org.xbib.net.security.ssl.keymanager.RoutableX509ExtendedKeyManager Maven / Gradle / Ivy
The newest version!
package org.xbib.net.security.ssl.keymanager;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.URI;
import java.util.AbstractMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Objects;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.Set;
/**
* NOTE:
* Please don't use this class directly as it is part of the internal API. Class name and methods can be changed any time.
*/
interface RoutableX509ExtendedKeyManager extends CombinableX509ExtendedKeyManager, X509KeyManager {
Predicate NON_NULL = Objects::nonNull;
Map> getIdentityRoute();
default String chooseClientAlias(T object,
Predicate predicate,
Function> hostToPortExtractor,
Function aliasExtractor) {
return chooseAlias(() -> getPreferredClientAlias(object, predicate, hostToPortExtractor), aliasExtractor);
}
default String getPreferredClientAlias(T object, Predicate predicate, Function> hostToPortExtractor) {
if (getIdentityRoute().isEmpty()) {
return null;
}
if (predicate.test(object)) {
Entry hostToPort = hostToPortExtractor.apply(object);
return getPreferredClientAlias(hostToPort.getKey(), hostToPort.getValue());
}
return null;
}
default String getPreferredClientAlias(String peerHost, int peerPort) {
return getIdentityRoute().entrySet().stream()
.filter(entry -> entry.getValue().stream().anyMatch(uri -> uri.getHost().contains(peerHost)))
.filter(entry -> entry.getValue().stream().anyMatch(uri -> uri.getPort() == peerPort))
.findFirst()
.map(Entry::getKey)
.orElse(null);
}
default String chooseServerAlias(T object,
Predicate predicate,
Function sslSessionExtractor,
Function aliasExtractor) {
return chooseAlias(() -> getPreferredServerAlias(object, predicate, sslSessionExtractor), aliasExtractor);
}
default String getPreferredServerAlias(T object, Predicate predicate, Function sslSessionExtractor) {
if (getIdentityRoute().isEmpty()) {
return null;
}
if (predicate.test(object)) {
SSLSession sslSession = sslSessionExtractor.apply(object);
if (sslSession instanceof ExtendedSSLSession) {
List requestedServerNames = ((ExtendedSSLSession) sslSession).getRequestedServerNames();
Set hostnames = requestedServerNames.stream()
.map(sniServerName -> new String(sniServerName.getEncoded()))
.collect(Collectors.toSet());
return getPreferredServerAlias(hostnames);
}
}
return null;
}
default String getPreferredServerAlias(Set hostnames) {
return getIdentityRoute().entrySet().stream()
.filter(entry -> entry.getValue().stream().anyMatch(uri -> hostnames.stream().anyMatch(hostname -> uri.getHost().contains(hostname))))
.findFirst()
.map(Entry::getKey)
.orElse(null);
}
default String chooseAlias(Supplier preferredAliasSupplier, Function aliasExtractor) {
String preferredAlias = preferredAliasSupplier.get();
if (preferredAlias != null) {
return extractInnerField(aliasExtractor, NON_NULL.and(preferredAlias::equals));
} else {
return extractInnerField(aliasExtractor, NON_NULL);
}
}
default boolean containsInetSocketAddress(Socket socket) {
return socket != null && socket.getRemoteSocketAddress() instanceof InetSocketAddress;
}
default Entry extractHostAndPort(Socket socket) {
InetSocketAddress address = (InetSocketAddress) socket.getRemoteSocketAddress();
return new AbstractMap.SimpleImmutableEntry<>(address.getHostName(), address.getPort());
}
default Entry extractHostAndPort(SSLEngine sslEngine) {
return new AbstractMap.SimpleImmutableEntry<>(sslEngine.getPeerHost(), sslEngine.getPeerPort());
}
}