001/** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.activemq.transport.tcp; 018 019import java.io.IOException; 020import java.net.URI; 021import java.net.URISyntaxException; 022import java.net.UnknownHostException; 023import java.util.HashMap; 024import java.util.Map; 025 026import javax.net.ServerSocketFactory; 027import javax.net.SocketFactory; 028import javax.net.ssl.SSLServerSocketFactory; 029import javax.net.ssl.SSLSocketFactory; 030 031import org.apache.activemq.broker.SslContext; 032import org.apache.activemq.transport.Transport; 033import org.apache.activemq.transport.TransportServer; 034import org.apache.activemq.util.IOExceptionSupport; 035import org.apache.activemq.util.IntrospectionSupport; 036import org.apache.activemq.util.URISupport; 037import org.apache.activemq.wireformat.WireFormat; 038import org.slf4j.Logger; 039import org.slf4j.LoggerFactory; 040 041/** 042 * An implementation of the TcpTransportFactory using SSL. The major 043 * contribution from this class is that it is aware of SslTransportServer and 044 * SslTransport classes. All Transports and TransportServers created from this 045 * factory will have their needClientAuth option set to false. 046 */ 047public class SslTransportFactory extends TcpTransportFactory { 048 private static final Logger LOG = LoggerFactory.getLogger(SslTransportFactory.class); 049 050 /** 051 * Overriding to use SslTransportServer and allow for proper reflection. 052 */ 053 public TransportServer doBind(final URI location) throws IOException { 054 try { 055 Map<String, String> options = new HashMap<String, String>(URISupport.parseParameters(location)); 056 057 ServerSocketFactory serverSocketFactory = createServerSocketFactory(); 058 SslTransportServer server = createSslTransportServer(location, (SSLServerSocketFactory)serverSocketFactory); 059 server.setWireFormatFactory(createWireFormatFactory(options)); 060 IntrospectionSupport.setProperties(server, options); 061 Map<String, Object> transportOptions = IntrospectionSupport.extractProperties(options, "transport."); 062 server.setTransportOption(transportOptions); 063 server.bind(); 064 065 return server; 066 } catch (URISyntaxException e) { 067 throw IOExceptionSupport.create(e); 068 } 069 } 070 071 /** 072 * Allows subclasses of SslTransportFactory to create custom instances of 073 * SslTransportServer. 074 * 075 * @param location 076 * @param serverSocketFactory 077 * @return 078 * @throws IOException 079 * @throws URISyntaxException 080 */ 081 protected SslTransportServer createSslTransportServer(final URI location, SSLServerSocketFactory serverSocketFactory) throws IOException, URISyntaxException { 082 return new SslTransportServer(this, location, serverSocketFactory); 083 } 084 085 /** 086 * Overriding to allow for proper configuration through reflection but delegate to get common 087 * configuration 088 */ 089 @SuppressWarnings("rawtypes") 090 public Transport compositeConfigure(Transport transport, WireFormat format, Map options) { 091 SslTransport sslTransport = (SslTransport)transport.narrow(SslTransport.class); 092 IntrospectionSupport.setProperties(sslTransport, options); 093 094 return super.compositeConfigure(transport, format, options); 095 } 096 097 /** 098 * Overriding to use SslTransports. 099 */ 100 protected Transport createTransport(URI location, WireFormat wf) throws UnknownHostException, IOException { 101 URI localLocation = null; 102 String path = location.getPath(); 103 // see if the path is a local URI location 104 if (path != null && path.length() > 0) { 105 int localPortIndex = path.indexOf(':'); 106 try { 107 Integer.parseInt(path.substring(localPortIndex + 1, path.length())); 108 String localString = location.getScheme() + ":/" + path; 109 localLocation = new URI(localString); 110 } catch (Exception e) { 111 LOG.warn("path isn't a valid local location for SslTransport to use", e); 112 } 113 } 114 SocketFactory socketFactory = createSocketFactory(); 115 return new SslTransport(wf, (SSLSocketFactory)socketFactory, location, localLocation, false); 116 } 117 118 /** 119 * Creates a new SSL ServerSocketFactory. The given factory will use 120 * user-provided key and trust managers (if the user provided them). 121 * 122 * @return Newly created (Ssl)ServerSocketFactory. 123 * @throws IOException 124 */ 125 protected ServerSocketFactory createServerSocketFactory() throws IOException { 126 if( SslContext.getCurrentSslContext()!=null ) { 127 SslContext ctx = SslContext.getCurrentSslContext(); 128 try { 129 return ctx.getSSLContext().getServerSocketFactory(); 130 } catch (Exception e) { 131 throw IOExceptionSupport.create(e); 132 } 133 } else { 134 return SSLServerSocketFactory.getDefault(); 135 } 136 } 137 138 /** 139 * Creates a new SSL SocketFactory. The given factory will use user-provided 140 * key and trust managers (if the user provided them). 141 * 142 * @return Newly created (Ssl)SocketFactory. 143 * @throws IOException 144 */ 145 protected SocketFactory createSocketFactory() throws IOException { 146 if( SslContext.getCurrentSslContext()!=null ) { 147 SslContext ctx = SslContext.getCurrentSslContext(); 148 try { 149 return ctx.getSSLContext().getSocketFactory(); 150 } catch (Exception e) { 151 throw IOExceptionSupport.create(e); 152 } 153 } else { 154 return SSLSocketFactory.getDefault(); 155 } 156 } 157}