public static b a(String str) { HttpParams basicHttpParams = new BasicHttpParams(); HttpProtocolParams.setVersion(basicHttpParams, HttpVersion.HTTP_1_1); HttpProtocolParams.setUseExpectContinue(basicHttpParams, false); HttpConnectionParams.setStaleCheckingEnabled(basicHttpParams, false); HttpConnectionParams.setConnectionTimeout(basicHttpParams, 20000); HttpConnectionParams.setSoTimeout(basicHttpParams, 30000); HttpConnectionParams.setSocketBufferSize(basicHttpParams, 8192); HttpClientParams.setRedirecting(basicHttpParams, true); HttpClientParams.setAuthenticating(basicHttpParams, false); HttpProtocolParams.setUserAgent(basicHttpParams, str); SchemeRegistry schemeRegistry = new SchemeRegistry(); schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); schemeRegistry.register(new Scheme(com.alipay.sdk.cons.b.a, SSLCertificateSocketFactory.getHttpSocketFactory(30000, null), WebSocket.DEFAULT_WSS_PORT)); ClientConnectionManager threadSafeClientConnManager = new ThreadSafeClientConnManager(basicHttpParams, schemeRegistry); ConnManagerParams.setTimeout(basicHttpParams, 60000); ConnManagerParams.setMaxConnectionsPerRoute(basicHttpParams, new ConnPerRouteBean(10)); ConnManagerParams.setMaxTotalConnections(basicHttpParams, 50); Security.setProperty("networkaddress.cache.ttl", "-1"); HttpsURLConnection.setDefaultHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); return new b(threadSafeClientConnManager, basicHttpParams); }
private static org.apache.http.conn.ssl.SSLSocketFactory getSocketFactory(SSLSessionCache paramSSLSessionCache) { javax.net.ssl.SSLSocketFactory localSSLSocketFactory = SSLCertificateSocketFactory.getDefault(5000, paramSSLSessionCache); try { org.apache.http.conn.ssl.SSLSocketFactory localSSLSocketFactory1 = (org.apache.http.conn.ssl.SSLSocketFactory)org.apache.http.conn.ssl.SSLSocketFactory.class.getConstructor(new Class[] { javax.net.ssl.SSLSocketFactory.class }).newInstance(new Object[] { localSSLSocketFactory }); return localSSLSocketFactory1; } catch (NoSuchMethodException localNoSuchMethodException) { throw new IllegalStateException(localNoSuchMethodException); } catch (InstantiationException localInstantiationException) { throw new IllegalStateException(localInstantiationException); } catch (IllegalAccessException localIllegalAccessException) { throw new IllegalStateException(localIllegalAccessException); } catch (InvocationTargetException localInvocationTargetException) { throw new IllegalStateException(localInvocationTargetException); } }
public static void setSniHost(SSLSocketFactory factory, SSLSocket socket, String hostname) { if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.JELLY_BEAN_MR1 && factory instanceof android.net.SSLCertificateSocketFactory) { SSLCertificateSocketFactory sslCertificateSocketFactory = (SSLCertificateSocketFactory) factory; sslCertificateSocketFactory.setHostname(socket, hostname); } else { setHostnameViaReflection(socket, hostname); } }
static SSLSocketFactory getSocketFactory() { if (socketFactory == null) { try { X509TrustManager trustManager = get509TrustManager(); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, new TrustManager[]{trustManager}, null); socketFactory = sslContext.getSocketFactory(); } catch (NoSuchAlgorithmException | KeyManagementException e) { VolleyLog.e(TAG, "Unable to create the ssl socket factory."); return SSLCertificateSocketFactory.getDefault(0, null); } } return socketFactory; }
@TargetApi(17) public Socket createLayeredSocket( final Socket socket, final String target, final int port, final HttpContext context) throws IOException { final SSLSocket sslsock = (SSLSocket) this.socketfactory.createSocket( socket, target, port, true); if (supportedProtocols != null) { sslsock.setEnabledProtocols(supportedProtocols); } if (supportedCipherSuites != null) { sslsock.setEnabledCipherSuites(supportedCipherSuites); } prepareSocket(sslsock); // Android specific code to enable SNI if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) { if (this.socketfactory instanceof SSLCertificateSocketFactory) { if (Log.isLoggable(TAG, Log.DEBUG)) { Log.d(TAG, "Enabling SNI for " + target); } ((SSLCertificateSocketFactory) this.socketfactory).setHostname(sslsock, target); } } // End of Android specific code sslsock.startHandshake(); verifyHostname(sslsock, target); return sslsock; }
