All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.wildfly.security.ssl.SNIContextMatcher Maven / Gradle / Ivy

The newest version!
/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2018 Red Hat, Inc., and individual contributors
 * as indicated by the @author tags.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *     http://www.apache.org/licenses/LICENSE-2.0
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wildfly.security.ssl;

import static org.wildfly.security.ssl.ElytronMessages.log;

import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;

/**
 * A class which returns a matching SSL context based on the SNI server list provided.
 */
public class SNIContextMatcher {

    private final SSLContext defaultContext;
    private final Map wildcards;
    private final Map exacts;

    SNIContextMatcher(SSLContext defaultContext, Map wildcards, Map exacts) {
        this.defaultContext = defaultContext;
        this.wildcards = wildcards;
        this.exacts = exacts;
    }

    /**
     * Used for finding the matching servers from the server list.
     * Firstly, the exacts are matched, if not found, wildcards are tried.
    */
    public SSLContext getContext(List servers) {
        for (Map.Entry entry : exacts.entrySet()) {
            for (SNIServerName server : servers) {
                if (entry.getKey().matches(server)) {
                    return entry.getValue();
                }
            }
        }
        for (Map.Entry entry : wildcards.entrySet()) {
            for (SNIServerName server : servers) {
                if (entry.getKey().matches(server)) {
                    return entry.getValue();
                }
            }
        }
        return defaultContext;
    }

    public SSLContext getDefaultContext() {
        return defaultContext;
    }

    /**
     * A class which allows building and configuration SNIContextMatcher. The builder, at minimum requres a default SSLContext.
     */
    public static class Builder {

        private SSLContext defaultContext;
        private final Map wildcards = new LinkedHashMap<>();
        private final Map exacts = new LinkedHashMap<>();

        public SNIContextMatcher build() {
            if(defaultContext == null) {
                throw log.defaultContextCannotBeNull();
            }
            return new SNIContextMatcher(defaultContext, wildcards, exacts);
        }

        public SSLContext getDefaultContext() {
            return defaultContext;
        }

        public Builder setDefaultContext(SSLContext defaultContext) {
            this.defaultContext = defaultContext;
            return this;
        }

        public Builder addMatch(String name, SSLContext context) {
            if (name.contains("*")) {
                wildcards.put(SNIHostName.createSNIMatcher(name), context);
            } else {
                exacts.put(SNIHostName.createSNIMatcher(name), context);
            }
            return this;
        }
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy