Github user anmolnar commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/184#discussion_r195567746
--- Diff:
src/java/main/org/apache/zookeeper/server/quorum/UnifiedServerSocket.java ---
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.zookeeper.server.quorum;
+
+import org.apache.zookeeper.common.X509Exception;
+import org.apache.zookeeper.common.X509Util;
+import org.jboss.netty.buffer.ChannelBuffers;
+import org.jboss.netty.handler.ssl.SslHandler;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.net.ssl.SSLSocket;
+import java.io.IOException;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.SocketException;
+
+public class UnifiedServerSocket extends ServerSocket {
--- End diff --
I'm struggling to get this right, so really curious about your
implementation. The SSL side works fine, I can create the special socket
combined with the InputStream as suggested to channel back already consumed
data, but how can I do the same with non-SSL socket?
Modified `UnifiedServerSocket` like this:
```java
final Socket normalSocket = new Socket();
implAccept(normalSocket);
byte[] litmus = new byte[5];
int bytesRead = normalSocket.getInputStream().read(litmus, 0, 5);
if (bytesRead == 5 &&
SslHandler.isEncrypted(ChannelBuffers.wrappedBuffer(litmus))) {
LOG.info(getInetAddress() + " attempting to connect over ssl");
SSLSocket sslSocket;
try {
sslSocket = x509Util.createSSLSocket(normalSocket, new
ByteArrayInputStream(litmus));
} catch (X509Exception e) {
throw new IOException("failed to create SSL context", e);
}
sslSocket.setUseClientMode(false);
return sslSocket;
} else {
LOG.info(getInetAddress() + " attempting to connect without
ssl");
return normalSocket;
}
```
Last return statement lacks of channeling back the litmus, hence it cannot
be read on server side.
---
