From b8f0b3c3a94b094de134d4092d566687d93498b0 Mon Sep 17 00:00:00 2001
From: Christian Schneppe <christian@pix-art.de>
Date: Sun, 20 Nov 2016 17:44:53 +0100
Subject: introduced custom tls socket factory to make tls1.2 work for http
 connections

---
 .../messenger/http/HttpConnectionManager.java      | 17 +-----
 .../pixart/messenger/utils/TLSSocketFactory.java   | 70 ++++++++++++++++++++++
 2 files changed, 72 insertions(+), 15 deletions(-)
 create mode 100644 src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java

(limited to 'src/main/java/de')

diff --git a/src/main/java/de/pixart/messenger/http/HttpConnectionManager.java b/src/main/java/de/pixart/messenger/http/HttpConnectionManager.java
index a03e36991..c6f1d02ec 100644
--- a/src/main/java/de/pixart/messenger/http/HttpConnectionManager.java
+++ b/src/main/java/de/pixart/messenger/http/HttpConnectionManager.java
@@ -13,15 +13,13 @@ import java.util.concurrent.CopyOnWriteArrayList;
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.X509TrustManager;
 
 import de.pixart.messenger.entities.Message;
 import de.pixart.messenger.services.AbstractConnectionManager;
 import de.pixart.messenger.services.XmppConnectionService;
-import de.pixart.messenger.utils.CryptoHelper;
-import de.pixart.messenger.utils.SSLSocketHelper;
+import de.pixart.messenger.utils.TLSSocketFactory;
 
 public class HttpConnectionManager extends AbstractConnectionManager {
 
@@ -75,18 +73,7 @@ public class HttpConnectionManager extends AbstractConnectionManager {
                             new StrictHostnameVerifier());
         }
         try {
-            final SSLContext sc = SSLSocketHelper.getSSLContext();
-            sc.init(null, new X509TrustManager[]{trustManager},
-                    mXmppConnectionService.getRNG());
-
-            final SSLSocketFactory sf = sc.getSocketFactory();
-            final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
-                    sf.getSupportedCipherSuites());
-            if (cipherSuites.length > 0) {
-                sc.getDefaultSSLParameters().setCipherSuites(cipherSuites);
-
-            }
-
+            final SSLSocketFactory sf = new TLSSocketFactory(new X509TrustManager[]{trustManager}, mXmppConnectionService.getRNG());
             connection.setSSLSocketFactory(sf);
             connection.setHostnameVerifier(hostnameVerifier);
         } catch (final KeyManagementException | NoSuchAlgorithmException ignored) {
diff --git a/src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java b/src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java
new file mode 100644
index 000000000..cfefbd93d
--- /dev/null
+++ b/src/main/java/de/pixart/messenger/utils/TLSSocketFactory.java
@@ -0,0 +1,70 @@
+package de.pixart.messenger.utils;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.X509TrustManager;
+
+public class TLSSocketFactory extends SSLSocketFactory {
+
+    private final SSLSocketFactory internalSSLSocketFactory;
+
+    public TLSSocketFactory(X509TrustManager[] trustManager, SecureRandom random) throws KeyManagementException, NoSuchAlgorithmException {
+        SSLContext context = SSLContext.getInstance("TLS");
+        context.init(null, trustManager, random);
+        this.internalSSLSocketFactory = context.getSocketFactory();
+    }
+
+    @Override
+    public String[] getDefaultCipherSuites() {
+        return CryptoHelper.getOrderedCipherSuites(internalSSLSocketFactory.getDefaultCipherSuites());
+    }
+
+    @Override
+    public String[] getSupportedCipherSuites() {
+        return internalSSLSocketFactory.getSupportedCipherSuites();
+    }
+
+    @Override
+    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
+        return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, port, autoClose));
+    }
+
+    @Override
+    public Socket createSocket(String host, int port) throws IOException {
+        return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
+        return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port, localHost, localPort));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress host, int port) throws IOException {
+        return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
+        return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort));
+    }
+
+    private static Socket enableTLSOnSocket(Socket socket) {
+        if(socket != null && (socket instanceof SSLSocket)) {
+            try {
+                SSLSocketHelper.setSecurity((SSLSocket) socket);
+            } catch (NoSuchAlgorithmException e) {
+                //ignoring
+            }
+        }
+        return socket;
+    }
+}
\ No newline at end of file
-- 
cgit v1.2.3