airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sma...@apache.org
Subject [03/47] Added c++ client samples for integrattion of airavata with any other application's c++ interface
Date Sat, 12 Jul 2014 04:08:21 GMT
http://git-wip-us.apache.org/repos/asf/airavata/blob/f891b7dc/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpServer.h
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpServer.h b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpServer.h
new file mode 100644
index 0000000..bf69dbe
--- /dev/null
+++ b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpServer.h
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef _THRIFT_TRANSPORT_THTTPSERVER_H_
+#define _THRIFT_TRANSPORT_THTTPSERVER_H_ 1
+
+#include <thrift/transport/THttpTransport.h>
+
+namespace apache { namespace thrift { namespace transport {
+
+class THttpServer : public THttpTransport {
+ public:
+  THttpServer(boost::shared_ptr<TTransport> transport);
+
+  virtual ~THttpServer();
+
+  virtual void flush();
+
+ protected:
+
+  void readHeaders();
+  virtual void parseHeader(char* header);
+  virtual bool parseStatusLine(char* status);
+  std::string getTimeRFC1123();
+
+};
+
+/**
+ * Wraps a transport into HTTP protocol
+ */
+class THttpServerTransportFactory : public TTransportFactory {
+ public:
+  THttpServerTransportFactory() {}
+
+  virtual ~THttpServerTransportFactory() {}
+
+  /**
+   * Wraps the transport into a buffered one.
+   */
+  virtual boost::shared_ptr<TTransport> getTransport(boost::shared_ptr<TTransport> trans) {
+    return boost::shared_ptr<TTransport>(new THttpServer(trans));
+  }
+
+};
+
+}}} // apache::thrift::transport
+
+#endif // #ifndef _THRIFT_TRANSPORT_THTTPSERVER_H_

http://git-wip-us.apache.org/repos/asf/airavata/blob/f891b7dc/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.cpp
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.cpp b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.cpp
new file mode 100644
index 0000000..c415ddb
--- /dev/null
+++ b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.cpp
@@ -0,0 +1,252 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include <thrift/transport/THttpTransport.h>
+
+namespace apache { namespace thrift { namespace transport {
+
+using namespace std;
+
+// Yeah, yeah, hacky to put these here, I know.
+const char* THttpTransport::CRLF = "\r\n";
+const int THttpTransport::CRLF_LEN = 2;
+
+THttpTransport::THttpTransport(boost::shared_ptr<TTransport> transport) :
+  transport_(transport),
+  readHeaders_(true),
+  chunked_(false),
+  chunkedDone_(false),
+  chunkSize_(0),
+  contentLength_(0),
+  httpBuf_(NULL),
+  httpPos_(0),
+  httpBufLen_(0),
+  httpBufSize_(1024) {
+  init();
+}
+
+void THttpTransport::init() {
+  httpBuf_ = (char*)std::malloc(httpBufSize_+1);
+  if (httpBuf_ == NULL) {
+    throw std::bad_alloc();
+  }
+  httpBuf_[httpBufLen_] = '\0';
+}
+
+THttpTransport::~THttpTransport() {
+  if (httpBuf_ != NULL) {
+    std::free(httpBuf_);
+  }
+}
+
+uint32_t THttpTransport::read(uint8_t* buf, uint32_t len) {
+  if (readBuffer_.available_read() == 0) {
+    readBuffer_.resetBuffer();
+    uint32_t got = readMoreData();
+    if (got == 0) {
+      return 0;
+    }
+  }
+  return readBuffer_.read(buf, len);
+}
+
+uint32_t THttpTransport::readEnd() {
+  // Read any pending chunked data (footers etc.)
+  if (chunked_) {
+    while (!chunkedDone_) {
+      readChunked();
+    }
+  }
+  return 0;
+}
+
+uint32_t THttpTransport::readMoreData() {
+  uint32_t size;
+
+  // Get more data!
+  refill();
+
+  if (readHeaders_) {
+    readHeaders();
+  }
+
+  if (chunked_) {
+    size = readChunked();
+  } else {
+    size = readContent(contentLength_);
+  }
+  readHeaders_ = true;
+  return size;
+}
+
+uint32_t THttpTransport::readChunked() {
+  uint32_t length = 0;
+
+  char* line = readLine();
+  uint32_t chunkSize = parseChunkSize(line);
+  if (chunkSize == 0) {
+    readChunkedFooters();
+  } else {
+    // Read data content
+    length += readContent(chunkSize);
+    // Read trailing CRLF after content
+    readLine();
+  }
+  return length;
+}
+
+void THttpTransport::readChunkedFooters() {
+  // End of data, read footer lines until a blank one appears
+  while (true) {
+    char* line = readLine();
+    if (strlen(line) == 0) {
+      chunkedDone_ = true;
+      break;
+    }
+  }
+}
+
+uint32_t THttpTransport::parseChunkSize(char* line) {
+  char* semi = strchr(line, ';');
+  if (semi != NULL) {
+    *semi = '\0';
+  }
+  uint32_t size = 0;
+  sscanf(line, "%x", &size);
+  return size;
+}
+
+uint32_t THttpTransport::readContent(uint32_t size) {
+  uint32_t need = size;
+  while (need > 0) {
+    uint32_t avail = httpBufLen_ - httpPos_;
+    if (avail == 0) {
+      // We have given all the data, reset position to head of the buffer
+      httpPos_ = 0;
+      httpBufLen_ = 0;
+      refill();
+
+      // Now have available however much we read
+      avail = httpBufLen_;
+    }
+    uint32_t give = avail;
+    if (need < give) {
+      give = need;
+    }
+    readBuffer_.write((uint8_t*)(httpBuf_+httpPos_), give);
+    httpPos_ += give;
+    need -= give;
+  }
+  return size;
+}
+
+char* THttpTransport::readLine() {
+  while (true) {
+    char* eol = NULL;
+
+    eol = strstr(httpBuf_+httpPos_, CRLF);
+
+    // No CRLF yet?
+    if (eol == NULL) {
+      // Shift whatever we have now to front and refill
+      shift();
+      refill();
+    } else {
+      // Return pointer to next line
+      *eol = '\0';
+      char* line = httpBuf_+httpPos_;
+      httpPos_ = static_cast<uint32_t>((eol-httpBuf_) + CRLF_LEN);
+      return line;
+    }
+  }
+
+}
+
+void THttpTransport::shift() {
+  if (httpBufLen_ > httpPos_) {
+    // Shift down remaining data and read more
+    uint32_t length = httpBufLen_ - httpPos_;
+    memmove(httpBuf_, httpBuf_+httpPos_, length);
+    httpBufLen_ = length;
+  } else {
+    httpBufLen_ = 0;
+  }
+  httpPos_ = 0;
+  httpBuf_[httpBufLen_] = '\0';
+}
+
+void THttpTransport::refill() {
+  uint32_t avail = httpBufSize_ - httpBufLen_;
+  if (avail <= (httpBufSize_ / 4)) {
+    httpBufSize_ *= 2;
+    httpBuf_ = (char*)std::realloc(httpBuf_, httpBufSize_+1);
+    if (httpBuf_ == NULL) {
+      throw std::bad_alloc();
+    }
+  }
+
+  // Read more data
+  uint32_t got = transport_->read((uint8_t*)(httpBuf_+httpBufLen_), httpBufSize_-httpBufLen_);
+  httpBufLen_ += got;
+  httpBuf_[httpBufLen_] = '\0';
+
+  if (got == 0) {
+    throw TTransportException("Could not refill buffer");
+  }
+}
+
+void THttpTransport::readHeaders() {
+  // Initialize headers state variables
+  contentLength_ = 0;
+  chunked_ = false;
+  chunkedDone_ = false;
+  chunkSize_ = 0;
+
+  // Control state flow
+  bool statusLine = true;
+  bool finished = false;
+
+  // Loop until headers are finished
+  while (true) {
+    char* line = readLine();
+
+    if (strlen(line) == 0) {
+      if (finished) {
+        readHeaders_ = false;
+        return;
+      } else {
+        // Must have been an HTTP 100, keep going for another status line
+        statusLine = true;
+      }
+    } else {
+      if (statusLine) {
+        statusLine = false;
+        finished = parseStatusLine(line);
+      } else {
+        parseHeader(line);
+      }
+    }
+  }
+}
+
+void THttpTransport::write(const uint8_t* buf, uint32_t len) {
+  writeBuffer_.write(buf, len);
+}
+
+}}}

http://git-wip-us.apache.org/repos/asf/airavata/blob/f891b7dc/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.h
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.h b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.h
new file mode 100644
index 0000000..a2e8834
--- /dev/null
+++ b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.h
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef _THRIFT_TRANSPORT_THTTPTRANSPORT_H_
+#define _THRIFT_TRANSPORT_THTTPTRANSPORT_H_ 1
+
+#include <thrift/transport/TBufferTransports.h>
+#include <thrift/transport/TVirtualTransport.h>
+
+namespace apache { namespace thrift { namespace transport {
+
+/**
+ * HTTP implementation of the thrift transport. This was irritating
+ * to write, but the alternatives in C++ land are daunting. Linking CURL
+ * requires 23 dynamic libraries last time I checked (WTF?!?). All we have
+ * here is a VERY basic HTTP/1.1 client which supports HTTP 100 Continue,
+ * chunked transfer encoding, keepalive, etc. Tested against Apache.
