SSLSocketHelper.java

 1package eu.siacs.conversations.utils;
 2
 3import android.os.Build;
 4import android.support.annotation.RequiresApi;
 5import android.util.Log;
 6
 7import java.lang.reflect.Method;
 8import java.security.NoSuchAlgorithmException;
 9import java.util.Arrays;
10import java.util.Collection;
11import java.util.Collections;
12import java.util.LinkedList;
13
14import javax.net.ssl.SNIHostName;
15import javax.net.ssl.SNIServerName;
16import javax.net.ssl.SSLContext;
17import javax.net.ssl.SSLParameters;
18import javax.net.ssl.SSLSession;
19import javax.net.ssl.SSLSocket;
20import javax.net.ssl.SSLSocketFactory;
21
22import eu.siacs.conversations.Config;
23import eu.siacs.conversations.entities.Account;
24
25public class SSLSocketHelper {
26
27    public static void setSecurity(final SSLSocket sslSocket) {
28        final String[] supportProtocols;
29        final Collection<String> supportedProtocols = new LinkedList<>(
30                Arrays.asList(sslSocket.getSupportedProtocols()));
31        supportedProtocols.remove("SSLv3");
32        supportProtocols = supportedProtocols.toArray(new String[supportedProtocols.size()]);
33
34        sslSocket.setEnabledProtocols(supportProtocols);
35
36        final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
37                sslSocket.getSupportedCipherSuites());
38        if (cipherSuites.length > 0) {
39            sslSocket.setEnabledCipherSuites(cipherSuites);
40        }
41    }
42
43    public static void setSNIHost(final SSLSocket socket, final String hostname) {
44        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
45            setSNIHostNougat(socket, hostname);
46        } else {
47            try {
48                socket.getClass().getMethod("setHostname", String.class).invoke(socket, hostname);
49            } catch (Throwable e) {
50                Log.e(Config.LOGTAG, "unable to set SNI name on socket (" + hostname + ")", e);
51            }
52        }
53    }
54
55    @RequiresApi(api = Build.VERSION_CODES.N)
56    private static void setSNIHostNougat(final SSLSocket socket, final String hostname) {
57        final SSLParameters parameters = new SSLParameters();
58        parameters.setServerNames(Collections.singletonList(new SNIHostName(hostname)));
59        socket.setSSLParameters(parameters);
60    }
61
62    public static void setAlpnProtocol(final SSLSocket socket, final String protocol) {
63        try {
64            final Method method = socket.getClass().getMethod("setAlpnProtocols", byte[].class);
65            // the concatenation of 8-bit, length prefixed protocol names, just one in our case...
66            // http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04#page-4
67            final byte[] protocolUTF8Bytes = protocol.getBytes("UTF-8");
68            final byte[] lengthPrefixedProtocols = new byte[protocolUTF8Bytes.length + 1];
69            lengthPrefixedProtocols[0] = (byte) protocol.length(); // cannot be over 255 anyhow
70            System.arraycopy(protocolUTF8Bytes, 0, lengthPrefixedProtocols, 1, protocolUTF8Bytes.length);
71            method.invoke(socket, new Object[]{lengthPrefixedProtocols});
72        } catch (Throwable e) {
73            Log.e(Config.LOGTAG,"unable to set ALPN on socket",e);
74        }
75    }
76
77    public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
78        return SSLContext.getInstance("TLSv1.3");
79    }
80
81    public static void log(Account account, SSLSocket socket) {
82        SSLSession session = socket.getSession();
83        Log.d(Config.LOGTAG,account.getJid().asBareJid()+": protocol="+session.getProtocol()+" cipher="+session.getCipherSuite());
84    }
85}