[server] Add TLS/SSL related classes and functionality (wip)

1 files changed, 38 insertions, 5 deletions

diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/BinaryListener.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/BinaryListener.java
index 3e0159b6..b00a8bc3 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/BinaryListener.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/BinaryListener.java
@@ -1,14 +1,26 @@
 package org.openslx.bwlp.sat.thrift;
 
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.ServerSocket;
 import java.security.NoSuchAlgorithmException;
+import java.util.concurrent.TimeUnit;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocketFactory;
 
 import org.apache.log4j.Logger;
 import org.apache.thrift.protocol.TProtocolFactory;
 import org.apache.thrift.server.THsHaServer;
 import org.apache.thrift.server.TServer;
+import org.apache.thrift.server.TThreadPoolServer;
+import org.apache.thrift.transport.TFramedTransport;
 import org.apache.thrift.transport.TNonblockingServerSocket;
 import org.apache.thrift.transport.TNonblockingServerTransport;
+import org.apache.thrift.transport.TServerSocket;
+import org.apache.thrift.transport.TServerTransport;
 import org.apache.thrift.transport.TTransportException;
+import org.openslx.bwlp.sat.util.Identity;
 import org.openslx.bwlp.thrift.iface.SatelliteServer;
 import org.openslx.thrifthelper.TBinaryProtocolSafe;
 
@@ -17,7 +29,7 @@ public class BinaryListener implements Runnable {
 
 	private static final int MAX_MSG_LEN = 30 * 1000 * 1000;
 	private static final int MINWORKERTHREADS = 2;
-	private static final int MAXWORKERTHREADS = 64;
+	private static final int MAXWORKERTHREADS = 96;
 
 	private final SatelliteServer.Processor<ServerHandler> processor = new SatelliteServer.Processor<ServerHandler>(
 			new ServerHandler());
@@ -25,7 +37,8 @@ public class BinaryListener implements Runnable {
 
 	private final TServer server;
 
-	public BinaryListener(int port, boolean secure) throws TTransportException, NoSuchAlgorithmException {
+	public BinaryListener(int port, boolean secure) throws TTransportException, NoSuchAlgorithmException,
+			IOException {
 		if (secure)
 			server = initSecure(port);
 		else
@@ -40,9 +53,29 @@ public class BinaryListener implements Runnable {
 		// TODO: Restart listener; if it fails, quit server so it will be restarted by the OS
 	}
 
-	private TServer initSecure(int port) throws NoSuchAlgorithmException, TTransportException {
-		// TODO
-		return null;
+	private TServer initSecure(int port) throws NoSuchAlgorithmException, TTransportException, IOException {
+		SSLContext context = Identity.getSSLContext();
+		if (context == null)
+			return null;
+		SSLServerSocketFactory sslServerSocketFactory = context.getServerSocketFactory();
+		ServerSocket listenSocket = sslServerSocketFactory.createServerSocket();
+		listenSocket.setReuseAddress(true);
+		listenSocket.bind(new InetSocketAddress(port));
+
+		TServerTransport serverTransport;
+		try {
+			serverTransport = new TServerSocket(listenSocket);
+		} catch (TTransportException e) {
+			log.fatal("Could not listen on port " + port);
+			throw e;
+		}
+		TThreadPoolServer.Args args = new TThreadPoolServer.Args(serverTransport);
+		args.protocolFactory(protFactory);
+		args.processor(processor);
+		args.minWorkerThreads(MINWORKERTHREADS).maxWorkerThreads(MAXWORKERTHREADS);
+		args.requestTimeout(2).requestTimeoutUnit(TimeUnit.MINUTES);
+		args.transportFactory(new TFramedTransport.Factory(MAX_MSG_LEN));
+		return new TThreadPoolServer(args);
 	}
 
 	private TServer initNormal(int port) throws TTransportException {