001/** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 018package org.apache.activemq.transport.auto; 019 020import java.io.IOException; 021import java.net.Socket; 022import java.net.URI; 023import java.net.URISyntaxException; 024import java.util.Set; 025 026import javax.net.ServerSocketFactory; 027import javax.net.ssl.SSLServerSocket; 028import javax.net.ssl.SSLServerSocketFactory; 029import javax.net.ssl.SSLSocket; 030 031import org.apache.activemq.broker.BrokerService; 032import org.apache.activemq.transport.Transport; 033import org.apache.activemq.transport.tcp.SslTransport; 034import org.apache.activemq.transport.tcp.SslTransportFactory; 035import org.apache.activemq.transport.tcp.TcpTransport; 036import org.apache.activemq.transport.tcp.TcpTransportFactory; 037import org.apache.activemq.wireformat.WireFormat; 038 039/** 040 * An SSL TransportServer. 041 * 042 * Allows for client certificate authentication (refer to setNeedClientAuth for 043 * details). 044 * NOTE: Client certificate authentication is disabled by default. 045 * 046 */ 047public class AutoSslTransportServer extends AutoTcpTransportServer { 048 049 050 051 // Specifies if sockets created from this server should needClientAuth. 052 private boolean needClientAuth; 053 054 // Specifies if sockets created from this server should wantClientAuth. 055 private boolean wantClientAuth; 056 057// /** 058// * Creates a ssl transport server for the specified url using the provided 059// * serverSocketFactory 060// * 061// * @param transportFactory The factory used to create transports when connections arrive. 062// * @param location The location of the broker to bind to. 063// * @param serverSocketFactory The factory used to create this server. 064// * @throws IOException passed up from TcpTransportFactory. 065// * @throws URISyntaxException passed up from TcpTransportFactory. 066// */ 067// public SslTransportServer(SslTransportFactory transportFactory, URI location, SSLServerSocketFactory serverSocketFactory) throws IOException, URISyntaxException { 068// super(transportFactory, location, serverSocketFactory); 069// } 070 071 public AutoSslTransportServer(SslTransportFactory transportFactory, 072 URI location, SSLServerSocketFactory serverSocketFactory, 073 BrokerService brokerService, Set<String> enabledProtocols) throws IOException, URISyntaxException { 074 super(transportFactory, location, serverSocketFactory, brokerService, enabledProtocols); 075 // TODO Auto-generated constructor stub 076 } 077 078 /** 079 * Sets whether client authentication should be required 080 * Must be called before {@link #bind()} 081 * Note: Calling this method clears the wantClientAuth flag 082 * in the underlying implementation. 083 */ 084 public void setNeedClientAuth(boolean needAuth) { 085 this.needClientAuth = needAuth; 086 } 087 088 /** 089 * Returns whether client authentication should be required. 090 */ 091 public boolean getNeedClientAuth() { 092 return this.needClientAuth; 093 } 094 095 /** 096 * Returns whether client authentication should be requested. 097 */ 098 public boolean getWantClientAuth() { 099 return this.wantClientAuth; 100 } 101 102 /** 103 * Sets whether client authentication should be requested. 104 * Must be called before {@link #bind()} 105 * Note: Calling this method clears the needClientAuth flag 106 * in the underlying implementation. 107 */ 108 public void setWantClientAuth(boolean wantAuth) { 109 this.wantClientAuth = wantAuth; 110 } 111 112 /** 113 * Binds this socket to the previously specified URI. 114 * 115 * Overridden to allow for proper handling of needClientAuth. 116 * 117 * @throws IOException passed up from TcpTransportServer. 118 */ 119 @Override 120 public void bind() throws IOException { 121 super.bind(); 122 if (needClientAuth) { 123 ((SSLServerSocket)this.serverSocket).setNeedClientAuth(true); 124 } else if (wantClientAuth) { 125 ((SSLServerSocket)this.serverSocket).setWantClientAuth(true); 126 } 127 } 128 129 /** 130 * Used to create Transports for this server. 131 * 132 * Overridden to allow the use of SslTransports (instead of TcpTransports). 133 * 134 * @param socket The incoming socket that will be wrapped into the new Transport. 135 * @param format The WireFormat being used. 136 * @return The newly return (SSL) Transport. 137 * @throws IOException 138 */ 139 @Override 140 protected TcpTransport createTransport(Socket socket, WireFormat format) throws IOException { 141 return new SslTransport(format, (SSLSocket)socket, this.initBuffer); 142 } 143 144 @Override 145 public boolean isSslServer() { 146 return true; 147 } 148 149}