diff --git a/src/main/java/io/vertx/core/net/impl/SSLHelper.java b/src/main/java/io/vertx/core/net/impl/SSLHelper.java index 348e05e0476..ce8b9c41c47 100755 --- a/src/main/java/io/vertx/core/net/impl/SSLHelper.java +++ b/src/main/java/io/vertx/core/net/impl/SSLHelper.java @@ -100,6 +100,17 @@ public SSLHelper(SSLEngineOptions sslEngineOptions, int cacheMaxSize) { this.useWorkerPool = sslEngineOptions.getUseWorkerThread(); } + public synchronized int sniEntrySize() { + int size = 0; + for (Future fut : sslChannelProviderMap.values()) { + SslChannelProvider result = fut.result(); + if (result != null) { + size += result.sniEntrySize(); + } + } + return size; + } + public SSLHelper(SSLEngineOptions sslEngineOptions) { this(sslEngineOptions, 256); } diff --git a/src/main/java/io/vertx/core/net/impl/SslChannelProvider.java b/src/main/java/io/vertx/core/net/impl/SslChannelProvider.java index 1dae47fa9fa..e13acd8ba0b 100644 --- a/src/main/java/io/vertx/core/net/impl/SslChannelProvider.java +++ b/src/main/java/io/vertx/core/net/impl/SslChannelProvider.java @@ -53,6 +53,10 @@ public SslChannelProvider(SslContextProvider sslContextProvider, this.sslContextProvider = sslContextProvider; } + public int sniEntrySize() { + return sslContextMaps[0].size() + sslContextMaps[1].size(); + } + public SslContextProvider sslContextProvider() { return sslContextProvider; } @@ -67,17 +71,18 @@ public SslContext sslClientContext(String serverName, boolean useAlpn, boolean t public SslContext sslContext(String serverName, boolean useAlpn, boolean server, boolean trustAll) throws Exception { int idx = idx(useAlpn); - if (serverName == null) { - if (sslContexts[idx] == null) { - SslContext context = sslContextProvider.createContext(server, null, null, null, useAlpn, trustAll); - sslContexts[idx] = context; - } - return sslContexts[idx]; - } else { + if (serverName != null) { KeyManagerFactory kmf = sslContextProvider.resolveKeyManagerFactory(serverName); TrustManager[] trustManagers = trustAll ? null : sslContextProvider.resolveTrustManagers(serverName); - return sslContextMaps[idx].computeIfAbsent(serverName, s -> sslContextProvider.createContext(server, kmf, trustManagers, s, useAlpn, trustAll)); + if (kmf != null || trustManagers != null || !server) { + return sslContextMaps[idx].computeIfAbsent(serverName, s -> sslContextProvider.createContext(server, kmf, trustManagers, s, useAlpn, trustAll)); + } + } + if (sslContexts[idx] == null) { + SslContext context = sslContextProvider.createContext(server, null, null, serverName, useAlpn, trustAll); + sslContexts[idx] = context; } + return sslContexts[idx]; } public SslContext sslServerContext(boolean useAlpn) { diff --git a/src/main/java/io/vertx/core/net/impl/SslContextProvider.java b/src/main/java/io/vertx/core/net/impl/SslContextProvider.java index d8c42b2e0ed..27efd461713 100644 --- a/src/main/java/io/vertx/core/net/impl/SslContextProvider.java +++ b/src/main/java/io/vertx/core/net/impl/SslContextProvider.java @@ -154,13 +154,6 @@ protected void initEngine(SSLEngine engine) { } } - public KeyManagerFactory loadKeyManagerFactory(String serverName) throws Exception { - if (keyManagerFactoryMapper != null) { - return keyManagerFactoryMapper.apply(serverName); - } - return null; - } - public TrustManager[] defaultTrustManagers() { return trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null; } @@ -174,8 +167,7 @@ public KeyManagerFactory defaultKeyManagerFactory() { } /** - * Resolve the {@link KeyManagerFactory} for the {@code serverName}, when a factory cannot be resolved, the default - * factory is returned. + * Resolve the {@link KeyManagerFactory} for the {@code serverName}, when a factory cannot be resolved, {@code null} is returned. *
