Home » activemq-parent-5.3.1-source-release » org.apache » activemq » transport » tcp » [javadoc | source]

    1   /**
    2    * Licensed to the Apache Software Foundation (ASF) under one or more
    3    * contributor license agreements.  See the NOTICE file distributed with
    4    * this work for additional information regarding copyright ownership.
    5    * The ASF licenses this file to You under the Apache License, Version 2.0
    6    * (the "License"); you may not use this file except in compliance with
    7    * the License.  You may obtain a copy of the License at
    8    *
    9    *      http://www.apache.org/licenses/LICENSE-2.0
   10    *
   11    * Unless required by applicable law or agreed to in writing, software
   12    * distributed under the License is distributed on an "AS IS" BASIS,
   13    * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   14    * See the License for the specific language governing permissions and
   15    * limitations under the License.
   16    */
   17   package org.apache.activemq.transport.tcp;
   18   
   19   import java.io.IOException;
   20   import java.net.URI;
   21   import java.net.URISyntaxException;
   22   import java.net.UnknownHostException;
   23   import java.security.KeyManagementException;
   24   import java.security.NoSuchAlgorithmException;
   25   import java.security.NoSuchProviderException;
   26   import java.security.SecureRandom;
   27   import java.util.HashMap;
   28   import java.util.Map;
   29   
   30   import javax.net.ServerSocketFactory;
   31   import javax.net.SocketFactory;
   32   import javax.net.ssl.KeyManager;
   33   import javax.net.ssl.SSLContext;
   34   import javax.net.ssl.SSLServerSocketFactory;
   35   import javax.net.ssl.SSLSocketFactory;
   36   import javax.net.ssl.TrustManager;
   37   
   38   import org.apache.activemq.broker.BrokerService;
   39   import org.apache.activemq.broker.BrokerServiceAware;
   40   import org.apache.activemq.broker.SslContext;
   41   import org.apache.activemq.openwire.OpenWireFormat;
   42   import org.apache.activemq.transport.InactivityMonitor;
   43   import org.apache.activemq.transport.Transport;
   44   import org.apache.activemq.transport.TransportFactory;
   45   import org.apache.activemq.transport.TransportLoggerFactory;
   46   import org.apache.activemq.transport.TransportServer;
   47   import org.apache.activemq.transport.WireFormatNegotiator;
   48   import org.apache.activemq.util.IOExceptionSupport;
   49   import org.apache.activemq.util.IntrospectionSupport;
   50   import org.apache.activemq.util.URISupport;
   51   import org.apache.activemq.wireformat.WireFormat;
   52   import org.apache.commons.logging.Log;
   53   import org.apache.commons.logging.LogFactory;
   54   
   55   /**
   56    * An implementation of the TcpTransportFactory using SSL. The major
   57    * contribution from this class is that it is aware of SslTransportServer and
   58    * SslTransport classes. All Transports and TransportServers created from this
   59    * factory will have their needClientAuth option set to false.
   60    * 
   61    * @author sepandm@gmail.com (Sepand)
   62    * @author David Martin Clavo david(dot)martin(dot)clavo(at)gmail.com (logging improvement modifications)
   63    * @version $Revision$
   64    */
   65   public class SslTransportFactory extends TcpTransportFactory {
   66       // The log this uses.,
   67       private static final Log LOG = LogFactory.getLog(SslTransportFactory.class);
   68       
   69       /**
   70        * Overriding to use SslTransportServer and allow for proper reflection.
   71        */
   72       public TransportServer doBind(final URI location) throws IOException {
   73           try {
   74               Map<String, String> options = new HashMap<String, String>(URISupport.parseParamters(location));
   75   
   76               ServerSocketFactory serverSocketFactory = createServerSocketFactory();
   77               SslTransportServer server = new SslTransportServer(this, location, (SSLServerSocketFactory)serverSocketFactory);
   78               server.setWireFormatFactory(createWireFormatFactory(options));
   79               IntrospectionSupport.setProperties(server, options);
   80               Map<String, Object> transportOptions = IntrospectionSupport.extractProperties(options, "transport.");
   81               server.setTransportOption(transportOptions);
   82               server.bind();
   83   
   84               return server;
   85           } catch (URISyntaxException e) {
   86               throw IOExceptionSupport.create(e);
   87           }
   88       }
   89   
   90       /**
   91        * Overriding to allow for proper configuration through reflection.
   92        */
   93       public Transport compositeConfigure(Transport transport, WireFormat format, Map options) {
   94   
   95           SslTransport sslTransport = (SslTransport)transport.narrow(SslTransport.class);
   96           IntrospectionSupport.setProperties(sslTransport, options);
   97   
   98           Map<String, Object> socketOptions = IntrospectionSupport.extractProperties(options, "socket.");
   99   
  100           sslTransport.setSocketOptions(socketOptions);
  101   
  102           if (sslTransport.isTrace()) {
  103               try {
  104                   transport = TransportLoggerFactory.getInstance().createTransportLogger(transport,
  105                           sslTransport.getLogWriterName(), sslTransport.isDynamicManagement(), sslTransport.isStartLogging(), sslTransport.getJmxPort());
  106               } catch (Throwable e) {
  107                   LOG.error("Could not create TransportLogger object for: " + sslTransport.getLogWriterName() + ", reason: " + e, e);
  108               }
  109           }
  110   
  111           transport = new InactivityMonitor(transport, format);
  112   
  113           // Only need the WireFormatNegotiator if using openwire
  114           if (format instanceof OpenWireFormat) {
  115               transport = new WireFormatNegotiator(transport, (OpenWireFormat)format, sslTransport.getMinmumWireFormatVersion());
  116           }
  117   
  118           return transport;
  119       }
  120   
  121       /**
  122        * Overriding to use SslTransports.
  123        */
  124       protected Transport createTransport(URI location, WireFormat wf) throws UnknownHostException, IOException {
  125           URI localLocation = null;
  126           String path = location.getPath();
  127           // see if the path is a local URI location
  128           if (path != null && path.length() > 0) {
  129               int localPortIndex = path.indexOf(':');
  130               try {
  131                   Integer.parseInt(path.substring(localPortIndex + 1, path.length()));
  132                   String localString = location.getScheme() + ":/" + path;
  133                   localLocation = new URI(localString);
  134               } catch (Exception e) {
  135                   LOG.warn("path isn't a valid local location for SslTransport to use", e);
  136               }
  137           }
  138           SocketFactory socketFactory = createSocketFactory();
  139           return new SslTransport(wf, (SSLSocketFactory)socketFactory, location, localLocation, false);
  140       }
  141   
  142   
  143   
  144       /**
  145        * Creates a new SSL ServerSocketFactory. The given factory will use
  146        * user-provided key and trust managers (if the user provided them).
  147        * 
  148        * @return Newly created (Ssl)ServerSocketFactory.
  149        * @throws IOException 
  150        */
  151       protected ServerSocketFactory createServerSocketFactory() throws IOException {
  152           if( SslContext.getCurrentSslContext()!=null ) {
  153               SslContext ctx = SslContext.getCurrentSslContext();
  154               try {
  155                   return ctx.getSSLContext().getServerSocketFactory();
  156               } catch (Exception e) {
  157                   throw IOExceptionSupport.create(e);
  158               }
  159           } else {
  160               return SSLServerSocketFactory.getDefault();
  161           }
  162       }
  163   
  164       /**
  165        * Creates a new SSL SocketFactory. The given factory will use user-provided
  166        * key and trust managers (if the user provided them).
  167        * 
  168        * @return Newly created (Ssl)SocketFactory.
  169        * @throws IOException 
  170        */
  171       protected SocketFactory createSocketFactory() throws IOException {
  172           
  173           if( SslContext.getCurrentSslContext()!=null ) {
  174               SslContext ctx = SslContext.getCurrentSslContext();
  175               try {
  176                   return ctx.getSSLContext().getSocketFactory();
  177               } catch (Exception e) {
  178                   throw IOExceptionSupport.create(e);
  179               }
  180           } else {
  181               return SSLSocketFactory.getDefault();
  182           }
  183           
  184       }
  185   
  186       /**
  187        * 
  188        * @param km
  189        * @param tm
  190        * @param random
  191        * @deprecated "Do not use anymore... using static initializers like this method only allows the JVM to use 1 SSL configuration per broker."
  192        * @see org.apache.activemq.broker.SslContext#setCurrentSslContext(SslContext)
  193        * @see org.apache.activemq.broker.SslContext#getSSLContext()
  194        */
  195       public void setKeyAndTrustManagers(KeyManager[] km, TrustManager[] tm, SecureRandom random) {
  196           SslContext ctx = new SslContext(km, tm, random);
  197           SslContext.setCurrentSslContext(ctx);
  198       }
  199   
  200   }

Home » activemq-parent-5.3.1-source-release » org.apache » activemq » transport » tcp » [javadoc | source]