1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 module thrift.server.transport.ssl; 20 21 import std.datetime : Duration; 22 import std.exception : enforce; 23 import std.socket : Socket; 24 import thrift.server.transport.socket; 25 import thrift.transport.base; 26 import thrift.transport.socket; 27 import thrift.transport.ssl; 28 29 /** 30 * A server transport implementation using SSL-encrypted sockets. 31 * 32 * Note: 33 * On Posix systems which do not have the BSD-specific SO_NOSIGPIPE flag, you 34 * might want to ignore the SIGPIPE signal, as OpenSSL might try to write to 35 * a closed socket if the peer disconnects abruptly: 36 * --- 37 * import core.stdc.signal; 38 * import core.sys.posix.signal; 39 * signal(SIGPIPE, SIG_IGN); 40 * --- 41 * 42 * See: thrift.transport.ssl. 43 */ 44 class TSSLServerSocket : TServerSocket { 45 /** 46 * Creates a new TSSLServerSocket. 47 * 48 * Params: 49 * port = The port on which to listen. 50 * sslContext = The TSSLContext to use for creating client 51 * sockets. Must be in server-side mode. 52 */ 53 this(ushort port, TSSLContext sslContext) { 54 super(port); 55 setSSLContext(sslContext); 56 } 57 58 /** 59 * Creates a new TSSLServerSocket. 60 * 61 * Params: 62 * port = The port on which to listen. 63 * sendTimeout = The send timeout to set on the client sockets. 64 * recvTimeout = The receive timeout to set on the client sockets. 65 * sslContext = The TSSLContext to use for creating client 66 * sockets. Must be in server-side mode. 67 */ 68 this(ushort port, Duration sendTimeout, Duration recvTimeout, 69 TSSLContext sslContext) 70 { 71 super(port, sendTimeout, recvTimeout); 72 setSSLContext(sslContext); 73 } 74 75 protected: 76 override TSocket createTSocket(Socket socket) { 77 return new TSSLSocket(sslContext_, socket); 78 } 79 80 private: 81 void setSSLContext(TSSLContext sslContext) { 82 enforce(sslContext.serverSide, new TTransportException( 83 "Need server-side SSL socket factory for TSSLServerSocket")); 84 sslContext_ = sslContext; 85 } 86 87 TSSLContext sslContext_; 88 }