001/** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 018package org.apache.activemq.transport.auto; 019 020import java.io.IOException; 021import java.net.Socket; 022import java.net.URI; 023import java.net.URISyntaxException; 024import java.util.Set; 025 026import javax.net.ssl.SSLServerSocket; 027import javax.net.ssl.SSLServerSocketFactory; 028 029import org.apache.activemq.broker.BrokerService; 030import org.apache.activemq.transport.tcp.SslTransportFactory; 031import org.apache.activemq.transport.tcp.TcpTransport; 032import org.apache.activemq.transport.tcp.TcpTransport.InitBuffer; 033import org.apache.activemq.transport.tcp.TcpTransportFactory; 034import org.apache.activemq.wireformat.WireFormat; 035 036/** 037 * An SSL TransportServer. 038 * 039 * Allows for client certificate authentication (refer to setNeedClientAuth for 040 * details). 041 * NOTE: Client certificate authentication is disabled by default. 042 * 043 */ 044public class AutoSslTransportServer extends AutoTcpTransportServer { 045 046 047 048 // Specifies if sockets created from this server should needClientAuth. 049 private boolean needClientAuth; 050 051 // Specifies if sockets created from this server should wantClientAuth. 052 private boolean wantClientAuth; 053 054 public AutoSslTransportServer(SslTransportFactory transportFactory, 055 URI location, SSLServerSocketFactory serverSocketFactory, 056 BrokerService brokerService, Set<String> enabledProtocols) throws IOException, URISyntaxException { 057 super(transportFactory, location, serverSocketFactory, brokerService, enabledProtocols); 058 // TODO Auto-generated constructor stub 059 } 060 061 /** 062 * Sets whether client authentication should be required 063 * Must be called before {@link #bind()} 064 * Note: Calling this method clears the wantClientAuth flag 065 * in the underlying implementation. 066 */ 067 public void setNeedClientAuth(boolean needAuth) { 068 this.needClientAuth = needAuth; 069 } 070 071 /** 072 * Returns whether client authentication should be required. 073 */ 074 public boolean getNeedClientAuth() { 075 return this.needClientAuth; 076 } 077 078 /** 079 * Returns whether client authentication should be requested. 080 */ 081 public boolean getWantClientAuth() { 082 return this.wantClientAuth; 083 } 084 085 /** 086 * Sets whether client authentication should be requested. 087 * Must be called before {@link #bind()} 088 * Note: Calling this method clears the needClientAuth flag 089 * in the underlying implementation. 090 */ 091 public void setWantClientAuth(boolean wantAuth) { 092 this.wantClientAuth = wantAuth; 093 } 094 095 /** 096 * Binds this socket to the previously specified URI. 097 * 098 * Overridden to allow for proper handling of needClientAuth. 099 * 100 * @throws IOException passed up from TcpTransportServer. 101 */ 102 @Override 103 public void bind() throws IOException { 104 super.bind(); 105 if (needClientAuth) { 106 ((SSLServerSocket)this.serverSocket).setNeedClientAuth(true); 107 } else if (wantClientAuth) { 108 ((SSLServerSocket)this.serverSocket).setWantClientAuth(true); 109 } 110 } 111 112 /** 113 * Used to create Transports for this server. 114 * 115 * Overridden to allow the use of SslTransports (instead of TcpTransports). 116 * 117 * @param socket The incoming socket that will be wrapped into the new Transport. 118 * @param format The WireFormat being used. 119 * @return The newly return (SSL) Transport. 120 * @throws IOException 121 */ 122 @Override 123 protected TcpTransport createTransport(Socket socket, WireFormat format, 124 TcpTransportFactory detectedTransportFactory, InitBuffer initBuffer) throws IOException { 125 126 return detectedTransportFactory.createTransport(format, socket, initBuffer); 127 } 128 129 @Override 130 public boolean isSslServer() { 131 return true; 132 } 133 134}