18 #ifdef HAVE_THRIFT_MESSAGE_LIMIT
25 #include <boost/algorithm/string.hpp>
26 #include <boost/core/ignore_unused.hpp>
27 #include <boost/filesystem.hpp>
29 #include <thrift/protocol/TBinaryProtocol.h>
30 #include <thrift/transport/THttpClient.h>
31 #include <thrift/transport/TSocket.h>
34 using namespace ::apache::thrift::transport;
35 using namespace ::apache::thrift::protocol;
39 if (ca_cert_file.empty()) {
40 static std::list<std::string> v_known_ca_paths({
41 "/etc/ssl/certs/ca-certificates.crt",
42 "/etc/pki/tls/certs/ca-bundle.crt",
43 "/usr/share/ssl/certs/ca-bundle.crt",
44 "/usr/local/share/certs/ca-root.crt",
46 "/etc/ssl/ca-bundle.pem",
48 for (
const auto& known_ca_path : v_known_ca_paths) {
49 if (boost::filesystem::exists(known_ca_path)) {
50 ca_cert_file = known_ca_path;
60 boost::ignore_unused(sa);
64 boost::ignore_unused(host);
65 boost::ignore_unused(
name);
66 boost::ignore_unused(size);
71 int size)
throw()
override {
72 boost::ignore_unused(sa);
73 boost::ignore_unused(data);
74 boost::ignore_unused(size);
95 #ifdef HAVE_THRIFT_MESSAGE_LIMIT
99 : THttpClient(transport, host, path) {
104 #ifdef HAVE_THRIFT_MESSAGE_LIMIT
108 : THttpClient(host, port, path) {
114 void parseHeader(
char* header)
override {
116 if (boost::istarts_with(header,
"set-cookie:")) {
117 std::string tmp(header);
118 std::string cookie = tmp.substr(tmp.find(
":") + 1, std::string::npos);
119 cookies_.push_back(cookie);
121 THttpClient::parseHeader(header);
124 void flush()
override {
134 writeBuffer_.getBuffer(&buf, &len);
136 constexpr
static const char* CRLF =
"\r\n";
138 std::ostringstream h;
139 h <<
"POST " << path_ <<
" HTTP/1.1" << CRLF <<
"Host: " << host_ << CRLF
140 <<
"Content-Type: application/x-thrift" << CRLF <<
"Content-Length: " << len << CRLF
141 <<
"Accept: application/x-thrift" << CRLF <<
"User-Agent: Thrift/"
142 << THRIFT_PACKAGE_VERSION <<
" (C++/THttpClient)" << CRLF
143 <<
"Connection: keep-alive" << CRLF;
144 if (!cookies_.empty()) {
151 std::string header = h.str();
152 if (header.size() > (std::numeric_limits<uint32_t>::max)()) {
153 throw TTransportException(
155 "]. Max = " +
std::to_string((std::numeric_limits<uint32_t>::max)()));
158 transport_->write((
const uint8_t*)header.c_str(),
159 static_cast<uint32_t
>(header.size()));
160 transport_->write(buf, len);
164 writeBuffer_.resetBuffer();
168 std::vector<std::string> cookies_;
174 bool skip_host_verify,
175 std::shared_ptr<TSSLSocketFactory> factory)
176 : server_host_(server_host)
178 , conn_type_(conn_type)
179 , skip_host_verify_(skip_host_verify)
180 , trust_cert_file_(
"") {
185 factory_->ciphers(
"ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
194 std::shared_ptr<apache::thrift::transport::TTransport> mytransport;
209 }
catch (
const apache::thrift::TException& e) {
210 throw apache::thrift::TException(std::string(e.what()) +
": host " +
server_host_ +
215 return std::shared_ptr<TProtocol>(
new TJSONProtocol(mytransport));
217 return std::shared_ptr<TProtocol>(
new TBinaryProtocol(mytransport));
222 const std::string& server_host,
224 const std::string& ca_cert_name,
230 std::shared_ptr<TTransport> transport;
232 if (!
factory_ && !ca_cert_name.empty()) {
235 std::shared_ptr<TSSLSocketFactory>(
new TSSLSocketFactory(SSLProtocol::SSLTLS));
236 factory_->ciphers(
"ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
237 factory_->loadTrustedCertificates(ca_cert_name.c_str());
242 #ifdef HAVE_THRIFT_MESSAGE_LIMIT
246 const auto socket = std::make_shared<TSocket>(server_host, port);
249 socket->setKeepAlive(with_keepalive);
250 socket->setConnTimeout(connect_timeout);
251 socket->setRecvTimeout(recv_timeout);
252 socket->setSendTimeout(send_timeout);
254 socket->setLinger(
false, 0);
257 #ifdef HAVE_THRIFT_MESSAGE_LIMIT
260 transport = std::make_shared<TBufferedTransport>(socket);
263 std::shared_ptr<TSocket> secure_socket =
factory_->createSocket(server_host, port);
265 secure_socket->setKeepAlive(with_keepalive);
266 secure_socket->setConnTimeout(connect_timeout);
267 secure_socket->setRecvTimeout(recv_timeout);
268 secure_socket->setSendTimeout(send_timeout);
270 secure_socket->setLinger(
false, 0);
273 #ifdef HAVE_THRIFT_MESSAGE_LIMIT
274 transport = std::shared_ptr<TTransport>(
277 transport = std::shared_ptr<TTransport>(
new TBufferedTransport(secure_socket));
285 const std::string& server_host,
287 const std::string& trust_cert_fileX,
295 std::shared_ptr<TSSLSocketFactory>(
new TSSLSocketFactory(SSLProtocol::SSLTLS));
297 std::shared_ptr<TTransport> transport;
298 std::shared_ptr<TTransport> socket;
308 socket =
factory_->createSocket(server_host, port);
313 std::shared_ptr<TTransport>(
new ProxyTHttpClient(socket, server_host,
"/"));
315 transport = std::shared_ptr<TTransport>(
new ProxyTHttpClient(server_host, port,
"/"));
ThriftConnectionType conn_type_
void check_standard_ca(std::string &ca_cert_file)
std::shared_ptr< TTransport > open_http_client_transport(const std::string &server_host, const int port, const std::string &trust_cert_file_, bool use_https, bool skip_verify)
virtual ~ThriftClientConnection()
std::shared_ptr< apache::thrift::TConfiguration > default_tconfig()
Decision verify(const sockaddr_storage &sa) override
Decision verify(const std::string &host, const char *name, int size) override
std::shared_ptr< TTransport > open_buffered_client_transport(const std::string &server_host, const int port, const std::string &ca_cert_name, const bool with_timeout=false, const bool with_keepalive=true, const unsigned connect_timeout=0, const unsigned recv_timeount=0, const unsigned send_timeout=0)
ProxyTHttpClient(std::shared_ptr< TTransport > transport, std::string host, std::string path)
Decision verify(const sockaddr_storage &sa, const char *data, int size) override
std::string ca_cert_name_
std::string trust_cert_file_
std::shared_ptr< TProtocol > get_protocol()
std::shared_ptr< TSSLSocketFactory > factory_
AccessManager::Decision Decision