projects / pub / Android / ownCloud.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fixed bug when turning tablet with no file in the right fragment
[pub/Android/ownCloud.git] / src / com / owncloud / android / network / AdvancedSslSocketFactory.java
1 /* ownCloud Android client application
2 * Copyright (C) 2012 Bartek Przybylski
3 * Copyright (C) 2012-2013 ownCloud Inc.
4 *
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2,
7 * as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
16 *
17 */
18
19 package com.owncloud.android.network;
20
21 import java.io.IOException;
22 import java.net.InetAddress;
23 import java.net.InetSocketAddress;
24 import java.net.Socket;
25 import java.net.SocketAddress;
26 import java.net.UnknownHostException;
27 import java.security.cert.X509Certificate;
28
29 import javax.net.SocketFactory;
30 import javax.net.ssl.SSLContext;
31 import javax.net.ssl.SSLException;
32 import javax.net.ssl.SSLHandshakeException;
33 import javax.net.ssl.SSLPeerUnverifiedException;
34 import javax.net.ssl.SSLSession;
35 import javax.net.ssl.SSLSocket;
36
37 import org.apache.commons.httpclient.ConnectTimeoutException;
38 import org.apache.commons.httpclient.params.HttpConnectionParams;
39 import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
40 import org.apache.http.conn.ssl.X509HostnameVerifier;
41
42 import com.owncloud.android.Log_OC;
43
44 import android.util.Log;
45
46 /**
47 * AdvancedSSLProtocolSocketFactory allows to create SSL {@link Socket}s with
48 * a custom SSLContext and an optional Hostname Verifier.
49 *
50 * @author David A. Velasco
51 */
52
53 public class AdvancedSslSocketFactory implements ProtocolSocketFactory {
54
55 private static final String TAG = AdvancedSslSocketFactory.class.getSimpleName();
56
57 private SSLContext mSslContext = null;
58 private AdvancedX509TrustManager mTrustManager = null;
59 private X509HostnameVerifier mHostnameVerifier = null;
60
61 public SSLContext getSslContext() {
62 return mSslContext;
63 }
64
65 /**
66 * Constructor for AdvancedSSLProtocolSocketFactory.
67 */
68 public AdvancedSslSocketFactory(SSLContext sslContext, AdvancedX509TrustManager trustManager, X509HostnameVerifier hostnameVerifier) {
69 if (sslContext == null)
70 throw new IllegalArgumentException("AdvancedSslSocketFactory can not be created with a null SSLContext");
71 if (trustManager == null)
72 throw new IllegalArgumentException("AdvancedSslSocketFactory can not be created with a null Trust Manager");
73 mSslContext = sslContext;
74 mTrustManager = trustManager;
75 mHostnameVerifier = hostnameVerifier;
76 }
77
78 /**
79 * @see ProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
80 */
81 public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) throws IOException, UnknownHostException {
82 Socket socket = mSslContext.getSocketFactory().createSocket(host, port, clientHost, clientPort);
83 verifyPeerIdentity(host, port, socket);
84 return socket;
85 }
86
87
88 /**
89 * Attempts to get a new socket connection to the given host within the
90 * given time limit.
91 *
92 * @param host the host name/IP
93 * @param port the port on the host
94 * @param clientHost the local host name/IP to bind the socket to
95 * @param clientPort the port on the local machine
96 * @param params {@link HttpConnectionParams Http connection parameters}
97 *
98 * @return Socket a new socket
99 *
100 * @throws IOException if an I/O error occurs while creating the socket
101 * @throws UnknownHostException if the IP address of the host cannot be
102 * determined
103 */
104 public Socket createSocket(final String host, final int port,
105 final InetAddress localAddress, final int localPort,
106 final HttpConnectionParams params) throws IOException,
107 UnknownHostException, ConnectTimeoutException {
108 Log_OC.d(TAG, "Creating SSL Socket with remote " + host + ":" + port + ", local " + localAddress + ":" + localPort + ", params: " + params);
109 if (params == null) {
110 throw new IllegalArgumentException("Parameters may not be null");
111 }
112 int timeout = params.getConnectionTimeout();
113 SocketFactory socketfactory = mSslContext.getSocketFactory();
114 Log_OC.d(TAG, " ... with connection timeout " + timeout + " and socket timeout " + params.getSoTimeout());
115 Socket socket = socketfactory.createSocket();
116 SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
117 SocketAddress remoteaddr = new InetSocketAddress(host, port);
118 socket.setSoTimeout(params.getSoTimeout());
119 socket.bind(localaddr);
120 socket.connect(remoteaddr, timeout);
121 verifyPeerIdentity(host, port, socket);
122 return socket;
123 }
124
125 /**
126 * @see ProtocolSocketFactory#createSocket(java.lang.String,int)
127 */
128 public Socket createSocket(String host, int port) throws IOException,
129 UnknownHostException {
130 Log_OC.d(TAG, "Creating SSL Socket with remote " + host + ":" + port);
131 Socket socket = mSslContext.getSocketFactory().createSocket(host, port);
132 verifyPeerIdentity(host, port, socket);
133 return socket;
134 }
135
136 public boolean equals(Object obj) {
137 return ((obj != null) && obj.getClass().equals(
138 AdvancedSslSocketFactory.class));
139 }
140
141 public int hashCode() {
142 return AdvancedSslSocketFactory.class.hashCode();
143 }
144
145
146 public X509HostnameVerifier getHostNameVerifier() {
147 return mHostnameVerifier;
148 }
149
150
151 public void setHostNameVerifier(X509HostnameVerifier hostnameVerifier) {
152 mHostnameVerifier = hostnameVerifier;
153 }
154
155 /**
156 * Verifies the identity of the server.
