aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/de/pixart/messenger
diff options
context:
space:
mode:
authorChristian Schneppe <christian@pix-art.de>2016-11-20 17:44:53 +0100
committerChristian Schneppe <christian@pix-art.de>2016-11-20 17:44:53 +0100
commitb8f0b3c3a94b094de134d4092d566687d93498b0 (patch)
tree407e35eec816b8db083e920c8e173bd2a4f29657 /src/main/java/de/pixart/messenger
parent1cf0241aed94015f5c5fc523b756cbbd5a797de7 (diff)
introduced custom tls socket factory to make tls1.2 work for http connections
Diffstat (limited to 'src/main/java/de/pixart/messenger')
-rw-r--r--src/main/java/de/pixart/messenger/http/HttpConnectionManager.java17
-rw-r--r--src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java70
2 files changed, 72 insertions, 15 deletions
diff --git a/src/main/java/de/pixart/messenger/http/HttpConnectionManager.java b/src/main/java/de/pixart/messenger/http/HttpConnectionManager.java
index a03e36991..c6f1d02ec 100644
--- a/src/main/java/de/pixart/messenger/http/HttpConnectionManager.java
+++ b/src/main/java/de/pixart/messenger/http/HttpConnectionManager.java
@@ -13,15 +13,13 @@ import java.util.concurrent.CopyOnWriteArrayList;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;
import de.pixart.messenger.entities.Message;
import de.pixart.messenger.services.AbstractConnectionManager;
import de.pixart.messenger.services.XmppConnectionService;
-import de.pixart.messenger.utils.CryptoHelper;
-import de.pixart.messenger.utils.SSLSocketHelper;
+import de.pixart.messenger.utils.TLSSocketFactory;
public class HttpConnectionManager extends AbstractConnectionManager {
@@ -75,18 +73,7 @@ public class HttpConnectionManager extends AbstractConnectionManager {
new StrictHostnameVerifier());
}
try {
- final SSLContext sc = SSLSocketHelper.getSSLContext();
- sc.init(null, new X509TrustManager[]{trustManager},
- mXmppConnectionService.getRNG());
-
- final SSLSocketFactory sf = sc.getSocketFactory();
- final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
- sf.getSupportedCipherSuites());
- if (cipherSuites.length > 0) {
- sc.getDefaultSSLParameters().setCipherSuites(cipherSuites);
-
- }
-
+ final SSLSocketFactory sf = new TLSSocketFactory(new X509TrustManager[]{trustManager}, mXmppConnectionService.getRNG());
connection.setSSLSocketFactory(sf);
connection.setHostnameVerifier(hostnameVerifier);
} catch (final KeyManagementException | NoSuchAlgorithmException ignored) {
diff --git a/src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java b/src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java
new file mode 100644
index 000000000..cfefbd93d
--- /dev/null
+++ b/src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java
@@ -0,0 +1,70 @@
+package de.pixart.messenger.utils;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.X509TrustManager;
+
+public class TLSSocketFactory extends SSLSocketFactory {
+
+ private final SSLSocketFactory internalSSLSocketFactory;
+
+ public TLSSocketFactory(X509TrustManager[] trustManager, SecureRandom random) throws KeyManagementException, NoSuchAlgorithmException {
+ SSLContext context = SSLContext.getInstance("TLS");
+ context.init(null, trustManager, random);
+ this.internalSSLSocketFactory = context.getSocketFactory();
+ }
+
+ @Override
+ public String[] getDefaultCipherSuites() {
+ return CryptoHelper.getOrderedCipherSuites(internalSSLSocketFactory.getDefaultCipherSuites());
+ }
+
+ @Override
+ public String[] getSupportedCipherSuites() {
+ return internalSSLSocketFactory.getSupportedCipherSuites();
+ }
+
+ @Override
+ public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
+ return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, port, autoClose));
+ }
+
+ @Override
+ public Socket createSocket(String host, int port) throws IOException {
+ return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
+ }
+
+ @Override
+ public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
+ return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port, localHost, localPort));
+ }
+
+ @Override
+ public Socket createSocket(InetAddress host, int port) throws IOException {
+ return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
+ }
+
+ @Override
+ public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
+ return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort));
+ }
+
+ private static Socket enableTLSOnSocket(Socket socket) {
+ if(socket != null && (socket instanceof SSLSocket)) {
+ try {
+ SSLSocketHelper.setSecurity((SSLSocket) socket);
+ } catch (NoSuchAlgorithmException e) {
+ //ignoring
+ }
+ }
+ return socket;
+ }
+} \ No newline at end of file