There is not validation for 'host-context-map' property values on key side. There is validation for the values that represents 'server-ssl-contexts', although, there is no validation for host matching part. E.g. writing attribute of this value is possible:
even though, these are invalid host name matchers IMHO. It would be nice to identify these and report those to user immediately during the configuration attempt.