mobile/android/base/sync/net/TLSSocketFactory.java@fc2d59ddac77 (annotated)
mobile/android/base/sync/net/TLSSocketFactory.java
Wed, 31 Dec 2014 07:22:50 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 07:22:50 +0100
- branch
- TOR_BUG_3246
- changeset 4
- fc2d59ddac77
- permissions
- -rw-r--r--
Correct previous dual key logic pending first delivery installment.
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | |
| michael@0 | 5 | package org.mozilla.gecko.sync.net; |
| michael@0 | 6 | |
| michael@0 | 7 | import java.io.IOException; |
| michael@0 | 8 | import java.net.Socket; |
| michael@0 | 9 | |
| michael@0 | 10 | import javax.net.ssl.SSLContext; |
| michael@0 | 11 | import javax.net.ssl.SSLSocket; |
| michael@0 | 12 | |
| michael@0 | 13 | import org.mozilla.gecko.background.common.log.Logger; |
| michael@0 | 14 | |
| michael@0 | 15 | import ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory; |
| michael@0 | 16 | import ch.boye.httpclientandroidlib.params.HttpParams; |
| michael@0 | 17 | |
| michael@0 | 18 | public class TLSSocketFactory extends SSLSocketFactory { |
| michael@0 | 19 | private static final String LOG_TAG = "TLSSocketFactory"; |
| michael@0 | 20 | private static final String[] DEFAULT_CIPHER_SUITES = new String[] { |
| michael@0 | 21 | "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", |
| michael@0 | 22 | "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", |
| michael@0 | 23 | "SSL_RSA_WITH_RC4_128_SHA", // "RC4_SHA" |
| michael@0 | 24 | }; |
| michael@0 | 25 | private static final String[] DEFAULT_PROTOCOLS = new String[] { |
| michael@0 | 26 | "SSLv3", |
| michael@0 | 27 | "TLSv1" |
| michael@0 | 28 | }; |
| michael@0 | 29 | |
| michael@0 | 30 | // Guarded by `this`. |
| michael@0 | 31 | private static String[] cipherSuites = DEFAULT_CIPHER_SUITES; |
| michael@0 | 32 | |
| michael@0 | 33 | public TLSSocketFactory(SSLContext sslContext) { |
| michael@0 | 34 | super(sslContext); |
| michael@0 | 35 | } |
| michael@0 | 36 | |
| michael@0 | 37 | /** |
| michael@0 | 38 | * Attempt to specify the cipher suites to use for a connection. If |
| michael@0 | 39 | * setting fails (as it will on Android 2.2, because the wrong names |
| michael@0 | 40 | * are in use to specify ciphers), attempt to set the defaults. |
| michael@0 | 41 | * |
| michael@0 | 42 | * We store the list of cipher suites in `cipherSuites`, which |
| michael@0 | 43 | * avoids this fallback handling having to be executed more than once. |
| michael@0 | 44 | * |
| michael@0 | 45 | * This method is synchronized to ensure correct use of that member. |
| michael@0 | 46 | * |
| michael@0 | 47 | * See Bug 717691 for more details. |
| michael@0 | 48 | * |
| michael@0 | 49 | * @param socket |
| michael@0 | 50 | * The SSLSocket on which to operate. |
| michael@0 | 51 | */ |
| michael@0 | 52 | public static synchronized void setEnabledCipherSuites(SSLSocket socket) { |
| michael@0 | 53 | try { |
| michael@0 | 54 | socket.setEnabledCipherSuites(cipherSuites); |
| michael@0 | 55 | } catch (IllegalArgumentException e) { |
| michael@0 | 56 | cipherSuites = socket.getSupportedCipherSuites(); |
| michael@0 | 57 | Logger.warn(LOG_TAG, "Setting enabled cipher suites failed: " + e.getMessage()); |
| michael@0 | 58 | Logger.warn(LOG_TAG, "Using " + cipherSuites.length + " supported suites."); |
| michael@0 | 59 | socket.setEnabledCipherSuites(cipherSuites); |
| michael@0 | 60 | } |
| michael@0 | 61 | } |
| michael@0 | 62 | |
| michael@0 | 63 | @Override |
| michael@0 | 64 | public Socket createSocket(HttpParams params) throws IOException { |
| michael@0 | 65 | SSLSocket socket = (SSLSocket) super.createSocket(params); |
| michael@0 | 66 | socket.setEnabledProtocols(DEFAULT_PROTOCOLS); |
| michael@0 | 67 | setEnabledCipherSuites(socket); |
| michael@0 | 68 | return socket; |
| michael@0 | 69 | } |
| michael@0 | 70 | } |
