001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017
018package org.apache.activemq.transport.auto;
019
020import java.io.IOException;
021import java.net.Socket;
022import java.net.URI;
023import java.net.URISyntaxException;
024import java.util.Set;
025
026import javax.net.ssl.SSLServerSocket;
027import javax.net.ssl.SSLServerSocketFactory;
028
029import org.apache.activemq.broker.BrokerService;
030import org.apache.activemq.transport.tcp.SslTransportFactory;
031import org.apache.activemq.transport.tcp.TcpTransport;
032import org.apache.activemq.transport.tcp.TcpTransportFactory;
033import org.apache.activemq.wireformat.WireFormat;
034
035/**
036 *  An SSL TransportServer.
037 *
038 *  Allows for client certificate authentication (refer to setNeedClientAuth for
039 *      details).
040 *  NOTE: Client certificate authentication is disabled by default.
041 *
042 */
043public class AutoSslTransportServer extends AutoTcpTransportServer {
044
045
046
047    // Specifies if sockets created from this server should needClientAuth.
048    private boolean needClientAuth;
049
050    // Specifies if sockets created from this server should wantClientAuth.
051    private boolean wantClientAuth;
052
053    public AutoSslTransportServer(SslTransportFactory transportFactory,
054            URI location, SSLServerSocketFactory serverSocketFactory,
055            BrokerService brokerService, Set<String> enabledProtocols) throws IOException, URISyntaxException {
056        super(transportFactory, location, serverSocketFactory, brokerService, enabledProtocols);
057        // TODO Auto-generated constructor stub
058    }
059
060    /**
061     * Sets whether client authentication should be required
062     * Must be called before {@link #bind()}
063     * Note: Calling this method clears the wantClientAuth flag
064     * in the underlying implementation.
065     */
066    public void setNeedClientAuth(boolean needAuth) {
067        this.needClientAuth = needAuth;
068    }
069
070    /**
071     * Returns whether client authentication should be required.
072     */
073    public boolean getNeedClientAuth() {
074        return this.needClientAuth;
075    }
076
077    /**
078     * Returns whether client authentication should be requested.
079     */
080    public boolean getWantClientAuth() {
081        return this.wantClientAuth;
082    }
083
084    /**
085     * Sets whether client authentication should be requested.
086     * Must be called before {@link #bind()}
087     * Note: Calling this method clears the needClientAuth flag
088     * in the underlying implementation.
089     */
090    public void setWantClientAuth(boolean wantAuth) {
091        this.wantClientAuth = wantAuth;
092    }
093
094    /**
095     * Binds this socket to the previously specified URI.
096     *
097     * Overridden to allow for proper handling of needClientAuth.
098     *
099     * @throws IOException passed up from TcpTransportServer.
100     */
101    @Override
102    public void bind() throws IOException {
103        super.bind();
104        if (needClientAuth) {
105            ((SSLServerSocket)this.serverSocket).setNeedClientAuth(true);
106        } else if (wantClientAuth) {
107            ((SSLServerSocket)this.serverSocket).setWantClientAuth(true);
108        }
109    }
110
111    /**
112     * Used to create Transports for this server.
113     *
114     * Overridden to allow the use of SslTransports (instead of TcpTransports).
115     *
116     * @param socket The incoming socket that will be wrapped into the new Transport.
117     * @param format The WireFormat being used.
118     * @return The newly return (SSL) Transport.
119     * @throws IOException
120     */
121    @Override
122    protected TcpTransport createTransport(Socket socket, WireFormat format,
123            TcpTransportFactory detectedTransportFactory) throws IOException {
124
125        return detectedTransportFactory.createTransport(format, socket, this.initBuffer);
126    }
127
128    @Override
129    public boolean isSslServer() {
130        return true;
131    }
132
133}