+ */
+class THttpTransport : public TVirtualTransport<THttpTransport> {
+ public:
+  THttpTransport(boost::shared_ptr<TTransport> transport);
+
+  virtual ~THttpTransport();
+
+  void open() {
+    transport_->open();
+  }
+
+  bool isOpen() {
+    return transport_->isOpen();
+  }
+
+  bool peek() {
+    return transport_->peek();
+  }
+
+  void close() {
+    transport_->close();
+  }
+
+  uint32_t read(uint8_t* buf, uint32_t len);
+
+  uint32_t readEnd();
+
+  void write(const uint8_t* buf, uint32_t len);
+
+  virtual void flush() = 0;
+
+ protected:
+
+  boost::shared_ptr<TTransport> transport_;
+
+  TMemoryBuffer writeBuffer_;
+  TMemoryBuffer readBuffer_;
+
+  bool readHeaders_;
+  bool chunked_;
+  bool chunkedDone_;
+  uint32_t chunkSize_;
+  uint32_t contentLength_;
+
+  char* httpBuf_;
+  uint32_t httpPos_;
+  uint32_t httpBufLen_;
+  uint32_t httpBufSize_;
+
+  virtual void init();
+
+  uint32_t readMoreData();
+  char* readLine();
+
+  void readHeaders();
+  virtual void parseHeader(char* header) = 0;
+  virtual bool parseStatusLine(char* status) = 0;
+
+  uint32_t readChunked();
+  void readChunkedFooters();
+  uint32_t parseChunkSize(char* line);
+
+  uint32_t readContent(uint32_t size);
+
+  void refill();
+  void shift();
+
+  static const char* CRLF;
+  static const int CRLF_LEN;
+};
+
+}}} // apache::thrift::transport
+
+#endif // #ifndef _THRIFT_TRANSPORT_THTTPCLIENT_H_

http://git-wip-us.apache.org/repos/asf/airavata/blob/f891b7dc/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.cpp
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.cpp b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.cpp
new file mode 100644
index 0000000..92e2912
--- /dev/null
+++ b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.cpp
@@ -0,0 +1,217 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+*   http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+#include <thrift/transport/TTransportException.h>
+#include <thrift/transport/TPipe.h>
+
+namespace apache { namespace thrift { namespace transport {
+
+using namespace std;
+
+/**
+* TPipe implementation.
+*/
+
+#ifdef _WIN32
+//---- Constructors ----
+TPipe::TPipe(HANDLE Pipe) :
+  Pipe_(Pipe),
+  TimeoutSeconds_(3),
+  isAnonymous(false)
+{}
+
+TPipe::TPipe(const char *pipename) :
+  Pipe_(INVALID_HANDLE_VALUE),
+  TimeoutSeconds_(3),
+  isAnonymous(false)
+{
+  setPipename(pipename);
+}
+
+TPipe::TPipe(const std::string &pipename) :
+  Pipe_(INVALID_HANDLE_VALUE),
+  TimeoutSeconds_(3),
+  isAnonymous(false)
+{
+  setPipename(pipename);
+}
+
+TPipe::TPipe(HANDLE PipeRd, HANDLE PipeWrt) :
+  Pipe_(PipeRd),
+  PipeWrt_(PipeWrt),
+  TimeoutSeconds_(3),
+  isAnonymous(true)
+{}
+
+TPipe::TPipe() :
+  Pipe_(INVALID_HANDLE_VALUE),
+  TimeoutSeconds_(3)
+{}
+
+//---- Destructor ----
+TPipe::~TPipe() {
+  close();
+}
+
+
+//---------------------------------------------------------
+// Transport callbacks
+//---------------------------------------------------------
+
+bool TPipe::isOpen() {
+  return (Pipe_ != INVALID_HANDLE_VALUE);
+}
+
+bool TPipe::peek() {
+  if (!isOpen()) {
+    return false;
+  }
+  DWORD bytesavail = 0;
+  int  PeekRet = 0;
+  PeekRet = PeekNamedPipe(Pipe_, NULL, 0, NULL, &bytesavail, NULL);
+  return (PeekRet != 0 && bytesavail > 0);
+}
+
+void TPipe::open() {
+  if (isOpen()) {
+    return;
+  }
+
+  int SleepInterval = 500; //ms
+  int retries = TimeoutSeconds_ * 1000 / SleepInterval;
+  HANDLE hPipe_;
+  for(int i=0; i<retries; i++)
+  {
+    hPipe_ = CreateFile(
+              pipename_.c_str(),
+              GENERIC_READ | GENERIC_WRITE,
+              0,              // no sharing
+              NULL,           // default security attributes
+              OPEN_EXISTING,  // opens existing pipe
+              0,              // default attributes
+              NULL);          // no template file
+
+    if (hPipe_ == INVALID_HANDLE_VALUE)
+      ::Sleep(SleepInterval);
+    else
+      break;
+  }
+  if (hPipe_ == INVALID_HANDLE_VALUE)
+    throw TTransportException(TTransportException::NOT_OPEN, "Unable to open pipe");
+
+  // The pipe connected; change to message-read mode.
+  DWORD dwMode = PIPE_READMODE_MESSAGE;
+  int fSuccess = SetNamedPipeHandleState(
+              hPipe_, // pipe handle
+              &dwMode,  // new pipe mode
+              NULL,     // don't set maximum bytes
+              NULL);    // don't set maximum time
+  if (fSuccess == 0)
+  {
+    throw TTransportException(TTransportException::NOT_OPEN, "SetNamedPipeHandleState failed");
+    close();
+  }
+  Pipe_ = hPipe_;
+}
+
+
+void TPipe::close() {
+  if (isOpen())
+  {
+    CloseHandle(Pipe_);
+    Pipe_ = INVALID_HANDLE_VALUE;
+  }
+}
+
+uint32_t TPipe::read(uint8_t* buf, uint32_t len) {
+  if (!isOpen())
+    throw TTransportException(TTransportException::NOT_OPEN, "Called read on non-open pipe");
+
+  DWORD  cbRead;
+  int fSuccess = ReadFile(
+              Pipe_, // pipe handle
+              buf,      // buffer to receive reply
+              len,      // size of buffer
+              &cbRead,  // number of bytes read
+              NULL);    // not overlapped
+
+  if ( !fSuccess && GetLastError() != ERROR_MORE_DATA )
+    return 0; // No more data, possibly because client disconnected.
+
+  return cbRead;
+}
+
+void TPipe::write(const uint8_t* buf, uint32_t len) {
+  if (!isOpen())
+    throw TTransportException(TTransportException::NOT_OPEN, "Called write on non-open pipe");
+
+  HANDLE WritePipe = isAnonymous? PipeWrt_: Pipe_;
+  DWORD  cbWritten;
+  int fSuccess = WriteFile(
+              WritePipe, // pipe handle
+              buf,        // message
+              len,        // message length
+              &cbWritten, // bytes written
+              NULL);      // not overlapped
+
+  if ( !fSuccess)
+    throw TTransportException(TTransportException::NOT_OPEN, "Write to pipe failed");
+}
+
+//---------------------------------------------------------
+// Accessors
+//---------------------------------------------------------
+
+string TPipe::getPipename() {
+  return pipename_;
+}
+
+void TPipe::setPipename(const std::string &pipename) {
+  if(pipename.find("\\\\") == -1)
+    pipename_ = "\\\\.\\pipe\\" + pipename;
+  else
+    pipename_ = pipename;
+}
+
+HANDLE TPipe::getPipeHandle() {
+  return Pipe_;
+}
+
+void TPipe::setPipeHandle(HANDLE pipehandle) {
+  Pipe_ = pipehandle;
+}
+
+HANDLE TPipe::getWrtPipeHandle() {
+  return PipeWrt_;
+}
+
+void TPipe::setWrtPipeHandle(HANDLE pipehandle) {
+  PipeWrt_ = pipehandle;
+}
+
+long TPipe::getConnectTimeout() {
+  return TimeoutSeconds_;
+}
+
+void TPipe::setConnectTimeout(long seconds) {
+  TimeoutSeconds_ = seconds;
+}
+#endif //_WIN32
+
+}}} // apache::thrift::transport

http://git-wip-us.apache.org/repos/asf/airavata/blob/f891b7dc/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.h
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.h b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.h
new file mode 100644
index 0000000..3c1755b
--- /dev/null
+++ b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.h
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef _THRIFT_TRANSPORT_TPIPE_H_
+#define _THRIFT_TRANSPORT_TPIPE_H_ 1
+
+#include <thrift/transport/TTransport.h>
+#include <thrift/transport/TVirtualTransport.h>
+#ifndef _WIN32
+#  include <thrift/transport/TSocket.h>
+#endif
+
+namespace apache { namespace thrift { namespace transport {
+
+/**
+ * Windows Pipes implementation of the TTransport interface.
