test(server): fix ApplyConfigurationTest.java

carapace-server/src/main/java/org/carapaceproxy/core/DisposableChannelListener.java

@@ -114,6 +114,7 @@ public void start() {
                         SniHandler sni = new SniHandler(sslProviderBuilder.sslContextAsyncMapping()) {
                             @Override
                             protected SslHandler newSslHandler(SslContext context, ByteBufAllocator allocator) {
+                                LOG.info("ChatGPT: Creating new SslHandler for context: {}", context); // todo ChatGPT
                                 SslHandler handler = super.newSslHandler(context, allocator);
                                 if (runtimeConfiguration.isOcspEnabled() && OpenSsl.isOcspSupported()) {
                                     Certificate cert = (Certificate) context.attributes().attr(AttributeKey.valueOf(OCSP_CERTIFICATE_CHAIN)).get();
@@ -132,6 +133,7 @@ protected SslHandler newSslHandler(SslContext context, ByteBufAllocator allocato
                             }
                         };
                         channel.pipeline().addFirst(sni);
+                        LOG.info("ChatGPT: Pipeline after adding SniHandler: {}", channel.pipeline()); // todo ChatGPT
                     }
                 })
                 .doOnConnection(conn -> {

carapace-server/src/main/java/org/carapaceproxy/core/Listeners.java

@@ -38,7 +38,8 @@
  * Collection of listeners waiting for incoming clients requests on the configured HTTP ports.
  * <br>
  * While the {@link RuntimeServerConfiguration} is actually <i>mutable</i>, this class won't watch it for updates;
- * the caller should request a {@link #reloadConfiguration() reload of the configuration} manually instead.
+ * the caller should instead
+ * request a {@link #reloadConfiguration(RuntimeServerConfiguration) reload of the configuration} manually.
  *
  * @author enrico.olivelli
  */
@@ -194,16 +195,23 @@ public static SSLCertificateConfiguration chooseCertificate(final RuntimeServerC
                 }
             }
         }
-        SSLCertificateConfiguration choosen = null;
+        SSLCertificateConfiguration chosen = null;
         if (certificateMatchExact != null) {
-            choosen = certificateMatchExact;
+            chosen = certificateMatchExact;
         } else if (certificateMatchNoExact != null) {
-            choosen = certificateMatchNoExact;
+            chosen = certificateMatchNoExact;
         }
-        if (choosen == null) {
-            choosen = certificates.get(defaultCertificate);
+        if (chosen == null) {
+            chosen = certificates.get(defaultCertificate);
         }
-        return choosen;
+        /* todo ChatGPT */
+        LOG.info("ChatGPT: Resolving SNI for hostname: {}", sniHostname);
+        if (chosen == null) {
+            LOG.error("ChatGPT: No certificate found for SNI hostname: {}", sniHostname);
+        } else {
+            LOG.info("ChatGPT: Using certificate: {}", chosen.getId());
+        }
+        return chosen;
     }
 
     private static boolean certificateMatches(String hostname, SSLCertificateConfiguration c, boolean exact) {

carapace-server/src/main/java/org/carapaceproxy/core/ssl/CertificatesUtils.java

@@ -115,9 +115,6 @@ public static Certificate[] readChainFromKeystore(byte[] data) throws GeneralSec
      * @throws CertificateException     if any of the certificates in the keystore could not be loaded
      */
     public static Certificate[] readChainFromKeystore(KeyStore keystore) throws GeneralSecurityException {
-        if (keystore == null) {
-            return new Certificate[0];
-        }
         Iterator<String> iter = keystore.aliases().asIterator();
         while (iter.hasNext()) {
             Certificate[] chain = keystore.getCertificateChain(iter.next());

carapace-server/src/main/java/org/carapaceproxy/core/ssl/SniMapper.java

@@ -90,19 +90,26 @@ public SslContext computeContext(final String sniHostname) throws ConfigurationN
                 }
                 int port = listenerConfiguration.getPort() + parent.getListenersOffsetPort();
                 try {
-                    // Try to find certificate data on db
-                    byte[] keystoreContent = parent.getDynamicCertificatesManager().getCertificateForDomain(chosen.getId());
-                    final KeyStore keystore;
-                    if (keystoreContent != null) {
-                        LOG.debug("start SSL with dynamic certificate id {}, on listener {}:{}", chosen.getId(), listenerConfiguration.getHost(), port);
-                        keystore = loadKeyStoreData(keystoreContent, chosen.getPassword());
-                    } else {
-                        if (chosen.isDynamic()) { // fallback to default certificate
+                    final byte[] keystoreContent;
+                    if (chosen.isDynamic()) {
+                        // Try to find certificate data on db
+                        keystoreContent = parent.getDynamicCertificatesManager().getCertificateForDomain(chosen.getId());
+                        if (keystoreContent == null) {
+                            // fallback to default certificate
                             chosen = runtimeConfiguration.getCertificates().get(listenerConfiguration.getDefaultCertificate());
                             if (chosen == null) {
                                 throw new ConfigurationNotValidException("Unable to boot SSL context for listener " + listenerConfiguration.getHost() + ": no default certificate setup.");
                             }
                         }
+                    } else {
+                        keystoreContent = null;
+                    }
+                    final KeyStore keystore;
+                    if (chosen.isDynamic()) {
+                        assert keystoreContent != null;
+                        LOG.debug("start SSL with dynamic certificate id {}, on listener {}:{}", chosen.getId(), listenerConfiguration.getHost(), port);
+                        keystore = loadKeyStoreData(keystoreContent, chosen.getPassword());
+                    } else {
                         LOG.debug("start SSL with certificate id {}, on listener {}:{} file={}", chosen.getId(), listenerConfiguration.getHost(), port, chosen.getFile());
                         keystore = loadKeyStoreFromFile(chosen.getFile(), chosen.getPassword(), basePath());
                     }

carapace-server/src/main/java/org/carapaceproxy/server/config/SSLCertificateConfiguration.java

@@ -38,7 +38,7 @@
 @Data
 public class SSLCertificateConfiguration {
 
-    public static enum CertificateMode {
+    public enum CertificateMode {
         STATIC, ACME, MANUAL
     }
 

carapace-server/src/test/java/org/carapaceproxy/ApplyConfigurationTest.java

@@ -390,6 +390,7 @@ private Properties propsWithMapperAndCertificate(final String defaultCertificate
         configuration.put("certificate.1.hostname", "*");
         configuration.put("certificate.1.file", defaultCertificate);
         configuration.put("certificate.1.password", "changeit");
+        configuration.put("certificate.1.mode", "static");
         configuration.putAll(props);
         return configuration;
     }