diff --git a/carapace-server/src/main/java/org/carapaceproxy/core/DisposableChannelListener.java b/carapace-server/src/main/java/org/carapaceproxy/core/DisposableChannelListener.java
index cdcd11d63..7dbd611eb 100644
--- a/carapace-server/src/main/java/org/carapaceproxy/core/DisposableChannelListener.java
+++ b/carapace-server/src/main/java/org/carapaceproxy/core/DisposableChannelListener.java
@@ -114,6 +114,7 @@ public void start() {
SniHandler sni = new SniHandler(sslProviderBuilder.sslContextAsyncMapping()) {
@Override
protected SslHandler newSslHandler(SslContext context, ByteBufAllocator allocator) {
+ LOG.info("ChatGPT: Creating new SslHandler for context: {}", context); // todo ChatGPT
SslHandler handler = super.newSslHandler(context, allocator);
if (runtimeConfiguration.isOcspEnabled() && OpenSsl.isOcspSupported()) {
Certificate cert = (Certificate) context.attributes().attr(AttributeKey.valueOf(OCSP_CERTIFICATE_CHAIN)).get();
@@ -132,6 +133,7 @@ protected SslHandler newSslHandler(SslContext context, ByteBufAllocator allocato
}
};
channel.pipeline().addFirst(sni);
+ LOG.info("ChatGPT: Pipeline after adding SniHandler: {}", channel.pipeline()); // todo ChatGPT
}
})
.doOnConnection(conn -> {
diff --git a/carapace-server/src/main/java/org/carapaceproxy/core/Listeners.java b/carapace-server/src/main/java/org/carapaceproxy/core/Listeners.java
index da3c0fa17..b71e2fbf5 100644
--- a/carapace-server/src/main/java/org/carapaceproxy/core/Listeners.java
+++ b/carapace-server/src/main/java/org/carapaceproxy/core/Listeners.java
@@ -38,7 +38,8 @@
* Collection of listeners waiting for incoming clients requests on the configured HTTP ports.
*
* While the {@link RuntimeServerConfiguration} is actually mutable, this class won't watch it for updates;
- * the caller should request a {@link #reloadConfiguration() reload of the configuration} manually instead.
+ * the caller should instead
+ * request a {@link #reloadConfiguration(RuntimeServerConfiguration) reload of the configuration} manually.
*
* @author enrico.olivelli
*/
@@ -194,16 +195,23 @@ public static SSLCertificateConfiguration chooseCertificate(final RuntimeServerC
}
}
}
- SSLCertificateConfiguration choosen = null;
+ SSLCertificateConfiguration chosen = null;
if (certificateMatchExact != null) {
- choosen = certificateMatchExact;
+ chosen = certificateMatchExact;
} else if (certificateMatchNoExact != null) {
- choosen = certificateMatchNoExact;
+ chosen = certificateMatchNoExact;
}
- if (choosen == null) {
- choosen = certificates.get(defaultCertificate);
+ if (chosen == null) {
+ chosen = certificates.get(defaultCertificate);
}
- return choosen;
+ /* todo ChatGPT */
+ LOG.info("ChatGPT: Resolving SNI for hostname: {}", sniHostname);
+ if (chosen == null) {
+ LOG.error("ChatGPT: No certificate found for SNI hostname: {}", sniHostname);
+ } else {
+ LOG.info("ChatGPT: Using certificate: {}", chosen.getId());
+ }
+ return chosen;
}
private static boolean certificateMatches(String hostname, SSLCertificateConfiguration c, boolean exact) {
diff --git a/carapace-server/src/main/java/org/carapaceproxy/core/ssl/CertificatesUtils.java b/carapace-server/src/main/java/org/carapaceproxy/core/ssl/CertificatesUtils.java
index c1cd8e1ff..9699f9868 100644
--- a/carapace-server/src/main/java/org/carapaceproxy/core/ssl/CertificatesUtils.java
+++ b/carapace-server/src/main/java/org/carapaceproxy/core/ssl/CertificatesUtils.java
@@ -115,9 +115,6 @@ public static Certificate[] readChainFromKeystore(byte[] data) throws GeneralSec
* @throws CertificateException if any of the certificates in the keystore could not be loaded
*/
public static Certificate[] readChainFromKeystore(KeyStore keystore) throws GeneralSecurityException {
