1package eu.siacs.conversations.utils;
 2
 3import android.os.Build;
 4
 5import java.lang.reflect.Method;
 6import java.security.NoSuchAlgorithmException;
 7import java.util.Arrays;
 8import java.util.Collection;
 9import java.util.LinkedList;
10
11import javax.net.ssl.SSLContext;
12import javax.net.ssl.SSLSocket;
13import javax.net.ssl.SSLSocketFactory;
14
15public class SSLSocketHelper {
16
17	public static void setSecurity(final SSLSocket sslSocket) throws NoSuchAlgorithmException {
18		final String[] supportProtocols;
19		final Collection<String> supportedProtocols = new LinkedList<>(
20				Arrays.asList(sslSocket.getSupportedProtocols()));
21		supportedProtocols.remove("SSLv3");
22		supportProtocols = supportedProtocols.toArray(new String[supportedProtocols.size()]);
23
24		sslSocket.setEnabledProtocols(supportProtocols);
25
26		final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
27				sslSocket.getSupportedCipherSuites());
28		if (cipherSuites.length > 0) {
29			sslSocket.setEnabledCipherSuites(cipherSuites);
30		}
31	}
32
33	public static void setSNIHost(final SSLSocketFactory factory, final SSLSocket socket, final String hostname) {
34		if (factory instanceof android.net.SSLCertificateSocketFactory && android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.JELLY_BEAN_MR1) {
35			((android.net.SSLCertificateSocketFactory) factory).setHostname(socket, hostname);
36		} else {
37			try {
38				socket.getClass().getMethod("setHostname", String.class).invoke(socket, hostname);
39			} catch (Throwable e) {
40				// ignore any error, we just can't set the hostname...
41			}
42		}
43	}
44
45	public static void setAlpnProtocol(final SSLSocketFactory factory, final SSLSocket socket, final String protocol) {
46		try {
47			if (factory instanceof android.net.SSLCertificateSocketFactory && android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.KITKAT) {
48				// can't call directly because of @hide?
49				//((android.net.SSLCertificateSocketFactory)factory).setAlpnProtocols(new byte[][]{protocol.getBytes("UTF-8")});
50				android.net.SSLCertificateSocketFactory.class.getMethod("setAlpnProtocols", byte[][].class).invoke(socket, new Object[]{new byte[][]{protocol.getBytes("UTF-8")}});
51			} else {
52				final Method method = socket.getClass().getMethod("setAlpnProtocols", byte[].class);
53				// the concatenation of 8-bit, length prefixed protocol names, just one in our case...
54				// http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04#page-4
55				final byte[] protocolUTF8Bytes = protocol.getBytes("UTF-8");
56				final byte[] lengthPrefixedProtocols = new byte[protocolUTF8Bytes.length + 1];
57				lengthPrefixedProtocols[0] = (byte) protocol.length(); // cannot be over 255 anyhow
58				System.arraycopy(protocolUTF8Bytes, 0, lengthPrefixedProtocols, 1, protocolUTF8Bytes.length);
59				method.invoke(socket, new Object[]{lengthPrefixedProtocols});
60			}
61		} catch (Throwable e) {
62			// ignore any error, we just can't set the alpn protocol...
63		}
64	}
65
66	public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
67		if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {
68			return SSLContext.getInstance("TLSv1.2");
69		} else {
70			return SSLContext.getInstance("TLS");
71		}
72	}
73}