+ *
+ */
+#ifdef _WIN32
+class TPipe : public TVirtualTransport<TPipe> {
+ public:
+
+  // Constructs a new pipe object.
+  TPipe();
+  // Named pipe constructors -
+  explicit TPipe(HANDLE Pipe); //HANDLE is a void*
+  //need a const char * overload so string literals don't go to the HANDLE overload
+  explicit TPipe(const char *pipename);
+  explicit TPipe(const std::string &pipename);
+  // Anonymous pipe -
+  TPipe(HANDLE PipeRd, HANDLE PipeWrt);
+
+  // Destroys the pipe object, closing it if necessary.
+  virtual ~TPipe();
+
+  // Returns whether the pipe is open & valid.
+  virtual bool isOpen();
+
+  // Checks whether more data is available in the pipe.
+  virtual bool peek();
+
+  // Creates and opens the named/anonymous pipe.
+  virtual void open();
+
+  // Shuts down communications on the pipe.
+  virtual void close();
+
+  // Reads from the pipe.
+  virtual uint32_t read(uint8_t* buf, uint32_t len);
+
+  // Writes to the pipe.
+  virtual void write(const uint8_t* buf, uint32_t len);
+
+
+  //Accessors
+  std::string getPipename();
+  void setPipename(const std::string &pipename);
+  HANDLE getPipeHandle(); //doubles as the read handle for anon pipe
+  void setPipeHandle(HANDLE pipehandle);
+  HANDLE getWrtPipeHandle();
+  void setWrtPipeHandle(HANDLE pipehandle);
+  long getConnectTimeout();
+  void setConnectTimeout(long seconds);
+
+ private:
+  std::string pipename_;
+
+  //Named pipe handles are R/W, while anonymous pipes are one or the other (half duplex).
+  HANDLE Pipe_, PipeWrt_;
+  long TimeoutSeconds_;
+  bool isAnonymous;
+};
+#else
+typedef TSocket TPipe;
+#endif
+
+}}} // apache::thrift::transport
+
+#endif // #ifndef _THRIFT_TRANSPORT_TPIPE_H_
+

http://git-wip-us.apache.org/repos/asf/airavata/blob/f891b7dc/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.cpp
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.cpp b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.cpp
new file mode 100644
index 0000000..10fc69b
--- /dev/null
+++ b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.cpp
@@ -0,0 +1,402 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include <thrift/thrift-config.h>
+#include <cstring>
+
+#include <thrift/transport/TPipe.h>
+#include <thrift/transport/TPipeServer.h>
+#include <boost/shared_ptr.hpp>
+#ifdef _WIN32
+#  include <AccCtrl.h>
+#  include <Aclapi.h>
+#endif //_WIN32
+
+namespace apache { namespace thrift { namespace transport {
+
+#ifdef _WIN32
+
+using namespace std;
+using boost::shared_ptr;
+
+//---- Constructors ----
+TPipeServer::TPipeServer(const std::string &pipename, uint32_t bufsize) :
+  pipename_(pipename),
+  bufsize_(bufsize),
+  Pipe_(INVALID_HANDLE_VALUE),
+  wakeup(INVALID_HANDLE_VALUE),
+  maxconns_(TPIPE_SERVER_MAX_CONNS_DEFAULT),
+  isAnonymous(false),
+  stop_(false)
+ {
+    setPipename(pipename);
+    createWakeupEvent();
+ }
+
+TPipeServer::TPipeServer(const std::string &pipename, uint32_t bufsize, uint32_t maxconnections) :
+  pipename_(pipename),
+  bufsize_(bufsize),
+  Pipe_(INVALID_HANDLE_VALUE),
+  wakeup(INVALID_HANDLE_VALUE),
+  isAnonymous(false),
+  stop_(false)
+ {  //Restrict maxconns_ to 1-PIPE_UNLIMITED_INSTANCES
+    if(maxconnections == 0)
+      maxconns_ = 1;
+    else if (maxconnections > PIPE_UNLIMITED_INSTANCES)
+      maxconns_ = PIPE_UNLIMITED_INSTANCES;
+	else
+      maxconns_ = maxconnections;
+
+    setPipename(pipename);
+    createWakeupEvent();
+ }
+
+TPipeServer::TPipeServer(const std::string &pipename) :
+  pipename_(pipename),
+  bufsize_(1024),
+  Pipe_(INVALID_HANDLE_VALUE),
+  wakeup(INVALID_HANDLE_VALUE),
+  maxconns_(TPIPE_SERVER_MAX_CONNS_DEFAULT),
+  isAnonymous(false),
+  stop_(false)
+ {
+    setPipename(pipename);
+    createWakeupEvent();
+ }
+
+TPipeServer::TPipeServer(int bufsize) :
+  pipename_(""),
+  bufsize_(bufsize),
+  Pipe_(INVALID_HANDLE_VALUE),
+  wakeup(INVALID_HANDLE_VALUE),
+  maxconns_(1),
+  isAnonymous(true),
+  stop_(false)
+ {
+  //The anonymous pipe needs to be created first so that the server can
+  //pass the handles on to the client before the serve (acceptImpl)
+  //blocking call.
+  if (!TCreateAnonPipe()) {
+    GlobalOutput.perror("TPipeServer Create(Anon)Pipe failed, GLE=", GetLastError());
+    throw TTransportException(TTransportException::NOT_OPEN, " TPipeServer Create(Anon)Pipe failed");
+  }
+  createWakeupEvent();
+}
+
+TPipeServer::TPipeServer() :
+  pipename_(""),
+  bufsize_(1024),
+  Pipe_(INVALID_HANDLE_VALUE),
+  wakeup(INVALID_HANDLE_VALUE),
+  maxconns_(1),
+  isAnonymous(true),
+  stop_(false)
+{
+  if (!TCreateAnonPipe()) {
+    GlobalOutput.perror("TPipeServer Create(Anon)Pipe failed, GLE=", GetLastError());
+    throw TTransportException(TTransportException::NOT_OPEN, " TPipeServer Create(Anon)Pipe failed");
+  }
+  createWakeupEvent();
+}
+
+//---- Destructor ----
+TPipeServer::~TPipeServer() {
+  close();
+  CloseHandle( wakeup);
+  wakeup = INVALID_HANDLE_VALUE;
+}
+
+//---------------------------------------------------------
+// Transport callbacks
+//---------------------------------------------------------
+
+shared_ptr<TTransport> TPipeServer::acceptImpl() {
+  shared_ptr<TPipe> client;
+
+  stop_ = FALSE;
+
+  if(isAnonymous)
+  { //Anonymous Pipe
+    //This 0-byte read serves merely as a blocking call.
+    byte buf;
+    DWORD br;
+    int fSuccess = ReadFile(
+          Pipe_, // pipe handle
+          &buf,   // buffer to receive reply
+          0,      // size of buffer
+          &br,    // number of bytes read
+          NULL);  // not overlapped
+
+    if ( !fSuccess && GetLastError() != ERROR_MORE_DATA ) {
+      GlobalOutput.perror("TPipeServer unable to initiate pipe comms, GLE=", GetLastError());
+      throw TTransportException(TTransportException::NOT_OPEN, " TPipeServer unable to initiate pipe comms");
+    }
+    client.reset(new TPipe(Pipe_, PipeW_));
+  }
+  else
+  { //Named Pipe
+    if (!TCreateNamedPipe()) {
+      GlobalOutput.perror("TPipeServer CreateNamedPipe failed, GLE=", GetLastError());
+      throw TTransportException(TTransportException::NOT_OPEN, " TPipeServer CreateNamedPipe failed");
+    }
+
+    struct TEventCleaner {
+      HANDLE hEvent;
+      ~TEventCleaner() {CloseHandle(hEvent);}
+    };
+
+    OVERLAPPED overlapped;
+    memset( &overlapped, 0, sizeof(overlapped));
+    overlapped.hEvent = CreateEvent( NULL, TRUE, FALSE, NULL);
+    {
+      TEventCleaner cleaner = {overlapped.hEvent};
+      while( ! stop_)
+      {
+        // Wait for the client to connect; if it succeeds, the
+        // function returns a nonzero value. If the function returns
+        // zero, GetLastError should return ERROR_PIPE_CONNECTED.
