add SSLTransportFactory.java
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/4a6f8a66 Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/4a6f8a66 Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/4a6f8a66 Branch: refs/heads/trunk Commit: 4a6f8a6610aacbe2c518bb6f8533ee5bdb943f41 Parents: 1b2a190 Author: Jonathan Ellis <jbel...@apache.org> Authored: Wed Dec 18 18:01:28 2013 -0600 Committer: Jonathan Ellis <jbel...@apache.org> Committed: Wed Dec 18 18:01:28 2013 -0600 ---------------------------------------------------------------------- .../cassandra/thrift/SSLTransportFactory.java | 86 ++++++++++++++++++++ 1 file changed, 86 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/4a6f8a66/src/java/org/apache/cassandra/thrift/SSLTransportFactory.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/thrift/SSLTransportFactory.java b/src/java/org/apache/cassandra/thrift/SSLTransportFactory.java new file mode 100644 index 0000000..f828600 --- /dev/null +++ b/src/java/org/apache/cassandra/thrift/SSLTransportFactory.java @@ -0,0 +1,86 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.cassandra.thrift; + +import com.google.common.collect.Sets; +import org.apache.cassandra.cli.transport.FramedTransportFactory; +import org.apache.thrift.transport.TSSLTransportFactory; +import org.apache.thrift.transport.TTransport; +import org.apache.thrift.transport.TTransportException; + +import java.util.Map; +import java.util.Set; + +public class SSLTransportFactory implements ITransportFactory +{ + public static final String TRUSTSTORE = "enc.truststore"; + public static final String TRUSTSTORE_PASSWORD = "enc.truststore.password"; + public static final String KEYSTORE = "enc.keystore"; + public static final String KEYSTORE_PASSWORD = "enc.keystore.password"; + public static final String PROTOCOL = "enc.protocol"; + public static final String CIPHER_SUITES = "enc.cipher.suites"; + public static final int SOCKET_TIMEOUT = 0; + + private static final Set<String> SUPPORTED_OPTIONS = Sets.newHashSet(TRUSTSTORE, + TRUSTSTORE_PASSWORD, + KEYSTORE, + KEYSTORE_PASSWORD, + PROTOCOL, + CIPHER_SUITES); + + private String truststore; + private String truststorePassword; + private String keystore; + private String keystorePassword; + private String protocol; + private String[] cipherSuites; + + @Override + public TTransport openTransport(String host, int port) throws Exception + { + TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters(protocol, cipherSuites); + params.setTrustStore(truststore, truststorePassword); + if (null != keystore) + params.setKeyStore(keystore, keystorePassword); + TTransport trans = TSSLTransportFactory.getClientSocket(host, port, SOCKET_TIMEOUT, params); + return new FramedTransportFactory().getTransport(trans); + } + + @Override + public void setOptions(Map<String, String> options) + { + if (options.containsKey(TRUSTSTORE)) + truststore = options.get(TRUSTSTORE); + if (options.containsKey(TRUSTSTORE_PASSWORD)) + truststorePassword = options.get(TRUSTSTORE_PASSWORD); + if (options.containsKey(KEYSTORE)) + keystore = options.get(KEYSTORE); + if (options.containsKey(KEYSTORE_PASSWORD)) + keystorePassword = options.get(KEYSTORE_PASSWORD); + if (options.containsKey(PROTOCOL)) + protocol = options.get(PROTOCOL); + if (options.containsKey(CIPHER_SUITES)) + cipherSuites = options.get(CIPHER_SUITES).split(","); + } + + @Override + public Set<String> supportedOptions() + { + return SUPPORTED_OPTIONS; + } +}