SNIKeyManager [multi-domain certificate manager, WORKS] [1024324]

import javax.net.ssl.*;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

sclass SNIKeyManager implements X509KeyManager {
  Map<S, Pair<X509KeyManager, S>> keyManagersByDomain; // key = domain name, value = (key manager, alias)
  bool verbose;

  *(Map<S, Pair<X509KeyManager, S>> *keyManagersByDomain) {}

  @Override
  public String[] getClientAliases(String keyType, Principal[] issuers) {
    throw printStackTrace(new UnsupportedOperationException());
  }

  @Override
  public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
    throw printStackTrace(new UnsupportedOperationException());
  }

  @Override
  public String[] getServerAliases(String keyType, Principal[] issuers) {
    return toStringArray(keys(keyManagersByDomain));
  }

  @Override
  public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
    // This is the one used by serveHttps right now
    ExtendedSSLSession session = cast ((SSLSocket) socket).getHandshakeSession();
    if (verbose) print("chooseServerAlias session type: " + className(session));
    List<SNIServerName> names = session.getRequestedServerNames();
    if (verbose)
      print("Requested server names: " + names);
    S requestedName = str(first(names)); // rough, will look like this: "type=host_name (0), value=botcompany.de"
    requestedName = substring(requestedName, lastIndexOf(requestedName, "=")+1);
    
    for (S knownName : keys(keyManagersByDomain))
      //if (ewic(requestedName, knownName)) {
      if (domainIsUnder(requestedName, knownName)) {
        if (verbose) print("Matched server name: " + knownName);
        ret knownName;
      }
        
    if (verbose)
      print("Reverting to default server name");
    ret first(keys(keyManagersByDomain));
  }

  @Override
  public X509Certificate[] getCertificateChain(String alias) {
    X509KeyManager man, S alias2 = unpair keyManagersByDomain.get(alias);
    if (verbose) print("getCertificateChain " + alias + " => " + alias2);
    return man.getCertificateChain(alias2);
  }

  @Override
  public PrivateKey getPrivateKey(String alias) {
    X509KeyManager man, S alias2 = unpair keyManagersByDomain.get(alias);
    if (verbose) print("getPrivateKey " + alias + " => " + alias2);
    return man.getPrivateKey(alias2);
  }
}

Travelled to 7 computer(s): bhatertpkbcr, mqqgnosmbjvj, pyentgdyhuwx, pzhvpgtvlbxg, tvejysmllsmz, vouqrxazstgt, xrpafgyirdlv

Snippet ID:	#1024324
Snippet name:	SNIKeyManager [multi-domain certificate manager, WORKS]
Eternal ID of this version:	#1024324/13
Text MD5:	b900c0c6d3e3afd168c8950be762e960
Transpilation MD5:	4e5e6a976b5e00aaee2afdc38ebd75d0
Author:	stefan
Category:	javax / ssl
Type:	JavaX fragment (include)
Public (visible to everyone):	Yes
Archived (hidden from active list):	No
Created/modified:	2021-10-16 02:00:16
Source code size:	2433 bytes / 63 lines
Pitched / IR pitched:	No / No
Views / Downloads:	356 / 831
Version history:	12 change(s)
Referenced in:	[show references]

< > BotCompany Repo | #1024324 // SNIKeyManager [multi-domain certificate manager, WORKS]

JavaX fragment (include) [tags: use-pretranspiled]

Author comment

1	import javax.net.ssl.*;
2	import java.security.Principal;
3	import java.security.PrivateKey;
4	import java.security.cert.X509Certificate;
5
6	sclass SNIKeyManager implements X509KeyManager {
7	Map<S, Pair<X509KeyManager, S>> keyManagersByDomain; // key = domain name, value = (key manager, alias)
8	bool verbose;
9
10	(Map<S, Pair<X509KeyManager, S>> keyManagersByDomain) {}
11
12	@Override
13	public String[] getClientAliases(String keyType, Principal[] issuers) {
14	throw printStackTrace(new UnsupportedOperationException());
15	}
16
17	@Override
18	public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
19	throw printStackTrace(new UnsupportedOperationException());
20	}
21
22	@Override
23	public String[] getServerAliases(String keyType, Principal[] issuers) {
24	return toStringArray(keys(keyManagersByDomain));
25	}
26
27	@Override
28	public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
29	// This is the one used by serveHttps right now
30	ExtendedSSLSession session = cast ((SSLSocket) socket).getHandshakeSession();
31	if (verbose) print("chooseServerAlias session type: " + className(session));
32	List<SNIServerName> names = session.getRequestedServerNames();
33	if (verbose)
34	print("Requested server names: " + names);
35	S requestedName = str(first(names)); // rough, will look like this: "type=host_name (0), value=botcompany.de"
36	requestedName = substring(requestedName, lastIndexOf(requestedName, "=")+1);
37
38	for (S knownName : keys(keyManagersByDomain))
39	//if (ewic(requestedName, knownName)) {
40	if (domainIsUnder(requestedName, knownName)) {
41	if (verbose) print("Matched server name: " + knownName);
42	ret knownName;
43	}
44
45	if (verbose)
46	print("Reverting to default server name");
47	ret first(keys(keyManagersByDomain));
48	}
49
50	@Override
51	public X509Certificate[] getCertificateChain(String alias) {
52	X509KeyManager man, S alias2 = unpair keyManagersByDomain.get(alias);
53	if (verbose) print("getCertificateChain " + alias + " => " + alias2);
54	return man.getCertificateChain(alias2);
55	}
56
57	@Override
58	public PrivateKey getPrivateKey(String alias) {
59	X509KeyManager man, S alias2 = unpair keyManagersByDomain.get(alias);
60	if (verbose) print("getPrivateKey " + alias + " => " + alias2);
61	return man.getPrivateKey(alias2);
62	}
63	}