public void startConnection() { try { String host = mWebSocketURI.getHost(); int port = mWebSocketURI.getPort(); if (port == -1) { if (mWebSocketURI.getScheme().equals(WSS_URI_SCHEME)) { port = 443; } else { port = 80; } } SocketFactory factory = null; if (mWebSocketURI.getScheme().equalsIgnoreCase(WSS_URI_SCHEME)) { factory = SSLCertificateSocketFactory.getDefault(); } else { factory = SocketFactory.getDefault(); } // Do not replace host string with InetAddress or you lose automatic host name verification this.mSocket = factory.createSocket(host, port); } catch (IOException e) { this.mFailureMessage = e.getLocalizedMessage(); } synchronized (this) { notifyAll(); } }
public TrustUserSSLCertsSocketFactory() throws IOException, GeneralSecurityException { super(null); // No handshake timeout used mFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0); TrustManager[] trustAllowedCerts; try { trustAllowedCerts = new TrustManager[]{ new WPTrustManager(SelfSignedSSLCertsManager.getInstance(null).getLocalKeyStore()) }; mFactory.setTrustManagers(trustAllowedCerts); } catch (GeneralSecurityException e1) { AppLog.e(T.API, "Cannot set TrustAllSSLSocketFactory on our factory. Proceding without it...", e1); } }
public void startConnection() { try { String host = mWebSocketURI.getHost(); int port = mWebSocketURI.getPort(); if (port == -1) { if (mWebSocketURI.getScheme().equals(WSS_URI_SCHEME)) { port = 443; } else { port = 80; } } SocketFactory factory = null; if (mWebSocketURI.getScheme().equalsIgnoreCase(WSS_URI_SCHEME)) { if (mWebSocketOptions != null) { factory = mWebSocketOptions.getSSLCertificateSocketFactory(); } if (factory == null) { factory = SSLCertificateSocketFactory.getDefault(); } } else { factory = SocketFactory.getDefault(); } // Do not replace host string with InetAddress or you lose automatic host name verification this.mSocket = factory.createSocket(host, port); } catch (IOException e) { this.mFailureMessage = e.getLocalizedMessage(); } synchronized (this) { notifyAll(); } }
@Override public Socket createSocket(Socket plainSocket, String host, int port, boolean autoClose) throws IOException { if (autoClose) { // we don't need the plainSocket plainSocket.close(); } // create and connect SSL socket, but don't do hostname/certificate verification yet SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0); SSLSocket ssl = (SSLSocket) sslSocketFactory.createSocket(InetAddress.getByName(host), port); // enable TLSv1.1/1.2 if available // (see https://github.com/rfc2822/davdroid/issues/229) ssl.setEnabledProtocols(ssl.getSupportedProtocols()); // set up SNI before the handshake if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) { sslSocketFactory.setHostname(ssl, host); } else { try { java.lang.reflect.Method setHostnameMethod = ssl.getClass().getMethod("setHostname", String.class); setHostnameMethod.invoke(ssl, host); } catch (Exception ignored) { } } // verify hostname and certificate SSLSession session = ssl.getSession(); if (!hostnameVerifier.verify(host, session)) throw new SSLPeerUnverifiedException("Cannot verify hostname: " + host); return ssl; }
@TargetApi(14) private static SSLCertificateSocketFactory getSslCertificateSocketFactory( @Nullable InputStream testCa, String androidSocketFatoryTls) throws Exception { if (Build.VERSION.SDK_INT < Build.VERSION_CODES.ICE_CREAM_SANDWICH /* API level 14 */) { throw new RuntimeException( "android_socket_factory_tls doesn't work with API level less than 14."); } SSLCertificateSocketFactory factory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(5000 /* Timeout in ms*/); // Use HTTP/2.0 byte[] h2 = "h2".getBytes(); byte[][] protocols = new byte[][]{h2}; if (androidSocketFatoryTls.equals("alpn")) { Method setAlpnProtocols = factory.getClass().getDeclaredMethod("setAlpnProtocols", byte[][].class); setAlpnProtocols.invoke(factory, new Object[] { protocols }); } else if (androidSocketFatoryTls.equals("npn")) { Method setNpnProtocols = factory.getClass().getDeclaredMethod("setNpnProtocols", byte[][].class); setNpnProtocols.invoke(factory, new Object[]{protocols}); } else { throw new RuntimeException("Unknown protocol: " + androidSocketFatoryTls); } if (testCa != null) { factory.setTrustManagers(getTrustManagers(testCa)); } return factory; }
