From a17dfaed4d35c7aa23af922d88c75931ed75d238 Mon Sep 17 00:00:00 2001 From: "David A. Velasco" Date: Tue, 28 Oct 2014 12:31:23 +0100 Subject: [PATCH 1/3] AdvancedSslSocketFactory needs to implement SecureProtocolSocketFactory so that the connection manager tunnel correctly through the proxy --- .../lib/common/network/AdvancedSslSocketFactory.java | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/com/owncloud/android/lib/common/network/AdvancedSslSocketFactory.java b/src/com/owncloud/android/lib/common/network/AdvancedSslSocketFactory.java index 7b41282b..9efc85a4 100644 --- a/src/com/owncloud/android/lib/common/network/AdvancedSslSocketFactory.java +++ b/src/com/owncloud/android/lib/common/network/AdvancedSslSocketFactory.java @@ -43,6 +43,7 @@ import javax.net.ssl.SSLSocket; import org.apache.commons.httpclient.ConnectTimeoutException; import org.apache.commons.httpclient.params.HttpConnectionParams; import org.apache.commons.httpclient.protocol.ProtocolSocketFactory; +import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; import org.apache.http.conn.ssl.X509HostnameVerifier; import com.owncloud.android.lib.common.utils.Log_OC; @@ -56,7 +57,7 @@ import com.owncloud.android.lib.common.utils.Log_OC; * @author David A. Velasco */ -public class AdvancedSslSocketFactory implements ProtocolSocketFactory { +public class AdvancedSslSocketFactory implements SecureProtocolSocketFactory { private static final String TAG = AdvancedSslSocketFactory.class.getSimpleName(); @@ -287,5 +288,13 @@ public class AdvancedSslSocketFactory implements ProtocolSocketFactory { throw io; } } + + @Override + public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, + UnknownHostException { + Socket sslSocket = mSslContext.getSocketFactory().createSocket(socket, host, port, autoClose); + verifyPeerIdentity(host, port, sslSocket); + return sslSocket; + } } From 2199a16064befb49adad929b13682dbadbf99a2b Mon Sep 17 00:00:00 2001 From: "David A. Velasco" Date: Tue, 28 Oct 2014 12:34:02 +0100 Subject: [PATCH 2/3] Line wrap at 120 characters --- .../network/AdvancedSslSocketFactory.java | 30 ++++++++++++++----- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/src/com/owncloud/android/lib/common/network/AdvancedSslSocketFactory.java b/src/com/owncloud/android/lib/common/network/AdvancedSslSocketFactory.java index 9efc85a4..4cba5343 100644 --- a/src/com/owncloud/android/lib/common/network/AdvancedSslSocketFactory.java +++ b/src/com/owncloud/android/lib/common/network/AdvancedSslSocketFactory.java @@ -72,7 +72,10 @@ public class AdvancedSslSocketFactory implements SecureProtocolSocketFactory { /** * Constructor for AdvancedSSLProtocolSocketFactory. */ - public AdvancedSslSocketFactory(SSLContext sslContext, AdvancedX509TrustManager trustManager, X509HostnameVerifier hostnameVerifier) { + public AdvancedSslSocketFactory( + SSLContext sslContext, AdvancedX509TrustManager trustManager, X509HostnameVerifier hostnameVerifier + ) { + if (sslContext == null) throw new IllegalArgumentException("AdvancedSslSocketFactory can not be created with a null SSLContext"); if (trustManager == null) @@ -85,7 +88,9 @@ public class AdvancedSslSocketFactory implements SecureProtocolSocketFactory { /** * @see ProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int) */ - public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) throws IOException, UnknownHostException { + public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) + throws IOException, UnknownHostException { + Socket socket = mSslContext.getSocketFactory().createSocket(host, port, clientHost, clientPort); verifyPeerIdentity(host, port, socket); return socket; @@ -151,7 +156,8 @@ public class AdvancedSslSocketFactory implements SecureProtocolSocketFactory { final InetAddress localAddress, final int localPort, final HttpConnectionParams params) throws IOException, UnknownHostException, ConnectTimeoutException { - Log_OC.d(TAG, "Creating SSL Socket with remote " + host + ":" + port + ", local " + localAddress + ":" + localPort + ", params: " + params); + Log_OC.d(TAG, "Creating SSL Socket with remote " + host + ":" + port + ", local " + localAddress + ":" + + localPort + ", params: " + params); if (params == null) { throw new IllegalArgumentException("Parameters may not be null"); } @@ -207,13 +213,15 @@ public class AdvancedSslSocketFactory implements SecureProtocolSocketFactory { * * The server certificate is verified first. * - * Then, the host name is compared with the content of the server certificate using the current host name verifier, if any. + * Then, the host name is compared with the content of the server certificate using the current host name verifier, + * if any. * @param socket */ private void verifyPeerIdentity(String host, int port, Socket socket) throws IOException { try { CertificateCombinedException failInHandshake = null; - /// 1. VERIFY THE SERVER CERTIFICATE through the registered TrustManager (that should be an instance of AdvancedX509TrustManager) + /// 1. VERIFY THE SERVER CERTIFICATE through the registered TrustManager + /// (that should be an instance of AdvancedX509TrustManager) try { SSLSocket sock = (SSLSocket) socket; // a new SSLSession instance is created as a "side effect" sock.startHandshake(); @@ -225,7 +233,9 @@ public class AdvancedSslSocketFactory implements SecureProtocolSocketFactory { } else { Throwable cause = e.getCause(); Throwable previousCause = null; - while (cause != null && cause != previousCause && !(cause instanceof CertificateCombinedException)) { + while ( cause != null && + cause != previousCause && + !(cause instanceof CertificateCombinedException)) { previousCause = cause; cause = cause.getCause(); } @@ -264,9 +274,13 @@ public class AdvancedSslSocketFactory implements SecureProtocolSocketFactory { /// 3. Combine the exceptions to throw, if any if (!verifiedHostname) { - SSLPeerUnverifiedException pue = new SSLPeerUnverifiedException("Names in the server certificate do not match to " + host + " in the URL"); + SSLPeerUnverifiedException pue = new SSLPeerUnverifiedException( + "Names in the server certificate do not match to " + host + " in the URL" + ); if (failInHandshake == null) { - failInHandshake = new CertificateCombinedException((X509Certificate) newSession.getPeerCertificates()[0]); + failInHandshake = new CertificateCombinedException( + (X509Certificate) newSession.getPeerCertificates()[0] + ); failInHandshake.setHostInUrl(host); } failInHandshake.setSslPeerUnverifiedException(pue); From 2289015b7744021e8050efd7e0f31af07c86e991 Mon Sep 17 00:00:00 2001 From: jabarros Date: Thu, 30 Oct 2014 14:08:08 +0100 Subject: [PATCH 3/3] Minor change in order to enforce Travis to be launched --- .../android/lib/common/network/AdvancedSslSocketFactory.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/com/owncloud/android/lib/common/network/AdvancedSslSocketFactory.java b/src/com/owncloud/android/lib/common/network/AdvancedSslSocketFactory.java index 4cba5343..b411c02d 100644 --- a/src/com/owncloud/android/lib/common/network/AdvancedSslSocketFactory.java +++ b/src/com/owncloud/android/lib/common/network/AdvancedSslSocketFactory.java @@ -310,5 +310,4 @@ public class AdvancedSslSocketFactory implements SecureProtocolSocketFactory { verifyPeerIdentity(host, port, sslSocket); return sslSocket; } - }