001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.activemq.transport.tcp;
018
019import java.io.IOException;
020import java.net.Socket;
021import java.net.URI;
022import java.net.URISyntaxException;
023import java.net.UnknownHostException;
024import java.util.HashMap;
025import java.util.Map;
026
027import javax.net.ServerSocketFactory;
028import javax.net.SocketFactory;
029import javax.net.ssl.SSLServerSocketFactory;
030import javax.net.ssl.SSLSocket;
031import javax.net.ssl.SSLSocketFactory;
032
033import org.apache.activemq.broker.SslContext;
034import org.apache.activemq.transport.Transport;
035import org.apache.activemq.transport.TransportServer;
036import org.apache.activemq.transport.tcp.TcpTransport.InitBuffer;
037import org.apache.activemq.util.IOExceptionSupport;
038import org.apache.activemq.util.IntrospectionSupport;
039import org.apache.activemq.util.URISupport;
040import org.apache.activemq.wireformat.WireFormat;
041import org.slf4j.Logger;
042import org.slf4j.LoggerFactory;
043
044/**
045 * An implementation of the TcpTransportFactory using SSL. The major
046 * contribution from this class is that it is aware of SslTransportServer and
047 * SslTransport classes. All Transports and TransportServers created from this
048 * factory will have their needClientAuth option set to false.
049 */
050public class SslTransportFactory extends TcpTransportFactory {
051
052    private static final Logger LOG = LoggerFactory.getLogger(SslTransportFactory.class);
053
054    /**
055     * Overriding to use SslTransportServer and allow for proper reflection.
056     */
057    @Override
058    public TransportServer doBind(final URI location) throws IOException {
059        try {
060            Map<String, String> options = new HashMap<String, String>(URISupport.parseParameters(location));
061
062            ServerSocketFactory serverSocketFactory = createServerSocketFactory();
063            SslTransportServer server = createSslTransportServer(location, (SSLServerSocketFactory)serverSocketFactory);
064            server.setWireFormatFactory(createWireFormatFactory(options));
065            IntrospectionSupport.setProperties(server, options);
066            Map<String, Object> transportOptions = IntrospectionSupport.extractProperties(options, "transport.");
067            server.setTransportOption(transportOptions);
068            server.bind();
069
070            return server;
071        } catch (URISyntaxException e) {
072            throw IOExceptionSupport.create(e);
073        }
074    }
075
076    /**
077     * Allows subclasses of SslTransportFactory to create custom instances of
078     * SslTransportServer.
079     *
080     * @param location
081     * @param serverSocketFactory
082     * @return a new SslTransportServer initialized from the given location and socket factory.
083     * @throws IOException
084     * @throws URISyntaxException
085     */
086    protected SslTransportServer createSslTransportServer(final URI location, SSLServerSocketFactory serverSocketFactory) throws IOException, URISyntaxException {
087        return new SslTransportServer(this, location, serverSocketFactory);
088    }
089
090    /**
091     * Overriding to allow for proper configuration through reflection but delegate to get common
092     * configuration
093     */
094    @Override
095    @SuppressWarnings("rawtypes")
096    public Transport compositeConfigure(Transport transport, WireFormat format, Map options) {
097        SslTransport sslTransport = transport.narrow(SslTransport.class);
098        IntrospectionSupport.setProperties(sslTransport, options);
099
100        return super.compositeConfigure(transport, format, options);
101    }
102
103    /**
104     * Overriding to use SslTransports.
105     */
106    @Override
107    protected Transport createTransport(URI location, WireFormat wf) throws UnknownHostException, IOException {
108        URI localLocation = null;
109        String path = location.getPath();
110        // see if the path is a local URI location
111        if (path != null && path.length() > 0) {
112            int localPortIndex = path.indexOf(':');
113            try {
114                Integer.parseInt(path.substring(localPortIndex + 1, path.length()));
115                String localString = location.getScheme() + ":/" + path;
116                localLocation = new URI(localString);
117            } catch (Exception e) {
118                LOG.warn("path isn't a valid local location for SslTransport to use", e);
119            }
120        }
121        SocketFactory socketFactory = createSocketFactory();
122        return new SslTransport(wf, (SSLSocketFactory)socketFactory, location, localLocation, false);
123    }
124
125    /**
126     * Creates a new SSL ServerSocketFactory. The given factory will use
127     * user-provided key and trust managers (if the user provided them).
128     *
129     * @return Newly created (Ssl)ServerSocketFactory.
130     * @throws IOException
131     */
132    @Override
133    protected ServerSocketFactory createServerSocketFactory() throws IOException {
134        if( SslContext.getCurrentSslContext()!=null ) {
135            SslContext ctx = SslContext.getCurrentSslContext();
136            try {
137                return ctx.getSSLContext().getServerSocketFactory();
138            } catch (Exception e) {
139                throw IOExceptionSupport.create(e);
140            }
141        } else {
142            return SSLServerSocketFactory.getDefault();
143        }
144    }
145
146    /**
147     * Creates a new SSL SocketFactory. The given factory will use user-provided
148     * key and trust managers (if the user provided them).
149     *
150     * @return Newly created (Ssl)SocketFactory.
151     * @throws IOException
152     */
153    @Override
154    protected SocketFactory createSocketFactory() throws IOException {
155        if( SslContext.getCurrentSslContext()!=null ) {
156            SslContext ctx = SslContext.getCurrentSslContext();
157            try {
158                return ctx.getSSLContext().getSocketFactory();
159            } catch (Exception e) {
160                throw IOExceptionSupport.create(e);
161            }
162        } else {
163            return SSLSocketFactory.getDefault();
164        }
165    }
166
167    @Override
168    public SslTransport createTransport(WireFormat wireFormat, Socket socket, InitBuffer initBuffer)
169            throws IOException {
170
171        return new SslTransport(wireFormat, (SSLSocket)socket, initBuffer);
172    }
173}