public static DefaultHttpClient createHttpClient(String userAgent, boolean redirecting) { HttpParams params = new BasicHttpParams(); // Turn off stale checking. Our connections break all the time anyway, // and it's not worth it to pay the penalty of checking every time. HttpConnectionParams.setStaleCheckingEnabled(params, false); // Set the timeout in milliseconds until a connection is established. The default value is zero, that means the timeout is not used. HttpConnectionParams.setConnectionTimeout(params, SOCKET_OPERATION_TIMEOUT); // Set the default socket timeout (SO_TIMEOUT) in milliseconds which is the timeout for waiting for data. HttpConnectionParams.setSoTimeout(params, SOCKET_OPERATION_TIMEOUT); HttpConnectionParams.setSocketBufferSize(params, 8192); // Don't handle redirects -- return them to the caller. Our code // often wants to re-POST after a redirect, which we must do ourselves. HttpClientParams.setRedirecting(params, redirecting); HttpProtocolParams.setUserAgent(params, userAgent); HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1); HttpProtocolParams.setContentCharset(params, HTTP.UTF_8); // Set the specified user agent and register standard protocols. SchemeRegistry schemeRegistry = new SchemeRegistry(); schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); if (AndroidUtils.isFroyo()) schemeRegistry.register(new Scheme("https", SSLCertificateSocketFactory.getHttpSocketFactory(SOCKET_OPERATION_TIMEOUT, null), 443)); else schemeRegistry.register(new Scheme("https", SSLSocketFactory.getSocketFactory(), 443)); final ClientConnectionManager manager = new ThreadSafeClientConnManager(params, schemeRegistry); return new DefaultHttpClient(manager, params); }
public AndroidTls(Socket socket, InputStream in, OutputStream out, String authHost) throws NoSuchAlgorithmException, KeyManagementException, IOException { sslFactory = SSLCertificateSocketFactory.getInsecure(0, null); tls = (SSLSocket) (sslFactory.createSocket(socket, authHost, socket.getPort(), true)); tls.setUseClientMode(true); }
@Override @TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR1) public Socket createSocket(Socket plainSocket, String host, int port, boolean autoClose) throws IOException { if (autoClose) { // we don't need the plainSocket plainSocket.close(); } SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0); // create and connect SSL socket, but don't do hostname/certificate verification yet SSLSocket ssl = (SSLSocket) sslSocketFactory.createSocket(InetAddress.getByName(host), port); // enable TLSv1.1/1.2 if available ssl.setEnabledProtocols(ssl.getSupportedProtocols()); // set up SNI before the handshake if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) { sslSocketFactory.setHostname(ssl, host); } else { try { java.lang.reflect.Method setHostnameMethod = ssl.getClass().getMethod("setHostname", String.class); setHostnameMethod.invoke(ssl, host); } catch (Exception e) { Log.d(TlsSniSocketFactory.class.getSimpleName(), "SNI not usable: " + e); } } // verify hostname and certificate SSLSession session = ssl.getSession(); if (!hostnameVerifier.verify(host, session)) { throw new SSLPeerUnverifiedException("Cannot verify hostname: " + host); } return ssl; }
