Class UnifiedServerSocket

  • All Implemented Interfaces:
    java.io.Closeable, java.lang.AutoCloseable

    public class UnifiedServerSocket
    extends java.net.ServerSocket
    A ServerSocket that can act either as a regular ServerSocket, as a SSLServerSocket, or as both, depending on the constructor parameters and on the type of client (TLS or plaintext) that connects to it. The constructors have the same signature as constructors of ServerSocket, with the addition of two parameters at the beginning:
    • X509Util - provides the SSL context to construct a secure socket when a client connects with TLS.
    • boolean allowInsecureConnection - when true, acts as a hybrid server socket (plaintext / TLS). When false, acts as a SSLServerSocket (rejects plaintext connections).
    The !allowInsecureConnection mode is needed so we can update the SSLContext (in particular, the key store and/or trust store) without having to re-create the server socket. By starting with a plaintext socket and delaying the upgrade to TLS until after a client has connected and begins a handshake, we can keep the same UnifiedServerSocket instance around, and replace the default SSLContext in the provided X509Util when the key store and/or trust store file changes on disk.
    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  UnifiedServerSocket.UnifiedSocket
      The result of calling accept() on a UnifiedServerSocket.
    • Constructor Summary

      Constructors 
      Constructor Description
      UnifiedServerSocket​(X509Util x509Util, boolean allowInsecureConnection)
      Creates an unbound unified server socket by calling ServerSocket().
      UnifiedServerSocket​(X509Util x509Util, boolean allowInsecureConnection, int port)
      Creates a unified server socket bound to the specified port by calling ServerSocket(int).
      UnifiedServerSocket​(X509Util x509Util, boolean allowInsecureConnection, int port, int backlog)
      Creates a unified server socket bound to the specified port, with the specified backlog, by calling ServerSocket(int, int).
      UnifiedServerSocket​(X509Util x509Util, boolean allowInsecureConnection, int port, int backlog, java.net.InetAddress bindAddr)
      Creates a unified server socket bound to the specified port, with the specified backlog, and local IP address to bind to, by calling ServerSocket(int, int, InetAddress).
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.net.Socket accept()  
      • Methods inherited from class java.net.ServerSocket

        bind, bind, close, getChannel, getInetAddress, getLocalPort, getLocalSocketAddress, getOption, getReceiveBufferSize, getReuseAddress, getSoTimeout, implAccept, isBound, isClosed, setOption, setPerformancePreferences, setReceiveBufferSize, setReuseAddress, setSocketFactory, setSoTimeout, supportedOptions, toString
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
    • Constructor Detail

      • UnifiedServerSocket

        public UnifiedServerSocket​(X509Util x509Util,
                                   boolean allowInsecureConnection)
                            throws java.io.IOException
        Creates an unbound unified server socket by calling ServerSocket(). Secure client connections will be upgraded to TLS once this socket detects the ClientHello message (start of a TLS handshake). Plaintext client connections will either be accepted or rejected depending on the value of the allowInsecureConnection parameter.
        Parameters:
        x509Util - the X509Util that provides the SSLContext to use for secure connections.
        allowInsecureConnection - if true, accept plaintext connections, otherwise close them.
        Throws:
        java.io.IOException - if ServerSocket() throws.
      • UnifiedServerSocket

        public UnifiedServerSocket​(X509Util x509Util,
                                   boolean allowInsecureConnection,
                                   int port)
                            throws java.io.IOException
        Creates a unified server socket bound to the specified port by calling ServerSocket(int). Secure client connections will be upgraded to TLS once this socket detects the ClientHello message (start of a TLS handshake). Plaintext client connections will either be accepted or rejected depending on the value of the allowInsecureConnection parameter.
        Parameters:
        x509Util - the X509Util that provides the SSLContext to use for secure connections.
        allowInsecureConnection - if true, accept plaintext connections, otherwise close them.
        port - the port number, or 0 to use a port number that is automatically allocated.
        Throws:
        java.io.IOException - if ServerSocket(int) throws.
      • UnifiedServerSocket

        public UnifiedServerSocket​(X509Util x509Util,
                                   boolean allowInsecureConnection,
                                   int port,
                                   int backlog)
                            throws java.io.IOException
        Creates a unified server socket bound to the specified port, with the specified backlog, by calling ServerSocket(int, int). Secure client connections will be upgraded to TLS once this socket detects the ClientHello message (start of a TLS handshake). Plaintext client connections will either be accepted or rejected depending on the value of the allowInsecureConnection parameter.
        Parameters:
        x509Util - the X509Util that provides the SSLContext to use for secure connections.
        allowInsecureConnection - if true, accept plaintext connections, otherwise close them.
        port - the port number, or 0 to use a port number that is automatically allocated.
        backlog - requested maximum length of the queue of incoming connections.
        Throws:
        java.io.IOException - if ServerSocket(int, int) throws.
      • UnifiedServerSocket

        public UnifiedServerSocket​(X509Util x509Util,
                                   boolean allowInsecureConnection,
                                   int port,
                                   int backlog,
                                   java.net.InetAddress bindAddr)
                            throws java.io.IOException
        Creates a unified server socket bound to the specified port, with the specified backlog, and local IP address to bind to, by calling ServerSocket(int, int, InetAddress). Secure client connections will be upgraded to TLS once this socket detects the ClientHello message (start of a TLS handshake). Plaintext client connections will either be accepted or rejected depending on the value of the allowInsecureConnection parameter.
        Parameters:
        x509Util - the X509Util that provides the SSLContext to use for secure connections.
        allowInsecureConnection - if true, accept plaintext connections, otherwise close them.
        port - the port number, or 0 to use a port number that is automatically allocated.
        backlog - requested maximum length of the queue of incoming connections.
        bindAddr - the local InetAddress the server will bind to.
        Throws:
        java.io.IOException - if ServerSocket(int, int, InetAddress) throws.
    • Method Detail

      • accept

        public java.net.Socket accept()
                               throws java.io.IOException
        Overrides:
        accept in class java.net.ServerSocket
        Throws:
        java.io.IOException