1package eu.siacs.conversations.utils;
 2
 3import android.util.Log;
 4
 5import java.lang.reflect.Method;
 6import java.security.NoSuchAlgorithmException;
 7import java.util.Arrays;
 8import java.util.Collection;
 9import java.util.LinkedList;
10
11import javax.net.ssl.SSLContext;
12import javax.net.ssl.SSLSession;
13import javax.net.ssl.SSLSocket;
14import javax.net.ssl.SSLSocketFactory;
15
16import eu.siacs.conversations.Config;
17import eu.siacs.conversations.entities.Account;
18
19public class SSLSocketHelper {
20
21    public static void setSecurity(final SSLSocket sslSocket) {
22        final String[] supportProtocols;
23        final Collection<String> supportedProtocols = new LinkedList<>(
24                Arrays.asList(sslSocket.getSupportedProtocols()));
25        supportedProtocols.remove("SSLv3");
26        supportProtocols = supportedProtocols.toArray(new String[supportedProtocols.size()]);
27
28        sslSocket.setEnabledProtocols(supportProtocols);
29
30        final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
31                sslSocket.getSupportedCipherSuites());
32        if (cipherSuites.length > 0) {
33            sslSocket.setEnabledCipherSuites(cipherSuites);
34        }
35    }
36
37    public static void setSNIHost(final SSLSocketFactory factory, final SSLSocket socket, final String hostname) {
38        if (factory instanceof android.net.SSLCertificateSocketFactory) {
39            ((android.net.SSLCertificateSocketFactory) factory).setHostname(socket, hostname);
40        }
41    }
42
43    public static void setAlpnProtocol(final SSLSocketFactory factory, final SSLSocket socket, final String protocol) {
44        try {
45            if (factory instanceof android.net.SSLCertificateSocketFactory && android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.KITKAT) {
46                // can't call directly because of @hide?
47                //((android.net.SSLCertificateSocketFactory)factory).setAlpnProtocols(new byte[][]{protocol.getBytes("UTF-8")});
48                android.net.SSLCertificateSocketFactory.class.getMethod("setAlpnProtocols", byte[][].class).invoke(socket, new Object[]{new byte[][]{protocol.getBytes("UTF-8")}});
49            } else {
50                final Method method = socket.getClass().getMethod("setAlpnProtocols", byte[].class);
51                // the concatenation of 8-bit, length prefixed protocol names, just one in our case...
52                // http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04#page-4
53                final byte[] protocolUTF8Bytes = protocol.getBytes("UTF-8");
54                final byte[] lengthPrefixedProtocols = new byte[protocolUTF8Bytes.length + 1];
55                lengthPrefixedProtocols[0] = (byte) protocol.length(); // cannot be over 255 anyhow
56                System.arraycopy(protocolUTF8Bytes, 0, lengthPrefixedProtocols, 1, protocolUTF8Bytes.length);
57                method.invoke(socket, new Object[]{lengthPrefixedProtocols});
58            }
59        } catch (Throwable e) {
60            // ignore any error, we just can't set the alpn protocol...
61        }
62    }
63
64    public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
65        return SSLContext.getInstance("TLSv1.3");
66    }
67
68    public static void log(Account account, SSLSocket socket) {
69        SSLSession session = socket.getSession();
70        Log.d(Config.LOGTAG,account.getJid().asBareJid()+": protocol="+session.getProtocol()+" cipher="+session.getCipherSuite());
71    }
72}