@Override @TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR1) public Socket createSocket(Socket plainSocket, String host, int port, boolean autoClose) throws IOException { if (autoClose) { // we don't need the plainSocket plainSocket.close(); } SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0); // For self-signed certificates use a custom trust manager sslSocketFactory.setTrustManagers(new TrustManager[]{new IgnoreSSLTrustManager()}); // create and connect SSL socket, but don't do hostname/certificate verification yet SSLSocket ssl = (SSLSocket) sslSocketFactory.createSocket(InetAddress.getByName(host), port); // enable TLSv1.1/1.2 if available ssl.setEnabledProtocols(ssl.getSupportedProtocols()); // set up SNI before the handshake if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) { sslSocketFactory.setHostname(ssl, host); } else { try { java.lang.reflect.Method setHostnameMethod = ssl.getClass().getMethod("setHostname", String.class); setHostnameMethod.invoke(ssl, host); } catch (Exception e) { throw new IOException("SNI not usable: " + e, e); } } return ssl; }
TlsSocketFactory(Context context) { SSLSessionCache cache = new SSLSessionCache(context); factory = SSLCertificateSocketFactory.getDefault(WebHelper.SOCKET_TIMEOUT, cache); hostnameVerifier = new org.apache.http.conn.ssl.BrowserCompatHostnameVerifier(); cipherSuites = initCipherSuites(); }
public static CustomSSLSocketFactory getDefault(final int handshakeTimeoutMillis) { CustomSSLSocketFactory factory = new CustomSSLSocketFactory(); factory.mCertificateSocketFactory = SSLCertificateSocketFactory.getDefault(handshakeTimeoutMillis, null); return factory; }
/** * Create a new HttpClient with reasonable defaults (which you can update). * * @param userAgent to report in your HTTP requests * @param context to use for caching SSL sessions (may be null for no caching) * @return DefaultHttpClient for you to use for all your requests. */ public static DefaultHttpClient newInstance(String userAgent) { // Setup HTTP SchemeRegistry schemeRegistry = new SchemeRegistry(); schemeRegistry.register(new Scheme("http", PlainSocketFactory .getSocketFactory(), DEFAULT_HTTP_PORT)); // Setup HTTPS (accept all certificates) // Use a session cache for SSL sockets SSLSessionCache sessionCache = new SSLSessionCache( AbstractApplication.getApplication()); schemeRegistry.register(new Scheme("https", SSLCertificateSocketFactory .getHttpSocketFactory(DEFAULT_SOCKET_TIMEOUT, sessionCache), DEFAULT_HTTPS_PORT)); HttpParams httpParams = new BasicHttpParams(); ConnManagerParams.setTimeout(httpParams, DEFAULT_CONNECTION_TIMEOUT); ConnManagerParams.setMaxConnectionsPerRoute(httpParams, new ConnPerRouteBean(DEFAULT_MAX_CONNECTIONS)); ConnManagerParams.setMaxTotalConnections(httpParams, DEFAULT_MAX_CONNECTIONS); HttpConnectionParams.setStaleCheckingEnabled(httpParams, true); HttpConnectionParams.setConnectionTimeout(httpParams, DEFAULT_CONNECTION_TIMEOUT); HttpConnectionParams.setSoTimeout(httpParams, DEFAULT_SOCKET_TIMEOUT); HttpConnectionParams.setSocketBufferSize(httpParams, DEFAULT_SOCKET_BUFFER_SIZE); HttpConnectionParams.setTcpNoDelay(httpParams, true); HttpClientParams.setRedirecting(httpParams, true); HttpProtocolParams.setUserAgent(httpParams, userAgent); ThreadSafeClientConnManager connManager = new ThreadSafeClientConnManager( httpParams, schemeRegistry); // We use a factory method to modify superclass initialization // parameters without the funny call-a-static-method dance. return new DefaultHttpClient(connManager, httpParams); }
@Override @TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR1) public Socket createSocket(Socket plainSocket, String host, int port, boolean autoClose) throws IOException { if (autoClose) { // we don't need the plainSocket plainSocket.close(); } SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0); // For self-signed certificates use a custom trust manager if (acceptAllCertificates) { sslSocketFactory.setTrustManagers(new TrustManager[]{new IgnoreSSLTrustManager()}); } else if (selfSignedCertificateKey != null) { sslSocketFactory.setTrustManagers(new TrustManager[]{new SelfSignedTrustManager(selfSignedCertificateKey)}); } // create and connect SSL socket, but don't do hostname/certificate verification yet SSLSocket ssl = (SSLSocket) sslSocketFactory.createSocket(InetAddress.getByName(host), port); // enable TLSv1.1/1.2 if available ssl.setEnabledProtocols(ssl.getSupportedProtocols()); // set up SNI before the handshake if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) { sslSocketFactory.setHostname(ssl, host); } else { try { java.lang.reflect.Method setHostnameMethod = ssl.getClass().getMethod("setHostname", String.class); setHostnameMethod.invoke(ssl, host); } catch (Exception e) { Log.d(TlsSniSocketFactory.class.getSimpleName(), "SNI not usable: " + e); } } // verify hostname and certificate SSLSession session = ssl.getSession(); if (!