17 #include <boost/algorithm/string.hpp>
18 #include <boost/core/ignore_unused.hpp>
19 #include <boost/filesystem.hpp>
22 using namespace ::apache::thrift::transport;
26 if (ca_cert_file.empty()) {
27 static std::list<std::string> v_known_ca_paths({
28 "/etc/ssl/certs/ca-certificates.crt",
29 "/etc/pki/tls/certs/ca-bundle.crt",
30 "/usr/share/ssl/certs/ca-bundle.crt",
31 "/usr/local/share/certs/ca-root.crt",
33 "/etc/ssl/ca-bundle.pem",
35 for (
const auto& known_ca_path : v_known_ca_paths) {
36 if (boost::filesystem::exists(known_ca_path)) {
37 ca_cert_file = known_ca_path;
47 boost::ignore_unused(sa);
51 boost::ignore_unused(host);
52 boost::ignore_unused(
name);
53 boost::ignore_unused(size);
58 int size)
throw()
override {
59 boost::ignore_unused(sa);
60 boost::ignore_unused(data);
61 boost::ignore_unused(size);
82 : THttpClient(transport, host, path) {}
85 : THttpClient(host, port, path) {}
91 if (boost::istarts_with(header,
"set-cookie:")) {
92 std::string tmp(header);
93 std::string cookie = tmp.substr(tmp.find(
":") + 1, std::string::npos);
96 THttpClient::parseHeader(header);
109 writeBuffer_.getBuffer(&buf, &len);
111 std::ostringstream h;
112 h <<
"POST " << path_ <<
" HTTP/1.1" << THttpClient::CRLF <<
"Host: " << host_
113 << THttpClient::CRLF <<
"Content-Type: application/x-thrift" << THttpClient::CRLF
114 <<
"Content-Length: " << len << THttpClient::CRLF <<
"Accept: application/x-thrift"
115 << THttpClient::CRLF <<
"User-Agent: Thrift/" << THRIFT_PACKAGE_VERSION
116 <<
" (C++/THttpClient)" << THttpClient::CRLF <<
"Connection: keep-alive"
117 << THttpClient::CRLF;
120 h << cookie << THttpClient::CRLF;
122 h << THttpClient::CRLF;
125 std::string header = h.str();
126 if (header.size() > (std::numeric_limits<uint32_t>::max)()) {
127 throw TTransportException(
129 "]. Max = " +
std::to_string((std::numeric_limits<uint32_t>::max)()));
132 transport_->write((
const uint8_t*)header.c_str(),
133 static_cast<uint32_t
>(header.size()));
134 transport_->write(buf, len);
138 writeBuffer_.resetBuffer();
146 const std::string& server_host,
149 bool skip_host_verify,
150 mapd::shared_ptr<TSSLSocketFactory> factory)
151 : server_host_(server_host)
153 , conn_type_(conn_type)
154 , skip_host_verify_(skip_host_verify)
155 , trust_cert_file_(
"") {
160 factory_->ciphers(
"ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
169 mapd::shared_ptr<apache::thrift::transport::TTransport> mytransport;
184 }
catch (
const apache::thrift::TException& e) {
185 throw apache::thrift::TException(std::string(e.what()) +
": host " +
server_host_ +
190 return mapd::shared_ptr<TProtocol>(
new TJSONProtocol(mytransport));
192 return mapd::shared_ptr<TProtocol>(
new TBinaryProtocol(mytransport));
197 const std::string& server_host,
199 const std::string& ca_cert_name,
205 mapd::shared_ptr<TTransport> transport;
207 if (!
factory_ && !ca_cert_name.empty()) {
210 mapd::shared_ptr<TSSLSocketFactory>(
new TSSLSocketFactory(SSLProtocol::SSLTLS));
211 factory_->ciphers(
"ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
212 factory_->loadTrustedCertificates(ca_cert_name.c_str());
218 const auto socket = mapd::make_shared<TSocket>(server_host, port);
220 socket->setKeepAlive(with_keepalive);
221 socket->setConnTimeout(connect_timeout);
222 socket->setRecvTimeout(recv_timeout);
223 socket->setSendTimeout(send_timeout);
225 transport = mapd::make_shared<TBufferedTransport>(socket);
227 mapd::shared_ptr<TSocket> secure_socket =
factory_->createSocket(server_host, port);
229 secure_socket->setKeepAlive(with_keepalive);
230 secure_socket->setConnTimeout(connect_timeout);
231 secure_socket->setRecvTimeout(recv_timeout);
232 secure_socket->setSendTimeout(send_timeout);
234 transport = mapd::shared_ptr<TTransport>(
new TBufferedTransport(secure_socket));
241 const std::string& server_host,
243 const std::string& trust_cert_fileX,
251 mapd::shared_ptr<TSSLSocketFactory>(
new TSSLSocketFactory(SSLProtocol::SSLTLS));
253 mapd::shared_ptr<TTransport> transport;
254 mapd::shared_ptr<TTransport> socket;
264 socket =
factory_->createSocket(server_host, port);
269 mapd::shared_ptr<TTransport>(
new ProxyTHttpClient(socket, server_host,
"/"));
ThriftConnectionType conn_type_
void check_standard_ca(std::string &ca_cert_file)
ProxyTHttpClient(mapd::shared_ptr< TTransport > transport, std::string host, std::string path)
mapd::shared_ptr< TTransport > open_http_client_transport(const std::string &server_host, const int port, const std::string &trust_cert_file_, bool use_https, bool skip_verify)
virtual ~ThriftClientConnection()
mapd::shared_ptr< TSSLSocketFactory > factory_
mapd::shared_ptr< TProtocol > get_protocol()
std::vector< std::string > cookies_
Decision verify(const sockaddr_storage &sa) override
Decision verify(const std::string &host, const char *name, int size) override
Decision verify(const sockaddr_storage &sa, const char *data, int size) override
std::string ca_cert_name_
mapd::shared_ptr< TTransport > open_buffered_client_transport(const std::string &server_host, const int port, const std::string &ca_cert_name, const bool with_timeout=false, const bool with_keepalive=true, const unsigned connect_timeout=0, const unsigned recv_timeount=0, const unsigned send_timeout=0)
std::string trust_cert_file_
ProxyTHttpClient(std::string host, int port, std::string path)
void parseHeader(char *header) override
AccessManager::Decision Decision
~ProxyTHttpClient() override