keystorePath ); if (pathToKeystore.exists()) { if (! pathToKeystore.canRead()) { System.err.println("Server: cannot read keystore file: " + keystorePath ); } } else { System.err.println("Server: path to keystore does not exist: " + keystorePath ); } } @Override public void run() { System.out.println("SSLServer: entering run()"); TServerSocket serverTransport = null; try { final InetAddress netAddr = InetAddress.getByName(host); TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters(); params.setKeyStore(keystorePath, certPswd); serverTransport = TSSLTransportFactory.getServerSocket(port, clientTimeout, netAddr, params); System.out.println("Server: Created TServerSocket object - now listen()"); serverTransport.listen(); System.out.println("Server: Returned from listen"); TTransport trans = serverTransport.accept(); System.out.println("Server: Accepted SSL socket connection"); if (trans.isOpen()) { System.out.println("Server: Socket is open"); byte buf[] = new byte[1024]; System.out.println("Server: reading socket... bytes = " + buf.length); int bytesRead = trans.read(buf, 0, buf.length); System.out.println("Server: read " + bytesRead + " bytes"); if (bytesRead > 0) { String str = new String(buf); System.out.println("Server: Read: " + str); } } else { System.out.println("Server: socket is not open"); } } catch (UnknownHostException hostEx) { System.out.println("Server: Unknown host exception:" + hostEx.getLocalizedMessage() ); } catch (TTransportException transEx) { System.out.println("Server: Error creating serverTransport:" + transEx.getLocalizedMessage() ); } finally { if (serverTransport != null) { serverTransport.close(); } } System.out.println("Leaving SSLServer run()"); } }