001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017
018package org.apache.activemq.transport.auto;
019
020import java.io.IOException;
021import java.net.Socket;
022import java.net.URI;
023import java.net.URISyntaxException;
024import java.util.Set;
025
026import javax.net.ServerSocketFactory;
027import javax.net.ssl.SSLServerSocket;
028import javax.net.ssl.SSLServerSocketFactory;
029import javax.net.ssl.SSLSocket;
030
031import org.apache.activemq.broker.BrokerService;
032import org.apache.activemq.transport.Transport;
033import org.apache.activemq.transport.tcp.SslTransport;
034import org.apache.activemq.transport.tcp.SslTransportFactory;
035import org.apache.activemq.transport.tcp.TcpTransport;
036import org.apache.activemq.transport.tcp.TcpTransportFactory;
037import org.apache.activemq.wireformat.WireFormat;
038
039/**
040 *  An SSL TransportServer.
041 *
042 *  Allows for client certificate authentication (refer to setNeedClientAuth for
043 *      details).
044 *  NOTE: Client certificate authentication is disabled by default.
045 *
046 */
047public class AutoSslTransportServer extends AutoTcpTransportServer {
048
049
050
051    // Specifies if sockets created from this server should needClientAuth.
052    private boolean needClientAuth;
053
054    // Specifies if sockets created from this server should wantClientAuth.
055    private boolean wantClientAuth;
056
057//    /**
058//     * Creates a ssl transport server for the specified url using the provided
059//     * serverSocketFactory
060//     *
061//     * @param transportFactory The factory used to create transports when connections arrive.
062//     * @param location The location of the broker to bind to.
063//     * @param serverSocketFactory The factory used to create this server.
064//     * @throws IOException passed up from TcpTransportFactory.
065//     * @throws URISyntaxException passed up from TcpTransportFactory.
066//     */
067//    public SslTransportServer(SslTransportFactory transportFactory, URI location, SSLServerSocketFactory serverSocketFactory) throws IOException, URISyntaxException {
068//        super(transportFactory, location, serverSocketFactory);
069//    }
070
071    public AutoSslTransportServer(SslTransportFactory transportFactory,
072            URI location, SSLServerSocketFactory serverSocketFactory,
073            BrokerService brokerService, Set<String> enabledProtocols) throws IOException, URISyntaxException {
074        super(transportFactory, location, serverSocketFactory, brokerService, enabledProtocols);
075        // TODO Auto-generated constructor stub
076    }
077
078    /**
079     * Sets whether client authentication should be required
080     * Must be called before {@link #bind()}
081     * Note: Calling this method clears the wantClientAuth flag
082     * in the underlying implementation.
083     */
084    public void setNeedClientAuth(boolean needAuth) {
085        this.needClientAuth = needAuth;
086    }
087
088    /**
089     * Returns whether client authentication should be required.
090     */
091    public boolean getNeedClientAuth() {
092        return this.needClientAuth;
093    }
094
095    /**
096     * Returns whether client authentication should be requested.
097     */
098    public boolean getWantClientAuth() {
099        return this.wantClientAuth;
100    }
101
102    /**
103     * Sets whether client authentication should be requested.
104     * Must be called before {@link #bind()}
105     * Note: Calling this method clears the needClientAuth flag
106     * in the underlying implementation.
107     */
108    public void setWantClientAuth(boolean wantAuth) {
109        this.wantClientAuth = wantAuth;
110    }
111
112    /**
113     * Binds this socket to the previously specified URI.
114     *
115     * Overridden to allow for proper handling of needClientAuth.
116     *
117     * @throws IOException passed up from TcpTransportServer.
118     */
119    @Override
120    public void bind() throws IOException {
121        super.bind();
122        if (needClientAuth) {
123            ((SSLServerSocket)this.serverSocket).setNeedClientAuth(true);
124        } else if (wantClientAuth) {
125            ((SSLServerSocket)this.serverSocket).setWantClientAuth(true);
126        }
127    }
128
129    /**
130     * Used to create Transports for this server.
131     *
132     * Overridden to allow the use of SslTransports (instead of TcpTransports).
133     *
134     * @param socket The incoming socket that will be wrapped into the new Transport.
135     * @param format The WireFormat being used.
136     * @return The newly return (SSL) Transport.
137     * @throws IOException
138     */
139    @Override
140    protected TcpTransport createTransport(Socket socket, WireFormat format) throws IOException {
141        return new SslTransport(format, (SSLSocket)socket, this.initBuffer);
142    }
143
144    @Override
145    public boolean isSslServer() {
146        return true;
147    }
148
149}