001/** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.activemq.transport.tcp; 018 019import java.io.IOException; 020import java.net.Socket; 021import java.net.URI; 022import java.net.URISyntaxException; 023import java.net.UnknownHostException; 024import java.util.HashMap; 025import java.util.Map; 026 027import javax.net.ServerSocketFactory; 028import javax.net.SocketFactory; 029import javax.net.ssl.SSLServerSocketFactory; 030import javax.net.ssl.SSLSocket; 031import javax.net.ssl.SSLSocketFactory; 032 033import org.apache.activemq.broker.SslContext; 034import org.apache.activemq.transport.Transport; 035import org.apache.activemq.transport.TransportServer; 036import org.apache.activemq.transport.tcp.TcpTransport.InitBuffer; 037import org.apache.activemq.util.IOExceptionSupport; 038import org.apache.activemq.util.IntrospectionSupport; 039import org.apache.activemq.util.URISupport; 040import org.apache.activemq.wireformat.WireFormat; 041import org.slf4j.Logger; 042import org.slf4j.LoggerFactory; 043 044/** 045 * An implementation of the TcpTransportFactory using SSL. The major 046 * contribution from this class is that it is aware of SslTransportServer and 047 * SslTransport classes. All Transports and TransportServers created from this 048 * factory will have their needClientAuth option set to false. 049 */ 050public class SslTransportFactory extends TcpTransportFactory { 051 052 private static final Logger LOG = LoggerFactory.getLogger(SslTransportFactory.class); 053 054 /** 055 * Overriding to use SslTransportServer and allow for proper reflection. 056 */ 057 @Override 058 public TransportServer doBind(final URI location) throws IOException { 059 try { 060 Map<String, String> options = new HashMap<String, String>(URISupport.parseParameters(location)); 061 062 ServerSocketFactory serverSocketFactory = createServerSocketFactory(); 063 SslTransportServer server = createSslTransportServer(location, (SSLServerSocketFactory)serverSocketFactory); 064 server.setWireFormatFactory(createWireFormatFactory(options)); 065 IntrospectionSupport.setProperties(server, options); 066 Map<String, Object> transportOptions = IntrospectionSupport.extractProperties(options, "transport."); 067 server.setTransportOption(transportOptions); 068 server.bind(); 069 070 return server; 071 } catch (URISyntaxException e) { 072 throw IOExceptionSupport.create(e); 073 } 074 } 075 076 /** 077 * Allows subclasses of SslTransportFactory to create custom instances of 078 * SslTransportServer. 079 * 080 * @param location 081 * @param serverSocketFactory 082 * @return a new SslTransportServer initialized from the given location and socket factory. 083 * @throws IOException 084 * @throws URISyntaxException 085 */ 086 protected SslTransportServer createSslTransportServer(final URI location, SSLServerSocketFactory serverSocketFactory) throws IOException, URISyntaxException { 087 return new SslTransportServer(this, location, serverSocketFactory); 088 } 089 090 /** 091 * Overriding to allow for proper configuration through reflection but delegate to get common 092 * configuration 093 */ 094 @Override 095 @SuppressWarnings("rawtypes") 096 public Transport compositeConfigure(Transport transport, WireFormat format, Map options) { 097 SslTransport sslTransport = transport.narrow(SslTransport.class); 098 IntrospectionSupport.setProperties(sslTransport, options); 099 100 return super.compositeConfigure(transport, format, options); 101 } 102 103 /** 104 * Overriding to use SslTransports. 105 */ 106 @Override 107 protected Transport createTransport(URI location, WireFormat wf) throws UnknownHostException, IOException { 108 URI localLocation = null; 109 String path = location.getPath(); 110 // see if the path is a local URI location 111 if (path != null && path.length() > 0) { 112 int localPortIndex = path.indexOf(':'); 113 try { 114 Integer.parseInt(path.substring(localPortIndex + 1, path.length())); 115 String localString = location.getScheme() + ":/" + path; 116 localLocation = new URI(localString); 117 } catch (Exception e) { 118 LOG.warn("path isn't a valid local location for SslTransport to use", e); 119 } 120 } 121 SocketFactory socketFactory = createSocketFactory(); 122 return new SslTransport(wf, (SSLSocketFactory)socketFactory, location, localLocation, false); 123 } 124 125 /** 126 * Creates a new SSL ServerSocketFactory. The given factory will use 127 * user-provided key and trust managers (if the user provided them). 128 * 129 * @return Newly created (Ssl)ServerSocketFactory. 130 * @throws IOException 131 */ 132 @Override 133 protected ServerSocketFactory createServerSocketFactory() throws IOException { 134 if( SslContext.getCurrentSslContext()!=null ) { 135 SslContext ctx = SslContext.getCurrentSslContext(); 136 try { 137 return ctx.getSSLContext().getServerSocketFactory(); 138 } catch (Exception e) { 139 throw IOExceptionSupport.create(e); 140 } 141 } else { 142 return SSLServerSocketFactory.getDefault(); 143 } 144 } 145 146 /** 147 * Creates a new SSL SocketFactory. The given factory will use user-provided 148 * key and trust managers (if the user provided them). 149 * 150 * @return Newly created (Ssl)SocketFactory. 151 * @throws IOException 152 */ 153 @Override 154 protected SocketFactory createSocketFactory() throws IOException { 155 if( SslContext.getCurrentSslContext()!=null ) { 156 SslContext ctx = SslContext.getCurrentSslContext(); 157 try { 158 return ctx.getSSLContext().getSocketFactory(); 159 } catch (Exception e) { 160 throw IOExceptionSupport.create(e); 161 } 162 } else { 163 return SSLSocketFactory.getDefault(); 164 } 165 } 166 167 @Override 168 public SslTransport createTransport(WireFormat wireFormat, Socket socket, InitBuffer initBuffer) 169 throws IOException { 170 171 return new SslTransport(wireFormat, (SSLSocket)socket, initBuffer); 172 } 173}