+        if( ConnectNamedPipe(Pipe_, &overlapped))
+        {
+          GlobalOutput.printf("Client connected.");
+          client.reset(new TPipe(Pipe_));
+          return client;
+        }
+
+        DWORD dwErr = GetLastError();
+        HANDLE events[2] = {overlapped.hEvent, wakeup};
+        switch( dwErr)
+        {
+        case ERROR_PIPE_CONNECTED:
+          GlobalOutput.printf("Client connected.");
+          client.reset(new TPipe(Pipe_));
+          return client;
+
+        case ERROR_IO_PENDING:
+          DWORD dwWait, dwDummy;
+          dwWait = WaitForMultipleObjects( 2, events, FALSE, 3000);
+          switch(dwWait)
+          {
+          case WAIT_OBJECT_0:
+            if(GetOverlappedResult(Pipe_, &overlapped, &dwDummy, TRUE))
+            {
+              GlobalOutput.printf("Client connected.");
+              client.reset(new TPipe(Pipe_));
+              return client;
+            }
+            break;
+          case WAIT_OBJECT_0 + 1:
+            stop_ = TRUE;
+            break;
+          default:
+            break;
+          }
+          break;
+
+        default:
+          break;
+        }
+
+        CancelIo(Pipe_);
+        DisconnectNamedPipe(Pipe_);
+      }
+
+      close();
+      GlobalOutput.perror("TPipeServer ConnectNamedPipe GLE=", GetLastError());
+      throw TTransportException(TTransportException::NOT_OPEN, "TPipeServer: client connection failed");
+    }
+  }
+
+  return client;
+}
+
+void TPipeServer::interrupt() {
+  if(Pipe_ != INVALID_HANDLE_VALUE) {
+    stop_ = TRUE;
+    CancelIo(Pipe_);
+    SetEvent(wakeup);
+  }
+}
+
+void TPipeServer::close() {
+  if(!isAnonymous)
+  {
+    if(Pipe_ != INVALID_HANDLE_VALUE) {
+      DisconnectNamedPipe(Pipe_);
+      CloseHandle(Pipe_);
+      Pipe_ = INVALID_HANDLE_VALUE;
+    }
+  }
+  else
+  {
+    try {
+      CloseHandle(Pipe_);
+      CloseHandle(PipeW_);
+      CloseHandle(ClientAnonRead);
+      CloseHandle(ClientAnonWrite);
+    }
+    catch(...) {
+        GlobalOutput.perror("TPipeServer anon close GLE=", GetLastError());
+    }
+  }
+}
+
+
+bool TPipeServer::TCreateNamedPipe() {
+
+  //Windows - set security to allow non-elevated apps
+  //to access pipes created by elevated apps.
+  SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
+  PSID everyone_sid = NULL;
+  AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &everyone_sid);
+
+  EXPLICIT_ACCESS ea;
+  ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
+  ea.grfAccessPermissions = SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL;
+  ea.grfAccessMode = SET_ACCESS;
+  ea.grfInheritance = NO_INHERITANCE;
+  ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
+  ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
+  ea.Trustee.ptstrName  = (LPSTR)everyone_sid;
+
+  PACL acl = NULL;
+  SetEntriesInAcl(1, &ea, NULL, &acl);
+
+  PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
+  InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION);
+  SetSecurityDescriptorDacl(sd, TRUE, acl, FALSE);
+
+  SECURITY_ATTRIBUTES sa;
+  sa.nLength = sizeof(SECURITY_ATTRIBUTES);
+  sa.lpSecurityDescriptor = sd;
+  sa.bInheritHandle = FALSE;
+
+  // Create an instance of the named pipe
+  HANDLE hPipe_ = CreateNamedPipe(
+        pipename_.c_str(),        // pipe name
+        PIPE_ACCESS_DUPLEX |      // read/write access
+        FILE_FLAG_OVERLAPPED,     // async mode
+        PIPE_TYPE_MESSAGE |       // message type pipe
+        PIPE_READMODE_MESSAGE,    // message-read mode
+        maxconns_,                // max. instances
+        bufsize_,                 // output buffer size
+        bufsize_,                 // input buffer size
+        0,                        // client time-out
+        &sa);                     // default security attribute
+
+  if(hPipe_ == INVALID_HANDLE_VALUE)
+  {
+    Pipe_ = INVALID_HANDLE_VALUE;
+    GlobalOutput.perror("TPipeServer::TCreateNamedPipe() GLE=", GetLastError());
+    throw TTransportException(TTransportException::NOT_OPEN, "TCreateNamedPipe() failed", GetLastError());
+    return false;
+  }
+
+  Pipe_ = hPipe_;
+  return true;
+}
+
+bool TPipeServer::TCreateAnonPipe() {
+  SECURITY_ATTRIBUTES sa;
+  SECURITY_DESCRIPTOR sd; //security information for pipes
+
+  InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION);
+  SetSecurityDescriptorDacl(&sd, true, NULL, false);
+  sa.lpSecurityDescriptor = &sd;
+  sa.nLength = sizeof(SECURITY_ATTRIBUTES);
+  sa.bInheritHandle = true; //allow passing handle to child
+
+  HANDLE ClientAnonReadH, PipeW_H, ClientAnonWriteH, Pipe_H;
+  if (!CreatePipe(&ClientAnonReadH,&PipeW_H,&sa,0))   //create stdin pipe
+  {
+    GlobalOutput.perror("TPipeServer CreatePipe (anon) failed, GLE=", GetLastError());
+    return false;
+  }
+  if (!CreatePipe(&Pipe_H,&ClientAnonWriteH,&sa,0))  //create stdout pipe
+  {
+    GlobalOutput.perror("TPipeServer CreatePipe (anon) failed, GLE=", GetLastError());
+    CloseHandle(ClientAnonReadH);
+    CloseHandle(PipeW_H);
+    return false;
+  }
+  ClientAnonRead  = ClientAnonReadH;
+  ClientAnonWrite = ClientAnonWriteH;
+  Pipe_  = Pipe_H;
+  PipeW_ = PipeW_H;
+
+  return true;
+}
+
+void TPipeServer::createWakeupEvent() {
+  wakeup = CreateEvent( NULL, TRUE, FALSE, NULL);
+}
+
+
+//---------------------------------------------------------
+// Accessors
+//---------------------------------------------------------
+
+string TPipeServer::getPipename() {
+  return pipename_;
+}
+
+void TPipeServer::setPipename(const std::string &pipename) {
+  if(pipename.find("\\\\") == -1)
+    pipename_ = "\\\\.\\pipe\\" + pipename;
+  else
+    pipename_ = pipename;
+}
+
+int  TPipeServer::getBufferSize() {
+  return bufsize_;
+}
+
+void TPipeServer::setBufferSize(int bufsize) {
+  bufsize_ = bufsize;
+}
+
+HANDLE TPipeServer::getPipeHandle() {
+  return Pipe_;
+}
+
+HANDLE TPipeServer::getWrtPipeHandle()
+{
+  return PipeW_;
+}
+
+HANDLE TPipeServer::getClientRdPipeHandle()
+{
+  return ClientAnonRead;
+}
+
+HANDLE TPipeServer::getClientWrtPipeHandle()
+{
+  return ClientAnonWrite;
+}
+
+bool TPipeServer::getAnonymous() {
+  return isAnonymous;
+}
+
+void TPipeServer::setAnonymous(bool anon) {
+  isAnonymous = anon;
+}
+#endif //_WIN32
+
+}}} // apache::thrift::transport

http://git-wip-us.apache.org/repos/asf/airavata/blob/f891b7dc/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.h
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.h b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.h
new file mode 100755
index 0000000..88a8b6b
--- /dev/null
+++ b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.h
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef _THRIFT_TRANSPORT_TSERVERWINPIPES_H_
+#define _THRIFT_TRANSPORT_TSERVERWINPIPES_H_ 1
+
+#include <thrift/transport/TServerTransport.h>
+#include <boost/shared_ptr.hpp>
+#ifndef _WIN32
+#  include "TServerSocket.h"
+#endif
+
+#define TPIPE_SERVER_MAX_CONNS_DEFAULT 10
+
+namespace apache { namespace thrift { namespace transport {
+
+/**
+ * Windows Pipes implementation of TServerTransport.
+ */
+#ifdef _WIN32
+class TPipeServer : public TServerTransport {
+ public:
+  //Constructors
+  // Named Pipe -
+  TPipeServer(const std::string &pipename, uint32_t bufsize);
+  TPipeServer(const std::string &pipename, uint32_t bufsize, uint32_t maxconnections);
+  TPipeServer(const std::string &pipename);
+  // Anonymous pipe -
+  TPipeServer(int bufsize);
+  TPipeServer();
+
+  //Destructor
+  ~TPipeServer();
+
+  //Standard transport callbacks
+  void interrupt();
+  void close();
+ protected:
+  boost::shared_ptr<TTransport> acceptImpl();
+
+  bool TCreateNamedPipe();
+  bool TCreateAnonPipe();
+  void createWakeupEvent();
+
+ public:
+  //Accessors
+  std::string getPipename();
+  void setPipename(const std::string &pipename);
+  int  getBufferSize();
+  void setBufferSize(int bufsize);
+  HANDLE getPipeHandle();  //Named Pipe R/W -or- Anonymous pipe Read handle
+  HANDLE getWrtPipeHandle();
+  HANDLE getClientRdPipeHandle();
+  HANDLE getClientWrtPipeHandle();
+  bool getAnonymous();
+  void setAnonymous(bool anon);
+
+ private:
+  std::string pipename_;
+  uint32_t bufsize_;
+  HANDLE Pipe_;  //Named Pipe (R/W) or Anonymous Pipe (R)
+  uint32_t maxconns_;
+  HANDLE PipeW_; //Anonymous Pipe (W)
+  HANDLE ClientAnonRead, ClientAnonWrite; //Client side anonymous pipe handles
+  HANDLE wakeup;  // wake up event
+  //? Do we need duplicates to send to client?
