001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one or more
003     * contributor license agreements.  See the NOTICE file distributed with
004     * this work for additional information regarding copyright ownership.
005     * The ASF licenses this file to You under the Apache License, Version 2.0
006     * (the "License"); you may not use this file except in compliance with
007     * the License.  You may obtain a copy of the License at
008     *
009     *      http://www.apache.org/licenses/LICENSE-2.0
010     *
011     * Unless required by applicable law or agreed to in writing, software
012     * distributed under the License is distributed on an "AS IS" BASIS,
013     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     * See the License for the specific language governing permissions and
015     * limitations under the License.
016     */
017    
018    package org.apache.activemq;
019    
020    import java.security.SecureRandom;
021    import javax.jms.JMSException;
022    import javax.net.ssl.KeyManager;
023    import javax.net.ssl.TrustManager;
024    
025    import org.apache.activemq.broker.SslContext;
026    import org.apache.activemq.transport.Transport;
027    import org.apache.activemq.transport.tcp.SslTransportFactory;
028    import org.apache.activemq.util.JMSExceptionSupport;
029    
030    /**
031     * An ActiveMQConnectionFactory that allows access to the key and trust managers
032     * used for SslConnections. There is no reason to use this class unless SSL is
033     * being used AND the key and trust managers need to be specified from within
034     * code. In fact, if the URI passed to this class does not have an "ssl" scheme,
035     * this class will pass all work on to its superclass.
036     * 
037     * @author sepandm@gmail.com
038     */
039    public class ActiveMQSslConnectionFactory extends ActiveMQConnectionFactory {
040        // The key and trust managers used to initialize the used SSLContext.
041        protected KeyManager[] keyManager;
042        protected TrustManager[] trustManager;
043        protected SecureRandom secureRandom;
044    
045        /**
046         * Sets the key and trust managers used when creating SSL connections.
047         * 
048         * @param km The KeyManagers used.
049         * @param tm The TrustManagers used.
050         * @param random The SecureRandom number used.
051         */
052        public void setKeyAndTrustManagers(final KeyManager[] km, final TrustManager[] tm, final SecureRandom random) {
053            keyManager = km;
054            trustManager = tm;
055            secureRandom = random;
056        }
057    
058        /**
059         * Overriding to make special considerations for SSL connections. If we are
060         * not using SSL, the superclass's method is called. If we are using SSL, an
061         * SslConnectionFactory is used and it is given the needed key and trust
062         * managers.
063         * 
064         * @author sepandm@gmail.com
065         */
066        protected Transport createTransport() throws JMSException {
067            // If the given URI is non-ssl, let superclass handle it.
068            if (!brokerURL.getScheme().equals("ssl")) {
069                return super.createTransport();
070            }
071    
072            try {
073                SslTransportFactory sslFactory = new SslTransportFactory();
074                SslContext ctx = new SslContext(keyManager, trustManager, secureRandom);
075                SslContext.setCurrentSslContext(ctx);
076                return sslFactory.doConnect(brokerURL);
077            } catch (Exception e) {
078                throw JMSExceptionSupport.create("Could not create Transport. Reason: " + e, e);
079            }
080        }
081    }