Merge "email: add support for Server Name Indication (SNI)"

This commit is contained in:
Scott Kennedy 2014-03-31 18:06:28 +00:00 committed by Gerrit Code Review
commit aa207cc6f1
2 changed files with 44 additions and 34 deletions

View File

@ -42,7 +42,7 @@ LOCAL_SRC_FILES += $(call all-java-files-under, $(apache_src_dir))
LOCAL_SRC_FILES += $(imported_unified_email_files) LOCAL_SRC_FILES += $(imported_unified_email_files)
LOCAL_SRC_FILES += $(call all-java-files-under, $(unified_email_src_dir)/com/android/emailcommon) LOCAL_SRC_FILES += $(call all-java-files-under, $(unified_email_src_dir)/com/android/emailcommon)
LOCAL_SDK_VERSION := 14 LOCAL_SDK_VERSION := 17
LOCAL_RESOURCE_DIR := $(LOCAL_PATH)/res LOCAL_RESOURCE_DIR := $(LOCAL_PATH)/res

View File

@ -33,6 +33,10 @@
package com.android.emailcommon.utility; package com.android.emailcommon.utility;
import android.annotation.TargetApi;
import android.net.SSLCertificateSocketFactory;
import android.os.Build;
import org.apache.http.conn.scheme.HostNameResolver; import org.apache.http.conn.scheme.HostNameResolver;
import org.apache.http.conn.scheme.LayeredSocketFactory; import org.apache.http.conn.scheme.LayeredSocketFactory;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier; import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
@ -42,7 +46,6 @@ import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.params.HttpConnectionParams; import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams; import org.apache.http.params.HttpParams;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
@ -156,21 +159,9 @@ public class SSLSocketFactory implements LayeredSocketFactory {
public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
= new StrictHostnameVerifier(); = new StrictHostnameVerifier();
/**
* The factory using the default JVM settings for secure connections.
*/
private static final SSLSocketFactory DEFAULT_FACTORY = new SSLSocketFactory();
/**
* Gets an singleton instance of the SSLProtocolSocketFactory.
* @return a SSLProtocolSocketFactory
*/
public static SSLSocketFactory getSocketFactory() {
return DEFAULT_FACTORY;
}
private final SSLContext sslcontext; private final SSLContext sslcontext;
private final javax.net.ssl.SSLSocketFactory socketfactory; private final SSLCertificateSocketFactory socketfactory;
private final HostNameResolver nameResolver; private final HostNameResolver nameResolver;
private X509HostnameVerifier hostnameVerifier = BROWSER_COMPATIBLE_HOSTNAME_VERIFIER; private X509HostnameVerifier hostnameVerifier = BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
@ -197,7 +188,7 @@ public class SSLSocketFactory implements LayeredSocketFactory {
} }
sslcontext = SSLContext.getInstance(algorithm); sslcontext = SSLContext.getInstance(algorithm);
sslcontext.init(keymanagers, trustmanagers, random); sslcontext.init(keymanagers, trustmanagers, random);
socketfactory = sslcontext.getSocketFactory(); socketfactory = (SSLCertificateSocketFactory) sslcontext.getSocketFactory();
this.nameResolver = nameResolver; this.nameResolver = nameResolver;
} }
@ -226,25 +217,13 @@ public class SSLSocketFactory implements LayeredSocketFactory {
* Constructs an HttpClient SSLSocketFactory backed by the given JSSE * Constructs an HttpClient SSLSocketFactory backed by the given JSSE
* SSLSocketFactory. * SSLSocketFactory.
*/ */
public SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory) { public SSLSocketFactory(SSLCertificateSocketFactory socketfactory) {
super(); super();
sslcontext = null; sslcontext = null;
this.socketfactory = socketfactory; this.socketfactory = socketfactory;
nameResolver = null; nameResolver = null;
} }
/**
* Creates the default SSL socket factory.
* This constructor is used exclusively to instantiate the factory for
* {@link #getSocketFactory getSocketFactory}.
*/
private SSLSocketFactory() {
super();
sslcontext = null;
socketfactory = HttpsURLConnection.getDefaultSSLSocketFactory();
nameResolver = null;
}
private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password) private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password)
throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException { throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
if (keystore == null) { if (keystore == null) {
@ -280,6 +259,7 @@ public class SSLSocketFactory implements LayeredSocketFactory {
// non-javadoc, see interface org.apache.http.conn.SocketFactory // non-javadoc, see interface org.apache.http.conn.SocketFactory
@Override @Override
@TargetApi(17)
public Socket connectSocket( public Socket connectSocket(
final Socket sock, final Socket sock,
final String host, final String host,
@ -323,6 +303,12 @@ public class SSLSocketFactory implements LayeredSocketFactory {
sslsock.connect(remoteAddress, connTimeout); sslsock.connect(remoteAddress, connTimeout);
sslsock.setSoTimeout(soTimeout); sslsock.setSoTimeout(soTimeout);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
// Turn on Server Name Indication (SNI)
socketfactory.setHostname(sslsock, host);
}
try { try {
hostnameVerifier.verify(host, sslsock); hostnameVerifier.verify(host, sslsock);
// verifyHostName() didn't blowup - good! // verifyHostName() didn't blowup - good!
@ -374,19 +360,43 @@ public class SSLSocketFactory implements LayeredSocketFactory {
// non-javadoc, see interface LayeredSocketFactory // non-javadoc, see interface LayeredSocketFactory
@Override @Override
@TargetApi(17)
public Socket createSocket( public Socket createSocket(
final Socket socket, final Socket socket,
final String host, final String host,
final int port, final int port,
final boolean autoClose final boolean autoClose
) throws IOException, UnknownHostException { ) throws IOException, UnknownHostException {
// Close the plain socket if requested. The underlaying socket factory will
// create a new socket.
if (autoClose) {
socket.close();
}
// We don't want to verify the hostname from the previous socket here (we must call
// setHostname in order to proper get SNI working), so just create a new ssl socket
// based in the previous socket
SSLSocket sslSocket = (SSLSocket) socketfactory.createSocket( SSLSocket sslSocket = (SSLSocket) socketfactory.createSocket(
socket, socket.getInetAddress(),
host, port
port,
autoClose
); );
hostnameVerifier.verify(host, sslSocket);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
// Turn on Server Name Indication (SNI)
socketfactory.setHostname(sslSocket, host);
}
try {
hostnameVerifier.verify(host, sslSocket);
// verifyHostName() didn't blowup - good!
} catch (IOException iox) {
// close the socket before re-throwing the exception
if (autoClose) {
try { sslSocket.close(); } catch (Exception x) { /*ignore*/ }
}
throw iox;
}
// verifyHostName() didn't blowup - good! // verifyHostName() didn't blowup - good!
return sslSocket; return sslSocket;
} }