anotherim/src/main/java/eu/siacs/conversations/utils/SSLSocketHelper.java

104 lines
4.1 KiB
Java
Raw Normal View History

package eu.siacs.conversations.utils;
2018-09-27 08:00:58 +00:00
import android.os.Build;
import android.support.annotation.RequiresApi;
import android.util.Log;
2018-09-23 09:20:23 +00:00
import org.conscrypt.Conscrypt;
2018-09-27 08:00:58 +00:00
import java.lang.reflect.Method;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collection;
2018-09-27 08:00:58 +00:00
import java.util.Collections;
import java.util.LinkedList;
2018-09-27 08:00:58 +00:00
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLContext;
2018-09-27 08:00:58 +00:00
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import eu.siacs.conversations.Config;
import eu.siacs.conversations.entities.Account;
public class SSLSocketHelper {
public static void setSecurity(final SSLSocket sslSocket) {
final String[] supportProtocols;
final Collection<String> supportedProtocols = new LinkedList<>(
Arrays.asList(sslSocket.getSupportedProtocols()));
supportedProtocols.remove("SSLv3");
supportProtocols = supportedProtocols.toArray(new String[supportedProtocols.size()]);
sslSocket.setEnabledProtocols(supportProtocols);
final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
sslSocket.getSupportedCipherSuites());
if (cipherSuites.length > 0) {
sslSocket.setEnabledCipherSuites(cipherSuites);
}
}
2018-09-23 09:20:23 +00:00
public static void setHostname(final SSLSocket socket, final String hostname) {
2018-09-27 08:00:58 +00:00
if (Conscrypt.isConscrypt(socket)) {
2018-09-23 09:20:23 +00:00
Conscrypt.setHostname(socket, hostname);
2018-09-27 08:00:58 +00:00
} else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
setHostnameNougat(socket, hostname);
} else {
setHostnameReflection(socket, hostname);
}
}
private static void setHostnameReflection(final SSLSocket socket, final String hostname) {
try {
socket.getClass().getMethod("setHostname", String.class).invoke(socket, hostname);
} catch (Throwable e) {
2018-09-23 09:20:23 +00:00
Log.e(Config.LOGTAG, "unable to set SNI name on socket (" + hostname + ")", e);
}
}
2018-09-27 08:00:58 +00:00
@RequiresApi(api = Build.VERSION_CODES.N)
private static void setHostnameNougat(final SSLSocket socket, final String hostname) {
final SSLParameters parameters = new SSLParameters();
parameters.setServerNames(Collections.singletonList(new SNIHostName(hostname)));
socket.setSSLParameters(parameters);
}
private static void setApplicationProtocolReflection(final SSLSocket socket, final String protocol) {
try {
2018-09-27 08:00:58 +00:00
final Method method = socket.getClass().getMethod("setAlpnProtocols", byte[].class);
// the concatenation of 8-bit, length prefixed protocol names, just one in our case...
// http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04#page-4
final byte[] protocolUTF8Bytes = protocol.getBytes("UTF-8");
final byte[] lengthPrefixedProtocols = new byte[protocolUTF8Bytes.length + 1];
lengthPrefixedProtocols[0] = (byte) protocol.length(); // cannot be over 255 anyhow
System.arraycopy(protocolUTF8Bytes, 0, lengthPrefixedProtocols, 1, protocolUTF8Bytes.length);
method.invoke(socket, new Object[]{lengthPrefixedProtocols});
} catch (Throwable e) {
Log.e(Config.LOGTAG,"unable to set ALPN on socket",e);
}
}
public static void setApplicationProtocol(final SSLSocket socket, final String protocol) {
if (Conscrypt.isConscrypt(socket)) {
2018-09-23 09:20:23 +00:00
Conscrypt.setApplicationProtocols(socket, new String[]{protocol});
2018-09-27 08:00:58 +00:00
} else {
setApplicationProtocolReflection(socket, protocol);
}
}
public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
try {
return SSLContext.getInstance("TLSv1.3");
} catch (NoSuchAlgorithmException e) {
return SSLContext.getInstance("TLSv1.2");
}
}
public static void log(Account account, SSLSocket socket) {
SSLSession session = socket.getSession();
2018-09-23 09:20:23 +00:00
Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": protocol=" + session.getProtocol() + " cipher=" + session.getCipherSuite());
}
}