diff --git a/src/main/java/io/vertx/core/net/impl/SSLHelper.java b/src/main/java/io/vertx/core/net/impl/SSLHelper.java index 1fb4fc0abed..017b0ea747e 100755 --- a/src/main/java/io/vertx/core/net/impl/SSLHelper.java +++ b/src/main/java/io/vertx/core/net/impl/SSLHelper.java @@ -124,6 +124,14 @@ public SSLHelper(TCPSSLOptions options, List applicationProtocols) { this.applicationProtocols = applicationProtocols; } + public synchronized int sniEntrySize() { + CachedProvider res = cachedProvider.result(); + if (res != null) { + return res.sslChannelProvider.sniEntrySize(); + } + return 0; + } + private static class CachedProvider { final SSLOptions options; final SslChannelProvider sslChannelProvider; diff --git a/src/main/java/io/vertx/core/net/impl/SslChannelProvider.java b/src/main/java/io/vertx/core/net/impl/SslChannelProvider.java index 0460b334140..290bf8c23f7 100644 --- a/src/main/java/io/vertx/core/net/impl/SslChannelProvider.java +++ b/src/main/java/io/vertx/core/net/impl/SslChannelProvider.java @@ -65,6 +65,10 @@ public SslChannelProvider(SslContextProvider sslContextProvider, this.sslContextProvider = sslContextProvider; } + public int sniEntrySize() { + return sslContextMaps[0].size() + sslContextMaps[1].size(); + } + public SslContextProvider sslContextProvider() { return sslContextProvider; } @@ -83,17 +87,18 @@ public SslContext sslClientContext(String serverName, boolean useAlpn, boolean t public SslContext sslContext(String serverName, boolean useAlpn, boolean server, boolean trustAll) throws Exception { int idx = idx(useAlpn); - if (serverName == null) { - if (sslContexts[idx] == null) { - SslContext context = sslContextProvider.createContext(server, null, null, null, useAlpn, trustAll); - sslContexts[idx] = context; - } - return sslContexts[idx]; - } else { + if (serverName != null) { KeyManagerFactory kmf = sslContextProvider.resolveKeyManagerFactory(serverName); TrustManager[] trustManagers = trustAll ? null : sslContextProvider.resolveTrustManagers(serverName); - return sslContextMaps[idx].computeIfAbsent(serverName, s -> sslContextProvider.createContext(server, kmf, trustManagers, s, useAlpn, trustAll)); + if (kmf != null || trustManagers != null || !server) { + return sslContextMaps[idx].computeIfAbsent(serverName, s -> sslContextProvider.createContext(server, kmf, trustManagers, s, useAlpn, trustAll)); + } + } + if (sslContexts[idx] == null) { + SslContext context = sslContextProvider.createContext(server, null, null, serverName, useAlpn, trustAll); + sslContexts[idx] = context; } + return sslContexts[idx]; } public SslContext sslServerContext(boolean useAlpn) { diff --git a/src/main/java/io/vertx/core/net/impl/SslContextProvider.java b/src/main/java/io/vertx/core/net/impl/SslContextProvider.java index fcbefb91ee4..e44cefda4b6 100644 --- a/src/main/java/io/vertx/core/net/impl/SslContextProvider.java +++ b/src/main/java/io/vertx/core/net/impl/SslContextProvider.java @@ -154,13 +154,6 @@ protected void initEngine(SSLEngine engine) { } } - public KeyManagerFactory loadKeyManagerFactory(String serverName) throws Exception { - if (keyManagerFactoryMapper != null) { - return keyManagerFactoryMapper.apply(serverName); - } - return null; - } - public TrustManager[] defaultTrustManagers() { return trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null; } @@ -174,8 +167,7 @@ public KeyManagerFactory defaultKeyManagerFactory() { } /** - * Resolve the {@link KeyManagerFactory} for the {@code serverName}, when a factory cannot be resolved, the default - * factory is returned. + * Resolve the {@link KeyManagerFactory} for the {@code serverName}, when a factory cannot be resolved, {@code null} is returned. *
