001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.activemq.transport.tcp;
018
019import java.io.IOException;
020import java.net.URI;
021import java.net.URISyntaxException;
022import java.net.UnknownHostException;
023import java.security.KeyManagementException;
024import java.security.NoSuchAlgorithmException;
025import java.security.NoSuchProviderException;
026import java.security.SecureRandom;
027import java.util.HashMap;
028import java.util.Map;
029
030import javax.net.ServerSocketFactory;
031import javax.net.SocketFactory;
032import javax.net.ssl.KeyManager;
033import javax.net.ssl.SSLContext;
034import javax.net.ssl.SSLServerSocketFactory;
035import javax.net.ssl.SSLSocketFactory;
036import javax.net.ssl.TrustManager;
037
038import org.apache.activemq.broker.BrokerService;
039import org.apache.activemq.broker.BrokerServiceAware;
040import org.apache.activemq.broker.SslContext;
041import org.apache.activemq.openwire.OpenWireFormat;
042import org.apache.activemq.transport.InactivityMonitor;
043import org.apache.activemq.transport.Transport;
044import org.apache.activemq.transport.TransportFactory;
045import org.apache.activemq.transport.TransportLoggerFactory;
046import org.apache.activemq.transport.TransportServer;
047import org.apache.activemq.transport.WireFormatNegotiator;
048import org.apache.activemq.util.IOExceptionSupport;
049import org.apache.activemq.util.IntrospectionSupport;
050import org.apache.activemq.util.URISupport;
051import org.apache.activemq.wireformat.WireFormat;
052import org.slf4j.Logger;
053import org.slf4j.LoggerFactory;
054
055/**
056 * An implementation of the TcpTransportFactory using SSL. The major
057 * contribution from this class is that it is aware of SslTransportServer and
058 * SslTransport classes. All Transports and TransportServers created from this
059 * factory will have their needClientAuth option set to false.
060 * 
061 * @author sepandm@gmail.com (Sepand)
062 * @author David Martin Clavo david(dot)martin(dot)clavo(at)gmail.com (logging improvement modifications)
063 * 
064 */
065public class SslTransportFactory extends TcpTransportFactory {
066    // The log this uses.,
067    private static final Logger LOG = LoggerFactory.getLogger(SslTransportFactory.class);
068    
069    /**
070     * Overriding to use SslTransportServer and allow for proper reflection.
071     */
072    public TransportServer doBind(final URI location) throws IOException {
073        try {
074            Map<String, String> options = new HashMap<String, String>(URISupport.parseParameters(location));
075
076            ServerSocketFactory serverSocketFactory = createServerSocketFactory();
077            SslTransportServer server = new SslTransportServer(this, location, (SSLServerSocketFactory)serverSocketFactory);
078            server.setWireFormatFactory(createWireFormatFactory(options));
079            IntrospectionSupport.setProperties(server, options);
080            Map<String, Object> transportOptions = IntrospectionSupport.extractProperties(options, "transport.");
081            server.setTransportOption(transportOptions);
082            server.bind();
083
084            return server;
085        } catch (URISyntaxException e) {
086            throw IOExceptionSupport.create(e);
087        }
088    }
089
090    /**
091     * Overriding to allow for proper configuration through reflection.
092     */
093    public Transport compositeConfigure(Transport transport, WireFormat format, Map options) {
094
095        SslTransport sslTransport = (SslTransport)transport.narrow(SslTransport.class);
096        IntrospectionSupport.setProperties(sslTransport, options);
097
098        Map<String, Object> socketOptions = IntrospectionSupport.extractProperties(options, "socket.");
099
100        sslTransport.setSocketOptions(socketOptions);
101
102        if (sslTransport.isTrace()) {
103            try {
104                transport = TransportLoggerFactory.getInstance().createTransportLogger(transport,
105                        sslTransport.getLogWriterName(), sslTransport.isDynamicManagement(), sslTransport.isStartLogging(), sslTransport.getJmxPort());
106            } catch (Throwable e) {
107                LOG.error("Could not create TransportLogger object for: " + sslTransport.getLogWriterName() + ", reason: " + e, e);
108            }
109        }
110
111        transport = new InactivityMonitor(transport, format);
112
113        // Only need the WireFormatNegotiator if using openwire
114        if (format instanceof OpenWireFormat) {
115            transport = new WireFormatNegotiator(transport, (OpenWireFormat)format, sslTransport.getMinmumWireFormatVersion());
116        }
117
118        return transport;
119    }
120
121    /**
122     * Overriding to use SslTransports.
123     */
124    protected Transport createTransport(URI location, WireFormat wf) throws UnknownHostException, IOException {
125        URI localLocation = null;
126        String path = location.getPath();
127        // see if the path is a local URI location
128        if (path != null && path.length() > 0) {
129            int localPortIndex = path.indexOf(':');
130            try {
131                Integer.parseInt(path.substring(localPortIndex + 1, path.length()));
132                String localString = location.getScheme() + ":/" + path;
133                localLocation = new URI(localString);
134            } catch (Exception e) {
135                LOG.warn("path isn't a valid local location for SslTransport to use", e);
136            }
137        }
138        SocketFactory socketFactory = createSocketFactory();
139        return new SslTransport(wf, (SSLSocketFactory)socketFactory, location, localLocation, false);
140    }
141
142
143
144    /**
145     * Creates a new SSL ServerSocketFactory. The given factory will use
146     * user-provided key and trust managers (if the user provided them).
147     * 
148     * @return Newly created (Ssl)ServerSocketFactory.
149     * @throws IOException 
150     */
151    protected ServerSocketFactory createServerSocketFactory() throws IOException {
152        if( SslContext.getCurrentSslContext()!=null ) {
153            SslContext ctx = SslContext.getCurrentSslContext();
154            try {
155                return ctx.getSSLContext().getServerSocketFactory();
156            } catch (Exception e) {
157                throw IOExceptionSupport.create(e);
158            }
159        } else {
160            return SSLServerSocketFactory.getDefault();
161        }
162    }
163
164    /**
165     * Creates a new SSL SocketFactory. The given factory will use user-provided
166     * key and trust managers (if the user provided them).
167     * 
168     * @return Newly created (Ssl)SocketFactory.
169     * @throws IOException 
170     */
171    protected SocketFactory createSocketFactory() throws IOException {
172        
173        if( SslContext.getCurrentSslContext()!=null ) {
174            SslContext ctx = SslContext.getCurrentSslContext();
175            try {
176                return ctx.getSSLContext().getSocketFactory();
177            } catch (Exception e) {
178                throw IOExceptionSupport.create(e);
179            }
180        } else {
181            return SSLSocketFactory.getDefault();
182        }
183        
184    }
185
186    /**
187     * 
188     * @param km
189     * @param tm
190     * @param random
191     * @deprecated "Do not use anymore... using static initializers like this method only allows the JVM to use 1 SSL configuration per broker."
192     * @see org.apache.activemq.broker.SslContext#setCurrentSslContext(SslContext)
193     * @see org.apache.activemq.broker.SslContext#getSSLContext()
194     */
195    public void setKeyAndTrustManagers(KeyManager[] km, TrustManager[] tm, SecureRandom random) {
196        SslContext ctx = new SslContext(km, tm, random);
197        SslContext.setCurrentSslContext(ctx);
198    }
199
200}