aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/eu/siacs/conversations/utils/SSLSocketHelper.java
blob: 3a8c1c0aaa59533b2e4c303789d85c29e5fbeb54 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
package eu.siacs.conversations.utils;

import android.os.Build;

import java.lang.reflect.Method;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collection;
import java.util.LinkedList;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

public class SSLSocketHelper {

	public static void setSecurity(final SSLSocket sslSocket) throws NoSuchAlgorithmException {
		final String[] supportProtocols;
		final Collection<String> supportedProtocols = new LinkedList<>(
				Arrays.asList(sslSocket.getSupportedProtocols()));
		supportedProtocols.remove("SSLv3");
		supportProtocols = supportedProtocols.toArray(new String[supportedProtocols.size()]);

		sslSocket.setEnabledProtocols(supportProtocols);

		final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
				sslSocket.getSupportedCipherSuites());
		if (cipherSuites.length > 0) {
			sslSocket.setEnabledCipherSuites(cipherSuites);
		}
	}

	public static void setSNIHost(final SSLSocketFactory factory, final SSLSocket socket, final String hostname) {
		if (factory instanceof android.net.SSLCertificateSocketFactory && android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.JELLY_BEAN_MR1) {
			((android.net.SSLCertificateSocketFactory) factory).setHostname(socket, hostname);
		} else {
			try {
				socket.getClass().getMethod("setHostname", String.class).invoke(socket, hostname);
			} catch (Throwable e) {
				// ignore any error, we just can't set the hostname...
			}
		}
	}

	public static void setAlpnProtocol(final SSLSocketFactory factory, final SSLSocket socket, final String protocol) {
		try {
			if (factory instanceof android.net.SSLCertificateSocketFactory && android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.KITKAT) {
				// can't call directly because of @hide?
				//((android.net.SSLCertificateSocketFactory)factory).setAlpnProtocols(new byte[][]{protocol.getBytes("UTF-8")});
				android.net.SSLCertificateSocketFactory.class.getMethod("setAlpnProtocols", byte[][].class).invoke(socket, new Object[]{new byte[][]{protocol.getBytes("UTF-8")}});
			} else {
				final Method method = socket.getClass().getMethod("setAlpnProtocols", byte[].class);
				// the concatenation of 8-bit, length prefixed protocol names, just one in our case...
				// http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04#page-4
				final byte[] protocolUTF8Bytes = protocol.getBytes("UTF-8");
				final byte[] lengthPrefixedProtocols = new byte[protocolUTF8Bytes.length + 1];
				lengthPrefixedProtocols[0] = (byte) protocol.length(); // cannot be over 255 anyhow
				System.arraycopy(protocolUTF8Bytes, 0, lengthPrefixedProtocols, 1, protocolUTF8Bytes.length);
				method.invoke(socket, new Object[]{lengthPrefixedProtocols});
			}
		} catch (Throwable e) {
			// ignore any error, we just can't set the alpn protocol...
		}
	}

	public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
		if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {
			return SSLContext.getInstance("TLSv1.2");
		} else {
			return SSLContext.getInstance("TLS");
		}
	}
}