1   /**
    2    * Licensed to the Apache Software Foundation (ASF) under one or more
    3    * contributor license agreements.  See the NOTICE file distributed with
    4    * this work for additional information regarding copyright ownership.
    5    * The ASF licenses this file to You under the Apache License, Version 2.0
    6    * (the "License"); you may not use this file except in compliance with
    7    * the License.  You may obtain a copy of the License at
    8    *
    9    *      http://www.apache.org/licenses/LICENSE-2.0
   10    *
   11    * Unless required by applicable law or agreed to in writing, software
   12    * distributed under the License is distributed on an "AS IS" BASIS,
   13    * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   14    * See the License for the specific language governing permissions and
   15    * limitations under the License.
   16    */
   17   
   18   package org.apache.activemq.transport.tcp;
   19   
   20   import java.io.IOException;
   21   import java.net.Socket;
   22   import java.net.URI;
   23   import java.net.URISyntaxException;
   24   
   25   import javax.net.ssl.SSLServerSocket;
   26   import javax.net.ssl.SSLServerSocketFactory;
   27   import javax.net.ssl.SSLSocket;
   28   
   29   import org.apache.activemq.transport.Transport;
   30   import org.apache.activemq.wireformat.WireFormat;
   31   
   32   /**
   33    *  An SSL TransportServer.
   34    * 
   35    *  Allows for client certificate authentication (refer to setNeedClientAuth for
   36    *      details).
   37    *  NOTE: Client certificate authentication is disabled by default. 
   38    *
   39    */
   40   public class SslTransportServer extends TcpTransportServer {
   41       
   42       // Specifies if sockets created from this server should needClientAuth.
   43       private boolean needClientAuth;
   44       
   45       // Specifies if sockets created from this server should wantClientAuth.
   46       private boolean wantClientAuth;
   47       
   48       
   49       /**
   50        * Creates a ssl transport server for the specified url using the provided
   51        * serverSocketFactory
   52        * 
   53        * @param transportFactory The factory used to create transports when connections arrive.
   54        * @param location The location of the broker to bind to.
   55        * @param serverSocketFactory The factory used to create this server.
   56        * @throws IOException passed up from TcpTransportFactory.
   57        * @throws URISyntaxException passed up from TcpTransportFactory.
   58        */
   59       public SslTransportServer(
   60               SslTransportFactory transportFactory,
   61               URI location,
   62               SSLServerSocketFactory serverSocketFactory) throws IOException, URISyntaxException {
   63           super(transportFactory, location, serverSocketFactory);
   64       }
   65       
   66       /**
   67        * Sets whether client authentication should be required
   68        * Must be called before {@link #bind()}
   69        * Note: Calling this method clears the wantClientAuth flag
   70        * in the underlying implementation.
   71        */
   72       public void setNeedClientAuth(boolean needAuth) {
   73           this.needClientAuth = needAuth;
   74       }
   75       
   76       /**
   77        * Returns whether client authentication should be required.
   78        */
   79       public boolean getNeedClientAuth() {
   80           return this.needClientAuth;
   81       }
   82       
   83       /**
   84        * Returns whether client authentication should be requested.
   85        */
   86       public boolean getWantClientAuth() {
   87           return this.wantClientAuth;
   88       }
   89       
   90       /**
   91        * Sets whether client authentication should be requested.
   92        * Must be called before {@link #bind()}
   93        * Note: Calling this method clears the needClientAuth flag
   94        * in the underlying implementation.
   95        */
   96       public void setWantClientAuth(boolean wantAuth) {
   97           this.wantClientAuth = wantAuth;
   98       }
   99       
  100       /**
  101        * Binds this socket to the previously specified URI.
  102        * 
  103        * Overridden to allow for proper handling of needClientAuth.
  104        * 
  105        * @throws IOException passed up from TcpTransportServer. 
  106        */
  107       public void bind() throws IOException {
  108           super.bind();
  109           if (needClientAuth) {
  110               ((SSLServerSocket)this.serverSocket).setNeedClientAuth(true);
  111           } else if (wantClientAuth) {
  112               ((SSLServerSocket)this.serverSocket).setWantClientAuth(true);
  113           }
  114       }
  115       
  116       /**
  117        * Used to create Transports for this server.
  118        * 
  119        * Overridden to allow the use of SslTransports (instead of TcpTransports).
  120        * 
  121        * @param socket The incoming socket that will be wrapped into the new Transport. 
  122        * @param format The WireFormat being used.
  123        * @return The newly return (SSL) Transport.
  124        * @throws IOException
  125        */
  126       protected Transport createTransport(Socket socket, WireFormat format) throws IOException {
  127           return new SslTransport(format, (SSLSocket)socket);
  128       }
  129   }