(acceptAllCertificates || selfSignedCertificateKey != null) && !hostnameVerifier.verify(host, session)) { throw new SSLPeerUnverifiedException("Cannot verify hostname: " + host); } /*DLog.d(TlsSniSocketFactory.class.getSimpleName(), "Established " + session.getProtocol() + " connection with " + session.getPeerHost() + " using " + session.getCipherSuite());*/ return ssl; }
@Override public Socket createSocket (final Socket plainSocket, final String host, final int port, final boolean autoClose) throws IOException, UnknownHostException { // we don't need the plainSocket if (autoClose) plainSocket.close(); // create and connect SSL socket, but don't do hostname/certificate verification yet. final SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0); sslSocketFactory.setTrustManagers(this.trustManager); final SSLSocket sock = (SSLSocket) sslSocketFactory.createSocket(InetAddress.getByName(host), port); // Protocols... final List<String> protocols = new ArrayList<String>(); for (final String protocol : sock.getSupportedProtocols()) { if (!protocol.toUpperCase(Locale.ENGLISH).contains("SSL")) protocols.add(protocol); } sock.setEnabledProtocols(protocols.toArray(new String[0])); // Ciphers... final HashSet<String> ciphers = new HashSet<String>(ALLOWED_CIPHERS); ciphers.retainAll(Arrays.asList(sock.getSupportedCipherSuites())); ciphers.addAll(new HashSet<String>(Arrays.asList(sock.getEnabledCipherSuites()))); // All all already enabled ones for compatibility. sock.setEnabledCipherSuites(ciphers.toArray(new String[0])); // set up SNI before the handshake. if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) { sslSocketFactory.setHostname(sock, host); } else { // This hack seems to work on my 4.0.4 tablet. try { final java.lang.reflect.Method setHostnameMethod = sock.getClass().getMethod("setHostname", String.class); setHostnameMethod.invoke(sock, host); } catch (final Exception e) { LOG.w("SNI not useable: %s", ExcpetionHelper.causeTrace(e)); } } // verify hostname and certificate. final SSLSession session = sock.getSession(); if (!HOSTNAME_VERIFIER.verify(host, session)) throw new SSLPeerUnverifiedException("Cannot verify hostname: " + host); LOG.i("Connected %s %s %s.", session.getPeerHost(), session.getProtocol(), session.getCipherSuite()); return sock; }
public AndroidInsecureSSLSocketFactory(KeyStore truststore, Context context) throws Exception { super(truststore); this.innerFactory = SSLCertificateSocketFactory.getInsecure(SSL_HANDSHAKE_TO, new SSLSessionCache(context)); }
/** * Obtains default SSL socket factory with an SSL context based on system properties * as described in * <a href="http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html"> * "JavaTM Secure Socket Extension (JSSE) Reference Guide for the JavaTM 2 Platform * Standard Edition 5</a> * * @return default system SSL socket factory */ public static SSLConnectionSocketFactory getSystemSocketFactory() throws SSLInitializationException { return new SSLConnectionSocketFactory( (javax.net.ssl.SSLSocketFactory) SSLCertificateSocketFactory.getDefault(0), split(System.getProperty("https.protocols")), split(System.getProperty("https.cipherSuites")), BROWSER_COMPATIBLE_HOSTNAME_VERIFIER); }
/** * Obtains default SSL socket factory with an SSL context based on the standard JSSE * trust material (<code>cacerts</code> file in the security properties directory). * System properties are not taken into consideration. * * @return default SSL socket factory */ public static SSLConnectionSocketFactory getSocketFactory() throws SSLInitializationException { return new SSLConnectionSocketFactory( (javax.net.ssl.SSLSocketFactory) SSLCertificateSocketFactory.getDefault(0), BROWSER_COMPATIBLE_HOSTNAME_VERIFIER); }