SNIKeyManager (old) [1024321]

import javax.net.ssl.*;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

// from https://github.com/grahamedgecombe/netty-sni-example/blob/master/src/main/java/SniKeyManager.java

sclass SNIKeyManager extends X509ExtendedKeyManager {
  X509ExtendedKeyManager keyManager;
  S defaultAlias = "test1.example.com";
  bool verbose;

  *(X509ExtendedKeyManager *keyManager) {}

  @Override
  public String[] getClientAliases(String keyType, Principal[] issuers) {
    throw printStackTrace(new UnsupportedOperationException()); // we don't use client mode
  }

  @Override
  public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
    throw printStackTrace(new UnsupportedOperationException()); // as above
  }

  @Override
  public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine) {
    throw printStackTrace(new UnsupportedOperationException()); // as above
  }

  @Override
  public String[] getServerAliases(String keyType, Principal[] issuers) {
    return keyManager.getServerAliases(keyType, issuers);
  }

  @Override
  public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
    // This is the one used by serveHttps right now
    ExtendedSSLSession session = cast ((SSLSocket) socket).getHandshakeSession();
    print("chooseServerAlias session type: " + className(session));
    List<SNIServerName> names = session.getRequestedServerNames();
    if (verbose)
      print("Requested server names: " + names);
    
    ret keyManager.chooseServerAlias(keyType, issuers, socket);
  }

  @Override
  public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) {
    ExtendedSSLSession session = (ExtendedSSLSession) engine.getHandshakeSession();

    // Pick first SNIHostName in the list of SNI names.
    String hostname = null;
    List<SNIServerName> names = session.getRequestedServerNames();
    if (verbose)
      print("Requested server names: " + names);
    for (SNIServerName name : names) {
      if (name.getType() == StandardConstants.SNI_HOST_NAME) {
        hostname = ((SNIHostName) name).getAsciiName();
        break;
      }
    }

    // If we got given a hostname over SNI, check if we have a cert and key for that hostname. If so, we use it.
    // Otherwise, we fall back to the default certificate.
    if (hostname != null && (getCertificateChain(hostname) != null && getPrivateKey(hostname) != null))
      return hostname;
    else
      return defaultAlias;
  }

  @Override
  public X509Certificate[] getCertificateChain(String alias) {
    return keyManager.getCertificateChain(alias);
  }

  @Override
  public PrivateKey getPrivateKey(String alias) {
    return keyManager.getPrivateKey(alias);
  }
}

Travelled to 6 computer(s): bhatertpkbcr, mqqgnosmbjvj, pyentgdyhuwx, pzhvpgtvlbxg, tvejysmllsmz, vouqrxazstgt

1	import javax.net.ssl.*;
2	import java.security.Principal;
3	import java.security.PrivateKey;
4	import java.security.cert.X509Certificate;
5
6	// from https://github.com/grahamedgecombe/netty-sni-example/blob/master/src/main/java/SniKeyManager.java
7
8	sclass SNIKeyManager extends X509ExtendedKeyManager {
9	X509ExtendedKeyManager keyManager;
10	S defaultAlias = "test1.example.com";
11	bool verbose;
12
13	(X509ExtendedKeyManager keyManager) {}
14
15	@Override
16	public String[] getClientAliases(String keyType, Principal[] issuers) {
17	throw printStackTrace(new UnsupportedOperationException()); // we don't use client mode
18	}
19
20	@Override
21	public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
22	throw printStackTrace(new UnsupportedOperationException()); // as above
23	}
24
25	@Override
26	public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine) {
27	throw printStackTrace(new UnsupportedOperationException()); // as above
28	}
29
30	@Override
31	public String[] getServerAliases(String keyType, Principal[] issuers) {
32	return keyManager.getServerAliases(keyType, issuers);
33	}
34
35	@Override
36	public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
37	// This is the one used by serveHttps right now
38	ExtendedSSLSession session = cast ((SSLSocket) socket).getHandshakeSession();
39	print("chooseServerAlias session type: " + className(session));
40	List<SNIServerName> names = session.getRequestedServerNames();
41	if (verbose)
42	print("Requested server names: " + names);
43
44	ret keyManager.chooseServerAlias(keyType, issuers, socket);
45	}
46
47	@Override
48	public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) {
49	ExtendedSSLSession session = (ExtendedSSLSession) engine.getHandshakeSession();
50
51	// Pick first SNIHostName in the list of SNI names.
52	String hostname = null;
53	List<SNIServerName> names = session.getRequestedServerNames();
54	if (verbose)
55	print("Requested server names: " + names);
56	for (SNIServerName name : names) {
57	if (name.getType() == StandardConstants.SNI_HOST_NAME) {
58	hostname = ((SNIHostName) name).getAsciiName();
59	break;
60	}
61	}
62
63	// If we got given a hostname over SNI, check if we have a cert and key for that hostname. If so, we use it.
64	// Otherwise, we fall back to the default certificate.
65	if (hostname != null && (getCertificateChain(hostname) != null && getPrivateKey(hostname) != null))
66	return hostname;
67	else
68	return defaultAlias;
69	}
70
71	@Override
72	public X509Certificate[] getCertificateChain(String alias) {
73	return keyManager.getCertificateChain(alias);
74	}
75
76	@Override
77	public PrivateKey getPrivateKey(String alias) {
78	return keyManager.getPrivateKey(alias);
79	}
80	}

Snippet ID:	#1024321
Snippet name:	SNIKeyManager (old)
Eternal ID of this version:	#1024321/10
Text MD5:	2292d5cc3f533c975f4ddd7cabd0e074
Author:	stefan
Category:	javax / ssl
Type:	JavaX fragment (include)
Public (visible to everyone):	Yes
Archived (hidden from active list):	No
Created/modified:	2019-08-02 15:18:15
Source code size:	2907 bytes / 80 lines
Pitched / IR pitched:	No / No
Views / Downloads:	142 / 289
Version history:	9 change(s)
Referenced in:	[show references]

< > BotCompany Repo | #1024321 // SNIKeyManager (old)

JavaX fragment (include) [tags: use-pretranspiled]