conversations-classic/src/main/java/eu/siacs/conversations/utils/SSLSocketHelper.java

package eu.siacs.conversations.utils;

import android.util.Log;

import org.conscrypt.Conscrypt;

import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collection;
import java.util.LinkedList;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;

import eu.siacs.conversations.Config;
import eu.siacs.conversations.entities.Account;

public class SSLSocketHelper {

    public static void setSecurity(final SSLSocket sslSocket) {
        final String[] supportProtocols;
        final Collection<String> supportedProtocols = new LinkedList<>(
                Arrays.asList(sslSocket.getSupportedProtocols()));
        supportedProtocols.remove("SSLv3");
        supportProtocols = supportedProtocols.toArray(new String[supportedProtocols.size()]);

        sslSocket.setEnabledProtocols(supportProtocols);

        final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(
                sslSocket.getSupportedCipherSuites());
        if (cipherSuites.length > 0) {
            sslSocket.setEnabledCipherSuites(cipherSuites);
        }
    }

    public static void setHostname(final SSLSocket socket, final String hostname) {
        try {
            Conscrypt.setHostname(socket, hostname);
        } catch (IllegalArgumentException e) {
            Log.e(Config.LOGTAG, "unable to set SNI name on socket (" + hostname + ")", e);
        }
    }

    public static void setApplicationProtocol(final SSLSocket socket, final String protocol) {
        try {
            Conscrypt.setApplicationProtocols(socket, new String[]{protocol});
        } catch (IllegalArgumentException e) {
            Log.e(Config.LOGTAG, "unable to set ALPN on socket", e);
        }
    }

    public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
        return SSLContext.getInstance("TLSv1.3");
    }

    public static void log(Account account, SSLSocket socket) {
        SSLSession session = socket.getSession();
        Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": protocol=" + session.getProtocol() + " cipher=" + session.getCipherSuite());
    }
}
move some ssl socket modifiers into a seperate helper class 2016-01-12 15:33:15 +00:00			`package eu.siacs.conversations.utils;`

use conscrypt as security provider to provide tls 1.3 and modern cyphers on old androids 2018-09-21 14:33:07 +00:00			`import android.util.Log;`
use TLSv1.2 as SSL context on supported plattforms 2016-02-03 17:17:16 +00:00
use conscrypt api to set sni and alpn 2018-09-23 09:20:23 +00:00			`import org.conscrypt.Conscrypt;`

move some ssl socket modifiers into a seperate helper class 2016-01-12 15:33:15 +00:00			`import java.security.NoSuchAlgorithmException;`
			`import java.util.Arrays;`
			`import java.util.Collection;`
			`import java.util.LinkedList;`

use TLSv1.2 as SSL context on supported plattforms 2016-02-03 17:17:16 +00:00			`import javax.net.ssl.SSLContext;`
use conscrypt as security provider to provide tls 1.3 and modern cyphers on old androids 2018-09-21 14:33:07 +00:00			`import javax.net.ssl.SSLSession;`
move some ssl socket modifiers into a seperate helper class 2016-01-12 15:33:15 +00:00			`import javax.net.ssl.SSLSocket;`

use conscrypt as security provider to provide tls 1.3 and modern cyphers on old androids 2018-09-21 14:33:07 +00:00			`import eu.siacs.conversations.Config;`
			`import eu.siacs.conversations.entities.Account;`

move some ssl socket modifiers into a seperate helper class 2016-01-12 15:33:15 +00:00			`public class SSLSocketHelper {`

use conscrypt as security provider to provide tls 1.3 and modern cyphers on old androids 2018-09-21 14:33:07 +00:00			`public static void setSecurity(final SSLSocket sslSocket) {`
			`final String[] supportProtocols;`
			`final Collection<String> supportedProtocols = new LinkedList<>(`
			`Arrays.asList(sslSocket.getSupportedProtocols()));`
			`supportedProtocols.remove("SSLv3");`
			`supportProtocols = supportedProtocols.toArray(new String[supportedProtocols.size()]);`

			`sslSocket.setEnabledProtocols(supportProtocols);`
move some ssl socket modifiers into a seperate helper class 2016-01-12 15:33:15 +00:00
use conscrypt as security provider to provide tls 1.3 and modern cyphers on old androids 2018-09-21 14:33:07 +00:00			`final String[] cipherSuites = CryptoHelper.getOrderedCipherSuites(`
			`sslSocket.getSupportedCipherSuites());`
			`if (cipherSuites.length > 0) {`
			`sslSocket.setEnabledCipherSuites(cipherSuites);`
			`}`
			`}`
move some ssl socket modifiers into a seperate helper class 2016-01-12 15:33:15 +00:00
use conscrypt api to set sni and alpn 2018-09-23 09:20:23 +00:00			`public static void setHostname(final SSLSocket socket, final String hostname) {`
			`try {`
			`Conscrypt.setHostname(socket, hostname);`
			`} catch (IllegalArgumentException e) {`
			`Log.e(Config.LOGTAG, "unable to set SNI name on socket (" + hostname + ")", e);`
use conscrypt as security provider to provide tls 1.3 and modern cyphers on old androids 2018-09-21 14:33:07 +00:00			`}`
			`}`
move some ssl socket modifiers into a seperate helper class 2016-01-12 15:33:15 +00:00
use conscrypt api to set sni and alpn 2018-09-23 09:20:23 +00:00			`public static void setApplicationProtocol(final SSLSocket socket, final String protocol) {`
use conscrypt as security provider to provide tls 1.3 and modern cyphers on old androids 2018-09-21 14:33:07 +00:00			`try {`
use conscrypt api to set sni and alpn 2018-09-23 09:20:23 +00:00			`Conscrypt.setApplicationProtocols(socket, new String[]{protocol});`
			`} catch (IllegalArgumentException e) {`
			`Log.e(Config.LOGTAG, "unable to set ALPN on socket", e);`
use conscrypt as security provider to provide tls 1.3 and modern cyphers on old androids 2018-09-21 14:33:07 +00:00			`}`
			`}`
move some ssl socket modifiers into a seperate helper class 2016-01-12 15:33:15 +00:00
use conscrypt as security provider to provide tls 1.3 and modern cyphers on old androids 2018-09-21 14:33:07 +00:00			`public static SSLContext getSSLContext() throws NoSuchAlgorithmException {`
			`return SSLContext.getInstance("TLSv1.3");`
			`}`
use TLSv1.2 as SSL context on supported plattforms 2016-02-03 17:17:16 +00:00
use conscrypt as security provider to provide tls 1.3 and modern cyphers on old androids 2018-09-21 14:33:07 +00:00			`public static void log(Account account, SSLSocket socket) {`
			`SSLSession session = socket.getSession();`
use conscrypt api to set sni and alpn 2018-09-23 09:20:23 +00:00			`Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": protocol=" + session.getProtocol() + " cipher=" + session.getCipherSuite());`
use conscrypt as security provider to provide tls 1.3 and modern cyphers on old androids 2018-09-21 14:33:07 +00:00			`}`
move some ssl socket modifiers into a seperate helper class 2016-01-12 15:33:15 +00:00			`}`