+  bool isAnonymous;
+  bool stop_; // stop flag
+};
+#else //_WIN32
+//*NIX named pipe implementation uses domain socket
+typedef TServerSocket TPipeServer;
+#endif
+
+}}} // apache::thrift::transport
+
+#endif // #ifndef _THRIFT_TRANSPORT_TSERVERWINPIPES_H_

http://git-wip-us.apache.org/repos/asf/airavata/blob/f891b7dc/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.cpp
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.cpp b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.cpp
new file mode 100644
index 0000000..4689e4a
--- /dev/null
+++ b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.cpp
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include <thrift/transport/TSSLServerSocket.h>
+#include <thrift/transport/TSSLSocket.h>
+
+namespace apache { namespace thrift { namespace transport {
+
+using namespace boost;
+
+/**
+ * SSL server socket implementation.
+ */
+TSSLServerSocket::TSSLServerSocket(int port,
+                                   shared_ptr<TSSLSocketFactory> factory):
+                                   TServerSocket(port), factory_(factory) {
+  factory_->server(true);
+}
+
+TSSLServerSocket::TSSLServerSocket(int port, int sendTimeout, int recvTimeout,
+                                   shared_ptr<TSSLSocketFactory> factory):
+                                   TServerSocket(port, sendTimeout, recvTimeout),
+                                   factory_(factory) {
+  factory_->server(true);
+}
+
+shared_ptr<TSocket> TSSLServerSocket::createSocket(int client) {
+  return factory_->createSocket(client);
+}
+
+}}}

http://git-wip-us.apache.org/repos/asf/airavata/blob/f891b7dc/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.h
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.h b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.h
new file mode 100644
index 0000000..6d8e657
--- /dev/null
+++ b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.h
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef _THRIFT_TRANSPORT_TSSLSERVERSOCKET_H_
+#define _THRIFT_TRANSPORT_TSSLSERVERSOCKET_H_ 1
+
+#include <boost/shared_ptr.hpp>
+#include <thrift/transport/TServerSocket.h>
+
+namespace apache { namespace thrift { namespace transport {
+
+class TSSLSocketFactory;
+
+/**
+ * Server socket that accepts SSL connections.
+ */
+class TSSLServerSocket: public TServerSocket {
+ public:
+  /**
+   * Constructor.
+   *
+   * @param port    Listening port
+   * @param factory SSL socket factory implementation
+   */
+  TSSLServerSocket(int port, boost::shared_ptr<TSSLSocketFactory> factory);
+  /**
+   * Constructor.
+   *
+   * @param port        Listening port
+   * @param sendTimeout Socket send timeout
+   * @param recvTimeout Socket receive timeout
+   * @param factory     SSL socket factory implementation
+   */
+  TSSLServerSocket(int port, int sendTimeout, int recvTimeout,
+                   boost::shared_ptr<TSSLSocketFactory> factory);
+ protected:
+  boost::shared_ptr<TSocket> createSocket(int socket);
+  boost::shared_ptr<TSSLSocketFactory> factory_;
+};
+
+}}}
+
+#endif

http://git-wip-us.apache.org/repos/asf/airavata/blob/f891b7dc/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.cpp
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.cpp b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.cpp
new file mode 100644
index 0000000..029c541
--- /dev/null
+++ b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.cpp
@@ -0,0 +1,671 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include <thrift/thrift-config.h>
+
+#include <errno.h>
+#include <string>
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#include <sys/types.h>
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#include <boost/lexical_cast.hpp>
+#include <boost/shared_array.hpp>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/ssl.h>
+#include <openssl/x509v3.h>
+#include <thrift/concurrency/Mutex.h>
+#include <thrift/transport/TSSLSocket.h>
+#include <thrift/transport/PlatformSocket.h>
+
+#define OPENSSL_VERSION_NO_THREAD_ID 0x10000000L
+
+using namespace std;
+using namespace boost;
+using namespace apache::thrift::concurrency;
+
+struct CRYPTO_dynlock_value {
+  Mutex mutex;
+};
+
+namespace apache { namespace thrift { namespace transport {
+
+
+static void buildErrors(string& message, int error = 0);
+static bool matchName(const char* host, const char* pattern, int size);
+static char uppercase(char c);
+
+// SSLContext implementation
+SSLContext::SSLContext() {
+  ctx_ = SSL_CTX_new(TLSv1_method());
+  if (ctx_ == NULL) {
+    string errors;
+    buildErrors(errors);
+    throw TSSLException("SSL_CTX_new: " + errors);
+  }
+  SSL_CTX_set_mode(ctx_, SSL_MODE_AUTO_RETRY);
+}
+
+SSLContext::~SSLContext() {
+  if (ctx_ != NULL) {
+    SSL_CTX_free(ctx_);
+    ctx_ = NULL;
+  }
+}
+
+SSL* SSLContext::createSSL() {
+  SSL* ssl = SSL_new(ctx_);
+  if (ssl == NULL) {
+    string errors;
+    buildErrors(errors);
+    throw TSSLException("SSL_new: " + errors);
+  }
+  return ssl;
+}
+
+// TSSLSocket implementation
+TSSLSocket::TSSLSocket(boost::shared_ptr<SSLContext> ctx):
+  TSocket(), server_(false), ssl_(NULL), ctx_(ctx) {
+}
+
+TSSLSocket::TSSLSocket(boost::shared_ptr<SSLContext> ctx, int socket):
+  TSocket(socket), server_(false), ssl_(NULL), ctx_(ctx) {
+}
+
+TSSLSocket::TSSLSocket(boost::shared_ptr<SSLContext> ctx, string host, int port):
+  TSocket(host, port), server_(false), ssl_(NULL), ctx_(ctx) {
+}
+
+TSSLSocket::~TSSLSocket() {
+  close();
+}
+
+bool TSSLSocket::isOpen() {
+  if (ssl_ == NULL || !TSocket::isOpen()) {
+    return false;
+  }
+  int shutdown = SSL_get_shutdown(ssl_);
+  // "!!" is squelching C4800 "forcing bool -> true or false" perfomance warning
+  bool shutdownReceived = !!(shutdown & SSL_RECEIVED_SHUTDOWN);
+  bool shutdownSent     = !!(shutdown & SSL_SENT_SHUTDOWN);
+  if (shutdownReceived && shutdownSent) {
+    return false;
+  }
+  return true;
+}
+
+bool TSSLSocket::peek() {
+  if (!isOpen()) {
+    return false;
+  }
+  checkHandshake();
+  int rc;
+  uint8_t byte;
+  rc = SSL_peek(ssl_, &byte, 1);
+  if (rc < 0) {
+    int errno_copy = THRIFT_GET_SOCKET_ERROR;
+    string errors;
+    buildErrors(errors, errno_copy);
+    throw TSSLException("SSL_peek: " + errors);
+  }
+  if (rc == 0) {
+    ERR_clear_error();
+  }
+  return (rc > 0);
+}
+
+void TSSLSocket::open() {
+  if (isOpen() || server()) {
+    throw TTransportException(TTransportException::BAD_ARGS);
+  }
+  TSocket::open();
+}
+
+void TSSLSocket::close() {
+  if (ssl_ != NULL) {
+    int rc = SSL_shutdown(ssl_);
+    if (rc == 0) {
+      rc = SSL_shutdown(ssl_);
+    }
+    if (rc < 0) {
+      int errno_copy = THRIFT_GET_SOCKET_ERROR;
+      string errors;
+      buildErrors(errors, errno_copy);
+      GlobalOutput(("SSL_shutdown: " + errors).c_str());
+    }
+    SSL_free(ssl_);
+    ssl_ = NULL;
+    ERR_remove_state(0);
+  }
+  TSocket::close();
+}
+
+uint32_t TSSLSocket::read(uint8_t* buf, uint32_t len) {
+  checkHandshake();
+  int32_t bytes = 0;
+  for (int32_t retries = 0; retries < maxRecvRetries_; retries++){
+    bytes = SSL_read(ssl_, buf, len);
+    if (bytes >= 0)
+      break;
+    int errno_copy = THRIFT_GET_SOCKET_ERROR;
+    if (SSL_get_error(ssl_, bytes) == SSL_ERROR_SYSCALL) {
+      if (ERR_get_error() == 0 && errno_copy == THRIFT_EINTR) {
+        continue;
+      }
+    }
+    string errors;
+    buildErrors(errors, errno_copy);
+    throw TSSLException("SSL_read: " + errors);
+  }
+  return bytes;
+}
+
+void TSSLSocket::write(const uint8_t* buf, uint32_t len) {
+  checkHandshake();
+  // loop in case SSL_MODE_ENABLE_PARTIAL_WRITE is set in SSL_CTX.
