From e1738faaddf2ae3a10ed14b8356db3f46053d303 Mon Sep 17 00:00:00 2001 From: Christian Schneppe Date: Mon, 1 Oct 2018 11:03:15 +0200 Subject: use conscrypt api to set sni and alpn --- .../de/pixart/messenger/utils/SSLSocketHelper.java | 41 ++++++---------------- 1 file changed, 10 insertions(+), 31 deletions(-) (limited to 'src/main/java/de/pixart/messenger/utils') diff --git a/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java b/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java index 1e2b58d27..966ee1357 100644 --- a/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java +++ b/src/main/java/de/pixart/messenger/utils/SSLSocketHelper.java @@ -1,19 +1,15 @@ package de.pixart.messenger.utils; -import android.os.Build; -import android.support.annotation.RequiresApi; import android.util.Log; -import java.lang.reflect.Method; +import org.conscrypt.Conscrypt; + import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.Collection; -import java.util.Collections; import java.util.LinkedList; -import javax.net.ssl.SNIHostName; import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; @@ -38,36 +34,19 @@ public class SSLSocketHelper { } } - public static void setSNIHost(final SSLSocket socket, final String hostname) { - if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) { - setSNIHostNougat(socket, hostname); - } else { - try { - socket.getClass().getMethod("setHostname", String.class).invoke(socket, hostname); - } catch (Throwable e) { - Log.e(Config.LOGTAG, "unable to set SNI name on socket (" + hostname + ")", e); - } + public static void setHostname(final SSLSocket socket, final String hostname) { + try { + Conscrypt.setHostname(socket, hostname); + } catch (IllegalArgumentException e) { + Log.e(Config.LOGTAG, "unable to set SNI name on socket (" + hostname + ")", e); } } - @RequiresApi(api = Build.VERSION_CODES.N) - private static void setSNIHostNougat(final SSLSocket socket, final String hostname) { - final SSLParameters parameters = new SSLParameters(); - parameters.setServerNames(Collections.singletonList(new SNIHostName(hostname))); - socket.setSSLParameters(parameters); - } - public static void setAlpnProtocol(final SSLSocket socket, final String protocol) { + public static void setApplicationProtocol(final SSLSocket socket, final String protocol) { try { - final Method method = socket.getClass().getMethod("setAlpnProtocols", byte[].class); - // the concatenation of 8-bit, length prefixed protocol names, just one in our case... - // http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04#page-4 - final byte[] protocolUTF8Bytes = protocol.getBytes("UTF-8"); - final byte[] lengthPrefixedProtocols = new byte[protocolUTF8Bytes.length + 1]; - lengthPrefixedProtocols[0] = (byte) protocol.length(); // cannot be over 255 anyhow - System.arraycopy(protocolUTF8Bytes, 0, lengthPrefixedProtocols, 1, protocolUTF8Bytes.length); - method.invoke(socket, new Object[]{lengthPrefixedProtocols}); - } catch (Throwable e) { + Conscrypt.setApplicationProtocols(socket, new String[]{protocol}); + } catch (IllegalArgumentException e) { Log.e(Config.LOGTAG, "unable to set ALPN on socket", e); } } -- cgit v1.2.3