diff --git a/src/com/fsck/k9/mail/store/ImapStore.java b/src/com/fsck/k9/mail/store/ImapStore.java index 8334db923..f4eac81ae 100644 --- a/src/com/fsck/k9/mail/store/ImapStore.java +++ b/src/com/fsck/k9/mail/store/ImapStore.java @@ -50,7 +50,6 @@ import java.util.zip.InflaterInputStream; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; -import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import org.apache.commons.io.IOUtils; @@ -97,7 +96,6 @@ import com.fsck.k9.mail.store.ImapResponseParser.ImapList; import com.fsck.k9.mail.store.ImapResponseParser.ImapResponse; import com.fsck.k9.mail.store.imap.ImapUtility; import com.fsck.k9.mail.transport.imap.ImapSettings; -import com.fsck.k9.mail.transport.TrustedSocketFactory; import com.jcraft.jzlib.JZlib; import com.jcraft.jzlib.ZOutputStream; @@ -2451,8 +2449,7 @@ public class ImapStore extends Store { sslContext.init(null, new TrustManager[] { TrustManagerFactory.get(mSettings.getHost(), secure) }, new SecureRandom()); - mSocket = sslContext.getSocketFactory().createSocket(); - TrustedSocketFactory.hardenSocket((SSLSocket)mSocket); + mSocket = TrustedSocketFactory.createSocket(sslContext); } else { mSocket = new Socket(); } diff --git a/src/com/fsck/k9/mail/store/Pop3Store.java b/src/com/fsck/k9/mail/store/Pop3Store.java index ff7e1a3ba..1621c1527 100644 --- a/src/com/fsck/k9/mail/store/Pop3Store.java +++ b/src/com/fsck/k9/mail/store/Pop3Store.java @@ -7,14 +7,12 @@ import com.fsck.k9.Account; import com.fsck.k9.K9; import com.fsck.k9.controller.MessageRetrievalListener; import com.fsck.k9.helper.Utility; -import com.fsck.k9.mail.transport.TrustedSocketFactory; import com.fsck.k9.mail.*; import com.fsck.k9.mail.internet.MimeMessage; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; -import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import java.io.*; import java.net.*; @@ -332,8 +330,7 @@ public class Pop3Store extends Store { sslContext.init(null, new TrustManager[] { TrustManagerFactory.get(mHost, secure) }, new SecureRandom()); - mSocket = sslContext.getSocketFactory().createSocket(); - TrustedSocketFactory.hardenSocket((SSLSocket)mSocket); + mSocket = TrustedSocketFactory.createSocket(sslContext); } else { mSocket = new Socket(); } diff --git a/src/com/fsck/k9/mail/transport/TrustedSocketFactory.java b/src/com/fsck/k9/mail/store/TrustedSocketFactory.java similarity index 53% rename from src/com/fsck/k9/mail/transport/TrustedSocketFactory.java rename to src/com/fsck/k9/mail/store/TrustedSocketFactory.java index aa73edf8d..5268c01ee 100644 --- a/src/com/fsck/k9/mail/transport/TrustedSocketFactory.java +++ b/src/com/fsck/k9/mail/store/TrustedSocketFactory.java @@ -1,28 +1,25 @@ -package com.fsck.k9.mail.transport; - -import com.fsck.k9.mail.store.TrustManagerFactory; -import org.apache.http.conn.ConnectTimeoutException; -import org.apache.http.conn.scheme.LayeredSocketFactory; -import org.apache.http.params.HttpParams; +package com.fsck.k9.mail.store; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; import java.io.IOException; -import java.net.InetAddress; import java.net.Socket; -import java.net.UnknownHostException; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.*; -public class TrustedSocketFactory implements LayeredSocketFactory { - private SSLSocketFactory mSocketFactory; - private org.apache.http.conn.ssl.SSLSocketFactory mSchemeSocketFactory; - protected static final String ENABLED_CIPHERS[]; +/** + * Filter and reorder list of cipher suites and TLS versions. + * + *

+ * See: http://op-co.de/blog/posts/android_ssl_downgrade/ + *

+ */ +public class TrustedSocketFactory { + protected static final String ENABLED_CIPHERS[]; protected static final String ENABLED_PROTOCOLS[]; static { @@ -81,32 +78,14 @@ public class TrustedSocketFactory implements LayeredSocketFactory { return enabled.toArray(new String[enabled.size()]); } - public TrustedSocketFactory(String host, boolean secure) throws NoSuchAlgorithmException, KeyManagementException { - SSLContext sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, new TrustManager[] { - TrustManagerFactory.get(host, secure) - }, new SecureRandom()); - mSocketFactory = sslContext.getSocketFactory(); - mSchemeSocketFactory = org.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory(); - mSchemeSocketFactory.setHostnameVerifier( - org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); + public static Socket createSocket(SSLContext sslContext) throws IOException { + SSLSocket socket = (SSLSocket) sslContext.getSocketFactory().createSocket(); + hardenSocket(socket); + + return socket; } - public Socket connectSocket(Socket sock, String host, int port, - InetAddress localAddress, int localPort, HttpParams params) - throws IOException, UnknownHostException, ConnectTimeoutException { - return mSchemeSocketFactory.connectSocket(sock, host, port, localAddress, localPort, params); - } - - public Socket createSocket() throws IOException { - return mSocketFactory.createSocket(); - } - - public boolean isSecure(Socket sock) throws IllegalArgumentException { - return mSchemeSocketFactory.isSecure(sock); - } - - public static void hardenSocket(SSLSocket sock) { + private static void hardenSocket(SSLSocket sock) { if (ENABLED_CIPHERS != null) { sock.setEnabledCipherSuites(ENABLED_CIPHERS); } @@ -114,22 +93,4 @@ public class TrustedSocketFactory implements LayeredSocketFactory { sock.setEnabledProtocols(ENABLED_PROTOCOLS); } } - - public Socket createSocket( - final Socket socket, - final String host, - final int port, - final boolean autoClose - ) throws IOException, UnknownHostException { - SSLSocket sslSocket = (SSLSocket) mSocketFactory.createSocket( - socket, - host, - port, - autoClose - ); - //hostnameVerifier.verify(host, sslSocket); - // verifyHostName() didn't blowup - good! - hardenSocket(sslSocket); - return sslSocket; - } } diff --git a/src/com/fsck/k9/mail/transport/SmtpTransport.java b/src/com/fsck/k9/mail/transport/SmtpTransport.java index 1b4c57d25..4e71d3ee8 100644 --- a/src/com/fsck/k9/mail/transport/SmtpTransport.java +++ b/src/com/fsck/k9/mail/transport/SmtpTransport.java @@ -14,10 +14,10 @@ import com.fsck.k9.mail.filter.SmtpDataStuffing; import com.fsck.k9.mail.internet.MimeUtility; import com.fsck.k9.mail.store.TrustManagerFactory; import com.fsck.k9.mail.store.LocalStore.LocalMessage; +import com.fsck.k9.mail.store.TrustedSocketFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; -import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; @@ -245,8 +245,7 @@ public class SmtpTransport extends Transport { sslContext.init(null, new TrustManager[] { TrustManagerFactory.get(mHost, secure) }, new SecureRandom()); - mSocket = sslContext.getSocketFactory().createSocket(); - TrustedSocketFactory.hardenSocket((SSLSocket)mSocket); + mSocket = TrustedSocketFactory.createSocket(sslContext); mSocket.connect(socketAddress, SOCKET_CONNECT_TIMEOUT); } else { mSocket = new Socket();