Package org.apache.zookeeper.server.quorum

Class UnifiedServerSocket

  • All Implemented Interfaces:
    Closeable, AutoCloseable
    public class UnifiedServerSocket
extends ServerSocket
    A ServerSocket that can act either as a regular ServerSocket, as a SSLServerSocket, or as both, depending on the constructor parameters and on the type of client (TLS or plaintext) that connects to it. The constructors have the same signature as constructors of ServerSocket, with the addition of two parameters at the beginning:
    • X509Util - provides the SSL context to construct a secure socket when a client connects with TLS.
    • boolean allowInsecureConnection - when true, acts as a hybrid server socket (plaintext / TLS). When false, acts as a SSLServerSocket (rejects plaintext connections).
    The !allowInsecureConnection mode is needed so we can update the SSLContext (in particular, the key store and/or trust store) without having to re-create the server socket. By starting with a plaintext socket and delaying the upgrade to TLS until after a client has connected and begins a handshake, we can keep the same UnifiedServerSocket instance around, and replace the default SSLContext in the provided X509Util when the key store and/or trust store file changes on disk.

    • Constructor Detail

      • UnifiedServerSocket

        public UnifiedServerSocket​(X509Util x509Util,
                           boolean allowInsecureConnection)
                    throws IOException
        Creates an unbound unified server socket by calling ServerSocket(). Secure client connections will be upgraded to TLS once this socket detects the ClientHello message (start of a TLS handshake). Plaintext client connections will either be accepted or rejected depending on the value of the allowInsecureConnection parameter.
        Parameters:
        x509Util - the X509Util that provides the SSLContext to use for secure connections.
        allowInsecureConnection - if true, accept plaintext connections, otherwise close them.
        Throws:
        IOException - if ServerSocket() throws.

      • UnifiedServerSocket

        public UnifiedServerSocket​(X509Util x509Util,
                           boolean allowInsecureConnection,
                           int port)
                    throws IOException
        Creates a unified server socket bound to the specified port by calling ServerSocket(int). Secure client connections will be upgraded to TLS once this socket detects the ClientHello message (start of a TLS handshake). Plaintext client connections will either be accepted or rejected depending on the value of the allowInsecureConnection parameter.
        Parameters:
        x509Util - the X509Util that provides the SSLContext to use for secure connections.
        allowInsecureConnection - if true, accept plaintext connections, otherwise close them.
        port - the port number, or 0 to use a port number that is automatically allocated.
        Throws:
        IOException - if ServerSocket(int) throws.

      • UnifiedServerSocket

        public UnifiedServerSocket​(X509Util x509Util,
                           boolean allowInsecureConnection,
                           int port,
                           int backlog)
                    throws IOException
        Creates a unified server socket bound to the specified port, with the specified backlog, by calling ServerSocket(int, int). Secure client connections will be upgraded to TLS once this socket detects the ClientHello message (start of a TLS handshake). Plaintext client connections will either be accepted or rejected depending on the value of the allowInsecureConnection parameter.
        Parameters:
        x509Util - the X509Util that provides the SSLContext to use for secure connections.
        allowInsecureConnection - if true, accept plaintext connections, otherwise close them.
        port - the port number, or 0 to use a port number that is automatically allocated.
        backlog - requested maximum length of the queue of incoming connections.
        Throws:
        IOException - if ServerSocket(int, int) throws.

      • UnifiedServerSocket

        public UnifiedServerSocket​(X509Util x509Util,
                           boolean allowInsecureConnection,
                           int port,
                           int backlog,
                           InetAddress bindAddr)
                    throws IOException
        Creates a unified server socket bound to the specified port, with the specified backlog, and local IP address to bind to, by calling ServerSocket(int, int, InetAddress). Secure client connections will be upgraded to TLS once this socket detects the ClientHello message (start of a TLS handshake). Plaintext client connections will either be accepted or rejected depending on the value of the allowInsecureConnection parameter.
        Parameters:
        x509Util - the X509Util that provides the SSLContext to use for secure connections.
        allowInsecureConnection - if true, accept plaintext connections, otherwise close them.
        port - the port number, or 0 to use a port number that is automatically allocated.
        backlog - requested maximum length of the queue of incoming connections.
        bindAddr - the local InetAddress the server will bind to.
        Throws:
        IOException - if ServerSocket(int, int, InetAddress) throws.