-/* ownCloud Android Library is available under MIT license
- * Copyright (C) 2014 ownCloud (http://www.owncloud.org/)
- * Copyright (C) 2012 Bartek Przybylski
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
- * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
- * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- */
-
-package com.owncloud.android.lib.network;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.InetSocketAddress;
-import java.net.Socket;
-import java.net.SocketAddress;
-import java.net.UnknownHostException;
-//import java.security.Provider;
-import java.security.cert.X509Certificate;
-//import java.util.Enumeration;
-
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLHandshakeException;
-//import javax.net.ssl.SSLParameters;
-import javax.net.ssl.SSLPeerUnverifiedException;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocket;
-
-import org.apache.commons.httpclient.ConnectTimeoutException;
-import org.apache.commons.httpclient.params.HttpConnectionParams;
-import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
-import org.apache.http.conn.ssl.X509HostnameVerifier;
-
-//import android.os.Build;
-import android.util.Log;
-
-
-
-/**
- * AdvancedSSLProtocolSocketFactory allows to create SSL {@link Socket}s with
- * a custom SSLContext and an optional Hostname Verifier.
- *
- * @author David A. Velasco
- */
-
-public class AdvancedSslSocketFactory implements ProtocolSocketFactory {
-
- private static final String TAG = AdvancedSslSocketFactory.class.getSimpleName();
-
- private SSLContext mSslContext = null;
- private AdvancedX509TrustManager mTrustManager = null;
- private X509HostnameVerifier mHostnameVerifier = null;
-
- public SSLContext getSslContext() {
- return mSslContext;
- }
-
- /**
- * Constructor for AdvancedSSLProtocolSocketFactory.
- */
- public AdvancedSslSocketFactory(SSLContext sslContext, AdvancedX509TrustManager trustManager, X509HostnameVerifier hostnameVerifier) {
- if (sslContext == null)
- throw new IllegalArgumentException("AdvancedSslSocketFactory can not be created with a null SSLContext");
- if (trustManager == null)
- throw new IllegalArgumentException("AdvancedSslSocketFactory can not be created with a null Trust Manager");
- mSslContext = sslContext;
- mTrustManager = trustManager;
- mHostnameVerifier = hostnameVerifier;
- }
-
- /**
- * @see ProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
- */
- public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) throws IOException, UnknownHostException {
- Socket socket = mSslContext.getSocketFactory().createSocket(host, port, clientHost, clientPort);
- verifyPeerIdentity(host, port, socket);
- return socket;
- }
-
- /*
- private void logSslInfo() {
- if (Build.VERSION.SDK_INT > Build.VERSION_CODES.FROYO) {
- Log.v(TAG, "SUPPORTED SSL PARAMETERS");
- logSslParameters(mSslContext.getSupportedSSLParameters());
- Log.v(TAG, "DEFAULT SSL PARAMETERS");
- logSslParameters(mSslContext.getDefaultSSLParameters());
- Log.i(TAG, "CURRENT PARAMETERS");
- Log.i(TAG, "Protocol: " + mSslContext.getProtocol());
- }
- Log.i(TAG, "PROVIDER");
- logSecurityProvider(mSslContext.getProvider());
- }
-
- private void logSecurityProvider(Provider provider) {
- Log.i(TAG, "name: " + provider.getName());
- Log.i(TAG, "version: " + provider.getVersion());
- Log.i(TAG, "info: " + provider.getInfo());
- Enumeration<?> keys = provider.propertyNames();
- String key;
- while (keys.hasMoreElements()) {
- key = (String) keys.nextElement();
- Log.i(TAG, " property " + key + " : " + provider.getProperty(key));
- }
- }
-
- private void logSslParameters(SSLParameters params) {
- Log.v(TAG, "Cipher suites: ");
- String [] elements = params.getCipherSuites();
- for (int i=0; i<elements.length ; i++) {
- Log.v(TAG, " " + elements[i]);
- }
- Log.v(TAG, "Protocols: ");
- elements = params.getProtocols();
- for (int i=0; i<elements.length ; i++) {
- Log.v(TAG, " " + elements[i]);
- }
- }
- */
-
- /**
- * Attempts to get a new socket connection to the given host within the
- * given time limit.
