fixed sni and alpn for kitkat

1 files changed, 43 insertions, 5 deletions

diff --git a/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java b/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java
index 966ee1357..5a1e97551 100644
--- a/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java
+++ b/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java
@@ -1,15 +1,21 @@
 package de.pixart.messenger.utils;
 
+import android.os.Build;
+import android.support.annotation.RequiresApi;
 import android.util.Log;
 
 import org.conscrypt.Conscrypt;
 
+import java.lang.reflect.Method;
 import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.LinkedList;
 
+import javax.net.ssl.SNIHostName;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
 
@@ -35,22 +41,54 @@ public class SSLSocketHelper {
     }
 
     public static void setHostname(final SSLSocket socket, final String hostname) {
-        try {
+        if (Conscrypt.isConscrypt(socket)) {
             Conscrypt.setHostname(socket, hostname);
-        } catch (IllegalArgumentException e) {
+        } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
+            setHostnameNougat(socket, hostname);
+        } else {
+            setHostnameReflection(socket, hostname);
+        }
+    }
+
+    private static void setHostnameReflection(final SSLSocket socket, final String hostname) {
+        try {
+            socket.getClass().getMethod("setHostname", String.class).invoke(socket, hostname);
+        } catch (Throwable e) {
             Log.e(Config.LOGTAG, "unable to set SNI name on socket (" + hostname + ")", e);
         }
     }
 
 
-    public static void setApplicationProtocol(final SSLSocket socket, final String protocol) {
+    @RequiresApi(api = Build.VERSION_CODES.N)
+    private static void setHostnameNougat(final SSLSocket socket, final String hostname) {
+        final SSLParameters parameters = new SSLParameters();
+        parameters.setServerNames(Collections.singletonList(new SNIHostName(hostname)));
+        socket.setSSLParameters(parameters);
+    }
+
+    private static void setApplicationProtocolReflection(final SSLSocket socket, final String protocol) {
         try {
-            Conscrypt.setApplicationProtocols(socket, new String[]{protocol});
-        } catch (IllegalArgumentException e) {
+            final Method method = socket.getClass().getMethod("setAlpnProtocols", byte[].class);
+            // the concatenation of 8-bit, length prefixed protocol names, just one in our case...
+            // http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04#page-4
+            final byte[] protocolUTF8Bytes = protocol.getBytes("UTF-8");
+            final byte[] lengthPrefixedProtocols = new byte[protocolUTF8Bytes.length + 1];
+            lengthPrefixedProtocols[0] = (byte) protocol.length(); // cannot be over 255 anyhow
+            System.arraycopy(protocolUTF8Bytes, 0, lengthPrefixedProtocols, 1, protocolUTF8Bytes.length);
+            method.invoke(socket, new Object[]{lengthPrefixedProtocols});
+        } catch (Throwable e) {
             Log.e(Config.LOGTAG, "unable to set ALPN on socket", e);
         }
     }
 
+    public static void setApplicationProtocol(final SSLSocket socket, final String protocol) {
+        if (Conscrypt.isConscrypt(socket)) {
+            Conscrypt.setApplicationProtocols(socket, new String[]{protocol});
+        } else {
+            setApplicationProtocolReflection(socket, protocol);
+        }
+    }
+
     public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
         return SSLContext.getInstance("TLSv1.3");
     }