SSLSocketHelper.java

 1package eu.siacs.conversations.utils;
 2
 3import android.os.Build;
 4import android.support.annotation.RequiresApi;
 5import android.util.Log;
 6
 7import org.conscrypt.Conscrypt;
 8
 9import java.lang.reflect.Method;
10import java.security.NoSuchAlgorithmException;
11import java.util.Arrays;
12import java.util.Collection;
13import java.util.Collections;
14import java.util.LinkedList;
15
16import javax.net.ssl.SNIHostName;
17import javax.net.ssl.SNIServerName;
18import javax.net.ssl.SSLContext;
19import javax.net.ssl.SSLParameters;
20import javax.net.ssl.SSLSession;
21import javax.net.ssl.SSLSocket;
22import javax.net.ssl.SSLSocketFactory;
23
24import eu.siacs.conversations.Config;
25import eu.siacs.conversations.entities.Account;
26
27public class SSLSocketHelper {
28
29    public static void setSecurity(final SSLSocket sslSocket) {
30        final String[] supportProtocols;
31        final Collection<String> supportedProtocols = new LinkedList<>(
32                Arrays.asList(sslSocket.getSupportedProtocols()));
33        supportedProtocols.remove("SSLv3");
34        supportProtocols = supportedProtocols.toArray(new String[supportedProtocols.size()]);
35
36        sslSocket.setEnabledProtocols(supportProtocols);
37
38        final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
39                sslSocket.getSupportedCipherSuites());
40        if (cipherSuites.length > 0) {
41            sslSocket.setEnabledCipherSuites(cipherSuites);
42        }
43    }
44
45    public static void setHostname(final SSLSocket socket, final String hostname) {
46        try {
47            Conscrypt.setHostname(socket, hostname);
48        } catch (IllegalArgumentException e) {
49            Log.e(Config.LOGTAG, "unable to set SNI name on socket (" + hostname + ")", e);
50        }
51    }
52
53    public static void setApplicationProtocol(final SSLSocket socket, final String protocol) {
54        try {
55            Conscrypt.setApplicationProtocols(socket, new String[]{protocol});
56        } catch (IllegalArgumentException e) {
57            Log.e(Config.LOGTAG, "unable to set ALPN on socket", e);
58        }
59    }
60
61    public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
62        return SSLContext.getInstance("TLSv1.3");
63    }
64
65    public static void log(Account account, SSLSocket socket) {
66        SSLSession session = socket.getSession();
67        Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": protocol=" + session.getProtocol() + " cipher=" + session.getCipherSuite());
68    }
69}