001/** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 018package org.apache.activemq.transport.auto; 019 020import java.io.IOException; 021import java.net.Socket; 022import java.net.URI; 023import java.net.URISyntaxException; 024import java.util.Set; 025 026import javax.net.ssl.SSLServerSocket; 027import javax.net.ssl.SSLServerSocketFactory; 028 029import org.apache.activemq.broker.BrokerService; 030import org.apache.activemq.transport.tcp.SslTransportFactory; 031import org.apache.activemq.transport.tcp.TcpTransport; 032import org.apache.activemq.transport.tcp.TcpTransportFactory; 033import org.apache.activemq.wireformat.WireFormat; 034 035/** 036 * An SSL TransportServer. 037 * 038 * Allows for client certificate authentication (refer to setNeedClientAuth for 039 * details). 040 * NOTE: Client certificate authentication is disabled by default. 041 * 042 */ 043public class AutoSslTransportServer extends AutoTcpTransportServer { 044 045 046 047 // Specifies if sockets created from this server should needClientAuth. 048 private boolean needClientAuth; 049 050 // Specifies if sockets created from this server should wantClientAuth. 051 private boolean wantClientAuth; 052 053 public AutoSslTransportServer(SslTransportFactory transportFactory, 054 URI location, SSLServerSocketFactory serverSocketFactory, 055 BrokerService brokerService, Set<String> enabledProtocols) throws IOException, URISyntaxException { 056 super(transportFactory, location, serverSocketFactory, brokerService, enabledProtocols); 057 // TODO Auto-generated constructor stub 058 } 059 060 /** 061 * Sets whether client authentication should be required 062 * Must be called before {@link #bind()} 063 * Note: Calling this method clears the wantClientAuth flag 064 * in the underlying implementation. 065 */ 066 public void setNeedClientAuth(boolean needAuth) { 067 this.needClientAuth = needAuth; 068 } 069 070 /** 071 * Returns whether client authentication should be required. 072 */ 073 public boolean getNeedClientAuth() { 074 return this.needClientAuth; 075 } 076 077 /** 078 * Returns whether client authentication should be requested. 079 */ 080 public boolean getWantClientAuth() { 081 return this.wantClientAuth; 082 } 083 084 /** 085 * Sets whether client authentication should be requested. 086 * Must be called before {@link #bind()} 087 * Note: Calling this method clears the needClientAuth flag 088 * in the underlying implementation. 089 */ 090 public void setWantClientAuth(boolean wantAuth) { 091 this.wantClientAuth = wantAuth; 092 } 093 094 /** 095 * Binds this socket to the previously specified URI. 096 * 097 * Overridden to allow for proper handling of needClientAuth. 098 * 099 * @throws IOException passed up from TcpTransportServer. 100 */ 101 @Override 102 public void bind() throws IOException { 103 super.bind(); 104 if (needClientAuth) { 105 ((SSLServerSocket)this.serverSocket).setNeedClientAuth(true); 106 } else if (wantClientAuth) { 107 ((SSLServerSocket)this.serverSocket).setWantClientAuth(true); 108 } 109 } 110 111 /** 112 * Used to create Transports for this server. 113 * 114 * Overridden to allow the use of SslTransports (instead of TcpTransports). 115 * 116 * @param socket The incoming socket that will be wrapped into the new Transport. 117 * @param format The WireFormat being used. 118 * @return The newly return (SSL) Transport. 119 * @throws IOException 120 */ 121 @Override 122 protected TcpTransport createTransport(Socket socket, WireFormat format, 123 TcpTransportFactory detectedTransportFactory) throws IOException { 124 125 return detectedTransportFactory.createTransport(format, socket, this.initBuffer); 126 } 127 128 @Override 129 public boolean isSslServer() { 130 return true; 131 } 132 133}