001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one or more
003     * contributor license agreements.  See the NOTICE file distributed with
004     * this work for additional information regarding copyright ownership.
005     * The ASF licenses this file to You under the Apache License, Version 2.0
006     * (the "License"); you may not use this file except in compliance with
007     * the License.  You may obtain a copy of the License at
008     *
009     *      http://www.apache.org/licenses/LICENSE-2.0
010     *
011     * Unless required by applicable law or agreed to in writing, software
012     * distributed under the License is distributed on an "AS IS" BASIS,
013     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     * See the License for the specific language governing permissions and
015     * limitations under the License.
016     */
017    package org.apache.activemq.transport.tcp;
018    
019    import java.io.IOException;
020    import java.net.URI;
021    import java.net.URISyntaxException;
022    import java.net.UnknownHostException;
023    import java.util.HashMap;
024    import java.util.Map;
025    
026    import javax.net.ServerSocketFactory;
027    import javax.net.SocketFactory;
028    import javax.net.ssl.SSLServerSocketFactory;
029    import javax.net.ssl.SSLSocketFactory;
030    
031    import org.apache.activemq.broker.SslContext;
032    import org.apache.activemq.transport.Transport;
033    import org.apache.activemq.transport.TransportServer;
034    import org.apache.activemq.util.IOExceptionSupport;
035    import org.apache.activemq.util.IntrospectionSupport;
036    import org.apache.activemq.util.URISupport;
037    import org.apache.activemq.wireformat.WireFormat;
038    import org.slf4j.Logger;
039    import org.slf4j.LoggerFactory;
040    
041    /**
042     * An implementation of the TcpTransportFactory using SSL. The major
043     * contribution from this class is that it is aware of SslTransportServer and
044     * SslTransport classes. All Transports and TransportServers created from this
045     * factory will have their needClientAuth option set to false.
046     */
047    public class SslTransportFactory extends TcpTransportFactory {
048        private static final Logger LOG = LoggerFactory.getLogger(SslTransportFactory.class);
049    
050        /**
051         * Overriding to use SslTransportServer and allow for proper reflection.
052         */
053        public TransportServer doBind(final URI location) throws IOException {
054            try {
055                Map<String, String> options = new HashMap<String, String>(URISupport.parseParameters(location));
056    
057                ServerSocketFactory serverSocketFactory = createServerSocketFactory();
058                SslTransportServer server = createSslTransportServer(location, (SSLServerSocketFactory)serverSocketFactory);
059                server.setWireFormatFactory(createWireFormatFactory(options));
060                IntrospectionSupport.setProperties(server, options);
061                Map<String, Object> transportOptions = IntrospectionSupport.extractProperties(options, "transport.");
062                server.setTransportOption(transportOptions);
063                server.bind();
064    
065                return server;
066            } catch (URISyntaxException e) {
067                throw IOExceptionSupport.create(e);
068            }
069        }
070    
071        /**
072         * Allows subclasses of SslTransportFactory to create custom instances of
073         * SslTransportServer.
074         *
075         * @param location
076         * @param serverSocketFactory
077         * @return
078         * @throws IOException
079         * @throws URISyntaxException
080         */
081        protected SslTransportServer createSslTransportServer(final URI location, SSLServerSocketFactory serverSocketFactory) throws IOException, URISyntaxException {
082            return new SslTransportServer(this, location, serverSocketFactory);
083        }
084    
085        /**
086         * Overriding to allow for proper configuration through reflection but delegate to get common
087         * configuration
088         */
089        @SuppressWarnings("rawtypes")
090        public Transport compositeConfigure(Transport transport, WireFormat format, Map options) {
091            SslTransport sslTransport = (SslTransport)transport.narrow(SslTransport.class);
092            IntrospectionSupport.setProperties(sslTransport, options);
093    
094            return super.compositeConfigure(transport, format, options);
095        }
096    
097        /**
098         * Overriding to use SslTransports.
099         */
100        protected Transport createTransport(URI location, WireFormat wf) throws UnknownHostException, IOException {
101            URI localLocation = null;
102            String path = location.getPath();
103            // see if the path is a local URI location
104            if (path != null && path.length() > 0) {
105                int localPortIndex = path.indexOf(':');
106                try {
107                    Integer.parseInt(path.substring(localPortIndex + 1, path.length()));
108                    String localString = location.getScheme() + ":/" + path;
109                    localLocation = new URI(localString);
110                } catch (Exception e) {
111                    LOG.warn("path isn't a valid local location for SslTransport to use", e);
112                }
113            }
114            SocketFactory socketFactory = createSocketFactory();
115            return new SslTransport(wf, (SSLSocketFactory)socketFactory, location, localLocation, false);
116        }
117    
118        /**
119         * Creates a new SSL ServerSocketFactory. The given factory will use
120         * user-provided key and trust managers (if the user provided them).
121         *
122         * @return Newly created (Ssl)ServerSocketFactory.
123         * @throws IOException
124         */
125        protected ServerSocketFactory createServerSocketFactory() throws IOException {
126            if( SslContext.getCurrentSslContext()!=null ) {
127                SslContext ctx = SslContext.getCurrentSslContext();
128                try {
129                    return ctx.getSSLContext().getServerSocketFactory();
130                } catch (Exception e) {
131                    throw IOExceptionSupport.create(e);
132                }
133            } else {
134                return SSLServerSocketFactory.getDefault();
135            }
136        }
137    
138        /**
139         * Creates a new SSL SocketFactory. The given factory will use user-provided
140         * key and trust managers (if the user provided them).
141         *
142         * @return Newly created (Ssl)SocketFactory.
143         * @throws IOException
144         */
145        protected SocketFactory createSocketFactory() throws IOException {
146            if( SslContext.getCurrentSslContext()!=null ) {
147                SslContext ctx = SslContext.getCurrentSslContext();
148                try {
149                    return ctx.getSSLContext().getSocketFactory();
150                } catch (Exception e) {
151                    throw IOExceptionSupport.create(e);
152                }
153            } else {
154                return SSLSocketFactory.getDefault();
155            }
156        }
157    }