From 4a9eb24d6907789d19e57d5b7afa7800989047d9 Mon Sep 17 00:00:00 2001 From: davigonz Date: Tue, 11 Feb 2020 16:46:15 +0100 Subject: [PATCH] Include hostname verifier --- .../oauth/OAuthConnectionBuilder.kt | 60 ++++++++++++++++--- 1 file changed, 51 insertions(+), 9 deletions(-) diff --git a/owncloudComLibrary/src/main/java/com/owncloud/android/lib/common/authentication/oauth/OAuthConnectionBuilder.kt b/owncloudComLibrary/src/main/java/com/owncloud/android/lib/common/authentication/oauth/OAuthConnectionBuilder.kt index 8eedcf58..f243624b 100644 --- a/owncloudComLibrary/src/main/java/com/owncloud/android/lib/common/authentication/oauth/OAuthConnectionBuilder.kt +++ b/owncloudComLibrary/src/main/java/com/owncloud/android/lib/common/authentication/oauth/OAuthConnectionBuilder.kt @@ -1,31 +1,73 @@ package com.owncloud.android.lib.common.authentication.oauth +import android.content.Context import android.net.Uri -import net.openid.appauth.Preconditions +import com.owncloud.android.lib.common.network.AdvancedX509TrustManager +import com.owncloud.android.lib.common.network.NetworkUtils import net.openid.appauth.connectivity.ConnectionBuilder +import timber.log.Timber import java.io.IOException import java.net.HttpURLConnection import java.net.URL +import java.security.NoSuchAlgorithmException +import java.util.Objects import java.util.concurrent.TimeUnit +import javax.net.ssl.HostnameVerifier +import javax.net.ssl.HttpsURLConnection +import javax.net.ssl.SSLContext +import javax.net.ssl.TrustManager +import javax.net.ssl.X509TrustManager /** * Based on [net.openid.appauth.connectivity.DefaultConnectionBuilder] but permitting http connections in addition * to https connections */ -class OAuthConnectionBuilder : ConnectionBuilder { +class OAuthConnectionBuilder(val context: Context) : ConnectionBuilder { + /** + * The singleton instance of the default connection builder. + */ + private val CONNECTION_TIMEOUT_MS = TimeUnit.SECONDS.toMillis(15).toInt() + private val READ_TIMEOUT_MS = TimeUnit.SECONDS.toMillis(10).toInt() + private val HTTPS_SCHEME = "https" + @Throws(IOException::class) override fun openConnection(uri: Uri): HttpURLConnection { - Preconditions.checkNotNull(uri, "url must not be null") - val conn = URL(uri.toString()).openConnection() as HttpURLConnection + val conn: HttpURLConnection + + if (Objects.equals(uri.scheme, HTTPS_SCHEME)) { + conn = URL(uri.toString()).openConnection() as HttpsURLConnection + try { + val trustManager: X509TrustManager = AdvancedX509TrustManager( + NetworkUtils.getKnownServersStore(context) + ) + val sslContext: SSLContext + sslContext = try { + SSLContext.getInstance("TLSv1.2") + } catch (tlsv12Exception: NoSuchAlgorithmException) { + try { + Timber.w("TLSv1.2 is not supported in this device; falling through TLSv1.1") + SSLContext.getInstance("TLSv1.1") + } catch (tlsv11Exception: NoSuchAlgorithmException) { + Timber.w("TLSv1.1 is not supported in this device; falling through TLSv1.0") + SSLContext.getInstance("TLSv1") + // should be available in any device; see reference of supported protocols in + // http://developer.android.com/reference/javax/net/ssl/SSLSocket.html + } + } + sslContext.init(null, arrayOf(trustManager), null) + conn.hostnameVerifier = HostnameVerifier { _, _ -> true } // Do not verify the host for now + conn.sslSocketFactory = sslContext.socketFactory + } catch (e: Exception) { + Timber.e(e, "Could not setup SSL system") + } + } else { + conn = URL(uri.toString()).openConnection() as HttpURLConnection + } + return conn.apply { connectTimeout = CONNECTION_TIMEOUT_MS readTimeout = READ_TIMEOUT_MS instanceFollowRedirects = false } } - - companion object { - private val CONNECTION_TIMEOUT_MS = TimeUnit.SECONDS.toMillis(15).toInt() - private val READ_TIMEOUT_MS = TimeUnit.SECONDS.toMillis(10).toInt() - } }