+  uint32_t written = 0;
+  while (written < len) {
+    int32_t bytes = SSL_write(ssl_, &buf[written], len - written);
+    if (bytes <= 0) {
+      int errno_copy = THRIFT_GET_SOCKET_ERROR;
+      string errors;
+      buildErrors(errors, errno_copy);
+      throw TSSLException("SSL_write: " + errors);
+    }
+    written += bytes;
+  }
+}
+
+void TSSLSocket::flush() {
+  // Don't throw exception if not open. Thrift servers close socket twice.
+  if (ssl_ == NULL) {
+    return;
+  }
+  checkHandshake();
+  BIO* bio = SSL_get_wbio(ssl_);
+  if (bio == NULL) {
+    throw TSSLException("SSL_get_wbio returns NULL");
+  }
+  if (BIO_flush(bio) != 1) {
+    int errno_copy = THRIFT_GET_SOCKET_ERROR;
+    string errors;
+    buildErrors(errors, errno_copy);
+    throw TSSLException("BIO_flush: " + errors);
+  }
+}
+
+void TSSLSocket::checkHandshake() {
+  if (!TSocket::isOpen()) {
+    throw TTransportException(TTransportException::NOT_OPEN);
+  }
+  if (ssl_ != NULL) {
+    return;
+  }
+  ssl_ = ctx_->createSSL();
+  SSL_set_fd(ssl_, socket_);
+  int rc;
+  if (server()) {
+    rc = SSL_accept(ssl_);
+  } else {
+    rc = SSL_connect(ssl_);
+  }
+  if (rc <= 0) {
+    int errno_copy = THRIFT_GET_SOCKET_ERROR;
+    string fname(server() ? "SSL_accept" : "SSL_connect");
+    string errors;
+    buildErrors(errors, errno_copy);
+    throw TSSLException(fname + ": " + errors);
+  }
+  authorize();
+}
+
+void TSSLSocket::authorize() {
+  int rc = SSL_get_verify_result(ssl_);
+  if (rc != X509_V_OK) {  // verify authentication result
+    throw TSSLException(string("SSL_get_verify_result(), ") +
+                        X509_verify_cert_error_string(rc));
+  }
+
+  X509* cert = SSL_get_peer_certificate(ssl_);
+  if (cert == NULL) {
+    // certificate is not present
+    if (SSL_get_verify_mode(ssl_) & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
+      throw TSSLException("authorize: required certificate not present");
+    }
+    // certificate was optional: didn't intend to authorize remote
+    if (server() && access_ != NULL) {
+      throw TSSLException("authorize: certificate required for authorization");
+    }
+    return;
+  }
+  // certificate is present
+  if (access_ == NULL) {
+    X509_free(cert);
+    return;
+  }
+  // both certificate and access manager are present
+
+  string host;
+  sockaddr_storage sa;
+  socklen_t saLength = sizeof(sa);
+
+  if (getpeername(socket_, (sockaddr*)&sa, &saLength) != 0) {
+    sa.ss_family = AF_UNSPEC;
+  }
+
+  AccessManager::Decision decision = access_->verify(sa);
+
+  if (decision != AccessManager::SKIP) {
+    X509_free(cert);
+    if (decision != AccessManager::ALLOW) {
+      throw TSSLException("authorize: access denied based on remote IP");
+    }
+    return;
+  }
+
+  // extract subjectAlternativeName
+  STACK_OF(GENERAL_NAME)* alternatives = (STACK_OF(GENERAL_NAME)*)
+                       X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
+  if (alternatives != NULL) {
+    const int count = sk_GENERAL_NAME_num(alternatives);
+    for (int i = 0; decision == AccessManager::SKIP && i < count; i++) {
+      const GENERAL_NAME* name = sk_GENERAL_NAME_value(alternatives, i);
+      if (name == NULL) {
+        continue;
+      }
+      char* data = (char*)ASN1_STRING_data(name->d.ia5);
+      int length = ASN1_STRING_length(name->d.ia5);
+      switch (name->type) {
+        case GEN_DNS:
+          if (host.empty()) {
+            host = (server() ? getPeerHost() : getHost());
+          }
+          decision = access_->verify(host, data, length);
+          break;
+        case GEN_IPADD:
+          decision = access_->verify(sa, data, length);
+          break;
+      }
+    }
+    sk_GENERAL_NAME_pop_free(alternatives, GENERAL_NAME_free);
+  }
+
+  if (decision != AccessManager::SKIP) {
+    X509_free(cert);
+    if (decision != AccessManager::ALLOW) {
+      throw TSSLException("authorize: access denied");
+    }
+    return;
+  }
+
+  // extract commonName
+  X509_NAME* name = X509_get_subject_name(cert);
+  if (name != NULL) {
+    X509_NAME_ENTRY* entry;
+    unsigned char* utf8;
+    int last = -1;
+    while (decision == AccessManager::SKIP) {
+      last = X509_NAME_get_index_by_NID(name, NID_commonName, last);
+      if (last == -1)
+        break;
+      entry = X509_NAME_get_entry(name, last);
+      if (entry == NULL)
+        continue;
+      ASN1_STRING* common = X509_NAME_ENTRY_get_data(entry);
+      int size = ASN1_STRING_to_UTF8(&utf8, common);
+      if (host.empty()) {
+        host = (server() ? getHost() : getHost());
+      }
+      decision = access_->verify(host, (char*)utf8, size);
+      OPENSSL_free(utf8);
+    }
+  }
+  X509_free(cert);
+  if (decision != AccessManager::ALLOW) {
+    throw TSSLException("authorize: cannot authorize peer");
+  }
+}
+
+// TSSLSocketFactory implementation
+bool     TSSLSocketFactory::initialized = false;
+uint64_t TSSLSocketFactory::count_ = 0;
+Mutex    TSSLSocketFactory::mutex_;
+
+TSSLSocketFactory::TSSLSocketFactory(): server_(false) {
+  Guard guard(mutex_);
+  if (count_ == 0) {
+    initializeOpenSSL();
+    randomize();
+  }
+  count_++;
+  ctx_ = boost::shared_ptr<SSLContext>(new SSLContext);
+}
+
+TSSLSocketFactory::~TSSLSocketFactory() {
+  Guard guard(mutex_);
+  count_--;
+  if (count_ == 0) {
+    cleanupOpenSSL();
+  }
+}
+
+boost::shared_ptr<TSSLSocket> TSSLSocketFactory::createSocket() {
+  boost::shared_ptr<TSSLSocket> ssl(new TSSLSocket(ctx_));
+  setup(ssl);
+  return ssl;
+}
+
+boost::shared_ptr<TSSLSocket> TSSLSocketFactory::createSocket(int socket) {
+  boost::shared_ptr<TSSLSocket> ssl(new TSSLSocket(ctx_, socket));
+  setup(ssl);
+  return ssl;
+}
+
+boost::shared_ptr<TSSLSocket> TSSLSocketFactory::createSocket(const string& host,
+                                                       int port) {
+  boost::shared_ptr<TSSLSocket> ssl(new TSSLSocket(ctx_, host, port));
+  setup(ssl);
+  return ssl;
+}
+
+void TSSLSocketFactory::setup(boost::shared_ptr<TSSLSocket> ssl) {
+  ssl->server(server());
+  if (access_ == NULL && !server()) {
+    access_ = boost::shared_ptr<AccessManager>(new DefaultClientAccessManager);
+  }
+  if (access_ != NULL) {
+    ssl->access(access_);
+  }
+}
+
+void TSSLSocketFactory::ciphers(const string& enable) {
+  int rc = SSL_CTX_set_cipher_list(ctx_->get(), enable.c_str());
+  if (ERR_peek_error() != 0) {
+    string errors;
+    buildErrors(errors);
+    throw TSSLException("SSL_CTX_set_cipher_list: " + errors);
+  }
+  if (rc == 0) {
+    throw TSSLException("None of specified ciphers are supported");
+  }
+}
+
+void TSSLSocketFactory::authenticate(bool required) {
+  int mode;
+  if (required) {
+    mode  = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE;
+  } else {
+    mode = SSL_VERIFY_NONE;
+  }
+  SSL_CTX_set_verify(ctx_->get(), mode, NULL);
+}
+
+void TSSLSocketFactory::loadCertificate(const char* path, const char* format) {
+  if (path == NULL || format == NULL) {
+    throw TTransportException(TTransportException::BAD_ARGS,
+         "loadCertificateChain: either <path> or <format> is NULL");
+  }
+  if (strcmp(format, "PEM") == 0) {
+    if (SSL_CTX_use_certificate_chain_file(ctx_->get(), path) == 0) {
+      int errno_copy = THRIFT_GET_SOCKET_ERROR;
+      string errors;
+      buildErrors(errors, errno_copy);
+      throw TSSLException("SSL_CTX_use_certificate_chain_file: " + errors);
+    }
+  } else {
+    throw TSSLException("Unsupported certificate format: " + string(format));
+  }
+}
+
+void TSSLSocketFactory::loadPrivateKey(const char* path, const char* format) {
