I want to get the domain name in java before I determine which certificate I will use to send back. How can I achieve that?
Do I need to analyze the bytes somehow myself? or is there a library for this? or can some java SSL lib do it?
related post Extract Server Name Indication (SNI) from TLS client hello
but I am hoping to just use java library to get the host name.
You don't need it before using the
SSLEngine.
You need it in your customKeyManager
implementation, in thechooseServerAlias()
method. You will need to discover the domain name by one of the techniques listed below, then create yourX509KeyManager
implementation, configured appropriately so as to return the appropriate keystore alias, then construct anSSLContext,
initialize it with yourKeyManager
, then construct yourSSLEngine.
During the handshake the engine will call your key manager.SNI. If the client supports SNI you can get the domain name from the initial
ClientHello
message as shown in your link. You will need to restore theByteBuffer
to its prior state after parsing it so that theSSLEngine
can also parse it.Otherwise you're relying on the IP addresses of each domain being different. You must already have a
SocketChannel,
so you already know the target address of the connection, i.e. the address the client used to connect to you, viaSocketChannel.getLocalAddress()
, so all you can do is map the domain name from that, if your domains have different IP addresses.