airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sma...@apache.org
Subject airavata git commit: Optionally enabling TLS security - AIRAVATA-1800
Date Wed, 12 Aug 2015 15:46:36 GMT
Repository: airavata
Updated Branches:
  refs/heads/airavata-0.15-release-branch d5a2ba024 -> c9f30a4d5


Optionally enabling TLS security - AIRAVATA-1800


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/c9f30a4d
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/c9f30a4d
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/c9f30a4d

Branch: refs/heads/airavata-0.15-release-branch
Commit: c9f30a4d5d8a1cdd0596d9dd6da0478949490e6e
Parents: d5a2ba0
Author: Suresh Marru <smarru@apache.org>
Authored: Wed Aug 12 11:46:29 2015 -0400
Committer: Suresh Marru <smarru@apache.org>
Committed: Wed Aug 12 11:46:29 2015 -0400

----------------------------------------------------------------------
 .../airavata/api/server/AiravataAPIServer.java  | 35 ++++++++++---
 .../resources/samples/TestAiravataConnection.py | 45 +++++++++-------
 .../src/main/resources/samples/createProject.py | 55 +++++++++++---------
 .../samples/getAllApplicationInterfaces.py      | 47 ++++++++++-------
 .../src/main/resources/samples/getProjects.py   | 47 ++++++++++-------
 .../airavata/common/utils/ServerSettings.java   | 21 +++++---
 .../main/resources/airavata-server.properties   |  5 +-
 7 files changed, 154 insertions(+), 101 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/c9f30a4d/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/AiravataAPIServer.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/AiravataAPIServer.java
b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/AiravataAPIServer.java
index 8402a6f..5e8d479 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/AiravataAPIServer.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/AiravataAPIServer.java
@@ -23,7 +23,9 @@ package org.apache.airavata.api.server;
 
 import java.io.File;
 import java.io.IOException;
+import java.net.InetAddress;
 import java.net.InetSocketAddress;
+import java.net.UnknownHostException;
 import java.util.Random;
 
 import org.apache.airavata.api.Airavata;
@@ -40,6 +42,7 @@ import org.apache.airavata.model.error.AiravataErrorType;
 import org.apache.airavata.model.error.AiravataSystemException;
 import org.apache.thrift.server.TServer;
 import org.apache.thrift.server.TThreadPoolServer;
+import org.apache.thrift.transport.TSSLTransportFactory;
 import org.apache.thrift.transport.TServerSocket;
 import org.apache.thrift.transport.TServerTransport;
 import org.apache.thrift.transport.TTransportException;
@@ -68,15 +71,27 @@ public class AiravataAPIServer implements IServer{
             AppCatalogInitUtil.initializeDB();
             final int serverPort = Integer.parseInt(ServerSettings.getSetting(Constants.API_SERVER_PORT,"8930"));
             final String serverHost = ServerSettings.getSetting(Constants.API_SERVER_HOST,
null);
-            
+
 			TServerTransport serverTransport;
-			
-			if(serverHost == null){
-				serverTransport = new TServerSocket(serverPort);
-			}else{
-				InetSocketAddress inetSocketAddress = new InetSocketAddress(serverHost, serverPort);
-				serverTransport = new TServerSocket(inetSocketAddress);
-			}
+
+            if(ServerSettings.isAPIServerTLSEnabled()) {
+                logger.info("Starting API Server with TLS Security..");
+
+                String keystore = ServerSettings.getApiServerKeystore();
+                String keystorePWD = ServerSettings.getApiServerKeystorePasswd();
+                TSSLTransportFactory.TSSLTransportParameters tlsParams =
+                        new TSSLTransportFactory.TSSLTransportParameters();
+                tlsParams.setKeyStore(keystore, keystorePWD);
+                serverTransport = TSSLTransportFactory.getServerSocket(serverPort, 10000,
+                        InetAddress.getByName(serverHost), tlsParams);
+            } else {
+                if(serverHost == null){
+                    serverTransport = new TServerSocket(serverPort);
+                }else{
+                    InetSocketAddress inetSocketAddress = new InetSocketAddress(serverHost,
serverPort);
+                    serverTransport = new TServerSocket(inetSocketAddress);
+                }
+            }
 			
