1package eu.siacs.conversations.http;
2
3import static eu.siacs.conversations.utils.Random.SECURE_RANDOM;
4
5import android.content.Context;
6import android.os.Build;
7import android.util.Log;
8import de.gultsch.common.TrustManagers;
9import eu.siacs.conversations.BuildConfig;
10import eu.siacs.conversations.Config;
11import eu.siacs.conversations.entities.Account;
12import eu.siacs.conversations.entities.Message;
13import eu.siacs.conversations.services.AbstractConnectionManager;
14import eu.siacs.conversations.services.XmppConnectionService;
15import eu.siacs.conversations.utils.TLSSocketFactory;
16import java.io.IOException;
17import java.io.InputStream;
18import java.net.InetAddress;
19import java.net.InetSocketAddress;
20import java.net.Proxy;
21import java.net.UnknownHostException;
22import java.security.KeyManagementException;
23import java.security.KeyStoreException;
24import java.security.NoSuchAlgorithmException;
25import java.security.cert.CertificateException;
26import java.util.ArrayList;
27import java.util.List;
28import java.util.concurrent.Executor;
29import java.util.concurrent.Executors;
30import java.util.concurrent.TimeUnit;
31import javax.net.ssl.SSLSocketFactory;
32import javax.net.ssl.X509TrustManager;
33import okhttp3.HttpUrl;
34import okhttp3.OkHttpClient;
35import okhttp3.Request;
36import okhttp3.ResponseBody;
37import org.apache.http.conn.ssl.StrictHostnameVerifier;
38
39public class HttpConnectionManager extends AbstractConnectionManager {
40
41 private final List<HttpDownloadConnection> downloadConnections = new ArrayList<>();
42 private final List<HttpUploadConnection> uploadConnections = new ArrayList<>();
43
44 public static final Executor EXECUTOR = Executors.newFixedThreadPool(4);
45
46 private static final OkHttpClient OK_HTTP_CLIENT;
47
48 static {
49 OK_HTTP_CLIENT =
50 new OkHttpClient.Builder()
51 .addInterceptor(
52 chain -> {
53 final Request original = chain.request();
54 final Request modified =
55 original.newBuilder()
56 .header("User-Agent", getUserAgent())
57 .build();
58 return chain.proceed(modified);
59 })
60 .build();
61 }
62
63 public static String getUserAgent() {
64 return String.format("%s/%s", BuildConfig.APP_NAME, BuildConfig.VERSION_NAME);
65 }
66
67 public HttpConnectionManager(XmppConnectionService service) {
68 super(service);
69 }
70
71 public static Proxy getProxy() {
72 final InetAddress localhost;
73 try {
74 localhost = InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
75 } catch (final UnknownHostException e) {
76 throw new IllegalStateException(e);
77 }
78 if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
79 return new Proxy(Proxy.Type.SOCKS, new InetSocketAddress(localhost, 9050));
80 } else {
81 return new Proxy(Proxy.Type.HTTP, new InetSocketAddress(localhost, 8118));
82 }
83 }
84
85 public void createNewDownloadConnection(Message message) {
86 this.createNewDownloadConnection(message, false);
87 }
88
89 public void createNewDownloadConnection(final Message message, boolean interactive) {
90 synchronized (this.downloadConnections) {
91 for (HttpDownloadConnection connection : this.downloadConnections) {
92 if (connection.getMessage() == message) {
93 Log.d(
94 Config.LOGTAG,
95 message.getConversation().getAccount().getJid().asBareJid()
96 + ": download already in progress");
97 return;
98 }
99 }
100 final HttpDownloadConnection connection = new HttpDownloadConnection(message, this);
101 connection.init(interactive);
102 this.downloadConnections.add(connection);
103 }
104 }
105
106 public void createNewUploadConnection(final Message message, boolean delay) {
107 synchronized (this.uploadConnections) {
108 for (HttpUploadConnection connection : this.uploadConnections) {
