Class UnifiedServerSocket
java.lang.Object
java.net.ServerSocket
org.apache.zookeeper.server.quorum.UnifiedServerSocket
- All Implemented Interfaces:
Closeable
,AutoCloseable
A ServerSocket that can act either as a regular ServerSocket, as a SSLServerSocket, or as both, depending on
the constructor parameters and on the type of client (TLS or plaintext) that connects to it.
The constructors have the same signature as constructors of ServerSocket, with the addition of two parameters
at the beginning:
- X509Util - provides the SSL context to construct a secure socket when a client connects with TLS.
- boolean allowInsecureConnection - when true, acts as a hybrid server socket (plaintext / TLS). When false, acts as a SSLServerSocket (rejects plaintext connections).
!allowInsecureConnection
mode is needed so we can update the SSLContext (in particular, the
key store and/or trust store) without having to re-create the server socket. By starting with a plaintext socket
and delaying the upgrade to TLS until after a client has connected and begins a handshake, we can keep the same
UnifiedServerSocket instance around, and replace the default SSLContext in the provided X509Util when the key store
and/or trust store file changes on disk.-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic class
The result of calling accept() on a UnifiedServerSocket. -
Constructor Summary
ConstructorsConstructorDescriptionUnifiedServerSocket
(X509Util x509Util, boolean allowInsecureConnection) Creates an unbound unified server socket by callingServerSocket()
.UnifiedServerSocket
(X509Util x509Util, boolean allowInsecureConnection, int port) Creates a unified server socket bound to the specified port by callingServerSocket(int)
.UnifiedServerSocket
(X509Util x509Util, boolean allowInsecureConnection, int port, int backlog) Creates a unified server socket bound to the specified port, with the specified backlog, by callingServerSocket(int, int)
.UnifiedServerSocket
(X509Util x509Util, boolean allowInsecureConnection, int port, int backlog, InetAddress bindAddr) Creates a unified server socket bound to the specified port, with the specified backlog, and local IP address to bind to, by callingServerSocket(int, int, InetAddress)
. -
Method Summary
Methods inherited from class java.net.ServerSocket
bind, bind, close, getChannel, getInetAddress, getLocalPort, getLocalSocketAddress, getOption, getReceiveBufferSize, getReuseAddress, getSoTimeout, implAccept, isBound, isClosed, setOption, setPerformancePreferences, setReceiveBufferSize, setReuseAddress, setSocketFactory, setSoTimeout, supportedOptions, toString
-
Constructor Details
-
UnifiedServerSocket
Creates an unbound unified server socket by callingServerSocket()
. Secure client connections will be upgraded to TLS once this socket detects the ClientHello message (start of a TLS handshake). Plaintext client connections will either be accepted or rejected depending on the value of theallowInsecureConnection
parameter.- Parameters:
x509Util
- the X509Util that provides the SSLContext to use for secure connections.allowInsecureConnection
- if true, accept plaintext connections, otherwise close them.- Throws:
IOException
- ifServerSocket()
throws.
-
UnifiedServerSocket
public UnifiedServerSocket(X509Util x509Util, boolean allowInsecureConnection, int port) throws IOException Creates a unified server socket bound to the specified port by callingServerSocket(int)
. Secure client connections will be upgraded to TLS once this socket detects the ClientHello message (start of a TLS handshake). Plaintext client connections will either be accepted or rejected depending on the value of theallowInsecureConnection
parameter.- Parameters:
x509Util
- the X509Util that provides the SSLContext to use for secure connections.allowInsecureConnection
- if true, accept plaintext connections, otherwise close them.port
- the port number, or0
to use a port number that is automatically allocated.- Throws:
IOException
- ifServerSocket(int)
throws.
-
UnifiedServerSocket
public UnifiedServerSocket(X509Util x509Util, boolean allowInsecureConnection, int port, int backlog) throws IOException Creates a unified server socket bound to the specified port, with the specified backlog, by callingServerSocket(int, int)
. Secure client connections will be upgraded to TLS once this socket detects the ClientHello message (start of a TLS handshake). Plaintext client connections will either be accepted or rejected depending on the value of theallowInsecureConnection
parameter.- Parameters:
x509Util
- the X509Util that provides the SSLContext to use for secure connections.allowInsecureConnection
- if true, accept plaintext connections, otherwise close them.port
- the port number, or0
to use a port number that is automatically allocated.backlog
- requested maximum length of the queue of incoming connections.- Throws:
IOException
- ifServerSocket(int, int)
throws.
-
UnifiedServerSocket
public UnifiedServerSocket(X509Util x509Util, boolean allowInsecureConnection, int port, int backlog, InetAddress bindAddr) throws IOException Creates a unified server socket bound to the specified port, with the specified backlog, and local IP address to bind to, by callingServerSocket(int, int, InetAddress)
. Secure client connections will be upgraded to TLS once this socket detects the ClientHello message (start of a TLS handshake). Plaintext client connections will either be accepted or rejected depending on the value of theallowInsecureConnection
parameter.- Parameters:
x509Util
- the X509Util that provides the SSLContext to use for secure connections.allowInsecureConnection
- if true, accept plaintext connections, otherwise close them.port
- the port number, or0
to use a port number that is automatically allocated.backlog
- requested maximum length of the queue of incoming connections.bindAddr
- the local InetAddress the server will bind to.- Throws:
IOException
- ifServerSocket(int, int, InetAddress)
throws.
-
-
Method Details
-
accept
- Overrides:
accept
in classServerSocket
- Throws:
IOException
-