public static TTransport getSSLSocket(
String host, int port, int loginTimeout, String trustStorePath, String trustStorePassWord)
throws TTransportException {
TSSLTransportFactory.TSSLTransportParameters params =
new TSSLTransportFactory.TSSLTransportParameters();
params.setTrustStore(trustStorePath, trustStorePassWord);
params.requireClientAuth(true);
return TSSLTransportFactory.getClientSocket(host, port, loginTimeout, params);
}
@Override
public TTransport openTransport(String host, int port) throws Exception {
TSSLTransportFactory.TSSLTransportParameters params =
new TSSLTransportFactory.TSSLTransportParameters(protocol, cipherSuites);
params.setTrustStore(truststore, truststorePassword);
if (null != keystore) params.setKeyStore(keystore, keystorePassword);
TTransport trans = TSSLTransportFactory.getClientSocket(host, port, SOCKET_TIMEOUT, params);
return new FramedTransportFactory().getTransport(trans);
}
private EntitlementThriftClient.Client getThriftClient() throws Exception {
TSSLTransportFactory.TSSLTransportParameters param =
new TSSLTransportFactory.TSSLTransportParameters();
param.setTrustStore(trustStore, trustStorePass);
TTransport transport;
transport =
TSSLTransportFactory.getClientSocket(
thriftHost, thriftPort, ProxyConstants.THRIFT_TIME_OUT, param);
TProtocol protocol = new TBinaryProtocol(transport);
return new EntitlementThriftClient.Client(protocol);
}
public static TServerSocket getServerSSLSocket(
String hiveHost,
int portNum,
String keyStorePath,
String keyStorePassWord,
List<String> sslVersionBlacklist,
int socketTimeout,
boolean keepAlive)
throws TTransportException, UnknownHostException {
TSSLTransportFactory.TSSLTransportParameters params =
new TSSLTransportFactory.TSSLTransportParameters();
params.setKeyStore(keyStorePath, keyStorePassWord);
InetSocketAddress serverAddress;
if (hiveHost == null || hiveHost.isEmpty()) {
// Wildcard bind
serverAddress = new InetSocketAddress(portNum);
} else {
serverAddress = new InetSocketAddress(hiveHost, portNum);
}
TServerSocket thriftServerSocket =
TSSLTransportFactory.getServerSocket(
portNum, socketTimeout, serverAddress.getAddress(), params);
if (thriftServerSocket.getServerSocket() instanceof SSLServerSocket) {
List<String> sslVersionBlacklistLocal = new ArrayList<String>();
for (String sslVersion : sslVersionBlacklist) {
sslVersionBlacklistLocal.add(sslVersion.trim().toLowerCase());
}
SSLServerSocket sslServerSocket = (SSLServerSocket) thriftServerSocket.getServerSocket();
List<String> enabledProtocols = new ArrayList<String>();
for (String protocol : sslServerSocket.getEnabledProtocols()) {
if (sslVersionBlacklistLocal.contains(protocol.toLowerCase())) {
LOG.debug("Disabling SSL Protocol: " + protocol);
} else {
enabledProtocols.add(protocol);
}
}
sslServerSocket.setEnabledProtocols(enabledProtocols.toArray(new String[0]));
LOG.info(
"SSL Server Socket Enabled Protocols: "
+ Arrays.toString(sslServerSocket.getEnabledProtocols()));
}
if (keepAlive) {
thriftServerSocket = new TServerSocketKeepAlive(thriftServerSocket.getServerSocket());
}
return thriftServerSocket;
}
@Override
public void open() throws ConnectionException {
if (cassandraClient != null) {
throw new IllegalStateException("Open called on already open connection");
}
long startTime = System.currentTimeMillis();
try {
final SSLConnectionContext sslCxt = cpConfig.getSSLConnectionContext();
if (sslCxt != null) {
TSSLTransportParameters params =
new TSSLTransportParameters(
sslCxt.getSslProtocol(), sslCxt.getSslCipherSuites().toArray(new String[0]));
params.setTrustStore(sslCxt.getSslTruststore(), sslCxt.getSslTruststorePassword());
// thrift's SSL implementation does not allow you set the socket connect timeout, only
// read timeout
socket =
TSSLTransportFactory.getClientSocket(
getHost().getIpAddress(),
getHost().getPort(),
cpConfig.getSocketTimeout(),
params);
} else {
socket =
new TSocket(
getHost().getIpAddress(), getHost().getPort(), cpConfig.getConnectTimeout());
}
socket.getSocket().setTcpNoDelay(true);
socket.getSocket().setKeepAlive(true);
socket.getSocket().setSoLinger(false, 0);
setTimeout(cpConfig.getSocketTimeout());
transport = new TFramedTransport(socket);
if (!transport.isOpen()) transport.open();
cassandraClient =
new Cassandra.Client(new TBinaryProtocol.Factory().getProtocol(transport));
monitor.incConnectionCreated(getHost());
AuthenticationCredentials credentials = cpConfig.getAuthenticationCredentials();
if (credentials != null) {
Map<String, String> thriftCredentials = Maps.newHashMapWithExpectedSize(2);
thriftCredentials.put("username", credentials.getUsername());
thriftCredentials.put("password", credentials.getPassword());
cassandraClient.login(new AuthenticationRequest(thriftCredentials));
}
} catch (Exception e) {
pool.addLatencySample(
TimeUnit.NANOSECONDS.convert(cpConfig.getSocketTimeout(), TimeUnit.MILLISECONDS),
System.nanoTime());
closeClient();
ConnectionException ce =
ThriftConverter.ToConnectionPoolException(e)
.setHost(getHost())
.setLatency(System.currentTimeMillis() - startTime);
monitor.incConnectionCreateFailed(getHost(), ce);
throw ce;
} catch (Throwable t) {
LOG.error("Error creating connection", t);
pool.addLatencySample(
TimeUnit.NANOSECONDS.convert(cpConfig.getSocketTimeout(), TimeUnit.MILLISECONDS),
System.nanoTime());
closeClient();
ConnectionException ce =
ThriftConverter.ToConnectionPoolException(
new RuntimeException("Error openning connection", t))
.setHost(getHost())
.setLatency(System.currentTimeMillis() - startTime);
monitor.incConnectionCreateFailed(getHost(), ce);
throw ce;
}
}
public static TTransport getSSLSocket(String host, int port, int loginTimeout)
throws TTransportException {
return TSSLTransportFactory.getClientSocket(host, port, loginTimeout);
}
public static TServer factory(ProcessorFactory processorFactory) {
loadProperties();
try {
validate();
} catch (Exception e) {
e.printStackTrace();
}
TProtocolFactory tProtocolFactory = getTProtocolFactory();
TTransportFactory tTransportFactory = getTTransportFactory();
TServer serverEngine = null;
TMultiplexedProcessor tProcessor = processorFactory.getProcessor();
if (server_type.equals("nonblocking") || server_type.equals("threaded-selector")) {
// Nonblocking servers
TNonblockingServerSocket tNonblockingServerSocket = null;
try {
tNonblockingServerSocket =
new TNonblockingServerSocket(
new TNonblockingServerSocket.NonblockingAbstractServerSocketArgs().port(port));
} catch (TTransportException e) {
e.printStackTrace();
}
if (server_type.equals("nonblocking")) {
// Nonblocking Server
TNonblockingServer.Args tNonblockingServerArgs =
new TNonblockingServer.Args(tNonblockingServerSocket);
tNonblockingServerArgs.processor(tProcessor);
tNonblockingServerArgs.protocolFactory(tProtocolFactory);
tNonblockingServerArgs.transportFactory(tTransportFactory);
serverEngine = new TNonblockingServer(tNonblockingServerArgs);
} else { // server_type.equals("threaded-selector")
// ThreadedSelector Server
TThreadedSelectorServer.Args tThreadedSelectorServerArgs =
new TThreadedSelectorServer.Args(tNonblockingServerSocket);
tThreadedSelectorServerArgs.processor(tProcessor);
tThreadedSelectorServerArgs.protocolFactory(tProtocolFactory);
tThreadedSelectorServerArgs.transportFactory(tTransportFactory);
serverEngine = new TThreadedSelectorServer(tThreadedSelectorServerArgs);
}
} else {
// Blocking servers
// SSL socket
TServerSocket tServerSocket = null;
if (ssl) {
try {
tServerSocket = TSSLTransportFactory.getServerSocket(port, 0);
} catch (TTransportException e) {
e.printStackTrace();
}
} else {
try {
tServerSocket =
new TServerSocket(new TServerSocket.ServerSocketTransportArgs().port(port));
} catch (TTransportException e) {
e.printStackTrace();
}
}
if (server_type.equals("simple")) {
// Simple Server
TServer.Args tServerArgs = new TServer.Args(tServerSocket);
tServerArgs.processor(tProcessor);
tServerArgs.protocolFactory(tProtocolFactory);
tServerArgs.transportFactory(tTransportFactory);
serverEngine = new TSimpleServer(tServerArgs);
} else { // server_type.equals("threadpool")
// ThreadPool Server
TThreadPoolServer.Args tThreadPoolServerArgs = new TThreadPoolServer.Args(tServerSocket);
tThreadPoolServerArgs.processor(tProcessor);
tThreadPoolServerArgs.protocolFactory(tProtocolFactory);
tThreadPoolServerArgs.transportFactory(tTransportFactory);
serverEngine = new TThreadPoolServer(tThreadPoolServerArgs);
}
}
// Set server event handler
serverEngine.setServerEventHandler(new TServerEventHandlerImpl());
return serverEngine;
}