430951 Support SNI with ExtendedSslContextFactory

Improved debugging Regex selection of cn
2015-04-20 10:02:37 +10:00 · 2015-04-20 10:02:37 +10:00 · ae31162669
parent 87c0d4fdf1
commit ae31162669
4 changed files with 40 additions and 7 deletions
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslConnectionFactoryTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslConnectionFactoryTest.java
@ -25,6 +25,7 @@ import java.nio.charset.StandardCharsets;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.regex.Matcher;

 import javax.net.ssl.SNIHostName;
 import javax.net.ssl.SNIServerName;
@ -114,6 +115,26 @@ public class SslConnectionFactoryTest
        _server=null;
    }

+
+    @Test
+    public void testPattern() throws Exception
+    {
+        String[] names = 
+            {
+                "cn=foo.bar,o=other",
+                "   cn=  foo.bar  ,  o=other  ",
+                "o=other,cn=foo.bar",
+                "  o=other  ,  cn=  foo.bar   ",
+            };
+        
+        for (String n:names)
+        {
+            Matcher matcher = ExtendedSslContextFactory.__cnPattern.matcher(n);
+            Assert.assertTrue(matcher.matches());
+            Assert.assertThat(matcher.group(1),Matchers.equalTo("foo.bar"));
+        }
+    }
+    
    @Test
    public void testConnect() throws Exception
    {
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/ExtendedSslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/ExtendedSslContextFactory.java
@ -24,6 +24,8 @@ import java.security.cert.X509Certificate;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;

 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SNIHostName;
@ -53,6 +55,7 @@ import org.eclipse.jetty.util.log.Logger;
 public class ExtendedSslContextFactory extends SslContextFactory
 {
    static final Logger LOG = Log.getLogger(ExtendedSslContextFactory.class);
+    public final static Pattern __cnPattern = Pattern.compile(".*cn=\\h*([^,\\h]*).*");
    private final Map<String,String> _aliases = new HashMap<>();
    private boolean _useCipherSuitesOrder=true;

@ -84,18 +87,20 @@ public class ExtendedSslContextFactory extends SslContextFactory
                if ("X.509".equals(certificate.getType()))
                {
                    X509Certificate x509 = (X509Certificate)certificate;
-                    String cn = x509.getSubjectX500Principal().getName("CANONICAL");
-
-                    if (cn.startsWith("cn="))
+                    
+                    Matcher matcher = __cnPattern.matcher(x509.getSubjectX500Principal().getName("CANONICAL"));
+                    if (matcher.matches())
                    {
-                        cn=cn.substring(3,cn.indexOf(","));
-                        _aliases.put(alias,cn);
+                        String cn = matcher.group(1);
+                        LOG.debug("Certificate alias={} cn={} in {}",alias,cn,_factory);
+                        if (cn!=null)
+                            _aliases.put(alias,cn);
                    }
                }                    
            }
        }
        
-        LOG.info("aliases={} for {}",_aliases,this);
+        LOG.debug("aliases={} for {}",_aliases,this);
    }

    @Override
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SniX509ExtendedKeyManager.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SniX509ExtendedKeyManager.java
@ -74,6 +74,7 @@ public class SniX509ExtendedKeyManager extends X509ExtendedKeyManager
    {
        // Look for the aliases that are suitable for the keytype and issuers
        String[] aliases = _delegate.getServerAliases(keyType,issuers);
+        
        if (aliases==null || aliases.length==0)
            return null;
             
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@ -1494,7 +1494,7 @@ public class SslContextFactory extends AbstractLifeCycle
    
    

-    protected static class Factory
+    protected class Factory
    { 
        final KeyStore _keyStore;
        final KeyStore _trustStore;
@ -1507,5 +1507,11 @@ public class SslContextFactory extends AbstractLifeCycle
            _trustStore = trustStore;
            _context = context;
        }
+        
+        @Override
+        public String toString()
+        {
+            return String.format("SslFactory@%x{%s}",System.identityHashCode(this),SslContextFactory.this);
+        }
    }
 }