You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@thrift.apache.org by jf...@apache.org on 2016/09/20 19:28:47 UTC
thrift git commit: THRIFT-1108: SSL support for the Ruby library
Client: ruby Patch: Mansi Nahar
Repository: thrift
Updated Branches:
refs/heads/master 311c98455 -> 04e6f62c8
THRIFT-1108: SSL support for the Ruby library
Client: ruby
Patch: Mansi Nahar
Add ssl support to ruby lib.
Project: http://git-wip-us.apache.org/repos/asf/thrift/repo
Commit: http://git-wip-us.apache.org/repos/asf/thrift/commit/04e6f62c
Tree: http://git-wip-us.apache.org/repos/asf/thrift/tree/04e6f62c
Diff: http://git-wip-us.apache.org/repos/asf/thrift/diff/04e6f62c
Branch: refs/heads/master
Commit: 04e6f62c8fc68a1e846544c45943aad76934ce56
Parents: 311c984
Author: jfarrell <jf...@apache.org>
Authored: Tue Sep 20 15:27:54 2016 -0400
Committer: jfarrell <jf...@apache.org>
Committed: Tue Sep 20 15:27:54 2016 -0400
----------------------------------------------------------------------
lib/rb/lib/thrift.rb | 10 +--
.../lib/thrift/transport/ssl_server_socket.rb | 37 ++++++++++
lib/rb/lib/thrift/transport/ssl_socket.rb | 47 +++++++++++++
lib/rb/spec/ssl_socket_spec.rb | 74 ++++++++++++++++++++
4 files changed, 164 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/thrift/blob/04e6f62c/lib/rb/lib/thrift.rb
----------------------------------------------------------------------
diff --git a/lib/rb/lib/thrift.rb b/lib/rb/lib/thrift.rb
index fadebca..0f58122 100644
--- a/lib/rb/lib/thrift.rb
+++ b/lib/rb/lib/thrift.rb
@@ -1,4 +1,4 @@
-#
+#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -6,16 +6,16 @@
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
-#
+#
# Contains some contributions under the Thrift Software License.
# Please see doc/old-thrift-license.txt in the Thrift distribution for
# details.
@@ -49,7 +49,9 @@ require 'thrift/protocol/multiplexed_protocol'
require 'thrift/transport/base_transport'
require 'thrift/transport/base_server_transport'
require 'thrift/transport/socket'
+require 'thrift/transport/ssl_socket'
require 'thrift/transport/server_socket'
+require 'thrift/transport/ssl_server_socket'
require 'thrift/transport/unix_socket'
require 'thrift/transport/unix_server_socket'
require 'thrift/transport/buffered_transport'
http://git-wip-us.apache.org/repos/asf/thrift/blob/04e6f62c/lib/rb/lib/thrift/transport/ssl_server_socket.rb
----------------------------------------------------------------------
diff --git a/lib/rb/lib/thrift/transport/ssl_server_socket.rb b/lib/rb/lib/thrift/transport/ssl_server_socket.rb
new file mode 100644
index 0000000..abc1343
--- /dev/null
+++ b/lib/rb/lib/thrift/transport/ssl_server_socket.rb
@@ -0,0 +1,37 @@
+# encoding: ascii-8bit
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+require 'socket'
+
+module Thrift
+ class SSLServerSocket < ServerSocket
+ def initialize(host_or_port, port = nil, ssl_context = nil)
+ super(host_or_port, port)
+ @ssl_context = ssl_context
+ end
+
+ attr_accessor :ssl_context
+
+ def listen
+ socket = TCPServer.new(@host, @port)
+ @handle = OpenSSL::SSL::SSLServer.new(socket, @ssl_context)
+ end
+ end
+end
http://git-wip-us.apache.org/repos/asf/thrift/blob/04e6f62c/lib/rb/lib/thrift/transport/ssl_socket.rb
----------------------------------------------------------------------
diff --git a/lib/rb/lib/thrift/transport/ssl_socket.rb b/lib/rb/lib/thrift/transport/ssl_socket.rb
new file mode 100644
index 0000000..dbbcc94
--- /dev/null
+++ b/lib/rb/lib/thrift/transport/ssl_socket.rb
@@ -0,0 +1,47 @@
+# encoding: ascii-8bit
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Thrift
+ class SSLSocket < Socket
+ def initialize(host='localhost', port=9090, timeout=nil, ssl_context=nil)
+ super(host, port, timeout)
+ @ssl_context = ssl_context
+ end
+
+ attr_accessor :ssl_context
+
+ def open
+ socket = super
+ @handle = OpenSSL::SSL::SSLSocket.new(socket, @ssl_context)
+ begin
+ @handle.connect_nonblock
+ @handle.post_connection_check(@host)
+ @handle
+ rescue IO::WaitReadable
+ IO.select([ @handle ], nil, nil, @timeout)
+ retry
+ rescue IO::WaitWritable
+ IO.select(nil, [ @handle ], nil, @timeout)
+ retry
+ rescue StandardError => e
+ raise TransportException.new(TransportException::NOT_OPEN, "Could not connect to #{@desc}: #{e}")
+ end
+ end
+ end
+end
http://git-wip-us.apache.org/repos/asf/thrift/blob/04e6f62c/lib/rb/spec/ssl_socket_spec.rb
----------------------------------------------------------------------
diff --git a/lib/rb/spec/ssl_socket_spec.rb b/lib/rb/spec/ssl_socket_spec.rb
new file mode 100644
index 0000000..a8bc785
--- /dev/null
+++ b/lib/rb/spec/ssl_socket_spec.rb
@@ -0,0 +1,74 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+require File.expand_path("#{File.dirname(__FILE__)}/socket_spec_shared")
+
+describe 'SSLSocket' do
+
+ describe Thrift::SSLSocket do
+ before(:each) do
+ @context = OpenSSL::SSL::SSLContext.new
+ @socket = Thrift::SSLSocket.new
+ @simple_socket_handle = mock("Handle", :closed? => false)
+ @simple_socket_handle.stub!(:close)
+ @simple_socket_handle.stub!(:connect_nonblock)
+ @simple_socket_handle.stub!(:setsockopt)
+
+ @handle = mock(mock("SSLHandle", :connect_nonblock => true, :post_connection_check => true), :closed? => false)
+ @handle.stub!(:connect_nonblock)
+ @handle.stub!(:close)
+ @handle.stub!(:post_connection_check)
+
+ ::Socket.stub!(:new).and_return(@simple_socket_handle)
+ OpenSSL::SSL::SSLSocket.stub!(:new).and_return(@handle)
+ end
+
+ it_should_behave_like "a socket"
+
+ it "should raise a TransportException when it cannot open a ssl socket" do
+ ::Socket.should_receive(:getaddrinfo).with("localhost", 9090, nil, ::Socket::SOCK_STREAM).and_return([[]])
+ lambda { @socket.open }.should raise_error(Thrift::TransportException) { |e| e.type.should == Thrift::TransportException::NOT_OPEN }
+ end
+
+ it "should open a ::Socket with default args" do
+ OpenSSL::SSL::SSLSocket.should_receive(:new).with(@simple_socket_handle, nil).and_return(@handle)
+ @handle.should_receive(:post_connection_check).with('localhost')
+ @socket.open
+ end
+
+ it "should accept host/port options" do
+ handle = mock("Handle", :connect_nonblock => true, :setsockopt => nil)
+ ::Socket.stub!(:new).and_return(handle)
+ ::Socket.should_receive(:getaddrinfo).with("my.domain", 1234, nil, ::Socket::SOCK_STREAM).and_return([[]])
+ ::Socket.should_receive(:sockaddr_in)
+ OpenSSL::SSL::SSLSocket.should_receive(:new).with(handle, nil).and_return(@handle)
+ @handle.should_receive(:post_connection_check).with('my.domain')
+ Thrift::SSLSocket.new('my.domain', 1234, 6000, nil).open
+ end
+
+ it "should accept an optional timeout" do
+ Thrift::SSLSocket.new('localhost', 8080, 5).timeout.should == 5
+ end
+
+ it "should accept an optional context" do
+ Thrift::SSLSocket.new('localhost', 8080, 5, @context).ssl_context.should == @context
+ end
+ end
+end