* This can block and should be executed on the appropriate thread. * @@ -184,23 +176,14 @@ public KeyManagerFactory defaultKeyManagerFactory() { * @throws Exception anything that would prevent loading the factory */ public KeyManagerFactory resolveKeyManagerFactory(String serverName) throws Exception { - KeyManagerFactory kmf = loadKeyManagerFactory(serverName); - if (kmf == null) { - kmf = keyManagerFactory; - } - return kmf; - } - - public TrustManager[] loadTrustManagers(String serverName) throws Exception { - if (trustManagerMapper != null) { - return trustManagerMapper.apply(serverName); + if (keyManagerFactoryMapper != null) { + return keyManagerFactoryMapper.apply(serverName); } return null; } /** - * Resolve the {@link TrustManager}[] for the {@code serverName}, when managers cannot be resolved, the default - * managers are returned. + * Resolve the {@link TrustManager}[] for the {@code serverName}, when managers cannot be resolved, {@code null} is returned. *
* This can block and should be executed on the appropriate thread. * @@ -209,11 +192,10 @@ public TrustManager[] loadTrustManagers(String serverName) throws Exception { * @throws Exception anything that would prevent loading the managers */ public TrustManager[] resolveTrustManagers(String serverName) throws Exception { - TrustManager[] trustManagers = loadTrustManagers(serverName); - if (trustManagers == null && trustManagerFactory != null) { - trustManagers = trustManagerFactory.getTrustManagers(); + if (trustManagerMapper != null) { + return trustManagerMapper.apply(serverName); } - return trustManagers; + return null; } private VertxTrustManagerFactory buildVertxTrustManagerFactory(TrustManager[] mgrs) { diff --git a/src/main/java/io/vertx/core/net/impl/TCPServerBase.java b/src/main/java/io/vertx/core/net/impl/TCPServerBase.java index 3c30b5d6a24..fc738f3883c 100644 --- a/src/main/java/io/vertx/core/net/impl/TCPServerBase.java +++ b/src/main/java/io/vertx/core/net/impl/TCPServerBase.java @@ -122,6 +122,10 @@ private GlobalTrafficShapingHandler createTrafficShapingHandler(EventLoopGroup e protected void configure(SSLOptions options) { } + public int sniEntrySize() { + return sslHelper.sniEntrySize(); + } + public Future updateSSLOptions(ServerSSLOptions options, boolean force) { TCPServerBase server = actualServer; if (server != null && server != this) { diff --git a/src/test/java/io/vertx/core/net/NetTest.java b/src/test/java/io/vertx/core/net/NetTest.java index 46dec32dfd2..87cb15ed9c4 100755 --- a/src/test/java/io/vertx/core/net/NetTest.java +++ b/src/test/java/io/vertx/core/net/NetTest.java @@ -1481,14 +1481,17 @@ public void testClientSniMultipleServerName() throws Exception { receivedServerNames.add(so.indicatedServerName()); }); startServer(); - List serverNames = Arrays.asList("host1", "host2.com"); + List serverNames = Arrays.asList("host1", "host2.com", "fake"); + List cns = new ArrayList<>(); client = vertx.createNetClient(new NetClientOptions().setSsl(true).setTrustAll(true)); for (String serverName : serverNames) { NetSocket so = awaitFuture(client.connect(testAddress, serverName)); String host = cnOf(so.peerCertificates().get(0)); - assertEquals(serverName, host); + cns.add(host); } - assertWaitUntil(() -> receivedServerNames.size() == 2); + assertEquals(Arrays.asList("host1", "host2.com", "localhost"), cns); + assertEquals(2, ((TCPServerBase)server).sniEntrySize()); + assertWaitUntil(() -> receivedServerNames.size() == 3); assertEquals(receivedServerNames, serverNames); }