Not logged in.  Login/Logout/Register | List snippets | | Create snippet | Upload image | Upload data

63
LINES

< > BotCompany Repo | #1024324 // SNIKeyManager [multi-domain certificate manager, WORKS]

JavaX fragment (include) [tags: use-pretranspiled]

Libraryless. Click here for Pure Java version (3948L/23K).

1  
import javax.net.ssl.*;
2  
import java.security.Principal;
3  
import java.security.PrivateKey;
4  
import java.security.cert.X509Certificate;
5  
6  
sclass SNIKeyManager implements X509KeyManager {
7  
  Map<S, Pair<X509KeyManager, S>> keyManagersByDomain; // key = domain name, value = (key manager, alias)
8  
  bool verbose;
9  
10  
  *(Map<S, Pair<X509KeyManager, S>> *keyManagersByDomain) {}
11  
12  
  @Override
13  
  public String[] getClientAliases(String keyType, Principal[] issuers) {
14  
    throw printStackTrace(new UnsupportedOperationException());
15  
  }
16  
17  
  @Override
18  
  public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
19  
    throw printStackTrace(new UnsupportedOperationException());
20  
  }
21  
22  
  @Override
23  
  public String[] getServerAliases(String keyType, Principal[] issuers) {
24  
    return toStringArray(keys(keyManagersByDomain));
25  
  }
26  
27  
  @Override
28  
  public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
29  
    // This is the one used by serveHttps right now
30  
    ExtendedSSLSession session = cast ((SSLSocket) socket).getHandshakeSession();
31  
    if (verbose) print("chooseServerAlias session type: " + className(session));
32  
    List<SNIServerName> names = session.getRequestedServerNames();
33  
    if (verbose)
34  
      print("Requested server names: " + names);
35  
    S requestedName = str(first(names)); // rough, will look like this: "type=host_name (0), value=botcompany.de"
36  
    requestedName = substring(requestedName, lastIndexOf(requestedName, "=")+1);
37  
    
38  
    for (S knownName : keys(keyManagersByDomain))
39  
      //if (ewic(requestedName, knownName)) {
40  
      if (domainIsUnder(requestedName, knownName)) {
41  
        if (verbose) print("Matched server name: " + knownName);
42  
        ret knownName;
43  
      }
44  
        
45  
    if (verbose)
46  
      print("Reverting to default server name");
47  
    ret first(keys(keyManagersByDomain));
48  
  }
49  
50  
  @Override
51  
  public X509Certificate[] getCertificateChain(String alias) {
52  
    X509KeyManager man, S alias2 = unpair keyManagersByDomain.get(alias);
53  
    if (verbose) print("getCertificateChain " + alias + " => " + alias2);
54  
    return man.getCertificateChain(alias2);
55  
  }
56  
57  
  @Override
58  
  public PrivateKey getPrivateKey(String alias) {
59  
    X509KeyManager man, S alias2 = unpair keyManagersByDomain.get(alias);
60  
    if (verbose) print("getPrivateKey " + alias + " => " + alias2);
61  
    return man.getPrivateKey(alias2);
62  
  }
63  
}

Author comment

Began life as a copy of #1024321

download  show line numbers  debug dex  old transpilations   

Travelled to 7 computer(s): bhatertpkbcr, mqqgnosmbjvj, pyentgdyhuwx, pzhvpgtvlbxg, tvejysmllsmz, vouqrxazstgt, xrpafgyirdlv

No comments. add comment

Snippet ID: #1024324
Snippet name: SNIKeyManager [multi-domain certificate manager, WORKS]
Eternal ID of this version: #1024324/13
Text MD5: b900c0c6d3e3afd168c8950be762e960
Transpilation MD5: 4e5e6a976b5e00aaee2afdc38ebd75d0
Author: stefan
Category: javax / ssl
Type: JavaX fragment (include)
Public (visible to everyone): Yes
Archived (hidden from active list): No
Created/modified: 2021-10-16 02:00:16
Source code size: 2433 bytes / 63 lines
Pitched / IR pitched: No / No
Views / Downloads: 279 / 738
Version history: 12 change(s)
Referenced in: [show references]