diff options
| author | Christian Schneppe <christian@pix-art.de> | 2018-10-01 10:59:54 +0200 |
|---|---|---|
| committer | Christian Schneppe <christian@pix-art.de> | 2018-10-01 10:59:54 +0200 |
| commit | c0b51141a76b23f05e809d133fdf627b3b4c09bb (patch) | |
| tree | 11c81c5827c04f580e04bf12173f55a1c893fe75 /src/main/java/de/pixart/messenger/utils | |
| parent | 959157306d0abfc9a7d88112978cae827c6095e2 (diff) | |
use conscrypt as security provider to provide tls 1.3 and modern cyphers on old androids
Diffstat (limited to 'src/main/java/de/pixart/messenger/utils')
| -rw-r--r-- | src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java | 29 | ||||
| -rw-r--r-- | src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java | 20 |
2 files changed, 22 insertions, 27 deletions
diff --git a/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java b/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java index ad3629354..f0d1c00ec 100644 --- a/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java +++ b/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java @@ -1,6 +1,6 @@ package de.pixart.messenger.utils; -import android.os.Build; +import android.util.Log; import java.lang.reflect.Method; import java.security.NoSuchAlgorithmException; @@ -9,12 +9,16 @@ import java.util.Collection; import java.util.LinkedList; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; +import de.pixart.messenger.Config; +import de.pixart.messenger.entities.Account; + public class SSLSocketHelper { - public static void setSecurity(final SSLSocket sslSocket) throws NoSuchAlgorithmException { + public static void setSecurity(final SSLSocket sslSocket) { final String[] supportProtocols; final Collection<String> supportedProtocols = new LinkedList<>( Arrays.asList(sslSocket.getSupportedProtocols())); @@ -31,14 +35,8 @@ public class SSLSocketHelper { } public static void setSNIHost(final SSLSocketFactory factory, final SSLSocket socket, final String hostname) { - if (factory instanceof android.net.SSLCertificateSocketFactory && android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.JELLY_BEAN_MR1) { + if (factory instanceof android.net.SSLCertificateSocketFactory) { ((android.net.SSLCertificateSocketFactory) factory).setHostname(socket, hostname); - } else { - try { - socket.getClass().getMethod("setHostname", String.class).invoke(socket, hostname); - } catch (Throwable e) { - // ignore any error, we just can't set the hostname... - } } } @@ -64,10 +62,11 @@ public class SSLSocketHelper { } public static SSLContext getSSLContext() throws NoSuchAlgorithmException { - if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) { - return SSLContext.getInstance("TLSv1.2"); - } else { - return SSLContext.getInstance("TLS"); - } + return SSLContext.getInstance("TLSv1.3"); + } + + public static void log(Account account, SSLSocket socket) { + SSLSession session = socket.getSession(); + Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": protocol=" + session.getProtocol() + " cipher=" + session.getCipherSuite()); } -} +}
\ No newline at end of file diff --git a/src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java b/src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java index cfefbd93d..84b361dea 100644 --- a/src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java +++ b/src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java @@ -17,11 +17,18 @@ public class TLSSocketFactory extends SSLSocketFactory { private final SSLSocketFactory internalSSLSocketFactory; public TLSSocketFactory(X509TrustManager[] trustManager, SecureRandom random) throws KeyManagementException, NoSuchAlgorithmException { - SSLContext context = SSLContext.getInstance("TLS"); + SSLContext context = SSLSocketHelper.getSSLContext(); context.init(null, trustManager, random); this.internalSSLSocketFactory = context.getSocketFactory(); } + private static Socket enableTLSOnSocket(Socket socket) { + if (socket != null && (socket instanceof SSLSocket)) { + SSLSocketHelper.setSecurity((SSLSocket) socket); + } + return socket; + } + @Override public String[] getDefaultCipherSuites() { return CryptoHelper.getOrderedCipherSuites(internalSSLSocketFactory.getDefaultCipherSuites()); @@ -56,15 +63,4 @@ public class TLSSocketFactory extends SSLSocketFactory { public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort)); } - - private static Socket enableTLSOnSocket(Socket socket) { - if(socket != null && (socket instanceof SSLSocket)) { - try { - SSLSocketHelper.setSecurity((SSLSocket) socket); - } catch (NoSuchAlgorithmException e) { - //ignoring - } - } - return socket; - } }
\ No newline at end of file |