             TThreadPoolServer.Args options = new TThreadPoolServer.Args(serverTransport);
             options.minWorkerThreads = Integer.parseInt(ServerSettings.getSetting(Constants.API_SERVER_MIN_THREADS,
"50"));
@@ -111,6 +126,10 @@ public class AiravataAPIServer implements IServer{
             setStatus(ServerStatus.FAILED);
             RegistryInitUtil.stopDerbyInServerMode();
             throw new AiravataSystemException(AiravataErrorType.INTERNAL_ERROR);
+        } catch (ApplicationSettingsException e) {
+            logger.error("Error fetching properties", e);
+        } catch (UnknownHostException e) {
+            logger.error("API Server Host error", e);
         }
     }
     public static void main(String[] args) {

http://git-wip-us.apache.org/repos/asf/airavata/blob/c9f30a4d/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/TestAiravataConnection.py
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/TestAiravataConnection.py
b/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/TestAiravataConnection.py
index 09c2727..0d006cf 100644
--- a/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/TestAiravataConnection.py
+++ b/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/TestAiravataConnection.py
@@ -22,6 +22,7 @@
 import sys, ConfigParser
 
 sys.path.append('../lib')
+sys.path.append('../')
 
 from apache.airavata.api import Airavata
 from apache.airavata.api.ttypes import *
@@ -31,31 +32,37 @@ from thrift.transport import TSocket
 from thrift.transport import TTransport
 from thrift.protocol import TBinaryProtocol
 
-try:
-    # Read Airavata Client properties
-    airavataConfig = ConfigParser.RawConfigParser()
-    airavataConfig.read('../conf/airavata-client.properties')
+def main():
+    try:
+        # Read Airavata Client properties
+        airavataConfig = ConfigParser.RawConfigParser()
+        airavataConfig.read('../conf/airavata-client.properties')
 
-    # Create a socket to the Airavata Server
-    transport = TSocket.TSocket(airavataConfig.get('AiravataServer', 'host'), airavataConfig.get('AiravataServer',
'port'))
+        host = airavataConfig.get('AiravataServer', 'host')
+        port = airavataConfig.getint('AiravataServer', 'port')
 
-    # Use Buffered Protocol to speedup over raw sockets
-    transport = TTransport.TBufferedTransport(transport)
+        # Create a socket to the Airavata Server
+        transport = TSocket.TSocket(host, port)
 
-    # Airavata currently uses Binary Protocol
-    protocol = TBinaryProtocol.TBinaryProtocol(transport)
+        # Use Buffered Protocol to speedup over raw sockets
+        transport = TTransport.TBufferedTransport(transport)
 
-    # Create a Airavata client to use the protocol encoder
-    airavataClient = Airavata.Client(protocol)
+        # Airavata currently uses Binary Protocol
+        protocol = TBinaryProtocol.TBinaryProtocol(transport)
 
-    # Connect to Airavata Server
-    transport.open()
+        # Create a Airavata client to use the protocol encoder
+        airavataClient = Airavata.Client(protocol)
 
-    print 'Airavata Server Version is:', airavataClient.getAPIVersion()
+        # Connect to Airavata Server
+        transport.open()
 
-    # Close Connection to Airavata Server
-    transport.close()
+        print 'Airavata Server Version is: {}'.format(airavataClient.getAPIVersion())
 
-except Thrift.TException, tx:
-    print '%s' % (tx.message)
+        # Close Connection to Airavata Server
+        transport.close()
 
+    except Thrift.TException, tx:
+        print '%s' % (tx.message)
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/airavata/blob/c9f30a4d/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/createProject.py
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/createProject.py
b/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/createProject.py
index 3985b69..953f473 100644
--- a/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/createProject.py
+++ b/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/createProject.py
@@ -32,39 +32,44 @@ from thrift.transport import TSocket
 from thrift.transport import TTransport
 from thrift.protocol import TBinaryProtocol
 
