Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

refactor: remove unnecessary SNI manipulation from SSL socket factory#582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Draft
fioan89 wants to merge1 commit intomain
base:main
Choose a base branch
Loading
fromremove-sni-manipulation
Draft
Show file tree
Hide file tree
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletionsCHANGELOG.md
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -4,6 +4,10 @@

## Unreleased

### Changed

- simplified TLS configuration

## 2.22.3 - 2025-09-19

### Fixed
Expand Down
95 changes: 4 additions & 91 deletionssrc/main/kotlin/com/coder/gateway/util/TLS.kt
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -5,10 +5,6 @@ import okhttp3.internal.tls.OkHostnameVerifier
import org.slf4j.LoggerFactory
import java.io.File
import java.io.FileInputStream
import java.net.IDN
import java.net.InetAddress
import java.net.Socket
import java.nio.charset.StandardCharsets
import java.security.KeyFactory
import java.security.KeyStore
import java.security.cert.CertificateException
Expand All@@ -21,12 +17,9 @@ import java.util.Locale
import javax.net.ssl.HostnameVerifier
import javax.net.ssl.KeyManager
import javax.net.ssl.KeyManagerFactory
import javax.net.ssl.SNIServerName
import javax.net.ssl.SSLContext
import javax.net.ssl.SSLSession
import javax.net.ssl.SSLSocket
import javax.net.ssl.SSLSocketFactory
import javax.net.ssl.StandardConstants
import javax.net.ssl.TrustManager
import javax.net.ssl.TrustManagerFactory
import javax.net.ssl.X509TrustManager
Expand DownExpand Up@@ -60,7 +53,7 @@ fun sslContextFromPEMs(
val kf = KeyFactory.getInstance("RSA")
val keySpec = PKCS8EncodedKeySpec(pemBytes)
kf.generatePrivate(keySpec)
} catch (e: InvalidKeySpecException) {
} catch (_: InvalidKeySpecException) {
val kf = KeyFactory.getInstance("EC")
val keySpec = PKCS8EncodedKeySpec(pemBytes)
kf.generatePrivate(keySpec)
Expand All@@ -87,11 +80,7 @@ fun sslContextFromPEMs(

fun coderSocketFactory(settings: CoderTLSSettings): SSLSocketFactory {
val sslContext = sslContextFromPEMs(settings.certPath, settings.keyPath, settings.caPath)
if (settings.altHostname.isBlank()) {
return sslContext.socketFactory
}

return AlternateNameSSLSocketFactory(sslContext.socketFactory, settings.altHostname)
return sslContext.socketFactory
}

fun coderTrustManagers(tlsCAPath: String): Array<TrustManager> {
Expand All@@ -115,82 +104,6 @@ fun coderTrustManagers(tlsCAPath: String): Array<TrustManager> {
return trustManagerFactory.trustManagers.map { MergedSystemTrustManger(it as X509TrustManager) }.toTypedArray()
}

class AlternateNameSSLSocketFactory(private val delegate: SSLSocketFactory, private val alternateName: String) :
SSLSocketFactory() {
override fun getDefaultCipherSuites(): Array<String> = delegate.defaultCipherSuites

override fun getSupportedCipherSuites(): Array<String> = delegate.supportedCipherSuites

override fun createSocket(): Socket {
val socket = delegate.createSocket() as SSLSocket
customizeSocket(socket)
return socket
}

override fun createSocket(
host: String?,
port: Int,
): Socket {
val socket = delegate.createSocket(host, port) as SSLSocket
customizeSocket(socket)
return socket
}

override fun createSocket(
host: String?,
port: Int,
localHost: InetAddress?,
localPort: Int,
): Socket {
val socket = delegate.createSocket(host, port, localHost, localPort) as SSLSocket
customizeSocket(socket)
return socket
}

override fun createSocket(
host: InetAddress?,
port: Int,
): Socket {
val socket = delegate.createSocket(host, port) as SSLSocket
customizeSocket(socket)
return socket
}

override fun createSocket(
address: InetAddress?,
port: Int,
localAddress: InetAddress?,
localPort: Int,
): Socket {
val socket = delegate.createSocket(address, port, localAddress, localPort) as SSLSocket
customizeSocket(socket)
return socket
}

override fun createSocket(
s: Socket?,
host: String?,
port: Int,
autoClose: Boolean,
): Socket {
val socket = delegate.createSocket(s, host, port, autoClose) as SSLSocket
customizeSocket(socket)
return socket
}

private fun customizeSocket(socket: SSLSocket) {
val params = socket.sslParameters

params.serverNames = listOf(RelaxedSNIHostname(alternateName))
socket.sslParameters = params
}
}

private class RelaxedSNIHostname(hostname: String) : SNIServerName(
StandardConstants.SNI_HOST_NAME,
IDN.toASCII(hostname, 0).toByteArray(StandardCharsets.UTF_8)
)

class CoderHostnameVerifier(private val alternateName: String) : HostnameVerifier {
private val logger = LoggerFactory.getLogger(javaClass)

Expand DownExpand Up@@ -238,7 +151,7 @@ class MergedSystemTrustManger(private val otherTrustManager: X509TrustManager) :
) {
try {
otherTrustManager.checkClientTrusted(chain, authType)
} catch (e: CertificateException) {
} catch (_: CertificateException) {
systemTrustManager.checkClientTrusted(chain, authType)
}
}
Expand All@@ -249,7 +162,7 @@ class MergedSystemTrustManger(private val otherTrustManager: X509TrustManager) :
) {
try {
otherTrustManager.checkServerTrusted(chain, authType)
} catch (e: CertificateException) {
} catch (_: CertificateException) {
systemTrustManager.checkServerTrusted(chain, authType)
}
}
Expand Down
View file
Open in desktop

This file was deleted.

Loading
[8]ページ先頭
©2009-2025 Movatter.jp