- if (keystore == null) {
- return new Certificate[0];
- }
Iterator iter = keystore.aliases().asIterator();
while (iter.hasNext()) {
Certificate[] chain = keystore.getCertificateChain(iter.next());
diff --git a/carapace-server/src/main/java/org/carapaceproxy/core/ssl/SniMapper.java b/carapace-server/src/main/java/org/carapaceproxy/core/ssl/SniMapper.java
index 54348f71c..24f4fbc70 100644
--- a/carapace-server/src/main/java/org/carapaceproxy/core/ssl/SniMapper.java
+++ b/carapace-server/src/main/java/org/carapaceproxy/core/ssl/SniMapper.java
@@ -90,19 +90,26 @@ public SslContext computeContext(final String sniHostname) throws ConfigurationN
}
int port = listenerConfiguration.getPort() + parent.getListenersOffsetPort();
try {
- // Try to find certificate data on db
- byte[] keystoreContent = parent.getDynamicCertificatesManager().getCertificateForDomain(chosen.getId());
- final KeyStore keystore;
- if (keystoreContent != null) {
- LOG.debug("start SSL with dynamic certificate id {}, on listener {}:{}", chosen.getId(), listenerConfiguration.getHost(), port);
- keystore = loadKeyStoreData(keystoreContent, chosen.getPassword());
- } else {
- if (chosen.isDynamic()) { // fallback to default certificate
+ final byte[] keystoreContent;
+ if (chosen.isDynamic()) {
+ // Try to find certificate data on db
+ keystoreContent = parent.getDynamicCertificatesManager().getCertificateForDomain(chosen.getId());
+ if (keystoreContent == null) {
+ // fallback to default certificate
chosen = runtimeConfiguration.getCertificates().get(listenerConfiguration.getDefaultCertificate());
if (chosen == null) {
throw new ConfigurationNotValidException("Unable to boot SSL context for listener " + listenerConfiguration.getHost() + ": no default certificate setup.");
}
}
+ } else {
+ keystoreContent = null;
+ }
+ final KeyStore keystore;
+ if (chosen.isDynamic()) {
+ assert keystoreContent != null;
+ LOG.debug("start SSL with dynamic certificate id {}, on listener {}:{}", chosen.getId(), listenerConfiguration.getHost(), port);
+ keystore = loadKeyStoreData(keystoreContent, chosen.getPassword());
+ } else {
LOG.debug("start SSL with certificate id {}, on listener {}:{} file={}", chosen.getId(), listenerConfiguration.getHost(), port, chosen.getFile());
keystore = loadKeyStoreFromFile(chosen.getFile(), chosen.getPassword(), basePath());
}
diff --git a/carapace-server/src/main/java/org/carapaceproxy/server/config/SSLCertificateConfiguration.java b/carapace-server/src/main/java/org/carapaceproxy/server/config/SSLCertificateConfiguration.java
index c4ad0b79f..ed4c24dc6 100644
--- a/carapace-server/src/main/java/org/carapaceproxy/server/config/SSLCertificateConfiguration.java
+++ b/carapace-server/src/main/java/org/carapaceproxy/server/config/SSLCertificateConfiguration.java
@@ -38,7 +38,7 @@
@Data
public class SSLCertificateConfiguration {
- public static enum CertificateMode {
+ public enum CertificateMode {
STATIC, ACME, MANUAL
}
diff --git a/carapace-server/src/test/java/org/carapaceproxy/ApplyConfigurationTest.java b/carapace-server/src/test/java/org/carapaceproxy/ApplyConfigurationTest.java
index eb4c10e4c..c1d546bdb 100644
--- a/carapace-server/src/test/java/org/carapaceproxy/ApplyConfigurationTest.java
+++ b/carapace-server/src/test/java/org/carapaceproxy/ApplyConfigurationTest.java
@@ -390,6 +390,7 @@ private Properties propsWithMapperAndCertificate(final String defaultCertificate
configuration.put("certificate.1.hostname", "*");
configuration.put("certificate.1.file", defaultCertificate);
configuration.put("certificate.1.password", "changeit");
+ configuration.put("certificate.1.mode", "static");
configuration.putAll(props);
return configuration;
}