Refactor TrustedSocketFactory

2025-01-12 22:28:10 -05:00 · 2013-10-29 04:01:12 +01:00 · 2013-10-29 04:01:12 +01:00 · a97705ffa9
commit a97705ffa9
parent 8f45d76b5c
4 changed files with 20 additions and 66 deletions
--- a/src/com/fsck/k9/mail/store/ImapStore.java
+++ b/src/com/fsck/k9/mail/store/ImapStore.java
@ -50,7 +50,6 @@ import java.util.zip.InflaterInputStream;

 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManager;

 import org.apache.commons.io.IOUtils;
@ -97,7 +96,6 @@ import com.fsck.k9.mail.store.ImapResponseParser.ImapList;
 import com.fsck.k9.mail.store.ImapResponseParser.ImapResponse;
 import com.fsck.k9.mail.store.imap.ImapUtility;
 import com.fsck.k9.mail.transport.imap.ImapSettings;
-import com.fsck.k9.mail.transport.TrustedSocketFactory;
 import com.jcraft.jzlib.JZlib;
 import com.jcraft.jzlib.ZOutputStream;

@ -2451,8 +2449,7 @@ public class ImapStore extends Store {
                            sslContext.init(null, new TrustManager[] {
                                                TrustManagerFactory.get(mSettings.getHost(), secure)
                                            }, new SecureRandom());
-                            mSocket = sslContext.getSocketFactory().createSocket();
-                            TrustedSocketFactory.hardenSocket((SSLSocket)mSocket);
+                            mSocket = TrustedSocketFactory.createSocket(sslContext);
                        } else {
                            mSocket = new Socket();
                        }
--- a/src/com/fsck/k9/mail/store/Pop3Store.java
+++ b/src/com/fsck/k9/mail/store/Pop3Store.java
@ -7,14 +7,12 @@ import com.fsck.k9.Account;
 import com.fsck.k9.K9;
 import com.fsck.k9.controller.MessageRetrievalListener;
 import com.fsck.k9.helper.Utility;
-import com.fsck.k9.mail.transport.TrustedSocketFactory;
 import com.fsck.k9.mail.*;

 import com.fsck.k9.mail.internet.MimeMessage;

 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManager;
 import java.io.*;
 import java.net.*;
@ -332,8 +330,7 @@ public class Pop3Store extends Store {
                    sslContext.init(null, new TrustManager[] {
                                        TrustManagerFactory.get(mHost, secure)
                                    }, new SecureRandom());
-                    mSocket = sslContext.getSocketFactory().createSocket();
-                    TrustedSocketFactory.hardenSocket((SSLSocket)mSocket);
+                    mSocket = TrustedSocketFactory.createSocket(sslContext);
                } else {
                    mSocket = new Socket();
                }
--- a/src/com/fsck/k9/mail/transport/TrustedSocketFactory.java
+++ b/src/com/fsck/k9/mail/transport/TrustedSocketFactory.java
@ -1,27 +1,24 @@
-package com.fsck.k9.mail.transport;
-
-import com.fsck.k9.mail.store.TrustManagerFactory;
-import org.apache.http.conn.ConnectTimeoutException;
-import org.apache.http.conn.scheme.LayeredSocketFactory;
-import org.apache.http.params.HttpParams;
+package com.fsck.k9.mail.store;

 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
 import java.io.IOException;
-import java.net.InetAddress;
 import java.net.Socket;
-import java.net.UnknownHostException;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.*;

-public class TrustedSocketFactory implements LayeredSocketFactory {
-    private SSLSocketFactory mSocketFactory;
-    private org.apache.http.conn.ssl.SSLSocketFactory mSchemeSocketFactory;

+/**
+ * Filter and reorder list of cipher suites and TLS versions.
+ *
+ * <p>
+ * See: <a href="http://op-co.de/blog/posts/android_ssl_downgrade/">http://op-co.de/blog/posts/android_ssl_downgrade/</a>
+ * </p>
+ */
+public class TrustedSocketFactory {
    protected static final String ENABLED_CIPHERS[];
    protected static final String ENABLED_PROTOCOLS[];

@ -81,32 +78,14 @@ public class TrustedSocketFactory implements LayeredSocketFactory {
        return enabled.toArray(new String[enabled.size()]);
    }

-    public TrustedSocketFactory(String host, boolean secure) throws NoSuchAlgorithmException, KeyManagementException {
-        SSLContext sslContext = SSLContext.getInstance("TLS");
-        sslContext.init(null, new TrustManager[] {
-                            TrustManagerFactory.get(host, secure)
-                        }, new SecureRandom());
-        mSocketFactory = sslContext.getSocketFactory();
-        mSchemeSocketFactory = org.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory();
-        mSchemeSocketFactory.setHostnameVerifier(
-            org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+    public static Socket createSocket(SSLContext sslContext) throws IOException {
+        SSLSocket socket = (SSLSocket) sslContext.getSocketFactory().createSocket();
+        hardenSocket(socket);
+
+        return socket;
    }

-    public Socket connectSocket(Socket sock, String host, int port,
-                                InetAddress localAddress, int localPort, HttpParams params)
-    throws IOException, UnknownHostException, ConnectTimeoutException {
-        return mSchemeSocketFactory.connectSocket(sock, host, port, localAddress, localPort, params);
-    }
-
-    public Socket createSocket() throws IOException {
-        return mSocketFactory.createSocket();
-    }
-
-    public boolean isSecure(Socket sock) throws IllegalArgumentException {
-        return mSchemeSocketFactory.isSecure(sock);
-    }
-
-    public static void hardenSocket(SSLSocket sock) {
+    private static void hardenSocket(SSLSocket sock) {
        if (ENABLED_CIPHERS != null) {
            sock.setEnabledCipherSuites(ENABLED_CIPHERS);
        }
@ -114,22 +93,4 @@ public class TrustedSocketFactory implements LayeredSocketFactory {
            sock.setEnabledProtocols(ENABLED_PROTOCOLS);
        }
    }
-
-    public Socket createSocket(
-        final Socket socket,
-        final String host,
-        final int port,
-        final boolean autoClose
-    ) throws IOException, UnknownHostException {
-        SSLSocket sslSocket = (SSLSocket) mSocketFactory.createSocket(
-                                  socket,
-                                  host,
-                                  port,
-                                  autoClose
-                              );
-        //hostnameVerifier.verify(host, sslSocket);
-        // verifyHostName() didn't blowup - good!
-        hardenSocket(sslSocket);
-        return sslSocket;
-    }
 }
--- a/src/com/fsck/k9/mail/transport/SmtpTransport.java
+++ b/src/com/fsck/k9/mail/transport/SmtpTransport.java
@ -14,10 +14,10 @@ import com.fsck.k9.mail.filter.SmtpDataStuffing;
 import com.fsck.k9.mail.internet.MimeUtility;
 import com.fsck.k9.mail.store.TrustManagerFactory;
 import com.fsck.k9.mail.store.LocalStore.LocalMessage;
+import com.fsck.k9.mail.store.TrustedSocketFactory;

 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManager;
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
@ -245,8 +245,7 @@ public class SmtpTransport extends Transport {
                        sslContext.init(null, new TrustManager[] {
                                            TrustManagerFactory.get(mHost, secure)
                                        }, new SecureRandom());
-                        mSocket = sslContext.getSocketFactory().createSocket();
-                        TrustedSocketFactory.hardenSocket((SSLSocket)mSocket);
+                        mSocket = TrustedSocketFactory.createSocket(sslContext);
                        mSocket.connect(socketAddress, SOCKET_CONNECT_TIMEOUT);
                    } else {
                        mSocket = new Socket();