Libraryless. Click here for Pure Java version (3948L/23K).
import javax.net.ssl.*; import java.security.Principal; import java.security.PrivateKey; import java.security.cert.X509Certificate; sclass SNIKeyManager implements X509KeyManager { Map<S, Pair<X509KeyManager, S>> keyManagersByDomain; // key = domain name, value = (key manager, alias) bool verbose; *(Map<S, Pair<X509KeyManager, S>> *keyManagersByDomain) {} @Override public String[] getClientAliases(String keyType, Principal[] issuers) { throw printStackTrace(new UnsupportedOperationException()); } @Override public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { throw printStackTrace(new UnsupportedOperationException()); } @Override public String[] getServerAliases(String keyType, Principal[] issuers) { return toStringArray(keys(keyManagersByDomain)); } @Override public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { // This is the one used by serveHttps right now ExtendedSSLSession session = cast ((SSLSocket) socket).getHandshakeSession(); if (verbose) print("chooseServerAlias session type: " + className(session)); List<SNIServerName> names = session.getRequestedServerNames(); if (verbose) print("Requested server names: " + names); S requestedName = str(first(names)); // rough, will look like this: "type=host_name (0), value=botcompany.de" requestedName = substring(requestedName, lastIndexOf(requestedName, "=")+1); for (S knownName : keys(keyManagersByDomain)) //if (ewic(requestedName, knownName)) { if (domainIsUnder(requestedName, knownName)) { if (verbose) print("Matched server name: " + knownName); ret knownName; } if (verbose) print("Reverting to default server name"); ret first(keys(keyManagersByDomain)); } @Override public X509Certificate[] getCertificateChain(String alias) { X509KeyManager man, S alias2 = unpair keyManagersByDomain.get(alias); if (verbose) print("getCertificateChain " + alias + " => " + alias2); return man.getCertificateChain(alias2); } @Override public PrivateKey getPrivateKey(String alias) { X509KeyManager man, S alias2 = unpair keyManagersByDomain.get(alias); if (verbose) print("getPrivateKey " + alias + " => " + alias2); return man.getPrivateKey(alias2); } }
Began life as a copy of #1024321
download show line numbers debug dex old transpilations
Travelled to 7 computer(s): bhatertpkbcr, mqqgnosmbjvj, pyentgdyhuwx, pzhvpgtvlbxg, tvejysmllsmz, vouqrxazstgt, xrpafgyirdlv
No comments. add comment
Snippet ID: | #1024324 |
Snippet name: | SNIKeyManager [multi-domain certificate manager, WORKS] |
Eternal ID of this version: | #1024324/13 |
Text MD5: | b900c0c6d3e3afd168c8950be762e960 |
Transpilation MD5: | 4e5e6a976b5e00aaee2afdc38ebd75d0 |
Author: | stefan |
Category: | javax / ssl |
Type: | JavaX fragment (include) |
Public (visible to everyone): | Yes |
Archived (hidden from active list): | No |
Created/modified: | 2021-10-16 02:00:16 |
Source code size: | 2433 bytes / 63 lines |
Pitched / IR pitched: | No / No |
Views / Downloads: | 355 / 830 |
Version history: | 12 change(s) |
Referenced in: | #1034167 - Standard Classes + Interfaces (LIVE, continuation of #1003674) |