private int getHandshakeDetectionTimeoutMillis(final ZKConfig config) { String propertyString = config.getProperty(x509Util.getSslHandshakeDetectionTimeoutMillisProperty()); int result; if (propertyString == null) { result = X509Util.DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS; } else { result = Integer.parseInt(propertyString); if (result < 1) { // Timeout of 0 is not allowed, since an infinite timeout can permanently lock up an // accept() thread. LOG.warn("Invalid value for {}: {}, using the default value of {}", x509Util.getSslHandshakeDetectionTimeoutMillisProperty(), result, X509Util.DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS); result = X509Util.DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS; } } return result; } }
/** * Returns the max amount of time, in milliseconds, that the first UnifiedServerSocket read() operation should * block for when trying to detect the client mode (TLS or PLAINTEXT). * Defaults to {@link X509Util#DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS}. * * @return the handshake detection timeout, in milliseconds. */ public int getSslHandshakeTimeoutMillis() { try { SSLContextAndOptions ctx = getDefaultSSLContextAndOptions(); return ctx.getHandshakeDetectionTimeoutMillis(); } catch (SSLContextException e) { LOG.error("Error creating SSL context and options", e); return DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS; } catch (Exception e) { LOG.error("Error parsing config property " + getSslHandshakeDetectionTimeoutMillisProperty(), e); return DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS; } }
properties.put(x509Util.getSslClientAuthProperty(), System.getProperty(x509Util.getSslClientAuthProperty())); properties.put(x509Util.getSslHandshakeDetectionTimeoutMillisProperty(), System.getProperty(x509Util.getSslHandshakeDetectionTimeoutMillisProperty()));
@After public void cleanUp() { x509TestContext.clearSystemProperties(x509Util); System.clearProperty(x509Util.getSslOcspEnabledProperty()); System.clearProperty(x509Util.getSslCrlEnabledProperty()); System.clearProperty(x509Util.getCipherSuitesProperty()); System.clearProperty(x509Util.getSslProtocolProperty()); System.clearProperty(x509Util.getSslHandshakeDetectionTimeoutMillisProperty()); System.clearProperty("com.sun.net.ssl.checkRevocation"); System.clearProperty("com.sun.security.enableCRLDP"); Security.setProperty("ocsp.enable", Boolean.FALSE.toString()); Security.setProperty("com.sun.security.enableCRLDP", Boolean.FALSE.toString()); System.clearProperty(ServerCnxnFactory.ZOOKEEPER_SERVER_CNXN_FACTORY); System.clearProperty(ZKClientConfig.ZOOKEEPER_CLIENT_CNXN_SOCKET); x509Util.close(); }
@After public void tearDown() throws Exception { x509TestContext.clearSystemProperties(x509Util); System.clearProperty(x509Util.getSslHandshakeDetectionTimeoutMillisProperty()); forceClose(listeningSocket); forceClose(serverSideSocket); forceClose(clientSocket); workerPool.shutdown(); workerPool.awaitTermination(1000, TimeUnit.MILLISECONDS); x509Util.close(); }
x509Util = new ClientX509Util(); x509TestContext.setSystemProperties(x509Util, KeyStoreFileType.JKS, KeyStoreFileType.JKS); System.setProperty(x509Util.getSslHandshakeDetectionTimeoutMillisProperty(), "100"); workerPool = Executors.newCachedThreadPool(); port = PortAssignment.unique();
@Test public void testGetSslHandshakeDetectionTimeoutMillisProperty() { Assert.assertEquals( X509Util.DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS, x509Util.getSslHandshakeTimeoutMillis()); // Note: need to create a new ClientX509Util each time to pick up modified property value String newPropertyString = Integer.toString(X509Util.DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS + 1); System.setProperty(x509Util.getSslHandshakeDetectionTimeoutMillisProperty(), newPropertyString); try (X509Util tempX509Util = new ClientX509Util()) { Assert.assertEquals( X509Util.DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS + 1, tempX509Util.getSslHandshakeTimeoutMillis()); } // 0 value not allowed, will return the default System.setProperty(x509Util.getSslHandshakeDetectionTimeoutMillisProperty(), "0"); try (X509Util tempX509Util = new ClientX509Util()) { Assert.assertEquals( X509Util.DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS, tempX509Util.getSslHandshakeTimeoutMillis()); } // Negative value not allowed, will return the default System.setProperty(x509Util.getSslHandshakeDetectionTimeoutMillisProperty(), "-1"); try (X509Util tempX509Util = new ClientX509Util()) { Assert.assertEquals( X509Util.DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS, tempX509Util.getSslHandshakeTimeoutMillis()); } }