001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.activemq.transport;
018
019 import javax.net.ssl.SSLContext;
020
021 import org.apache.activemq.broker.SslContext;
022 import org.apache.activemq.transport.https.Krb5AndCertsSslSocketConnector;
023 import org.apache.activemq.util.IntrospectionSupport;
024 import org.eclipse.jetty.server.Connector;
025 import org.eclipse.jetty.server.ssl.SslConnector;
026 import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
027 import org.eclipse.jetty.util.ssl.SslContextFactory;
028
029 public class SecureSocketConnectorFactory extends SocketConnectorFactory {
030
031 private String keyPassword = System.getProperty("javax.net.ssl.keyPassword");
032 private String keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
033 private String keyStore = System.getProperty("javax.net.ssl.keyStore");
034 private String keyStoreType;
035 private String secureRandomCertficateAlgorithm;
036 private String trustCertificateAlgorithm;
037 private String keyCertificateAlgorithm;
038 private String protocol;
039 private String auth;
040
041 private SslContext context;
042
043 public SecureSocketConnectorFactory(SslContext context) {
044 this.context = context;
045 }
046
047 @Override
048 public Connector createConnector() throws Exception {
049 IntrospectionSupport.setProperties(this, getTransportOptions());
050 SslConnector sslConnector;
051 if (Krb5AndCertsSslSocketConnector.isKrb(auth)) {
052 sslConnector = new Krb5AndCertsSslSocketConnector();
053 ((Krb5AndCertsSslSocketConnector)sslConnector).setMode(auth);
054 } else {
055 sslConnector = new SslSelectChannelConnector();
056 }
057
058 SSLContext sslContext = context == null ? null : context.getSSLContext();
059
060 // Get a reference to the current ssl context factory...
061 SslContextFactory factory = sslConnector.getSslContextFactory();
062
063 if (context != null) {
064
065 // Should not be using this method since it does not use all of the values
066 // from the passed SslContext instance.....
067 factory.setSslContext(sslContext);
068
069 } else {
070
071 if (keyStore != null) {
072 factory.setKeyStorePath(keyStore);
073 }
074 if (keyStorePassword != null) {
075 factory.setKeyStorePassword(keyStorePassword);
076 }
077 // if the keyPassword hasn't been set, default it to the
078 // key store password
079 if (keyPassword == null && keyStorePassword != null) {
080 factory.setKeyStorePassword(keyStorePassword);
081 }
082 if (keyStoreType != null) {
083 factory.setKeyStoreType(keyStoreType);
084 }
085 if (secureRandomCertficateAlgorithm != null) {
086 factory.setSecureRandomAlgorithm(secureRandomCertficateAlgorithm);
087 }
088 if (keyCertificateAlgorithm != null) {
089 factory.setSslKeyManagerFactoryAlgorithm(keyCertificateAlgorithm);
090 }
091 if (trustCertificateAlgorithm != null) {
092 factory.setTrustManagerFactoryAlgorithm(trustCertificateAlgorithm);
093 }
094 if (protocol != null) {
095 factory.setProtocol(protocol);
096 }
097 }
098
099 return sslConnector;
100 }
101
102 // Properties
103 // --------------------------------------------------------------------------------
104
105 public String getKeyStore() {
106 return keyStore;
107 }
108
109 public void setKeyStore(String keyStore) {
110 this.keyStore = keyStore;
111 }
112
113 public String getKeyPassword() {
114 return keyPassword;
115 }
116
117 public void setKeyPassword(String keyPassword) {
118 this.keyPassword = keyPassword;
119 }
120
121 public String getKeyStoreType() {
122 return keyStoreType;
123 }
124
125 public void setKeyStoreType(String keyStoreType) {
126 this.keyStoreType = keyStoreType;
127 }
128
129 public String getKeyStorePassword() {
130 return keyStorePassword;
131 }
132
133 public void setKeyStorePassword(String keyStorePassword) {
134 this.keyStorePassword = keyStorePassword;
135 }
136
137 public String getProtocol() {
138 return protocol;
139 }
140
141 public void setProtocol(String protocol) {
142 this.protocol = protocol;
143 }
144
145 public String getSecureRandomCertficateAlgorithm() {
146 return secureRandomCertficateAlgorithm;
147 }
148
149 public void setSecureRandomCertficateAlgorithm(String secureRandomCertficateAlgorithm) {
150 this.secureRandomCertficateAlgorithm = secureRandomCertficateAlgorithm;
151 }
152
153 public String getKeyCertificateAlgorithm() {
154 return keyCertificateAlgorithm;
155 }
156
157 public void setKeyCertificateAlgorithm(String keyCertificateAlgorithm) {
158 this.keyCertificateAlgorithm = keyCertificateAlgorithm;
159 }
160
161 public String getTrustCertificateAlgorithm() {
162 return trustCertificateAlgorithm;
163 }
164
165 public void setTrustCertificateAlgorithm(String trustCertificateAlgorithm) {
166 this.trustCertificateAlgorithm = trustCertificateAlgorithm;
167 }
168
169 /**
170 * @return the auth
171 */
172 public String getAuth() {
173 return auth;
174 }
175
176 /**
177 * @param auth the auth to set
178 */
179 public void setAuth(String auth) {
180 this.auth = auth;
181 }
182 }