1package eu.siacs.conversations.utils;
2
3import android.util.Log;
4
5import org.conscrypt.Conscrypt;
6
7import java.security.NoSuchAlgorithmException;
8import java.util.Arrays;
9import java.util.Collection;
10import java.util.LinkedList;
11
12import javax.net.ssl.SSLContext;
13import javax.net.ssl.SSLSession;
14import javax.net.ssl.SSLSocket;
15
16import eu.siacs.conversations.Config;
17import eu.siacs.conversations.entities.Account;
18
19public class SSLSocketHelper {
20
21 public static void setSecurity(final SSLSocket sslSocket) {
22 final String[] supportProtocols;
23 final Collection<String> supportedProtocols = new LinkedList<>(
24 Arrays.asList(sslSocket.getSupportedProtocols()));
25 supportedProtocols.remove("SSLv3");
26 supportProtocols = supportedProtocols.toArray(new String[supportedProtocols.size()]);
27
28 sslSocket.setEnabledProtocols(supportProtocols);
29
30 final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
31 sslSocket.getSupportedCipherSuites());
32 if (cipherSuites.length > 0) {
33 sslSocket.setEnabledCipherSuites(cipherSuites);
34 }
35 }
36
37 public static void setHostname(final SSLSocket socket, final String hostname) {
38 try {
39 Conscrypt.setHostname(socket, hostname);
40 } catch (IllegalArgumentException e) {
41 Log.e(Config.LOGTAG, "unable to set SNI name on socket (" + hostname + ")", e);
42 }
43 }
44
45 public static void setApplicationProtocol(final SSLSocket socket, final String protocol) {
46 try {
47 Conscrypt.setApplicationProtocols(socket, new String[]{protocol});
48 } catch (IllegalArgumentException e) {
49 Log.e(Config.LOGTAG, "unable to set ALPN on socket", e);
50 }
51 }
52
53 public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
54 return SSLContext.getInstance("TLSv1.3");
55 }
56
57 public static void log(Account account, SSLSocket socket) {
58 SSLSession session = socket.getSession();
59 Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": protocol=" + session.getProtocol() + " cipher=" + session.getCipherSuite());
60 }
61}