Stephen Gentle | 1 Apr 10:09 2011
Picon

Example of TSSLSocket usage

Hi,

I was wondering if anyone can help me with learning how to use thrift 
with SSL. At the moment, there is absolutely no documentation about how 
to use it, and I have had little success trying to work it out from the 
code.

Ultimately I'd like to have it working with both a server and a client 
certificate, but first it would be good to be able to do it just with a 
server certificate.

I am testing with the sample service in the Objective-C tutorial, but I 
am doing the client and server in C++. Here's what I have now:

Server:
#include "gen-cpp/UserStorage.h"
#include <protocol/TBinaryProtocol.h>
#include <server/TSimpleServer.h>
#include <transport/TServerSocket.h>
#include <transport/TBufferTransports.h>
#include <transport/TSSLServerSocket.h>
#include <transport/TSSLSocket.h>

using namespace ::apache::thrift;
using namespace ::apache::thrift::protocol;
using namespace ::apache::thrift::transport;
using namespace ::apache::thrift::server;

using boost::shared_ptr;

class UserStorageHandler : virtual public UserStorageIf {
  public:
   UserStorageHandler() {
     // Your initialization goes here
   }

   void store(const UserProfile& user) {
     // Your implementation goes here
     printf("store\n");
   }

   void retrieve(UserProfile& _return, const int32_t uid) {
     // Your implementation goes here
     printf("retrieve\n");
   }

};

int main(int argc, char **argv) {
     int port = 9090;
     shared_ptr<UserStorageHandler> handler(new UserStorageHandler());
     shared_ptr<TProcessor> processor(new UserStorageProcessor(handler));

     shared_ptr<TSSLSocketFactory> factory(new TSSLSocketFactory());
     factory->server(true);
     factory->authenticate(false);
     factory->loadCertificate("certificate/server.crt");
     factory->loadPrivateKey("certificate/server.key");

     shared_ptr<TServerTransport> serverTransport(new 
TSSLServerSocket(port, factory));
     shared_ptr<TTransportFactory> transportFactory(new 
TBufferedTransportFactory());
     shared_ptr<TProtocolFactory> protocolFactory(new 
TBinaryProtocolFactory());

     TSimpleServer server(processor, serverTransport, transportFactory, 
protocolFactory);
     server.serve();
     return 0;
}

And the client:
#include "gen-cpp/UserStorage.h"
#include "gen-cpp/test_types.h"

#include <transport/TSSLSocket.h>
#include <transport/TBufferTransports.h>
#include <protocol/TBinaryProtocol.h>

using namespace apache::thrift;
using namespace apache::thrift::protocol;
using namespace apache::thrift::transport;

int main(int argc, char **argv) {
     boost::shared_ptr<TSSLSocketFactory> factory(new TSSLSocketFactory());
     factory->authenticate(true);

     boost::shared_ptr<TSSLSocket> 
socket(factory->createSocket("localhost", 9090));
     boost::shared_ptr<TTransport> transport(new 
TBufferedTransport(socket));
     boost::shared_ptr<TProtocol> protocol(new TBinaryProtocol(transport));

     UserStorageClient client(protocol);
     transport->open();

     UserProfile test;

     client.retrieve(test, 12);
     transport->close();

     return 0;
}

Sorry for the code dump, and thanks a lot,

Stephen Gentle


Gmane