aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/de
diff options
context:
space:
mode:
authorChristian Schneppe <christian@pix-art.de>2018-10-01 10:59:54 +0200
committerChristian Schneppe <christian@pix-art.de>2018-10-01 10:59:54 +0200
commitc0b51141a76b23f05e809d133fdf627b3b4c09bb (patch)
tree11c81c5827c04f580e04bf12173f55a1c893fe75 /src/main/java/de
parent959157306d0abfc9a7d88112978cae827c6095e2 (diff)
use conscrypt as security provider to provide tls 1.3 and modern cyphers on old androids
Diffstat (limited to 'src/main/java/de')
-rw-r--r--src/main/java/de/pixart/messenger/services/XmppConnectionService.java5
-rw-r--r--src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java29
-rw-r--r--src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java20
-rw-r--r--src/main/java/de/pixart/messenger/xmpp/XmppConnection.java4
4 files changed, 29 insertions, 29 deletions
diff --git a/src/main/java/de/pixart/messenger/services/XmppConnectionService.java b/src/main/java/de/pixart/messenger/services/XmppConnectionService.java
index 132ede7b6..93b9fc3aa 100644
--- a/src/main/java/de/pixart/messenger/services/XmppConnectionService.java
+++ b/src/main/java/de/pixart/messenger/services/XmppConnectionService.java
@@ -47,12 +47,14 @@ import net.java.otr4j.session.SessionID;
import net.java.otr4j.session.SessionImpl;
import net.java.otr4j.session.SessionStatus;
+import org.conscrypt.Conscrypt;
import org.openintents.openpgp.IOpenPgpService2;
import org.openintents.openpgp.util.OpenPgpApi;
import org.openintents.openpgp.util.OpenPgpServiceConnection;
import java.net.URL;
import java.security.SecureRandom;
+import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
@@ -125,7 +127,6 @@ import de.pixart.messenger.utils.ExceptionHelper;
import de.pixart.messenger.utils.MimeUtils;
import de.pixart.messenger.utils.Namespace;
import de.pixart.messenger.utils.OnPhoneContactsLoadedListener;
-import de.pixart.messenger.utils.PRNGFixes;
import de.pixart.messenger.utils.PhoneHelper;
import de.pixart.messenger.utils.QuickLoader;
import de.pixart.messenger.utils.ReplacingSerialSingleThreadExecutor;
@@ -1100,7 +1101,7 @@ public class XmppConnectionService extends Service {
public void onCreate() {
OmemoSetting.load(this);
ExceptionHelper.init(getApplicationContext());
- PRNGFixes.apply();
+ Security.insertProviderAt(Conscrypt.newProvider(), 1);
Resolver.init(this);
this.mRandom = new SecureRandom();
updateMemorizingTrustmanager();
diff --git a/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java b/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java
index ad3629354..f0d1c00ec 100644
--- a/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java
+++ b/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java
@@ -1,6 +1,6 @@
package de.pixart.messenger.utils;
-import android.os.Build;
+import android.util.Log;
import java.lang.reflect.Method;
import java.security.NoSuchAlgorithmException;
@@ -9,12 +9,16 @@ import java.util.Collection;
import java.util.LinkedList;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
+import de.pixart.messenger.Config;
+import de.pixart.messenger.entities.Account;
+
public class SSLSocketHelper {
- public static void setSecurity(final SSLSocket sslSocket) throws NoSuchAlgorithmException {
+ public static void setSecurity(final SSLSocket sslSocket) {
final String[] supportProtocols;
final Collection<String> supportedProtocols = new LinkedList<>(
Arrays.asList(sslSocket.getSupportedProtocols()));
@@ -31,14 +35,8 @@ public class SSLSocketHelper {
}
public static void setSNIHost(final SSLSocketFactory factory, final SSLSocket socket, final String hostname) {
- if (factory instanceof android.net.SSLCertificateSocketFactory && android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.JELLY_BEAN_MR1) {
+ if (factory instanceof android.net.SSLCertificateSocketFactory) {
((android.net.SSLCertificateSocketFactory) factory).setHostname(socket, hostname);
- } else {
- try {
- socket.getClass().getMethod("setHostname", String.class).invoke(socket, hostname);
- } catch (Throwable e) {
- // ignore any error, we just can't set the hostname...
- }
}
}
@@ -64,10 +62,11 @@ public class SSLSocketHelper {
}
public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
- if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {
- return SSLContext.getInstance("TLSv1.2");
- } else {
- return SSLContext.getInstance("TLS");
- }
+ return SSLContext.getInstance("TLSv1.3");
+ }
+
+ public static void log(Account account, SSLSocket socket) {
+ SSLSession session = socket.getSession();
+ Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": protocol=" + session.getProtocol() + " cipher=" + session.getCipherSuite());
}
-}
+} \ No newline at end of file
diff --git a/src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java b/src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java
index cfefbd93d..84b361dea 100644
--- a/src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java
+++ b/src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java
@@ -17,11 +17,18 @@ public class TLSSocketFactory extends SSLSocketFactory {
private final SSLSocketFactory internalSSLSocketFactory;
public TLSSocketFactory(X509TrustManager[] trustManager, SecureRandom random) throws KeyManagementException, NoSuchAlgorithmException {
- SSLContext context = SSLContext.getInstance("TLS");
+ SSLContext context = SSLSocketHelper.getSSLContext();
context.init(null, trustManager, random);
this.internalSSLSocketFactory = context.getSocketFactory();
}
+ private static Socket enableTLSOnSocket(Socket socket) {
+ if (socket != null && (socket instanceof SSLSocket)) {
+ SSLSocketHelper.setSecurity((SSLSocket) socket);
+ }
+ return socket;
+ }
+
@Override
public String[] getDefaultCipherSuites() {
return CryptoHelper.getOrderedCipherSuites(internalSSLSocketFactory.getDefaultCipherSuites());
@@ -56,15 +63,4 @@ public class TLSSocketFactory extends SSLSocketFactory {
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort));
}
-
- private static Socket enableTLSOnSocket(Socket socket) {
- if(socket != null && (socket instanceof SSLSocket)) {
- try {
- SSLSocketHelper.setSecurity((SSLSocket) socket);
- } catch (NoSuchAlgorithmException e) {
- //ignoring
- }
- }
- return socket;
- }
} \ No newline at end of file
diff --git a/src/main/java/de/pixart/messenger/xmpp/XmppConnection.java b/src/main/java/de/pixart/messenger/xmpp/XmppConnection.java
index cbfdbc365..aee945d21 100644
--- a/src/main/java/de/pixart/messenger/xmpp/XmppConnection.java
+++ b/src/main/java/de/pixart/messenger/xmpp/XmppConnection.java
@@ -482,6 +482,9 @@ public class XmppConnection implements Runnable {
if (Thread.currentThread().isInterrupted()) {
throw new InterruptedException();
}
+ if (socket instanceof SSLSocket) {
+ SSLSocketHelper.log(account, (SSLSocket) socket);
+ }
return tag != null && tag.isStart("stream");
}
@@ -881,6 +884,7 @@ public class XmppConnection implements Runnable {
features.encryptionEnabled = true;
final Tag tag = tagReader.readTag();
if (tag != null && tag.isStart("stream")) {
+ SSLSocketHelper.log(account, sslSocket);
processStream();
} else {
throw new IOException("server didn't restart stream after STARTTLS");