109 if (connection.getMessage() == message) {
110 Log.d(
111 Config.LOGTAG,
112 message.getConversation().getAccount().getJid().asBareJid()
113 + ": upload already in progress");
114 return;
115 }
116 }
117 HttpUploadConnection connection = new HttpUploadConnection(message, this);
118 connection.init(delay);
119 this.uploadConnections.add(connection);
120 }
121 }
122
123 void finishConnection(HttpDownloadConnection connection) {
124 synchronized (this.downloadConnections) {
125 this.downloadConnections.remove(connection);
126 }
127 }
128
129 void finishUploadConnection(HttpUploadConnection httpUploadConnection) {
130 synchronized (this.uploadConnections) {
131 this.uploadConnections.remove(httpUploadConnection);
132 }
133 }
134
135 OkHttpClient buildHttpClient(final HttpUrl url, final Account account, boolean interactive) {
136 return buildHttpClient(url, account, 30, interactive);
137 }
138
139 public OkHttpClient buildHttpClient(
140 final HttpUrl url, final Account account, int readTimeout, boolean interactive) {
141 final String slotHostname = url.host();
142 final boolean onionSlot = slotHostname.endsWith(".onion");
143 final OkHttpClient.Builder builder = OK_HTTP_CLIENT.newBuilder();
144 builder.writeTimeout(30, TimeUnit.SECONDS);
145 builder.readTimeout(readTimeout, TimeUnit.SECONDS);
146 setupTrustManager(builder, interactive);
147 if (mXmppConnectionService.useTorToConnect() || account.isOnion() || onionSlot) {
148 builder.proxy(HttpConnectionManager.getProxy()).build();
149 }
150 return builder.build();
151 }
152
153 private void setupTrustManager(final OkHttpClient.Builder builder, final boolean interactive) {
154 final X509TrustManager trustManager;
155 if (interactive) {
156 trustManager = mXmppConnectionService.getMemorizingTrustManager().getInteractive();
157 } else {
158 trustManager = mXmppConnectionService.getMemorizingTrustManager().getNonInteractive();
159 }
160 try {
161 final SSLSocketFactory sf =
162 new TLSSocketFactory(new X509TrustManager[] {trustManager}, SECURE_RANDOM);
163 builder.sslSocketFactory(sf, trustManager);
164 builder.hostnameVerifier(new StrictHostnameVerifier());
165 } catch (final KeyManagementException | NoSuchAlgorithmException ignored) {
166 }
167 }
168
169 public static InputStream open(final String url, final boolean tor) throws IOException {
170 return open(HttpUrl.get(url), tor);
171 }
172
173 public static InputStream open(final HttpUrl httpUrl, final boolean tor) throws IOException {
174 final OkHttpClient.Builder builder = OK_HTTP_CLIENT.newBuilder();
175 if (tor) {
176 builder.proxy(HttpConnectionManager.getProxy()).build();
177 }
178 final OkHttpClient client = builder.build();
179 final Request request = new Request.Builder().get().url(httpUrl).build();
180 final ResponseBody body = client.newCall(request).execute().body();
181 if (body == null) {
182 throw new IOException("No response body found");
183 }
184 return body.byteStream();
185 }
186
187 public static OkHttpClient okHttpClient(final Context context) {
188 final OkHttpClient.Builder builder = HttpConnectionManager.OK_HTTP_CLIENT.newBuilder();
189 try {
190 final X509TrustManager trustManager = TrustManagers.createForAndroidVersion(context);
191 final SSLSocketFactory socketFactory =
192 new TLSSocketFactory(new X509TrustManager[] {trustManager}, SECURE_RANDOM);
193 builder.sslSocketFactory(socketFactory, trustManager);
194 } catch (final IOException
195 | KeyManagementException
196 | NoSuchAlgorithmException
197 | KeyStoreException
198 | CertificateException e) {
199 Log.d(Config.LOGTAG, "not reconfiguring service to work with bundled LetsEncrypt");
200 throw new RuntimeException(e);
201 }
202 return builder.build();
203 }
204}