!7

!include once #1024321 // SNIKeyManager

import javax.net.ssl.*;

p {
  char[] passphrase = trim(loadSecretTextFileMandatory(#1013896, "keystore-pass")).toCharArray();

  KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
  temp InputStream keystoreStream = new FileInputStream(javaxSecretDir("keystore.p12"));
  keystore.load(keystoreStream, passphrase);
  KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
  keyManagerFactory.init(keystore, passphrase);

  TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  trustManagerFactory.init(keystore);
  
  SSLContext ctx = SSLContext.getInstance("TLS");
  KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
  if (l(keyManagers) > 1) print("Confused: More than one key manager");
  SNIKeyManager wrappedKeyManager = new((X509ExtendedKeyManager) first(keyManagers));
  wrappedKeyManager.verbose = true;
  ctx.init(new KeyManager[] {wrappedKeyManager}, trustManagerFactory.getTrustManagers(), null);
  
  serveHttps(1443, ctx.getServerSocketFactory());
}