Not logged in.  Login/Logout/Register | List snippets | | Create snippet | Upload image | Upload data

80
LINES

< > BotCompany Repo | #1024321 // SNIKeyManager (old)

JavaX fragment (include) [tags: use-pretranspiled]

Transpiled version (1696L) is out of date.

import javax.net.ssl.*;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

// from https://github.com/grahamedgecombe/netty-sni-example/blob/master/src/main/java/SniKeyManager.java

sclass SNIKeyManager extends X509ExtendedKeyManager {
  X509ExtendedKeyManager keyManager;
  S defaultAlias = "test1.example.com";
  bool verbose;

  *(X509ExtendedKeyManager *keyManager) {}

  @Override
  public String[] getClientAliases(String keyType, Principal[] issuers) {
    throw printStackTrace(new UnsupportedOperationException()); // we don't use client mode
  }

  @Override
  public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
    throw printStackTrace(new UnsupportedOperationException()); // as above
  }

  @Override
  public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine) {
    throw printStackTrace(new UnsupportedOperationException()); // as above
  }

  @Override
  public String[] getServerAliases(String keyType, Principal[] issuers) {
    return keyManager.getServerAliases(keyType, issuers);
  }

  @Override
  public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
    // This is the one used by serveHttps right now
    ExtendedSSLSession session = cast ((SSLSocket) socket).getHandshakeSession();
    print("chooseServerAlias session type: " + className(session));
    List<SNIServerName> names = session.getRequestedServerNames();
    if (verbose)
      print("Requested server names: " + names);
    
    ret keyManager.chooseServerAlias(keyType, issuers, socket);
  }

  @Override
  public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) {
    ExtendedSSLSession session = (ExtendedSSLSession) engine.getHandshakeSession();

    // Pick first SNIHostName in the list of SNI names.
    String hostname = null;
    List<SNIServerName> names = session.getRequestedServerNames();
    if (verbose)
      print("Requested server names: " + names);
    for (SNIServerName name : names) {
      if (name.getType() == StandardConstants.SNI_HOST_NAME) {
        hostname = ((SNIHostName) name).getAsciiName();
        break;
      }
    }

    // If we got given a hostname over SNI, check if we have a cert and key for that hostname. If so, we use it.
    // Otherwise, we fall back to the default certificate.
    if (hostname != null && (getCertificateChain(hostname) != null && getPrivateKey(hostname) != null))
      return hostname;
    else
      return defaultAlias;
  }

  @Override
  public X509Certificate[] getCertificateChain(String alias) {
    return keyManager.getCertificateChain(alias);
  }

  @Override
  public PrivateKey getPrivateKey(String alias) {
    return keyManager.getPrivateKey(alias);
  }
}

download  show line numbers  debug dex  old transpilations   

Travelled to 6 computer(s): bhatertpkbcr, mqqgnosmbjvj, pyentgdyhuwx, pzhvpgtvlbxg, tvejysmllsmz, vouqrxazstgt

No comments. add comment

Snippet ID: #1024321
Snippet name: SNIKeyManager (old)
Eternal ID of this version: #1024321/10
Text MD5: 2292d5cc3f533c975f4ddd7cabd0e074
Author: stefan
Category: javax / ssl
Type: JavaX fragment (include)
Public (visible to everyone): Yes
Archived (hidden from active list): No
Created/modified: 2019-08-02 15:18:15
Source code size: 2907 bytes / 80 lines
Pitched / IR pitched: No / No
Views / Downloads: 202 / 372
Version history: 9 change(s)
Referenced in: [show references]