diff --git a/src/com/fsck/k9/mail/store/WebDavSocketFactory.java b/src/com/fsck/k9/mail/store/WebDavSocketFactory.java new file mode 100644 index 000000000..2d4f959ed --- /dev/null +++ b/src/com/fsck/k9/mail/store/WebDavSocketFactory.java @@ -0,0 +1,69 @@ +package com.fsck.k9.mail.store; + +import org.apache.http.conn.ConnectTimeoutException; +import org.apache.http.conn.scheme.LayeredSocketFactory; +import org.apache.http.params.HttpParams; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; + + +/* + * TODO: find out what's going on here and document it. + * Using two socket factories looks suspicious. + */ +public class WebDavSocketFactory implements LayeredSocketFactory { + private SSLSocketFactory mSocketFactory; + private org.apache.http.conn.ssl.SSLSocketFactory mSchemeSocketFactory; + + public WebDavSocketFactory(String host, boolean secure) throws NoSuchAlgorithmException, KeyManagementException { + SSLContext sslContext = SSLContext.getInstance("TLS"); + sslContext.init(null, new TrustManager[] { + TrustManagerFactory.get(host, secure) + }, new SecureRandom()); + mSocketFactory = sslContext.getSocketFactory(); + mSchemeSocketFactory = org.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory(); + mSchemeSocketFactory.setHostnameVerifier( + org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); + } + + public Socket connectSocket(Socket sock, String host, int port, + InetAddress localAddress, int localPort, HttpParams params) + throws IOException, UnknownHostException, ConnectTimeoutException { + return mSchemeSocketFactory.connectSocket(sock, host, port, localAddress, localPort, params); + } + + public Socket createSocket() throws IOException { + return mSocketFactory.createSocket(); + } + + public boolean isSecure(Socket sock) throws IllegalArgumentException { + return mSchemeSocketFactory.isSecure(sock); + } + public Socket createSocket( + final Socket socket, + final String host, + final int port, + final boolean autoClose + ) throws IOException, UnknownHostException { + SSLSocket sslSocket = (SSLSocket) mSocketFactory.createSocket( + socket, + host, + port, + autoClose + ); + //hostnameVerifier.verify(host, sslSocket); + // verifyHostName() didn't blowup - good! + return sslSocket; + } +} diff --git a/src/com/fsck/k9/mail/store/WebDavStore.java b/src/com/fsck/k9/mail/store/WebDavStore.java index 6d4b69d3f..b3f8d5f24 100644 --- a/src/com/fsck/k9/mail/store/WebDavStore.java +++ b/src/com/fsck/k9/mail/store/WebDavStore.java @@ -10,7 +10,6 @@ import com.fsck.k9.mail.*; import com.fsck.k9.mail.filter.EOLConvertingOutputStream; import com.fsck.k9.mail.internet.MimeMessage; -import com.fsck.k9.mail.transport.TrustedSocketFactory; import org.apache.commons.io.IOUtils; import org.apache.http.*; import org.apache.http.client.CookieStore; @@ -1080,7 +1079,7 @@ public class WebDavStore extends Store { SchemeRegistry reg = mHttpClient.getConnectionManager().getSchemeRegistry(); try { - Scheme s = new Scheme("https", new TrustedSocketFactory(mHost, mSecure), 443); + Scheme s = new Scheme("https", new WebDavSocketFactory(mHost, mSecure), 443); reg.register(s); } catch (NoSuchAlgorithmException nsa) { Log.e(K9.LOG_TAG, "NoSuchAlgorithmException in getHttpClient: " + nsa);