001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017
018package org.apache.activemq.transport.auto;
019
020import java.io.IOException;
021import java.net.Socket;
022import java.net.URI;
023import java.net.URISyntaxException;
024import java.util.Set;
025
026import javax.net.ssl.SSLServerSocket;
027import javax.net.ssl.SSLServerSocketFactory;
028
029import org.apache.activemq.broker.BrokerService;
030import org.apache.activemq.transport.tcp.SslTransportFactory;
031import org.apache.activemq.transport.tcp.TcpTransport;
032import org.apache.activemq.transport.tcp.TcpTransport.InitBuffer;
033import org.apache.activemq.transport.tcp.TcpTransportFactory;
034import org.apache.activemq.wireformat.WireFormat;
035
036/**
037 *  An SSL TransportServer.
038 *
039 *  Allows for client certificate authentication (refer to setNeedClientAuth for
040 *      details).
041 *  NOTE: Client certificate authentication is disabled by default.
042 *
043 */
044public class AutoSslTransportServer extends AutoTcpTransportServer {
045
046
047
048    // Specifies if sockets created from this server should needClientAuth.
049    private boolean needClientAuth;
050
051    // Specifies if sockets created from this server should wantClientAuth.
052    private boolean wantClientAuth;
053
054    public AutoSslTransportServer(SslTransportFactory transportFactory,
055            URI location, SSLServerSocketFactory serverSocketFactory,
056            BrokerService brokerService, Set<String> enabledProtocols) throws IOException, URISyntaxException {
057        super(transportFactory, location, serverSocketFactory, brokerService, enabledProtocols);
058        // TODO Auto-generated constructor stub
059    }
060
061    /**
062     * Sets whether client authentication should be required
063     * Must be called before {@link #bind()}
064     * Note: Calling this method clears the wantClientAuth flag
065     * in the underlying implementation.
066     */
067    public void setNeedClientAuth(boolean needAuth) {
068        this.needClientAuth = needAuth;
069    }
070
071    /**
072     * Returns whether client authentication should be required.
073     */
074    public boolean getNeedClientAuth() {
075        return this.needClientAuth;
076    }
077
078    /**
079     * Returns whether client authentication should be requested.
080     */
081    public boolean getWantClientAuth() {
082        return this.wantClientAuth;
083    }
084
085    /**
086     * Sets whether client authentication should be requested.
087     * Must be called before {@link #bind()}
088     * Note: Calling this method clears the needClientAuth flag
089     * in the underlying implementation.
090     */
091    public void setWantClientAuth(boolean wantAuth) {
092        this.wantClientAuth = wantAuth;
093    }
094
095    /**
096     * Binds this socket to the previously specified URI.
097     *
098     * Overridden to allow for proper handling of needClientAuth.
099     *
100     * @throws IOException passed up from TcpTransportServer.
101     */
102    @Override
103    public void bind() throws IOException {
104        super.bind();
105        if (needClientAuth) {
106            ((SSLServerSocket)this.serverSocket).setNeedClientAuth(true);
107        } else if (wantClientAuth) {
108            ((SSLServerSocket)this.serverSocket).setWantClientAuth(true);
109        }
110    }
111
112    /**
113     * Used to create Transports for this server.
114     *
115     * Overridden to allow the use of SslTransports (instead of TcpTransports).
116     *
117     * @param socket The incoming socket that will be wrapped into the new Transport.
118     * @param format The WireFormat being used.
119     * @return The newly return (SSL) Transport.
120     * @throws IOException
121     */
122    @Override
123    protected TcpTransport createTransport(Socket socket, WireFormat format,
124            TcpTransportFactory detectedTransportFactory, InitBuffer initBuffer) throws IOException {
125
126        return detectedTransportFactory.createTransport(format, socket, initBuffer);
127    }
128
129    @Override
130    public boolean isSslServer() {
131        return true;
132    }
133
134}