import javax.net.ssl.*;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

sclass SNIKeyManager2 implements X509KeyManager {
  Map<S, X509KeyManager> keyManagersByDomain;
  bool verbose;

  *(Map<S, X509KeyManager> *keyManagersByDomain) {}

  @Override
  public String[] getClientAliases(String keyType, Principal[] issuers) {
    throw printStackTrace(new UnsupportedOperationException());
  }

  @Override
  public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
    throw printStackTrace(new UnsupportedOperationException());
  }

  @Override
  public String[] getServerAliases(String keyType, Principal[] issuers) {
    return toStringArray(keys(keyManagersByDomain));
  }

  @Override
  public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
    // This is the one used by serveHttps right now
    ExtendedSSLSession session = cast ((SSLSocket) socket).getHandshakeSession();
    print("chooseServerAlias session type: " + className(session));
    List<SNIServerName> names = session.getRequestedServerNames();
    if (verbose)
      print("Requested server names: " + names);
    S requestedName = str(first(names)); // rough, will look like this: "type=host_name (0), value=botcompany.de"
    
    for (S knownName : keys(keyManagersByDomain))
      if (ewic(requestedName, knownName)) {
        if (verbose) print("Matched server name: " + knownName);
        ret knownName;
      }
        
    if (verbose)
      print("Reverting to default server name");
    ret first(keys(keyManagersByDomain));
  }

  @Override
  public X509Certificate[] getCertificateChain(String alias) {
    return keyManagersByDomain.get(alias).getCertificateChain(alias);
  }

  @Override
  public PrivateKey getPrivateKey(String alias) {
    return keyManagersByDomain.get(alias).getPrivateKey(alias);
  }
}