157 *
158 * The server certificate is verified first.
159 *
160 * Then, the host name is compared with the content of the server certificate using the current host name verifier, if any.
161 * @param socket
162 */
163 private void verifyPeerIdentity(String host, int port, Socket socket) throws IOException {
164 try {
165 CertificateCombinedException failInHandshake = null;
166 /// 1. VERIFY THE SERVER CERTIFICATE through the registered TrustManager (that should be an instance of AdvancedX509TrustManager)
167 try {
168 SSLSocket sock = (SSLSocket) socket; // a new SSLSession instance is created as a "side effect"
169 sock.startHandshake();
170
171 } catch (RuntimeException e) {
172
173 if (e instanceof CertificateCombinedException) {
174 failInHandshake = (CertificateCombinedException) e;
175 } else {
176 Throwable cause = e.getCause();
177 Throwable previousCause = null;
178 while (cause != null && cause != previousCause && !(cause instanceof CertificateCombinedException)) {
179 previousCause = cause;
180 cause = cause.getCause();
181 }
182 if (cause != null && cause instanceof CertificateCombinedException) {
183 failInHandshake = (CertificateCombinedException)cause;
184 }
185 }
186 if (failInHandshake == null) {
187 throw e;
188 }
189 failInHandshake.setHostInUrl(host);
190
191 }
192
193 /// 2. VERIFY HOSTNAME
194 SSLSession newSession = null;
195 boolean verifiedHostname = true;
196 if (mHostnameVerifier != null) {
197 if (failInHandshake != null) {
198 /// 2.1 : a new SSLSession instance was NOT created in the handshake
199 X509Certificate serverCert = failInHandshake.getServerCertificate();
200 try {
201 mHostnameVerifier.verify(host, serverCert);
202 } catch (SSLException e) {
203 verifiedHostname = false;
204 }
205
206 } else {
207 /// 2.2 : a new SSLSession instance was created in the handshake
208 newSession = ((SSLSocket)socket).getSession();
209 if (!mTrustManager.isKnownServer((X509Certificate)(newSession.getPeerCertificates()[0]))) {
210 verifiedHostname = mHostnameVerifier.verify(host, newSession);
211 }
212 }
213 }
214
215 /// 3. Combine the exceptions to throw, if any
216 if (!verifiedHostname) {
217 SSLPeerUnverifiedException pue = new SSLPeerUnverifiedException("Names in the server certificate do not match to " + host + " in the URL");
218 if (failInHandshake == null) {
219 failInHandshake = new CertificateCombinedException((X509Certificate) newSession.getPeerCertificates()[0]);
220 failInHandshake.setHostInUrl(host);
221 }
222 failInHandshake.setSslPeerUnverifiedException(pue);
223 pue.initCause(failInHandshake);
224 throw pue;
225
226 } else if (failInHandshake != null) {
227 SSLHandshakeException hse = new SSLHandshakeException("Server certificate could not be verified");
228 hse.initCause(failInHandshake);
229 throw hse;
230 }
231
232 } catch (IOException io) {
233 try {
234 socket.close();
235 } catch (Exception x) {
236 // NOTHING - irrelevant exception for the caller
237 }
238 throw io;
239 }
240 }
241
242 }
ownCloud Android App