introduced custom tls socket factory to make tls1.2 work for http connections
This commit is contained in:
Daniel Gultsch
parent
b71aa6d3a4
commit
64e8035f6d
|
|
@ -24,6 +24,7 @@ import eu.siacs.conversations.services.AbstractConnectionManager;
|
||||||
import eu.siacs.conversations.services.XmppConnectionService;
|
import eu.siacs.conversations.services.XmppConnectionService;
|
||||||
import eu.siacs.conversations.utils.CryptoHelper;
|
import eu.siacs.conversations.utils.CryptoHelper;
|
||||||
import eu.siacs.conversations.utils.SSLSocketHelper;
|
import eu.siacs.conversations.utils.SSLSocketHelper;
|
||||||
|
import eu.siacs.conversations.utils.TLSSocketFactory;
|
||||||
|
|
||||||
public class HttpConnectionManager extends AbstractConnectionManager {
|
public class HttpConnectionManager extends AbstractConnectionManager {
|
||||||
|
|
||||||
|
|
@ -77,18 +78,7 @@ public class HttpConnectionManager extends AbstractConnectionManager {
|
||||||
new StrictHostnameVerifier());
|
new StrictHostnameVerifier());
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
final SSLContext sc = SSLSocketHelper.getSSLContext();
|
final SSLSocketFactory sf = new TLSSocketFactory(new X509TrustManager[]{trustManager}, mXmppConnectionService.getRNG());
|
||||||
sc.init(null, new X509TrustManager[]{trustManager},
|
|
||||||
mXmppConnectionService.getRNG());
|
|
||||||
|
|
||||||
final SSLSocketFactory sf = sc.getSocketFactory();
|
|
||||||
final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
|
|
||||||
sf.getSupportedCipherSuites());
|
|
||||||
if (cipherSuites.length > 0) {
|
|
||||||
sc.getDefaultSSLParameters().setCipherSuites(cipherSuites);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
connection.setSSLSocketFactory(sf);
|
connection.setSSLSocketFactory(sf);
|
||||||
connection.setHostnameVerifier(hostnameVerifier);
|
connection.setHostnameVerifier(hostnameVerifier);
|
||||||
} catch (final KeyManagementException | NoSuchAlgorithmException ignored) {
|
} catch (final KeyManagementException | NoSuchAlgorithmException ignored) {
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,69 @@
|
||||||
|
package eu.siacs.conversations.utils;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.net.InetAddress;
|
||||||
|
import java.net.Socket;
|
||||||
|
import java.security.KeyManagementException;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.SecureRandom;
|
||||||
|
import javax.net.ssl.SSLContext;
|
||||||
|
import javax.net.ssl.SSLSocket;
|
||||||
|
import javax.net.ssl.SSLSocketFactory;
|
||||||
|
import javax.net.ssl.X509TrustManager;
|
||||||
|
|
||||||
|
public class TLSSocketFactory extends SSLSocketFactory {
|
||||||
|
|
||||||
|
private final SSLSocketFactory internalSSLSocketFactory;
|
||||||
|
|
||||||
|
public TLSSocketFactory(X509TrustManager[] trustManager, SecureRandom random) throws KeyManagementException, NoSuchAlgorithmException {
|
||||||
|
SSLContext context = SSLContext.getInstance("TLS");
|
||||||
|
context.init(null, trustManager, random);
|
||||||
|
this.internalSSLSocketFactory = context.getSocketFactory();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String[] getDefaultCipherSuites() {
|
||||||
|
return CryptoHelper.getOrderedCipherSuites(internalSSLSocketFactory.getDefaultCipherSuites());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String[] getSupportedCipherSuites() {
|
||||||
|
return internalSSLSocketFactory.getSupportedCipherSuites();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
|
||||||
|
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, port, autoClose));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Socket createSocket(String host, int port) throws IOException {
|
||||||
|
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
|
||||||
|
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port, localHost, localPort));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Socket createSocket(InetAddress host, int port) throws IOException {
|
||||||
|
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
|
||||||
|
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort));
|
||||||
|
}
|
||||||
|
|
||||||
|
private static Socket enableTLSOnSocket(Socket socket) {
|
||||||
|
if(socket != null && (socket instanceof SSLSocket)) {
|
||||||
|
try {
|
||||||
|
SSLSocketHelper.setSecurity((SSLSocket) socket);
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
//ignoring
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return socket;
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue