From f42620b7b4bb7aa59ee976d947c709251cb760b9 Mon Sep 17 00:00:00 2001 From: Scott Kennedy Date: Tue, 1 Apr 2014 20:22:12 +0000 Subject: [PATCH 1/2] Revert "email: add support for Server Name Indication (SNI)" This reverts commit a7a483144d466d151ab646523a22af47de10bc18. Bug: 13744933 Change-Id: I68b95dcca20042639d02d3609ad03aaa3eca0353 --- emailcommon/Android.mk | 2 +- .../emailcommon/utility/SSLSocketFactory.java | 76 ++++++++----------- 2 files changed, 34 insertions(+), 44 deletions(-) diff --git a/emailcommon/Android.mk b/emailcommon/Android.mk index 14ea55078..654e20d60 100644 --- a/emailcommon/Android.mk +++ b/emailcommon/Android.mk @@ -42,7 +42,7 @@ LOCAL_SRC_FILES += $(call all-java-files-under, $(apache_src_dir)) LOCAL_SRC_FILES += $(imported_unified_email_files) LOCAL_SRC_FILES += $(call all-java-files-under, $(unified_email_src_dir)/com/android/emailcommon) -LOCAL_SDK_VERSION := 17 +LOCAL_SDK_VERSION := 14 LOCAL_RESOURCE_DIR := $(LOCAL_PATH)/res diff --git a/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java b/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java index 433cef870..b7a59b81d 100644 --- a/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java +++ b/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java @@ -33,10 +33,6 @@ package com.android.emailcommon.utility; -import android.annotation.TargetApi; -import android.net.SSLCertificateSocketFactory; -import android.os.Build; - import org.apache.http.conn.scheme.HostNameResolver; import org.apache.http.conn.scheme.LayeredSocketFactory; import org.apache.http.conn.ssl.AllowAllHostnameVerifier; @@ -46,6 +42,7 @@ import org.apache.http.conn.ssl.X509HostnameVerifier; import org.apache.http.params.HttpConnectionParams; import org.apache.http.params.HttpParams; +import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; @@ -159,9 +156,21 @@ public class SSLSocketFactory implements LayeredSocketFactory { public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER = new StrictHostnameVerifier(); + /** + * The factory using the default JVM settings for secure connections. + */ + private static final SSLSocketFactory DEFAULT_FACTORY = new SSLSocketFactory(); + + /** + * Gets an singleton instance of the SSLProtocolSocketFactory. + * @return a SSLProtocolSocketFactory + */ + public static SSLSocketFactory getSocketFactory() { + return DEFAULT_FACTORY; + } private final SSLContext sslcontext; - private final SSLCertificateSocketFactory socketfactory; + private final javax.net.ssl.SSLSocketFactory socketfactory; private final HostNameResolver nameResolver; private X509HostnameVerifier hostnameVerifier = BROWSER_COMPATIBLE_HOSTNAME_VERIFIER; @@ -188,7 +197,7 @@ public class SSLSocketFactory implements LayeredSocketFactory { } sslcontext = SSLContext.getInstance(algorithm); sslcontext.init(keymanagers, trustmanagers, random); - socketfactory = (SSLCertificateSocketFactory) sslcontext.getSocketFactory(); + socketfactory = sslcontext.getSocketFactory(); this.nameResolver = nameResolver; } @@ -217,13 +226,25 @@ public class SSLSocketFactory implements LayeredSocketFactory { * Constructs an HttpClient SSLSocketFactory backed by the given JSSE * SSLSocketFactory. */ - public SSLSocketFactory(SSLCertificateSocketFactory socketfactory) { + public SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory) { super(); sslcontext = null; this.socketfactory = socketfactory; nameResolver = null; } + /** + * Creates the default SSL socket factory. + * This constructor is used exclusively to instantiate the factory for + * {@link #getSocketFactory getSocketFactory}. + */ + private SSLSocketFactory() { + super(); + sslcontext = null; + socketfactory = HttpsURLConnection.getDefaultSSLSocketFactory(); + nameResolver = null; + } + private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException { if (keystore == null) { @@ -259,7 +280,6 @@ public class SSLSocketFactory implements LayeredSocketFactory { // non-javadoc, see interface org.apache.http.conn.SocketFactory @Override - @TargetApi(17) public Socket connectSocket( final Socket sock, final String host, @@ -303,12 +323,6 @@ public class SSLSocketFactory implements LayeredSocketFactory { sslsock.connect(remoteAddress, connTimeout); sslsock.setSoTimeout(soTimeout); - - if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) { - // Turn on Server Name Indication (SNI) - socketfactory.setHostname(sslsock, host); - } - try { hostnameVerifier.verify(host, sslsock); // verifyHostName() didn't blowup - good! @@ -360,43 +374,19 @@ public class SSLSocketFactory implements LayeredSocketFactory { // non-javadoc, see interface LayeredSocketFactory @Override - @TargetApi(17) public Socket createSocket( final Socket socket, final String host, final int port, final boolean autoClose ) throws IOException, UnknownHostException { - // Close the plain socket if requested. The underlaying socket factory will - // create a new socket. - if (autoClose) { - socket.close(); - } - - // We don't want to verify the hostname from the previous socket here (we must call - // setHostname in order to proper get SNI working), so just create a new ssl socket - // based in the previous socket SSLSocket sslSocket = (SSLSocket) socketfactory.createSocket( - socket.getInetAddress(), - port + socket, + host, + port, + autoClose ); - - if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) { - // Turn on Server Name Indication (SNI) - socketfactory.setHostname(sslSocket, host); - } - - try { - hostnameVerifier.verify(host, sslSocket); - // verifyHostName() didn't blowup - good! - } catch (IOException iox) { - // close the socket before re-throwing the exception - if (autoClose) { - try { sslSocket.close(); } catch (Exception x) { /*ignore*/ } - } - throw iox; - } - + hostnameVerifier.verify(host, sslSocket); // verifyHostName() didn't blowup - good! return sslSocket; } From 46c591e0f5c063b6b3b60e42e1d742b198ead810 Mon Sep 17 00:00:00 2001 From: Tony Mantler Date: Wed, 14 May 2014 11:32:20 -0700 Subject: [PATCH 2/2] Fix URI comparison b/14914981 The framework may make copies of the URI objects before they're passed in, so we should use .equals() instead of pointer equality. Change-Id: Ia443e96c81d53829ac6cfce70cebc098861f1c78 (cherry picked from commit e8a3c14f28bac4912842761b04c96272caf52810) --- src/com/android/email/provider/EmailProvider.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/com/android/email/provider/EmailProvider.java b/src/com/android/email/provider/EmailProvider.java index 165cc0f01..e7c6f958f 100644 --- a/src/com/android/email/provider/EmailProvider.java +++ b/src/com/android/email/provider/EmailProvider.java @@ -1667,10 +1667,10 @@ public class EmailProvider extends ContentProvider { public int update(Uri uri, ContentValues values, String selection, String[] selectionArgs) { LogUtils.d(TAG, "Update: " + uri); // Handle this special case the fastest possible way - if (uri == INTEGRITY_CHECK_URI) { + if (INTEGRITY_CHECK_URI.equals(uri)) { checkDatabases(); return 0; - } else if (uri == ACCOUNT_BACKUP_URI) { + } else if (ACCOUNT_BACKUP_URI.equals(uri)) { return backupAccounts(getContext(), getDatabase(getContext())); }