- *
- * @param host the host name/IP
- * @param port the port on the host
- * @param clientHost the local host name/IP to bind the socket to
- * @param clientPort the port on the local machine
- * @param params {@link HttpConnectionParams Http connection parameters}
- *
- * @return Socket a new socket
- *
- * @throws IOException if an I/O error occurs while creating the socket
- * @throws UnknownHostException if the IP address of the host cannot be
- * determined
- */
- public Socket createSocket(final String host, final int port,
- final InetAddress localAddress, final int localPort,
- final HttpConnectionParams params) throws IOException,
- UnknownHostException, ConnectTimeoutException {
- Log.d(TAG, "Creating SSL Socket with remote " + host + ":" + port + ", local " + localAddress + ":" + localPort + ", params: " + params);
- if (params == null) {
- throw new IllegalArgumentException("Parameters may not be null");
- }
- int timeout = params.getConnectionTimeout();
-
- //logSslInfo();
-
- SocketFactory socketfactory = mSslContext.getSocketFactory();
- Log.d(TAG, " ... with connection timeout " + timeout + " and socket timeout " + params.getSoTimeout());
- Socket socket = socketfactory.createSocket();
- SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
- SocketAddress remoteaddr = new InetSocketAddress(host, port);
- socket.setSoTimeout(params.getSoTimeout());
- socket.bind(localaddr);
- ServerNameIndicator.setServerNameIndication(host, (SSLSocket)socket);
- socket.connect(remoteaddr, timeout);
- verifyPeerIdentity(host, port, socket);
- return socket;
- }
-
- /**
- * @see ProtocolSocketFactory#createSocket(java.lang.String,int)
- */
- public Socket createSocket(String host, int port) throws IOException,
- UnknownHostException {
- Log.d(TAG, "Creating SSL Socket with remote " + host + ":" + port);
- Socket socket = mSslContext.getSocketFactory().createSocket(host, port);
- verifyPeerIdentity(host, port, socket);
- return socket;
- }
-
- public boolean equals(Object obj) {
- return ((obj != null) && obj.getClass().equals(
- AdvancedSslSocketFactory.class));
- }
-
- public int hashCode() {
- return AdvancedSslSocketFactory.class.hashCode();
- }
-
-
- public X509HostnameVerifier getHostNameVerifier() {
- return mHostnameVerifier;
- }
-
-
- public void setHostNameVerifier(X509HostnameVerifier hostnameVerifier) {
- mHostnameVerifier = hostnameVerifier;
- }
-
- /**
- * Verifies the identity of the server.
- *
- * The server certificate is verified first.
- *
- * Then, the host name is compared with the content of the server certificate using the current host name verifier, if any.
- * @param socket
- */
- private void verifyPeerIdentity(String host, int port, Socket socket) throws IOException {
- try {
- CertificateCombinedException failInHandshake = null;
- /// 1. VERIFY THE SERVER CERTIFICATE through the registered TrustManager (that should be an instance of AdvancedX509TrustManager)
- try {
- SSLSocket sock = (SSLSocket) socket; // a new SSLSession instance is created as a "side effect"
- sock.startHandshake();
-
- } catch (RuntimeException e) {
-
- if (e instanceof CertificateCombinedException) {
- failInHandshake = (CertificateCombinedException) e;
- } else {
- Throwable cause = e.getCause();
- Throwable previousCause = null;
- while (cause != null && cause != previousCause && !(cause instanceof CertificateCombinedException)) {
- previousCause = cause;
- cause = cause.getCause();
- }
- if (cause != null && cause instanceof CertificateCombinedException) {
- failInHandshake = (CertificateCombinedException)cause;
- }
- }
- if (failInHandshake == null) {
- throw e;
- }
- failInHandshake.setHostInUrl(host);
-
- }
-
- /// 2. VERIFY HOSTNAME
- SSLSession newSession = null;
- boolean verifiedHostname = true;
- if (mHostnameVerifier != null) {
- if (failInHandshake != null) {
- /// 2.1 : a new SSLSession instance was NOT created in the handshake
- X509Certificate serverCert = failInHandshake.getServerCertificate();
- try {
- mHostnameVerifier.verify(host, serverCert);
- } catch (SSLException e) {
- verifiedHostname = false;
- }
-
- } else {
- /// 2.2 : a new SSLSession instance was created in the handshake
- newSession = ((SSLSocket)socket).getSession();
- if (!mTrustManager.isKnownServer((X509Certificate)(newSession.getPeerCertificates()[0]))) {
- verifiedHostname = mHostnameVerifier.verify(host, newSession);
- }
- }
- }
-
- /// 3. Combine the exceptions to throw, if any
- if (!verifiedHostname) {
- SSLPeerUnverifiedException pue = new SSLPeerUnverifiedException("Names in the server certificate do not match to " + host + " in the URL");
- if (failInHandshake == null) {
- failInHandshake = new CertificateCombinedException((X509Certificate) newSession.getPeerCertificates()[0]);
- failInHandshake.setHostInUrl(host);
- }
- failInHandshake.setSslPeerUnverifiedException(pue);
- pue.initCause(failInHandshake);
- throw pue;
-
- } else if (failInHandshake != null) {
- SSLHandshakeException hse = new SSLHandshakeException("Server certificate could not be verified");
- hse.initCause(failInHandshake);
- throw hse;
- }
-
- } catch (IOException io) {
- try {
- socket.close();
- } catch (Exception x) {
- // NOTHING - irrelevant exception for the caller
- }
- throw io;
- }
- }
-
-}
projects / pub / Android / ownCloud.git / commitdiff
