List of usage examples for org.apache.thrift.transport TSSLTransportFactory getClientSocket
public static TSocket getClientSocket(String host, int port, int timeout) throws TTransportException
From source file:org.apache.accumulo.core.rpc.ThriftUtil.java
License:Apache License
/** * Create a TTransport for clients to the given address with the provided socket timeout and session-layer configuration * * @param address/*from w ww. j a v a 2 s . com*/ * Server address to connect to * @param timeout * Client socket timeout * @param sslParams * RPC options for SSL servers * @param saslParams * RPC options for SASL servers * @return An open TTransport which must be closed when finished */ public static TTransport createClientTransport(HostAndPort address, int timeout, SslConnectionParams sslParams, SaslConnectionParams saslParams) throws TTransportException { boolean success = false; TTransport transport = null; try { if (sslParams != null) { // The check in AccumuloServerContext ensures that servers are brought up with sane configurations, but we also want to validate clients if (null != saslParams) { throw new IllegalStateException("Cannot use both SSL and SASL"); } log.trace("Creating SSL client transport"); // TSSLTransportFactory handles timeout 0 -> forever natively if (sslParams.useJsse()) { transport = TSSLTransportFactory.getClientSocket(address.getHostText(), address.getPort(), timeout); } else { // JDK6's factory doesn't appear to pass the protocol onto the Socket properly so we have // to do some magic to make sure that happens. Not an issue in JDK7 // Taken from thrift-0.9.1 to make the SSLContext SSLContext sslContext = createSSLContext(sslParams); // Create the factory from it SSLSocketFactory sslSockFactory = sslContext.getSocketFactory(); // Wrap the real factory with our own that will set the protocol on the Socket before returning it ProtocolOverridingSSLSocketFactory wrappingSslSockFactory = new ProtocolOverridingSSLSocketFactory( sslSockFactory, new String[] { sslParams.getClientProtocol() }); // Create the TSocket from that transport = createClient(wrappingSslSockFactory, address.getHostText(), address.getPort(), timeout); // TSSLTransportFactory leaves transports open, so no need to open here } transport = ThriftUtil.transportFactory().getTransport(transport); } else if (null != saslParams) { if (!UserGroupInformation.isSecurityEnabled()) { throw new IllegalStateException("Expected Kerberos security to be enabled if SASL is in use"); } log.trace("Creating SASL connection to {}:{}", address.getHostText(), address.getPort()); // Make sure a timeout is set try { transport = TTimeoutTransport.create(address, timeout); } catch (IOException e) { log.warn("Failed to open transport to {}", address); throw new TTransportException(e); } try { // Log in via UGI, ensures we have logged in with our KRB credentials final UserGroupInformation currentUser = UserGroupInformation.getCurrentUser(); // Is this pricey enough that we want to cache it? final String hostname = InetAddress.getByName(address.getHostText()).getCanonicalHostName(); final SaslMechanism mechanism = saslParams.getMechanism(); log.trace("Opening transport to server as {} to {}/{} using {}", currentUser, saslParams.getKerberosServerPrimary(), hostname, mechanism); // Create the client SASL transport using the information for the server // Despite the 'protocol' argument seeming to be useless, it *must* be the primary of the server being connected to transport = new TSaslClientTransport(mechanism.getMechanismName(), null, saslParams.getKerberosServerPrimary(), hostname, saslParams.getSaslProperties(), saslParams.getCallbackHandler(), transport); // Wrap it all in a processor which will run with a doAs the current user transport = new UGIAssumingTransport(transport, currentUser); // Open the transport transport.open(); } catch (TTransportException e) { log.warn("Failed to open SASL transport", e); // We might have had a valid ticket, but it expired. We'll let the caller retry, but we will attempt to re-login to make the next attempt work. // Sadly, we have no way to determine the actual reason we got this TTransportException other than inspecting the exception msg. log.debug( "Caught TTransportException opening SASL transport, checking if re-login is necessary before propagating the exception."); attemptClientReLogin(); throw e; } catch (IOException e) { log.warn("Failed to open SASL transport", e); throw new TTransportException(e); } } else { log.trace("Opening normal transport"); if (timeout == 0) { transport = new TSocket(address.getHostText(), address.getPort()); transport.open(); } else { try { transport = TTimeoutTransport.create(address, timeout); } catch (IOException ex) { log.warn("Failed to open transport to " + address); throw new TTransportException(ex); } // Open the transport transport.open(); } transport = ThriftUtil.transportFactory().getTransport(transport); } success = true; } finally { if (!success && transport != null) { transport.close(); } } return transport; }
From source file:org.apache.accumulo.core.util.ThriftUtil.java
License:Apache License
public static TTransport createClientTransport(HostAndPort address, int timeout, SslConnectionParams sslParams) throws TTransportException { boolean success = false; TTransport transport = null;// w w w.ja v a2 s. c o m try { if (sslParams != null) { // TSSLTransportFactory handles timeout 0 -> forever natively if (sslParams.useJsse()) { transport = TSSLTransportFactory.getClientSocket(address.getHostText(), address.getPort(), timeout); } else { transport = TSSLTransportFactory.getClientSocket(address.getHostText(), address.getPort(), timeout, sslParams.getTTransportParams()); } // TSSLTransportFactory leaves transports open, so no need to open here } else if (timeout == 0) { transport = new TSocket(address.getHostText(), address.getPort()); transport.open(); } else { try { transport = TTimeoutTransport.create(address, timeout); } catch (IOException ex) { throw new TTransportException(ex); } transport.open(); } transport = ThriftUtil.transportFactory().getTransport(transport); success = true; } finally { if (!success && transport != null) { transport.close(); } } return transport; }
From source file:org.apache.hadoop.hive.common.auth.HiveAuthUtils.java
License:Apache License
public static TTransport getSSLSocket(String host, int port, int loginTimeout) throws TTransportException { // The underlying SSLSocket object is bound to host:port with the given SO_TIMEOUT TSocket tSSLSocket = TSSLTransportFactory.getClientSocket(host, port, loginTimeout); return getSSLSocketWithHttps(tSSLSocket); }
From source file:org.apache.hive.service.auth.HiveAuthFactory.java
License:Apache License
public static TTransport getSSLSocket(String host, int port, int loginTimeout) throws TTransportException { return TSSLTransportFactory.getClientSocket(host, port, loginTimeout); }