* This can block and should be executed on the appropriate thread. * @@ -184,23 +176,14 @@ public KeyManagerFactory defaultKeyManagerFactory() { * @throws Exception anything that would prevent loading the factory */ public KeyManagerFactory resolveKeyManagerFactory(String serverName) throws Exception { - KeyManagerFactory kmf = loadKeyManagerFactory(serverName); - if (kmf == null) { - kmf = keyManagerFactory; - } - return kmf; - } - - public TrustManager[] loadTrustManagers(String serverName) throws Exception { - if (trustManagerMapper != null) { - return trustManagerMapper.apply(serverName); + if (keyManagerFactoryMapper != null) { + return keyManagerFactoryMapper.apply(serverName); } return null; } /** - * Resolve the {@link TrustManager}[] for the {@code serverName}, when managers cannot be resolved, the default - * managers are returned. + * Resolve the {@link TrustManager}[] for the {@code serverName}, when managers cannot be resolved, {@code null} is returned. *
* This can block and should be executed on the appropriate thread. * @@ -209,11 +192,10 @@ public TrustManager[] loadTrustManagers(String serverName) throws Exception { * @throws Exception anything that would prevent loading the managers */ public TrustManager[] resolveTrustManagers(String serverName) throws Exception { - TrustManager[] trustManagers = loadTrustManagers(serverName); - if (trustManagers == null && trustManagerFactory != null) { - trustManagers = trustManagerFactory.getTrustManagers(); + if (trustManagerMapper != null) { + return trustManagerMapper.apply(serverName); } - return trustManagers; + return null; } private VertxTrustManagerFactory buildVertxTrustManagerFactory(TrustManager[] mgrs) { diff --git a/src/main/java/io/vertx/core/net/impl/TCPServerBase.java b/src/main/java/io/vertx/core/net/impl/TCPServerBase.java index 5de3a611f3e..bf86f6f8381 100644 --- a/src/main/java/io/vertx/core/net/impl/TCPServerBase.java +++ b/src/main/java/io/vertx/core/net/impl/TCPServerBase.java @@ -127,6 +127,10 @@ private GlobalTrafficShapingHandler createTrafficShapingHandler(EventLoopGroup e return trafficShapingHandler; } + public int sniEntrySize() { + return sslHelper.sniEntrySize(); + } + public Future updateSSLOptions(SSLOptions options) { TCPServerBase server = actualServer; if (server != null && server != this) { diff --git a/src/test/java/io/vertx/core/net/NetTest.java b/src/test/java/io/vertx/core/net/NetTest.java index aa61cb5e88c..c92b9359016 100755 --- a/src/test/java/io/vertx/core/net/NetTest.java +++ b/src/test/java/io/vertx/core/net/NetTest.java @@ -58,10 +58,7 @@ import io.vertx.core.impl.logging.LoggerFactory; import io.vertx.core.json.JsonArray; import io.vertx.core.json.JsonObject; -import io.vertx.core.net.impl.HAProxyMessageCompletionHandler; -import io.vertx.core.net.impl.NetServerImpl; -import io.vertx.core.net.impl.NetSocketInternal; -import io.vertx.core.net.impl.VertxHandler; +import io.vertx.core.net.impl.*; import io.vertx.core.spi.tls.SslContextFactory; import io.vertx.core.streams.ReadStream; import io.vertx.test.core.CheckingSender; @@ -1536,14 +1533,17 @@ public void testClientSniMultipleServerName() throws Exception { receivedServerNames.add(so.indicatedServerName()); }); startServer(); - List serverNames = Arrays.asList("host1", "host2.com"); + List serverNames = Arrays.asList("host1", "host2.com", "fake"); + List cns = new ArrayList<>(); client = vertx.createNetClient(new NetClientOptions().setSsl(true).setTrustAll(true)); for (String serverName : serverNames) { NetSocket so = client.connect(testAddress, serverName).toCompletionStage().toCompletableFuture().get(); String host = cnOf(so.peerCertificates().get(0)); - assertEquals(serverName, host); + cns.add(host); } - assertWaitUntil(() -> receivedServerNames.size() == 2); + assertEquals(Arrays.asList("host1", "host2.com", "localhost"), cns); + assertEquals(2, ((TCPServerBase)server).sniEntrySize()); + assertWaitUntil(() -> receivedServerNames.size() == 3); assertEquals(receivedServerNames, serverNames); }