scope serverSocketFactory_botCompanyEtc.

import javax.net.*;
import javax.net.ssl.*;

static SNIKeyManager #keyManager;

sS #passphrase = "botcompany";
static File #trustKeyStoreFile;

static char[] #getPassphrase() {
  ret getChars(passphrase);
}

static SNIKeyManager #makeSNIKeyManager() {
  ret new SNIKeyManager(makeKeyManagerMap());
}

static Map<S, Pair<X509KeyManager, S>> #makeKeyManagerMap() {
  L<File> dirs = sortByFileName(listDirsContainingFileNamed(javaxSecretDir(), "keystore.p12"));
  char[] passphrase = getPassphrase();
  ret (Map) mapToOrderedMap(dirs, dir -> pair(fileName(dir), 
    pair(keyManagerFromKeyStore(newFile(dir, "keystore.p12"), passphrase), fileName(dir))));
}

static SSLServerSocketFactory serverSocketFactory_botCompanyEtc() ctex {
  trustKeyStoreFile = anyKeyStore();
  if (trustKeyStoreFile == null) ret (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
  KeyStore trustKeyStore = keyStoreFromFile(trustKeyStoreFile, getPassphrase());
  SNIKeyManager wrappedKeyManager = makeSNIKeyManager();
  keyManager = wrappedKeyManager;
  //wrappedKeyManager.verbose = true;
    
  TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  trustManagerFactory.init(trustKeyStore);

  SSLContext ctx = SSLContext.getInstance("TLS");
  ctx.init(new KeyManager[] {wrappedKeyManager}, trustManagerFactory.getTrustManagers(), null);
  
  ret ctx.getServerSocketFactory();
}

svoid serverSocketFactory_botCompanyEtc_update() {
  keyManager.keyManagersByDomain = makeKeyManagerMap();
}

end scope