+  if (path == NULL || format == NULL) {
+    throw TTransportException(TTransportException::BAD_ARGS,
+         "loadPrivateKey: either <path> or <format> is NULL");
+  }
+  if (strcmp(format, "PEM") == 0) {
+    if (SSL_CTX_use_PrivateKey_file(ctx_->get(), path, SSL_FILETYPE_PEM) == 0) {
+      int errno_copy = THRIFT_GET_SOCKET_ERROR;
+      string errors;
+      buildErrors(errors, errno_copy);
+      throw TSSLException("SSL_CTX_use_PrivateKey_file: " + errors);
+    }
+  }
+}
+
+void TSSLSocketFactory::loadTrustedCertificates(const char* path) {
+  if (path == NULL) {
+    throw TTransportException(TTransportException::BAD_ARGS,
+         "loadTrustedCertificates: <path> is NULL");
+  }
+  if (SSL_CTX_load_verify_locations(ctx_->get(), path, NULL) == 0) {
+    int errno_copy = THRIFT_GET_SOCKET_ERROR;
+    string errors;
+    buildErrors(errors, errno_copy);
+    throw TSSLException("SSL_CTX_load_verify_locations: " + errors);
+  }
+}
+
+void TSSLSocketFactory::randomize() {
+  RAND_poll();
+}
+
+void TSSLSocketFactory::overrideDefaultPasswordCallback() {
+  SSL_CTX_set_default_passwd_cb(ctx_->get(), passwordCallback);
+  SSL_CTX_set_default_passwd_cb_userdata(ctx_->get(), this);
+}
+
+int TSSLSocketFactory::passwordCallback(char* password,
+                                        int size,
+                                        int,
+                                        void* data) {
+  TSSLSocketFactory* factory = (TSSLSocketFactory*)data;
+  string userPassword;
+  factory->getPassword(userPassword, size);
+  int length = userPassword.size();
+  if (length > size) {
+    length = size;
+  }
+  strncpy(password, userPassword.c_str(), length);
+  return length;
+}
+
+static shared_array<Mutex> mutexes;
+
+static void callbackLocking(int mode, int n, const char*, int) {
+  if (mode & CRYPTO_LOCK) {
+    mutexes[n].lock();
+  } else {
+    mutexes[n].unlock();
+  }
+}
+
+#if (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_NO_THREAD_ID)
+static unsigned long callbackThreadID() {
+  return (unsigned long) pthread_self();
+}
+#endif
+
+static CRYPTO_dynlock_value* dyn_create(const char*, int) {
+  return new CRYPTO_dynlock_value;
+}
+
+static void dyn_lock(int mode,
+                     struct CRYPTO_dynlock_value* lock,
+                     const char*, int) {
+  if (lock != NULL) {
+    if (mode & CRYPTO_LOCK) {
+      lock->mutex.lock();
+    } else {
+      lock->mutex.unlock();
+    }
+  }
+}
+
+static void dyn_destroy(struct CRYPTO_dynlock_value* lock, const char*, int) {
+  delete lock;
+}
+
+void TSSLSocketFactory::initializeOpenSSL() {
+  if (initialized) {
+    return;
+  }
+  initialized = true;
+  SSL_library_init();
+  SSL_load_error_strings();
+  // static locking
+  mutexes = shared_array<Mutex>(new Mutex[::CRYPTO_num_locks()]);
+  if (mutexes == NULL) {
+    throw TTransportException(TTransportException::INTERNAL_ERROR,
+          "initializeOpenSSL() failed, "
+          "out of memory while creating mutex array");
+  }
+#if (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_NO_THREAD_ID)
+  CRYPTO_set_id_callback(callbackThreadID);
+#endif
+  CRYPTO_set_locking_callback(callbackLocking);
+  // dynamic locking
+  CRYPTO_set_dynlock_create_callback(dyn_create);
+  CRYPTO_set_dynlock_lock_callback(dyn_lock);
+  CRYPTO_set_dynlock_destroy_callback(dyn_destroy);
+}
+
+void TSSLSocketFactory::cleanupOpenSSL() {
+  if (!initialized) {
+    return;
+  }
+  initialized = false;
+#if (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_NO_THREAD_ID)
+  CRYPTO_set_id_callback(NULL);
+#endif
+  CRYPTO_set_locking_callback(NULL);
+  CRYPTO_set_dynlock_create_callback(NULL);
+  CRYPTO_set_dynlock_lock_callback(NULL);
+  CRYPTO_set_dynlock_destroy_callback(NULL);
+  CRYPTO_cleanup_all_ex_data();
+  ERR_free_strings();
+  EVP_cleanup();
+  ERR_remove_state(0);
+  mutexes.reset();
+}
+
+// extract error messages from error queue
+void buildErrors(string& errors, int errno_copy) {
+  unsigned long  errorCode;
+  char   message[256];
+
+  errors.reserve(512);
+  while ((errorCode = ERR_get_error()) != 0) {
+    if (!errors.empty()) {
+      errors += "; ";
+    }
+    const char* reason = ERR_reason_error_string(errorCode);
+    if (reason == NULL) {
+      THRIFT_SNPRINTF(message, sizeof(message) - 1, "SSL error # %lu", errorCode);
+      reason = message;
+    }
+    errors += reason;
+  }
+  if (errors.empty()) {
+    if (errno_copy != 0) {
+      errors += TOutput::strerror_s(errno_copy);
+    }
+  }
+  if (errors.empty()) {
+    errors = "error code: " + lexical_cast<string>(errno_copy);
+  }
+}
+
+/**
+ * Default implementation of AccessManager
+ */
+Decision DefaultClientAccessManager::verify(const sockaddr_storage& sa)
+  throw() {
+  (void) sa;
+  return SKIP;
+}
+
+Decision DefaultClientAccessManager::verify(const string& host,
+                                            const char* name,
+                                            int size) throw() {
+  if (host.empty() || name == NULL || size <= 0) {
+    return SKIP;
+  }
+  return (matchName(host.c_str(), name, size) ? ALLOW : SKIP);
+}
+
+Decision DefaultClientAccessManager::verify(const sockaddr_storage& sa,
+                                            const char* data,
+                                            int size) throw() {
+  bool match = false;
+  if (sa.ss_family == AF_INET && size == sizeof(in_addr)) {
+    match = (memcmp(&((sockaddr_in*)&sa)->sin_addr, data, size) == 0);
+  } else if (sa.ss_family == AF_INET6 && size == sizeof(in6_addr)) {
+    match = (memcmp(&((sockaddr_in6*)&sa)->sin6_addr, data, size) == 0);
+  }
+  return (match ? ALLOW : SKIP);
+}
+
+/**
+ * Match a name with a pattern. The pattern may include wildcard. A single
+ * wildcard "*" can match up to one component in the domain name.
+ *
+ * @param  host    Host name, typically the name of the remote host
+ * @param  pattern Name retrieved from certificate
+ * @param  size    Size of "pattern"
+ * @return True, if "host" matches "pattern". False otherwise.
+ */
+bool matchName(const char* host, const char* pattern, int size) {
+  bool match = false;
+  int i = 0, j = 0;
+  while (i < size && host[j] != '\0') {
+    if (uppercase(pattern[i]) == uppercase(host[j])) {
+      i++;
+      j++;
+      continue;
+    }
+    if (pattern[i] == '*') {
+      while (host[j] != '.' && host[j] != '\0') {
+        j++;
+      }
+      i++;
+      continue;
+    }
+    break;
+  }
+  if (i == size && host[j] == '\0') {
+    match = true;
+  }
+  return match;
+
+}
+
+// This is to work around the Turkish locale issue, i.e.,
+// toupper('i') != toupper('I') if locale is "tr_TR"
+char uppercase (char c) {
+  if ('a' <= c && c <= 'z') {
+    return c + ('A' - 'a');
+  }
+  return c;
+}
+
+}}}

http://git-wip-us.apache.org/repos/asf/airavata/blob/f891b7dc/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.h
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.h b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.h
new file mode 100644
index 0000000..82a2e91
--- /dev/null
+++ b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.h
@@ -0,0 +1,315 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef _THRIFT_TRANSPORT_TSSLSOCKET_H_
+#define _THRIFT_TRANSPORT_TSSLSOCKET_H_ 1
+
+#include <string>
+#include <boost/shared_ptr.hpp>
+#include <openssl/ssl.h>
+#include <thrift/concurrency/Mutex.h>
+#include <thrift/transport/TSocket.h>
+
+namespace apache { namespace thrift { namespace transport {
+
+class AccessManager;
+class SSLContext;
+
+/**
+ * OpenSSL implementation for SSL socket interface.
