SslTransport


1   /**
2    *
3    * Licensed to the Apache Software Foundation (ASF) under one or more
4    * contributor license agreements.  See the NOTICE file distributed with
5    * this work for additional information regarding copyright ownership.
6    * The ASF licenses this file to You under the Apache License, Version 2.0
7    * (the "License"); you may not use this file except in compliance with
8    * the License.  You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  package org.apache.activemq.transport.tcp;
20  
21  import org.apache.activemq.command.Command;
22  import org.apache.activemq.command.ConnectionInfo;
23  import org.apache.activemq.wireformat.WireFormat;
24  
25  import java.io.IOException  ;
26  import java.net.URI  ;
27  import java.net.UnknownHostException  ;
28  import java.security.cert.X509Certificate  ;
29  
30  import javax.net.ssl.SSLPeerUnverifiedException;
31  import javax.net.ssl.SSLSession;
32  import javax.net.ssl.SSLSocket;
33  import javax.net.ssl.SSLSocketFactory;
34  
35  /**
36   * A Transport class that uses SSL and client-side certificate authentication.
37   *
38   * Client-side certificate authentication must be enabled through the constructor.
39   * By default, this class will have the same client authentication behavior as the socket it is passed.
40   * This class will set ConnectionInfo's transportContext to the SSL certificates of the client.
41   * NOTE: Accessor method for needClientAuth was not provided on purpose. This is because needClientAuth's value must be
42   *      set before the socket is connected. Otherwise, unexpected situations may occur.
43   * 
44   */
45  public class SslTransport extends TcpTransport {
46      /**
47       * Connect to a remote node such as a Broker.
48       * 
49       * @param wireFormat The WireFormat to be used.
50       * @param socketFactory The socket factory to be used. Forcing SSLSockets
51       *      for obvious reasons.
52       * @param remoteLocation The remote location.
53       * @param localLocation The local location.
54       * @param needClientAuth If set to true, the underlying socket will need
55       *      client certificate authentication.
56       * @throws UnknownHostException If TcpTransport throws.
57       * @throws IOException If TcpTransport throws.
58       */
59      public SslTransport(WireFormat wireFormat, SSLSocketFactory socketFactory, URI   remoteLocation, URI   localLocation, boolean needClientAuth) throws IOException   {
60          super(wireFormat, socketFactory, remoteLocation, localLocation);
61          if (this.socket != null) {
62              ((SSLSocket)this.socket).setNeedClientAuth(needClientAuth);
63          }
64      }
65      
66      /**
67       * Initialize from a ServerSocket.
68       * 
69       * No access to needClientAuth is given since it is already set within the
70       *      provided socket.
71       * 
72       * @param wireFormat The WireFormat to be used.
73       * @param socket The Socket to be used. Forcing SSL.
74       * @throws IOException If TcpTransport throws.
75       */
76      public SslTransport(WireFormat wireFormat, SSLSocket socket) throws IOException   {
77          super(wireFormat, socket);
78      }
79      
80      /**
81       * Overriding in order to add the client's certificates to ConnectionInfo Commmands. 
82       * 
83       * @param command The Command coming in.
84       */
85      public void doConsume(Command command) {
86          // The instanceof can be avoided, but that would require modifying the
87          //      Command clas tree and that would require too much effort right
88          //      now.
89          if ( command instanceof ConnectionInfo ) {
90              ConnectionInfo connectionInfo = (ConnectionInfo)command;
91              
92              SSLSocket sslSocket = (SSLSocket)this.socket;
93              
94              SSLSession sslSession = sslSocket.getSession();
95              
96              X509Certificate  [] clientCertChain;
97              try {
98                  clientCertChain =
99                      (X509Certificate  []) sslSession.getPeerCertificates();
100             } catch(SSLPeerUnverifiedException e) {
101                 clientCertChain = null;
102             }
103             
104             connectionInfo.setTransportContext(clientCertChain);
105         }
106 
107         super.doConsume(command);
108     }
109 
110     /**
111      * @return pretty print of 'this'
112      */
113     public String   toString() {
114         return "ssl://"+socket.getInetAddress()+":"+socket.getPort();
115     }
116 
117 }
118 
119
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags