| /** |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package org.apache.activemq.transport; |
| |
| import javax.net.ssl.SSLContext; |
| |
| import org.apache.activemq.broker.SslContext; |
| import org.apache.activemq.util.IntrospectionSupport; |
| import org.eclipse.jetty.server.Connector; |
| import org.eclipse.jetty.server.Server; |
| import org.eclipse.jetty.server.ServerConnector; |
| import org.eclipse.jetty.util.ssl.SslContextFactory; |
| |
| public class SecureSocketConnectorFactory extends SocketConnectorFactory { |
| |
| private String keyPassword = System.getProperty("javax.net.ssl.keyPassword"); |
| private String keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword"); |
| private String keyStore = System.getProperty("javax.net.ssl.keyStore"); |
| private String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword"); |
| private String trustStore = System.getProperty("javax.net.ssl.trustStore"); |
| private boolean needClientAuth; |
| private boolean wantClientAuth; |
| private String keyStoreType; |
| private String secureRandomCertficateAlgorithm; |
| private String trustCertificateAlgorithm; |
| private String keyCertificateAlgorithm; |
| private String protocol; |
| private String auth; |
| |
| private SslContext context; |
| private SslContextFactory contextFactory; |
| |
| public SecureSocketConnectorFactory() { |
| |
| } |
| public SecureSocketConnectorFactory(SslContext context) { |
| this.context = context; |
| } |
| |
| public SecureSocketConnectorFactory(SslContextFactory contextFactory) { |
| this.contextFactory = contextFactory; |
| } |
| |
| @Override |
| public Connector createConnector(Server server) throws Exception { |
| if (getTransportOptions() != null) { |
| IntrospectionSupport.setProperties(this, getTransportOptions()); |
| } |
| |
| SSLContext sslContext = context == null ? null : context.getSSLContext(); |
| |
| // Get a reference to the current ssl context factory... |
| |
| SslContextFactory factory; |
| if (contextFactory == null) { |
| factory = new SslContextFactory.Server(); |
| if (context != null) { |
| // Should not be using this method since it does not use all of the values |
| // from the passed SslContext instance..... |
| factory.setSslContext(sslContext); |
| |
| } else { |
| if (keyStore != null) { |
| factory.setKeyStorePath(keyStore); |
| } |
| if (keyStorePassword != null) { |
| factory.setKeyStorePassword(keyStorePassword); |
| } |
| // if the keyPassword hasn't been set, default it to the |
| // key store password |
| if (keyPassword == null && keyStorePassword != null) { |
| factory.setKeyStorePassword(keyStorePassword); |
| } |
| if (keyStoreType != null) { |
| factory.setKeyStoreType(keyStoreType); |
| } |
| if (secureRandomCertficateAlgorithm != null) { |
| factory.setSecureRandomAlgorithm(secureRandomCertficateAlgorithm); |
| } |
| if (keyCertificateAlgorithm != null) { |
| factory.setKeyManagerFactoryAlgorithm(keyCertificateAlgorithm); |
| } |
| if (trustCertificateAlgorithm != null) { |
| factory.setTrustManagerFactoryAlgorithm(trustCertificateAlgorithm); |
| } |
| if (protocol != null) { |
| factory.setProtocol(protocol); |
| } |
| if (trustStore != null) { |
| setTrustStore(factory, trustStore); |
| } |
| if (trustStorePassword != null) { |
| factory.setTrustStorePassword(trustStorePassword); |
| } |
| } |
| factory.setNeedClientAuth(needClientAuth); |
| factory.setWantClientAuth(wantClientAuth); |
| } else { |
| factory = contextFactory; |
| } |
| |
| |
| if ("KRB".equals(auth) || "BOTH".equals(auth) |
| && Server.getVersion().startsWith("8")) { |
| //return new Krb5AndCertsSslSocketConnector(factory, auth); |
| return null; |
| } else { |
| ServerConnector connector = new ServerConnector(server, factory); |
| server.setStopTimeout(500); |
| connector.setStopTimeout(500); |
| return connector; |
| } |
| } |
| private void setTrustStore(SslContextFactory factory, String trustStore2) throws Exception { |
| String mname = Server.getVersion().startsWith("8") ? "setTrustStore" : "setTrustStorePath"; |
| factory.getClass().getMethod(mname, String.class).invoke(factory, trustStore2); |
| } |
| |
| |
| |
| // Properties |
| // -------------------------------------------------------------------------------- |
| |
| public String getKeyStore() { |
| return keyStore; |
| } |
| |
| public void setKeyStore(String keyStore) { |
| this.keyStore = keyStore; |
| } |
| |
| public String getKeyPassword() { |
| return keyPassword; |
| } |
| |
| public void setKeyPassword(String keyPassword) { |
| this.keyPassword = keyPassword; |
| } |
| |
| public String getKeyStoreType() { |
| return keyStoreType; |
| } |
| |
| public void setKeyStoreType(String keyStoreType) { |
| this.keyStoreType = keyStoreType; |
| } |
| |
| public String getKeyStorePassword() { |
| return keyStorePassword; |
| } |
| |
| public void setKeyStorePassword(String keyStorePassword) { |
| this.keyStorePassword = keyStorePassword; |
| } |
| |
| public String getProtocol() { |
| return protocol; |
| } |
| |
| public void setProtocol(String protocol) { |
| this.protocol = protocol; |
| } |
| |
| public String getSecureRandomCertficateAlgorithm() { |
| return secureRandomCertficateAlgorithm; |
| } |
| |
| public void setSecureRandomCertficateAlgorithm(String secureRandomCertficateAlgorithm) { |
| this.secureRandomCertficateAlgorithm = secureRandomCertficateAlgorithm; |
| } |
| |
| public String getKeyCertificateAlgorithm() { |
| return keyCertificateAlgorithm; |
| } |
| |
| public void setKeyCertificateAlgorithm(String keyCertificateAlgorithm) { |
| this.keyCertificateAlgorithm = keyCertificateAlgorithm; |
| } |
| |
| public String getTrustCertificateAlgorithm() { |
| return trustCertificateAlgorithm; |
| } |
| |
| public void setTrustCertificateAlgorithm(String trustCertificateAlgorithm) { |
| this.trustCertificateAlgorithm = trustCertificateAlgorithm; |
| } |
| |
| /** |
| * @return the auth |
| */ |
| public String getAuth() { |
| return auth; |
| } |
| |
| /** |
| * @param auth the auth to set |
| */ |
| public void setAuth(String auth) { |
| this.auth = auth; |
| } |
| |
| public boolean isWantClientAuth() { |
| return wantClientAuth; |
| } |
| |
| public void setWantClientAuth(boolean wantClientAuth) { |
| this.wantClientAuth = wantClientAuth; |
| } |
| |
| public boolean isNeedClientAuth() { |
| return needClientAuth; |
| } |
| |
| public void setNeedClientAuth(boolean needClientAuth) { |
| this.needClientAuth = needClientAuth; |
| } |
| |
| public String getTrustStore() { |
| return trustStore; |
| } |
| |
| public void setTrustStore(String trustStore) { |
| this.trustStore = trustStore; |
| } |
| |
| public String getTrustStorePassword() { |
| return trustStorePassword; |
| } |
| |
| public void setTrustStorePassword(String trustStorePassword) { |
| this.trustStorePassword = trustStorePassword; |
| } |
| } |