+ */
+class TSSLSocket: public TSocket {
+ public:
+ ~TSSLSocket();
+  /**
+   * TTransport interface.
+   */
+  bool     isOpen();
+  bool     peek();
+  void     open();
+  void     close();
+  uint32_t read(uint8_t* buf, uint32_t len);
+  void     write(const uint8_t* buf, uint32_t len);
+  void     flush();
+   /**
+   * Set whether to use client or server side SSL handshake protocol.
+   *
+   * @param flag  Use server side handshake protocol if true.
+   */
+  void server(bool flag) { server_ = flag; }
+  /**
+   * Determine whether the SSL socket is server or client mode.
+   */
+  bool server() const { return server_; }
+  /**
+   * Set AccessManager.
+   *
+   * @param manager  Instance of AccessManager
+   */
+  virtual void access(boost::shared_ptr<AccessManager> manager) {
+    access_ = manager;
+  }
+protected:
+  /**
+   * Constructor.
+   */
+  TSSLSocket(boost::shared_ptr<SSLContext> ctx);
+  /**
+   * Constructor, create an instance of TSSLSocket given an existing socket.
+   *
+   * @param socket An existing socket
+   */
+  TSSLSocket(boost::shared_ptr<SSLContext> ctx, int socket);
+  /**
+   * Constructor.
+   *
+   * @param host  Remote host name
+   * @param port  Remote port number
+   */
+  TSSLSocket(boost::shared_ptr<SSLContext> ctx,
+                               std::string host,
+                                       int port);
+  /**
+   * Authorize peer access after SSL handshake completes.
+   */
+  virtual void authorize();
+  /**
+   * Initiate SSL handshake if not already initiated.
+   */
+  void checkHandshake();
+
+  bool server_;
+  SSL* ssl_;
+  boost::shared_ptr<SSLContext> ctx_;
+  boost::shared_ptr<AccessManager> access_;
+  friend class TSSLSocketFactory;
+};
+
+/**
+ * SSL socket factory. SSL sockets should be created via SSL factory.
+ */
+class TSSLSocketFactory {
+ public:
+  /**
+   * Constructor/Destructor
+   */
+  TSSLSocketFactory();
+  virtual ~TSSLSocketFactory();
+  /**
+   * Create an instance of TSSLSocket with a fresh new socket.
+   */
+  virtual boost::shared_ptr<TSSLSocket> createSocket();
+  /**
+   * Create an instance of TSSLSocket with the given socket.
+   *
+   * @param socket An existing socket.
+   */
+  virtual boost::shared_ptr<TSSLSocket> createSocket(int socket);
+   /**
+   * Create an instance of TSSLSocket.
+   *
+   * @param host  Remote host to be connected to
+   * @param port  Remote port to be connected to
+   */
+  virtual boost::shared_ptr<TSSLSocket> createSocket(const std::string& host,
+                                                     int port);
+  /**
+   * Set ciphers to be used in SSL handshake process.
+   *
+   * @param ciphers  A list of ciphers
+   */
+  virtual void ciphers(const std::string& enable);
+  /**
+   * Enable/Disable authentication.
+   *
+   * @param required Require peer to present valid certificate if true
+   */
+  virtual void authenticate(bool required);
+  /**
+   * Load server certificate.
+   *
+   * @param path   Path to the certificate file
+   * @param format Certificate file format
+   */
+  virtual void loadCertificate(const char* path, const char* format = "PEM");
+  /**
+   * Load private key.
+   *
+   * @param path   Path to the private key file
+   * @param format Private key file format
+   */
+  virtual void loadPrivateKey(const char* path, const char* format = "PEM");
+  /**
+   * Load trusted certificates from specified file.
+   *
+   * @param path Path to trusted certificate file
+   */
+  virtual void loadTrustedCertificates(const char* path);
+  /**
+   * Default randomize method.
+   */
+  virtual void randomize();
+  /**
+   * Override default OpenSSL password callback with getPassword().
+   */
+  void overrideDefaultPasswordCallback();
+  /**
+   * Set/Unset server mode.
+   *
+   * @param flag  Server mode if true
+   */
+  virtual void server(bool flag) { server_ = flag; }
+  /**
+   * Determine whether the socket is in server or client mode.
+   *
+   * @return true, if server mode, or, false, if client mode
+   */
+  virtual bool server() const { return server_; }
+  /**
+   * Set AccessManager.
+   *
+   * @param manager  The AccessManager instance
+   */
+  virtual void access(boost::shared_ptr<AccessManager> manager) {
+    access_ = manager;
+  }
+ protected:
+  boost::shared_ptr<SSLContext> ctx_;
+
+  static void initializeOpenSSL();
+  static void cleanupOpenSSL();
+  /**
+   * Override this method for custom password callback. It may be called
+   * multiple times at any time during a session as necessary.
+   *
+   * @param password Pass collected password to OpenSSL
+   * @param size     Maximum length of password including NULL character
+   */
+  virtual void getPassword(std::string& /* password */, int /* size */) {}
+ private:
+  bool server_;
+  boost::shared_ptr<AccessManager> access_;
+  static bool initialized;
+  static concurrency::Mutex mutex_;
+  static uint64_t count_;
+  void setup(boost::shared_ptr<TSSLSocket> ssl);
+  static int passwordCallback(char* password, int size, int, void* data);
+};
+
+/**
+ * SSL exception.
+ */
+class TSSLException: public TTransportException {
+ public:
+  TSSLException(const std::string& message):
+    TTransportException(TTransportException::INTERNAL_ERROR, message) {}
+
+  virtual const char* what() const throw() {
+    if (message_.empty()) {
+      return "TSSLException";
+    } else {
+      return message_.c_str();
+    }
+  }
+};
+
+/**
+ * Wrap OpenSSL SSL_CTX into a class.
+ */
+class SSLContext {
+ public:
+  SSLContext();
+  virtual ~SSLContext();
+  SSL* createSSL();
+  SSL_CTX* get() { return ctx_; }
+ private:
+  SSL_CTX* ctx_;
+};
+
+/**
+ * Callback interface for access control. It's meant to verify the remote host.
+ * It's constructed when application starts and set to TSSLSocketFactory
+ * instance. It's passed onto all TSSLSocket instances created by this factory
+ * object.
+ */
+class AccessManager {
+ public:
+  enum Decision {
+    DENY   = -1,    // deny access
+    SKIP   =  0,    // cannot make decision, move on to next (if any)
+    ALLOW  =  1     // allow access
+  };
+ /**
+  * Destructor
+  */
+ virtual ~AccessManager() {}
+ /**
+  * Determine whether the peer should be granted access or not. It's called
+  * once after the SSL handshake completes successfully, before peer certificate
+  * is examined.
+  *
+  * If a valid decision (ALLOW or DENY) is returned, the peer certificate is
+  * not to be verified.
+  *
+  * @param  sa Peer IP address
+  * @return True if the peer is trusted, false otherwise
+  */
+ virtual Decision verify(const sockaddr_storage& /* sa */ ) throw() { return DENY; }
+ /**
+  * Determine whether the peer should be granted access or not. It's called
+  * every time a DNS subjectAltName/common name is extracted from peer's
+  * certificate.
+  *
+  * @param  host Client mode: host name returned by TSocket::getHost()
+  *              Server mode: host name returned by TSocket::getPeerHost()
+  * @param  name SubjectAltName or common name extracted from peer certificate
+  * @param  size Length of name
+  * @return True if the peer is trusted, false otherwise
+  *
+  * Note: The "name" parameter may be UTF8 encoded.
+  */
+ virtual Decision verify(const std::string& /* host */, const char* /* name */, int /* size */)
+   throw() { return DENY; }
+ /**
+  * Determine whether the peer should be granted access or not. It's called
+  * every time an IP subjectAltName is extracted from peer's certificate.
+  *
+  * @param  sa   Peer IP address retrieved from the underlying socket
+  * @param  data IP address extracted from certificate
+  * @param  size Length of the IP address
+  * @return True if the peer is trusted, false otherwise
+  */
+ virtual Decision verify(const sockaddr_storage& /* sa */, const char* /* data */, int /* size */)
+   throw() { return DENY; }
+};
+
+typedef AccessManager::Decision Decision;
+
+class DefaultClientAccessManager: public AccessManager {
+ public:
+  // AccessManager interface
+  Decision verify(const sockaddr_storage& sa) throw();
+  Decision verify(const std::string& host, const char* name, int size) throw();
+  Decision verify(const sockaddr_storage& sa, const char* data, int size) throw();
+};
+
+
+}}}
+
+#endif


Mime
View raw message