-try:
-    # Read Airavata Client properties
-    airavataConfig = ConfigParser.RawConfigParser()
-    airavataConfig.read('../conf/airavata-client.properties')
+def main():
+    try:
+        # Read Airavata Client properties
+        airavataConfig = ConfigParser.RawConfigParser()
+        airavataConfig.read('../conf/airavata-client.properties')
 
-    # Create a socket to the Airavata Server
-    transport = TSocket.TSocket(airavataConfig.get('AiravataServer', 'host'), airavataConfig.get('AiravataServer',
'port'))
+        host = airavataConfig.get('AiravataServer', 'host')
+        port = airavataConfig.getint('AiravataServer', 'port')
+        gateway_id = airavataConfig.get('GatewayProperties', 'gateway_id')
 
-    # Use Buffered Protocol to speedup over raw sockets
-    transport = TTransport.TBufferedTransport(transport)
+        # Create a socket to the Airavata Server
+        transport = TSocket.TSocket(host, port)
 
-    # Airavata currently uses Binary Protocol
-    protocol = TBinaryProtocol.TBinaryProtocol(transport)
+        # Use Buffered Protocol to speedup over raw sockets
+        transport = TTransport.TBufferedTransport(transport)
 
-    # Create a Airavata client to use the protocol encoder
-    airavataClient = Airavata.Client(protocol)
+        # Airavata currently uses Binary Protocol
+        protocol = TBinaryProtocol.TBinaryProtocol(transport)
 
-    # Connect to Airavata Server
-    transport.open()
+        # Create a Airavata client to use the protocol encoder
+        airavataClient = Airavata.Client(protocol)
 
-    #Create Project
-    project = Project()
-    project.owner = "smarru"
-    project.name = "CLI-Test"
-    project.description = "Test project to illustrate Python Client"
+        # Connect to Airavata Server
+        transport.open()
 
-    print 'Created Project with Id:', airavataClient.createProject("sdsc", project)
+        #Create Project
+        project = Project()
+        project.owner = "smarru"
+        project.name = "CLI-Test"
+        project.description = "Test project to illustrate Python Client"
 
-    print 'Airavata Server Version is:', airavataClient.getAPIVersion()
+        print 'Created Project with Id:', airavataClient.createProject(gateway_id, project)
 
-    # Close Connection to Airavata Server
-    transport.close()
+        # Close Connection to Airavata Server
+        transport.close()
 
-except Thrift.TException, tx:
-    print '%s' % (tx.message)
+    except Thrift.TException, tx:
+        print '%s' % (tx.message)
 
+if __name__ == "__main__":
+    main()

http://git-wip-us.apache.org/repos/asf/airavata/blob/c9f30a4d/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/getAllApplicationInterfaces.py
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/getAllApplicationInterfaces.py
b/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/getAllApplicationInterfaces.py
index 271d9f5..d48fa86 100644
--- a/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/getAllApplicationInterfaces.py
+++ b/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/getAllApplicationInterfaces.py
@@ -32,33 +32,40 @@ from thrift.transport import TSocket
 from thrift.transport import TTransport
 from thrift.protocol import TBinaryProtocol
 
-try:
-    # Read Airavata Client properties
-    airavataConfig = ConfigParser.RawConfigParser()
-    airavataConfig.read('../conf/airavata-client.properties')
+def main():
+    try:
+        # Read Airavata Client properties
+        airavataConfig = ConfigParser.RawConfigParser()
+        airavataConfig.read('../conf/airavata-client.properties')
 
-    # Create a socket to the Airavata Server
-    transport = TSocket.TSocket(airavataConfig.get('AiravataServer', 'host'), airavataConfig.get('AiravataServer',
'port'))
+        host = airavataConfig.get('AiravataServer', 'host')
+        port = airavataConfig.getint('AiravataServer', 'port')
+        gateway_id = airavataConfig.get('GatewayProperties', 'gateway_id')
 
-    # Use Buffered Protocol to speedup over raw sockets
-    transport = TTransport.TBufferedTransport(transport)
+        # Create a socket to the Airavata Server
+        transport = TSocket.TSocket(host, port)
 
