gecko/mobile/android/base/sync/net/TLSSocketFactory.java

101 lines
3.7 KiB
Java

/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Android Sync Client.
*
* The Initial Developer of the Original Code is
* the Mozilla Foundation.
* Portions created by the Initial Developer are Copyright (C) 2011
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Richard Newman <rnewman@mozilla.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
package org.mozilla.gecko.sync.net;
import java.io.IOException;
import java.net.Socket;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import android.util.Log;
import ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory;
import ch.boye.httpclientandroidlib.params.HttpParams;
public class TLSSocketFactory extends SSLSocketFactory {
private static final String LOG_TAG = "TLSSocketFactory";
private static final String[] DEFAULT_CIPHER_SUITES = new String[] {
"SSL_RSA_WITH_RC4_128_SHA", // "RC4_SHA"
};
private static final String[] DEFAULT_PROTOCOLS = new String[] {
"SSLv3",
"TLSv1"
};
// Guarded by `this`.
private static String[] cipherSuites = DEFAULT_CIPHER_SUITES;
public TLSSocketFactory(SSLContext sslContext) {
super(sslContext);
}
/**
* Attempt to specify the cipher suites to use for a connection. If
* setting fails (as it will on Android 2.2, because the wrong names
* are in use to specify ciphers), attempt to set the defaults.
*
* We store the list of cipher suites in `cipherSuites`, which
* avoids this fallback handling having to be executed more than once.
*
* This method is synchronized to ensure correct use of that member.
*
* See Bug 717691 for more details.
*
* @param socket
* The SSLSocket on which to operate.
*/
public static synchronized void setEnabledCipherSuites(SSLSocket socket) {
try {
socket.setEnabledCipherSuites(cipherSuites);
} catch (IllegalArgumentException e) {
cipherSuites = socket.getSupportedCipherSuites();
Log.d(LOG_TAG, "Setting enabled cipher suites failed: " + e.getMessage());
Log.d(LOG_TAG, "Using " + cipherSuites.length + " supported suites.");
socket.setEnabledCipherSuites(cipherSuites);
}
}
@Override
public Socket createSocket(HttpParams params) throws IOException {
SSLSocket socket = (SSLSocket) super.createSocket(params);
socket.setEnabledProtocols(DEFAULT_PROTOCOLS);
setEnabledCipherSuites(socket);
return socket;
}
}