@TargetApi(24) private static String getSniHostnameFromParams(SSLParameters params) throws NoSuchMethodException, IllegalAccessException, InvocationTargetException { Method m_getServerNames = params.getClass().getMethod("getServerNames"); @SuppressWarnings("unchecked") List<SNIServerName> serverNames = (List<SNIServerName>) m_getServerNames.invoke(params); if (serverNames != null) { for (SNIServerName serverName : serverNames) { if (serverName.getType() == StandardConstants.SNI_HOST_NAME) { return ((SNIHostName) serverName).getAsciiName(); } } } return null; }
@Test public void test_byteArray_Constructor() throws Exception { TestUtils.assumeSNIHostnameAvailable(); // From draft-josefsson-idn-test-vectors-00 section 5.2 byte[] idnEncoded = new byte[] { (byte) 0xE4, (byte) 0xBB, (byte) 0x96, (byte) 0xE4, (byte) 0xBB, (byte) 0xAC, (byte) 0xE4, (byte) 0xB8, (byte) 0xBA, (byte) 0xE4, (byte) 0xBB, (byte) 0x80, (byte) 0xE4, (byte) 0xB9, (byte) 0x88, (byte) 0xE4, (byte) 0xB8, (byte) 0x8D, (byte) 0xE8, (byte) 0xAF, (byte) 0xB4, (byte) 0xE4, (byte) 0xB8, (byte) 0xAD, (byte) 0xE6, (byte) 0x96, (byte) 0x87, }; SNIHostName hostName = new SNIHostName(idnEncoded); assertEquals("xn--ihqwcrb4cv8a8dqg056pqjye", hostName.getAsciiName()); assertEquals(StandardConstants.SNI_HOST_NAME, hostName.getType()); assertEquals(Arrays.toString(idnEncoded), Arrays.toString(hostName.getEncoded())); }
/** * Method retrieves requested server name from ExtendedSSLSession and * uses it to return proper alias for server certificate * * @param session * @return */ private String chooseServerAlias(ExtendedSSLSession session) { // Pick first SNIHostName in the list of SNI names. String hostname = null; for (SNIServerName name : session.getRequestedServerNames()) { if (name.getType() == StandardConstants.SNI_HOST_NAME) { hostname = ((SNIHostName) name).getAsciiName(); break; } } // If we got given a hostname over SNI, check if we have a cert and // key for that hostname. If so, we use it. // Otherwise, we fall back to the default certificate. if (hostname != null && (getCertificateChain(hostname) != null && getPrivateKey(hostname) != null)) { return hostname; } else { return def_cert_alias; } }
static void setSSLParameters( SSLParameters params, SSLParametersImpl impl, AbstractConscryptSocket socket) { impl.setEndpointIdentificationAlgorithm(params.getEndpointIdentificationAlgorithm()); impl.setUseCipherSuitesOrder(params.getUseCipherSuitesOrder()); List<SNIServerName> serverNames = params.getServerNames(); if (serverNames != null) { for (SNIServerName serverName : serverNames) { if (serverName.getType() == StandardConstants.SNI_HOST_NAME) { socket.setHostname(((SNIHostName) serverName).getAsciiName()); break; } } } }
static void setSSLParameters( SSLParameters params, SSLParametersImpl impl, ConscryptEngine engine) { impl.setEndpointIdentificationAlgorithm(params.getEndpointIdentificationAlgorithm()); impl.setUseCipherSuitesOrder(params.getUseCipherSuitesOrder()); List<SNIServerName> serverNames = params.getServerNames(); if (serverNames != null) { for (SNIServerName serverName : serverNames) { if (serverName.getType() == StandardConstants.SNI_HOST_NAME) { engine.setHostname(((SNIHostName) serverName).getAsciiName()); break; } } } }
@Test public void test_SSLSocket_SNIHostName() throws Exception { TestUtils.assumeSNIHostnameAvailable(); TestSSLContext c = TestSSLContext.create(); final SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket(); SSLParameters clientParams = client.getSSLParameters(); clientParams.setServerNames( Collections.singletonList((SNIServerName) new SNIHostName("www.example.com"))); client.setSSLParameters(clientParams); SSLParameters serverParams = c.serverSocket.getSSLParameters(); serverParams.setSNIMatchers( Collections.singletonList(SNIHostName.createSNIMatcher("www\\.example\\.com"))); c.serverSocket.setSSLParameters(serverParams); client.connect(new InetSocketAddress(c.host, c.port)); final SSLSocket server = (SSLSocket) c.serverSocket.accept(); @SuppressWarnings("unused") Future<?> future = runAsync(new Callable<Object>() { @Override public Object call() throws Exception { client.startHandshake(); return null; } }); server.startHandshake(); SSLSession serverSession = server.getSession(); assertTrue(serverSession instanceof ExtendedSSLSession); ExtendedSSLSession extendedServerSession = (ExtendedSSLSession) serverSession; List<SNIServerName> requestedNames = extendedServerSession.getRequestedServerNames(); assertNotNull(requestedNames); assertEquals(1, requestedNames.size()); SNIServerName serverName = requestedNames.get(0); assertEquals(StandardConstants.SNI_HOST_NAME, serverName.getType()); assertTrue(serverName instanceof SNIHostName); SNIHostName serverHostName = (SNIHostName) serverName; assertEquals("www.example.com", serverHostName.getAsciiName()); }
protected SniHostnameMatcher() { super(StandardConstants.SNI_HOST_NAME); }