-    # Airavata currently uses Binary Protocol
-    protocol = TBinaryProtocol.TBinaryProtocol(transport)
+        # Use Buffered Protocol to speedup over raw sockets
+        transport = TTransport.TBufferedTransport(transport)
 
-    # Create a Airavata client to use the protocol encoder
-    airavataClient = Airavata.Client(protocol)
+        # Airavata currently uses Binary Protocol
+        protocol = TBinaryProtocol.TBinaryProtocol(transport)
 
-    # Connect to Airavata Server
-    transport.open()
+        # Create a Airavata client to use the protocol encoder
+        airavataClient = Airavata.Client(protocol)
 
-    appInterfaceLists = airavataClient.getAllApplicationInterfaces("sdsc");
+        # Connect to Airavata Server
+        transport.open()
 
-    print appInterfaceLists
+        appInterfaceLists = airavataClient.getAllApplicationInterfaces(gateway_id);
 
-    # Close Connection to Airavata Server
-    transport.close()
+        print appInterfaceLists
 
-except Thrift.TException, tx:
-    print '%s' % (tx.message)
+        # Close Connection to Airavata Server
+        transport.close()
 
+    except Thrift.TException, tx:
+        print '%s' % (tx.message)
+
+if __name__ == "__main__":
+    main()

http://git-wip-us.apache.org/repos/asf/airavata/blob/c9f30a4d/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/getProjects.py
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/getProjects.py
b/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/getProjects.py
index 6514d30..afaede2 100644
--- a/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/getProjects.py
+++ b/airavata-api/airavata-client-sdks/airavata-python-sdk/src/main/resources/samples/getProjects.py
@@ -32,33 +32,40 @@ from thrift.transport import TSocket
 from thrift.transport import TTransport
 from thrift.protocol import TBinaryProtocol
 
-try:
-    # Read Airavata Client properties
-    airavataConfig = ConfigParser.RawConfigParser()
-    airavataConfig.read('../conf/airavata-client.properties')
+def main():
+    try:
+        # Read Airavata Client properties
+        airavataConfig = ConfigParser.RawConfigParser()
+        airavataConfig.read('../conf/airavata-client.properties')
 
-    # Create a socket to the Airavata Server
-    transport = TSocket.TSocket(airavataConfig.get('AiravataServer', 'host'), airavataConfig.get('AiravataServer',
'port'))
+        host = airavataConfig.get('AiravataServer', 'host')
+        port = airavataConfig.getint('AiravataServer', 'port')
+        gateway_id = airavataConfig.get('GatewayProperties', 'gateway_id')
 
-    # Use Buffered Protocol to speedup over raw sockets
-    transport = TTransport.TBufferedTransport(transport)
+        # Create a socket to the Airavata Server
+        transport = TSocket.TSocket(host, port)
 
-    # Airavata currently uses Binary Protocol
-    protocol = TBinaryProtocol.TBinaryProtocol(transport)
+        # Use Buffered Protocol to speedup over raw sockets
+        transport = TTransport.TBufferedTransport(transport)
 
-    # Create a Airavata client to use the protocol encoder
-    airavataClient = Airavata.Client(protocol)
+        # Airavata currently uses Binary Protocol
+        protocol = TBinaryProtocol.TBinaryProtocol(transport)
 
-    # Connect to Airavata Server
-    transport.open()
+        # Create a Airavata client to use the protocol encoder
+        airavataClient = Airavata.Client(protocol)
 
-    projectLists = airavataClient.getAllUserProjects("php_reference_gateway", "smarru");
+        # Connect to Airavata Server
+        transport.open()
 
-    print projectLists
+        projectLists = airavataClient.getAllUserProjects(gateway_id, "smarru");
 
-    # Close Connection to Airavata Server
-    transport.close()
+        print projectLists
 
-except Thrift.TException, tx:
-    print '%s' % (tx.message)
+        # Close Connection to Airavata Server
+        transport.close()
 
+    except Thrift.TException, tx:
+        print '%s' % (tx.message)
+
+if __name__ == "__main__":
+    main()

http://git-wip-us.apache.org/repos/asf/airavata/blob/c9f30a4d/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
----------------------------------------------------------------------
diff --git a/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
b/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
index 57a548c..1db4be5 100644
--- a/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
+++ b/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
@@ -32,10 +32,13 @@ public class ServerSettings extends ApplicationSettings {
     private static final String DEFAULT_USER_PASSWORD = "default.registry.password";
     private static final String DEFAULT_USER_GATEWAY = "default.registry.gateway";
 
-    private static final String SERVER_CONTEXT_ROOT = "server.context-root";
     public static final String EMBEDDED_ZK = "embedded.zk";
     public static final String IP = "ip";
 
+    private static final String API_SERVER_TLS_ENABLED = "apiserver.tls.enabled";
+    private static final String API_SERVER_KEYSTORE = "apiserver.keystore";
+    private static final String API_SERVER_KEYSTORE_PASSWD = "apiserver.keystore.password";
+
     private static final String CREDENTIAL_STORE_DB_URL = "credential.store.jdbc.url";
     private static final String CREDENTIAL_STORE_DB_USER = "credential.store.jdbc.user";
     private static final String CREDENTIAL_STORE_DB_PASSWORD = "credential.store.jdbc.password";
@@ -45,7 +48,6 @@ public class ServerSettings extends ApplicationSettings {
     private static final String REGISTRY_DB_USER = "registry.jdbc.user";
     private static final String REGISTRY_DB_PASSWORD = "registry.jdbc.password";
     private static final String REGISTRY_DB_DRIVER = "registry.jdbc.driver";
-    private static final String ENABLE_HTTPS = "enable.https";
     private static final String HOST_SCHEDULER = "host.scheduler";
     private static final String MY_PROXY_SERVER = "myproxy.server";
     private static final String MY_PROXY_USER = "myproxy.user";
@@ -100,10 +102,6 @@ public class ServerSettings extends ApplicationSettings {
         return getSetting(DEFAULT_USER_GATEWAY);
     }
 
-    public static String getServerContextRoot() {
-        return getSetting(SERVER_CONTEXT_ROOT, "axis2");
-    }
-
     public static String getCredentialStoreDBUser() throws ApplicationSettingsException {
         try {
             return getSetting(CREDENTIAL_STORE_DB_USER);
@@ -137,14 +135,21 @@ public class ServerSettings extends ApplicationSettings {
 
     }
 
-    public static boolean isEnableHttps() {
+    public static boolean isAPIServerTLSEnabled() {
         try {
-            return Boolean.parseBoolean(getSetting(ENABLE_HTTPS));
+            return Boolean.parseBoolean(getSetting(API_SERVER_TLS_ENABLED));
         } catch (ApplicationSettingsException e) {
             return false;
         }
     }
 
+    public static String getApiServerKeystorePasswd() throws ApplicationSettingsException{
+        return getSetting(API_SERVER_KEYSTORE_PASSWD);
+    }
+
+    public static String getApiServerKeystore() throws ApplicationSettingsException{
+        return getSetting(API_SERVER_KEYSTORE);
+    }
 
     public static String getHostScheduler() throws ApplicationSettingsException {
         return getSetting(HOST_SCHEDULER);

http://git-wip-us.apache.org/repos/asf/airavata/blob/c9f30a4d/modules/configuration/server/src/main/resources/airavata-server.properties
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/airavata-server.properties b/modules/configuration/server/src/main/resources/airavata-server.properties
index 36616cd..8fd026d 100644
--- a/modules/configuration/server/src/main/resources/airavata-server.properties
+++ b/modules/configuration/server/src/main/resources/airavata-server.properties
@@ -73,10 +73,13 @@ servers=apiserver,orchestrator,gfac,credentialstore
 #shutdown.trategy=NONE
 shutdown.trategy=SELF_TERMINATE
 
-
 apiserver.server.host=localhost
 apiserver.server.port=8930
 apiserver.server.min.threads=50
+apiserver.tls.enabled=false
+apiserver.keystore=/path/to/airavata.jks
+apiserver.keystore.password=airavata
+
 orchestrator.server.host=localhost
 orchestrator.server.port=8940
 gfac.server.host=localhost


Mime
View raw message