Not logged in.  Login/Logout/Register | List snippets | | Create snippet | Upload image | Upload data

63
LINES

< > BotCompany Repo | #1024324 // SNIKeyManager [multi-domain certificate manager, WORKS]

JavaX fragment (include) [tags: use-pretranspiled]

Libraryless. Click here for Pure Java version (3948L/23K).

import javax.net.ssl.*;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

sclass SNIKeyManager implements X509KeyManager {
  Map<S, Pair<X509KeyManager, S>> keyManagersByDomain; // key = domain name, value = (key manager, alias)
  bool verbose;

  *(Map<S, Pair<X509KeyManager, S>> *keyManagersByDomain) {}

  @Override
  public String[] getClientAliases(String keyType, Principal[] issuers) {
    throw printStackTrace(new UnsupportedOperationException());
  }

  @Override
  public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
    throw printStackTrace(new UnsupportedOperationException());
  }

  @Override
  public String[] getServerAliases(String keyType, Principal[] issuers) {
    return toStringArray(keys(keyManagersByDomain));
  }

  @Override
  public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
    // This is the one used by serveHttps right now
    ExtendedSSLSession session = cast ((SSLSocket) socket).getHandshakeSession();
    if (verbose) print("chooseServerAlias session type: " + className(session));
    List<SNIServerName> names = session.getRequestedServerNames();
    if (verbose)
      print("Requested server names: " + names);
    S requestedName = str(first(names)); // rough, will look like this: "type=host_name (0), value=botcompany.de"
    requestedName = substring(requestedName, lastIndexOf(requestedName, "=")+1);
    
    for (S knownName : keys(keyManagersByDomain))
      //if (ewic(requestedName, knownName)) {
      if (domainIsUnder(requestedName, knownName)) {
        if (verbose) print("Matched server name: " + knownName);
        ret knownName;
      }
        
    if (verbose)
      print("Reverting to default server name");
    ret first(keys(keyManagersByDomain));
  }

  @Override
  public X509Certificate[] getCertificateChain(String alias) {
    X509KeyManager man, S alias2 = unpair keyManagersByDomain.get(alias);
    if (verbose) print("getCertificateChain " + alias + " => " + alias2);
    return man.getCertificateChain(alias2);
  }

  @Override
  public PrivateKey getPrivateKey(String alias) {
    X509KeyManager man, S alias2 = unpair keyManagersByDomain.get(alias);
    if (verbose) print("getPrivateKey " + alias + " => " + alias2);
    return man.getPrivateKey(alias2);
  }
}

Author comment

Began life as a copy of #1024321

download  show line numbers  debug dex  old transpilations   

Travelled to 7 computer(s): bhatertpkbcr, mqqgnosmbjvj, pyentgdyhuwx, pzhvpgtvlbxg, tvejysmllsmz, vouqrxazstgt, xrpafgyirdlv

No comments. add comment

Snippet ID: #1024324
Snippet name: SNIKeyManager [multi-domain certificate manager, WORKS]
Eternal ID of this version: #1024324/13
Text MD5: b900c0c6d3e3afd168c8950be762e960
Transpilation MD5: 4e5e6a976b5e00aaee2afdc38ebd75d0
Author: stefan
Category: javax / ssl
Type: JavaX fragment (include)
Public (visible to everyone): Yes
Archived (hidden from active list): No
Created/modified: 2021-10-16 02:00:16
Source code size: 2433 bytes / 63 lines
Pitched / IR pitched: No / No
Views / Downloads: 271 / 723
Version history: 12 change(s)
Referenced in: [show references]