Revert "email: add support for Server Name Indication (SNI)"

This reverts commit 75cf76875e. Bug: 13744933 Change-Id: I6ef39dfa13dcadc5a41c79f65bc0eed9d27dd447
2014-04-01 20:21:05 +00:00 · 2014-04-01 20:21:05 +00:00 · 048a2956da
parent 75cf76875e
commit 048a2956da
2 changed files with 34 additions and 44 deletions
--- a/emailcommon/Android.mk
+++ b/emailcommon/Android.mk
@ -42,7 +42,7 @@ LOCAL_SRC_FILES += $(call all-java-files-under, $(apache_src_dir))
 LOCAL_SRC_FILES += $(imported_unified_email_files)
 LOCAL_SRC_FILES += $(call all-java-files-under, $(unified_email_src_dir)/com/android/emailcommon)

-LOCAL_SDK_VERSION := 17
+LOCAL_SDK_VERSION := 14

 LOCAL_RESOURCE_DIR := $(LOCAL_PATH)/res

--- a/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java
+++ b/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java
@ -33,10 +33,6 @@

 package com.android.emailcommon.utility;

-import android.annotation.TargetApi;
-import android.net.SSLCertificateSocketFactory;
-import android.os.Build;
-
 import org.apache.http.conn.scheme.HostNameResolver;
 import org.apache.http.conn.scheme.LayeredSocketFactory;
 import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
@ -46,6 +42,7 @@ import org.apache.http.conn.ssl.X509HostnameVerifier;
 import org.apache.http.params.HttpConnectionParams;
 import org.apache.http.params.HttpParams;

+import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
@ -159,9 +156,21 @@ public class SSLSocketFactory implements LayeredSocketFactory {

    public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
        = new StrictHostnameVerifier();
+    /**
+     * The factory using the default JVM settings for secure connections.
+     */
+    private static final SSLSocketFactory DEFAULT_FACTORY = new SSLSocketFactory();
+
+    /**
+     * Gets an singleton instance of the SSLProtocolSocketFactory.
+     * @return a SSLProtocolSocketFactory
+     */
+    public static SSLSocketFactory getSocketFactory() {
+        return DEFAULT_FACTORY;
+    }

    private final SSLContext sslcontext;
-    private final SSLCertificateSocketFactory socketfactory;
+    private final javax.net.ssl.SSLSocketFactory socketfactory;
    private final HostNameResolver nameResolver;
    private X509HostnameVerifier hostnameVerifier = BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;

@ -188,7 +197,7 @@ public class SSLSocketFactory implements LayeredSocketFactory {
        }
        sslcontext = SSLContext.getInstance(algorithm);
        sslcontext.init(keymanagers, trustmanagers, random);
-        socketfactory = (SSLCertificateSocketFactory) sslcontext.getSocketFactory();
+        socketfactory = sslcontext.getSocketFactory();
        this.nameResolver = nameResolver;
    }

@ -217,13 +226,25 @@ public class SSLSocketFactory implements LayeredSocketFactory {
     * Constructs an HttpClient SSLSocketFactory backed by the given JSSE
     * SSLSocketFactory.
     */
-    public SSLSocketFactory(SSLCertificateSocketFactory socketfactory) {
+    public SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory) {
        super();
        sslcontext = null;
        this.socketfactory = socketfactory;
        nameResolver = null;
    }

+    /**
+     * Creates the default SSL socket factory.
+     * This constructor is used exclusively to instantiate the factory for
+     * {@link #getSocketFactory getSocketFactory}.
+     */
+    private SSLSocketFactory() {
+        super();
+        sslcontext = null;
+        socketfactory = HttpsURLConnection.getDefaultSSLSocketFactory();
+        nameResolver = null;
+    }
+
    private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password)
        throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        if (keystore == null) {
@ -259,7 +280,6 @@ public class SSLSocketFactory implements LayeredSocketFactory {

    // non-javadoc, see interface org.apache.http.conn.SocketFactory
    @Override
-    @TargetApi(17)
    public Socket connectSocket(
        final Socket sock,
        final String host,
@ -303,12 +323,6 @@ public class SSLSocketFactory implements LayeredSocketFactory {
        sslsock.connect(remoteAddress, connTimeout);

        sslsock.setSoTimeout(soTimeout);
-
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-            // Turn on Server Name Indication (SNI)
-            socketfactory.setHostname(sslsock, host);
-        }
-
        try {
            hostnameVerifier.verify(host, sslsock);
            // verifyHostName() didn't blowup - good!
@ -360,43 +374,19 @@ public class SSLSocketFactory implements LayeredSocketFactory {

    // non-javadoc, see interface LayeredSocketFactory
    @Override
-    @TargetApi(17)
    public Socket createSocket(
        final Socket socket,
        final String host,
        final int port,
        final boolean autoClose
    ) throws IOException, UnknownHostException {
-        // Close the plain socket if requested. The underlaying socket factory will
-        // create a new socket.
-        if (autoClose) {
-            socket.close();
-        }
-
-        // We don't want to verify the hostname from the previous socket here (we must call
-        // setHostname in order to proper get SNI working), so just create a new ssl socket
-        // based in the previous socket
        SSLSocket sslSocket = (SSLSocket) socketfactory.createSocket(
-              socket.getInetAddress(),
-              port
+              socket,
+              host,
+              port,
+              autoClose
        );
-
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-            // Turn on Server Name Indication (SNI)
-            socketfactory.setHostname(sslSocket, host);
-        }
-
-        try {
-            hostnameVerifier.verify(host, sslSocket);
-            // verifyHostName() didn't blowup - good!
-        } catch (IOException iox) {
-            // close the socket before re-throwing the exception
-            if (autoClose) {
-                try { sslSocket.close(); } catch (Exception x) { /*ignore*/ }
-            }
-            throw iox;
-        }
-
+        hostnameVerifier.verify(host, sslSocket);
        // verifyHostName() didn't blowup - good!
        return sslSocket;
    }