Example usage for org.apache.thrift.transport TSSLTransportFactory getClientSocket

List of usage examples for org.apache.thrift.transport TSSLTransportFactory getClientSocket

Introduction

In this page you can find the example usage for org.apache.thrift.transport TSSLTransportFactory getClientSocket.

Prototype

public static TSocket getClientSocket(String host, int port, int timeout) throws TTransportException 

Source Link

Document

Get a default SSL wrapped TSocket connected to the specified host and port.

Usage

From source file:org.apache.accumulo.core.rpc.ThriftUtil.java

License:Apache License

/**
 * Create a TTransport for clients to the given address with the provided socket timeout and session-layer configuration
 *
 * @param address/*from  w  ww.  j  a v  a 2 s . com*/
 *          Server address to connect to
 * @param timeout
 *          Client socket timeout
 * @param sslParams
 *          RPC options for SSL servers
 * @param saslParams
 *          RPC options for SASL servers
 * @return An open TTransport which must be closed when finished
 */
public static TTransport createClientTransport(HostAndPort address, int timeout, SslConnectionParams sslParams,
        SaslConnectionParams saslParams) throws TTransportException {
    boolean success = false;
    TTransport transport = null;
    try {
        if (sslParams != null) {
            // The check in AccumuloServerContext ensures that servers are brought up with sane configurations, but we also want to validate clients
            if (null != saslParams) {
                throw new IllegalStateException("Cannot use both SSL and SASL");
            }

            log.trace("Creating SSL client transport");

            // TSSLTransportFactory handles timeout 0 -> forever natively
            if (sslParams.useJsse()) {
                transport = TSSLTransportFactory.getClientSocket(address.getHostText(), address.getPort(),
                        timeout);
            } else {
                // JDK6's factory doesn't appear to pass the protocol onto the Socket properly so we have
                // to do some magic to make sure that happens. Not an issue in JDK7

                // Taken from thrift-0.9.1 to make the SSLContext
                SSLContext sslContext = createSSLContext(sslParams);

                // Create the factory from it
                SSLSocketFactory sslSockFactory = sslContext.getSocketFactory();

                // Wrap the real factory with our own that will set the protocol on the Socket before returning it
                ProtocolOverridingSSLSocketFactory wrappingSslSockFactory = new ProtocolOverridingSSLSocketFactory(
                        sslSockFactory, new String[] { sslParams.getClientProtocol() });

                // Create the TSocket from that
                transport = createClient(wrappingSslSockFactory, address.getHostText(), address.getPort(),
                        timeout);
                // TSSLTransportFactory leaves transports open, so no need to open here
            }

            transport = ThriftUtil.transportFactory().getTransport(transport);
        } else if (null != saslParams) {
            if (!UserGroupInformation.isSecurityEnabled()) {
                throw new IllegalStateException("Expected Kerberos security to be enabled if SASL is in use");
            }

            log.trace("Creating SASL connection to {}:{}", address.getHostText(), address.getPort());

            // Make sure a timeout is set
            try {
                transport = TTimeoutTransport.create(address, timeout);
            } catch (IOException e) {
                log.warn("Failed to open transport to {}", address);
                throw new TTransportException(e);
            }

            try {
                // Log in via UGI, ensures we have logged in with our KRB credentials
                final UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();

                // Is this pricey enough that we want to cache it?
                final String hostname = InetAddress.getByName(address.getHostText()).getCanonicalHostName();

                final SaslMechanism mechanism = saslParams.getMechanism();

                log.trace("Opening transport to server as {} to {}/{} using {}", currentUser,
                        saslParams.getKerberosServerPrimary(), hostname, mechanism);

                // Create the client SASL transport using the information for the server
                // Despite the 'protocol' argument seeming to be useless, it *must* be the primary of the server being connected to
                transport = new TSaslClientTransport(mechanism.getMechanismName(), null,
                        saslParams.getKerberosServerPrimary(), hostname, saslParams.getSaslProperties(),
                        saslParams.getCallbackHandler(), transport);

                // Wrap it all in a processor which will run with a doAs the current user
                transport = new UGIAssumingTransport(transport, currentUser);

                // Open the transport
                transport.open();
            } catch (TTransportException e) {
                log.warn("Failed to open SASL transport", e);

                // We might have had a valid ticket, but it expired. We'll let the caller retry, but we will attempt to re-login to make the next attempt work.
                // Sadly, we have no way to determine the actual reason we got this TTransportException other than inspecting the exception msg.
                log.debug(
                        "Caught TTransportException opening SASL transport, checking if re-login is necessary before propagating the exception.");
                attemptClientReLogin();

                throw e;
            } catch (IOException e) {
                log.warn("Failed to open SASL transport", e);
                throw new TTransportException(e);
            }
        } else {
            log.trace("Opening normal transport");
            if (timeout == 0) {
                transport = new TSocket(address.getHostText(), address.getPort());
                transport.open();
            } else {
                try {
                    transport = TTimeoutTransport.create(address, timeout);
                } catch (IOException ex) {
                    log.warn("Failed to open transport to " + address);
                    throw new TTransportException(ex);
                }

                // Open the transport
                transport.open();
            }
            transport = ThriftUtil.transportFactory().getTransport(transport);
        }
        success = true;
    } finally {
        if (!success && transport != null) {
            transport.close();
        }
    }
    return transport;
}

From source file:org.apache.accumulo.core.util.ThriftUtil.java

License:Apache License

public static TTransport createClientTransport(HostAndPort address, int timeout, SslConnectionParams sslParams)
        throws TTransportException {
    boolean success = false;
    TTransport transport = null;// w  w  w.ja v  a2 s.  c  o  m
    try {
        if (sslParams != null) {
            // TSSLTransportFactory handles timeout 0 -> forever natively
            if (sslParams.useJsse()) {
                transport = TSSLTransportFactory.getClientSocket(address.getHostText(), address.getPort(),
                        timeout);
            } else {
                transport = TSSLTransportFactory.getClientSocket(address.getHostText(), address.getPort(),
                        timeout, sslParams.getTTransportParams());
            }
            // TSSLTransportFactory leaves transports open, so no need to open here
        } else if (timeout == 0) {
            transport = new TSocket(address.getHostText(), address.getPort());
            transport.open();
        } else {
            try {
                transport = TTimeoutTransport.create(address, timeout);
            } catch (IOException ex) {
                throw new TTransportException(ex);
            }
            transport.open();
        }
        transport = ThriftUtil.transportFactory().getTransport(transport);
        success = true;
    } finally {
        if (!success && transport != null) {
            transport.close();
        }
    }
    return transport;
}

From source file:org.apache.hadoop.hive.common.auth.HiveAuthUtils.java

License:Apache License

public static TTransport getSSLSocket(String host, int port, int loginTimeout) throws TTransportException {
    // The underlying SSLSocket object is bound to host:port with the given SO_TIMEOUT
    TSocket tSSLSocket = TSSLTransportFactory.getClientSocket(host, port, loginTimeout);
    return getSSLSocketWithHttps(tSSLSocket);
}

From source file:org.apache.hive.service.auth.HiveAuthFactory.java

License:Apache License

public static TTransport getSSLSocket(String host, int port, int loginTimeout) throws TTransportException {
    return TSSLTransportFactory.getClientSocket(host, port, loginTimeout);
}