diff --git a/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java b/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java index beb95c3..d7f05a8 100644 --- a/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java +++ b/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java @@ -30,22 +30,25 @@ package org.apache.commons.httpclient.contrib.ssl; +import android.util.Log; + +import org.apache.commons.httpclient.ConnectTimeoutException; +import org.apache.commons.httpclient.HttpClientError; +import org.apache.commons.httpclient.params.HttpConnectionParams; +import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; + import java.io.IOException; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.Socket; import java.net.SocketAddress; import java.net.UnknownHostException; +import java.security.NoSuchAlgorithmException; import javax.net.SocketFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; -import org.apache.commons.httpclient.ConnectTimeoutException; -import org.apache.commons.httpclient.HttpClientError; -import org.apache.commons.httpclient.params.HttpConnectionParams; -import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; - /** *

* EasySSLProtocolSocketFactory can be used to creats SSL {@link Socket}s @@ -96,6 +99,7 @@ import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory { private SSLContext sslcontext = null; + private static final String TAG = EasySSLProtocolSocketFactory.class.getSimpleName(); /** * Constructor for EasySSLProtocolSocketFactory. @@ -105,8 +109,30 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory } private static SSLContext createEasySSLContext() { + SSLContext context = EasySSLProtocolSocketFactory.tryCreateSSLContext("TLSv1.2"); + if (context == null) { + context = EasySSLProtocolSocketFactory.tryCreateSSLContext("TLSv1.1"); + Log.i(EasySSLProtocolSocketFactory.TAG, "SSLContext set to TLSv1.1"); + } + else { + Log.i(EasySSLProtocolSocketFactory.TAG, "SSLContext set to TLSv1.2"); + } + + if (context == null) { + context = EasySSLProtocolSocketFactory.tryCreateSSLContext("TLSv1"); + Log.i(EasySSLProtocolSocketFactory.TAG, "SSLContext set to TLSv1"); + } + + if (context == null) { + context = EasySSLProtocolSocketFactory.tryCreateSSLContext("SSL"); + Log.i(EasySSLProtocolSocketFactory.TAG, "SSLContext set to SSL"); + } + + if (context == null) { + throw new HttpClientError("Failed to create SSLContext"); + } + try { - SSLContext context = SSLContext.getInstance("SSL"); context.init( null, new TrustManager[] {new EasyX509TrustManager(null)}, @@ -117,11 +143,19 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory } } - private SSLContext getSSLContext() { - if (this.sslcontext == null) { - this.sslcontext = createEasySSLContext(); + private static SSLContext tryCreateSSLContext(String ctx) { + try { + return SSLContext.getInstance(ctx); + } catch (NoSuchAlgorithmException e) { + return null; } - return this.sslcontext; + } + + private SSLContext getSSLContext() { + if (sslcontext == null) { + sslcontext = EasySSLProtocolSocketFactory.createEasySSLContext(); + } + return sslcontext; } /** @@ -132,7 +166,7 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory int port, InetAddress clientHost, int clientPort) - throws IOException, UnknownHostException { + throws IOException { return getSSLContext().getSocketFactory().createSocket( host, @@ -162,12 +196,12 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory * determined */ public Socket createSocket( - final String host, - final int port, - final InetAddress localAddress, - final int localPort, - final HttpConnectionParams params - ) throws IOException, UnknownHostException, ConnectTimeoutException { + String host, + int port, + InetAddress localAddress, + int localPort, + HttpConnectionParams params + ) throws IOException { if (params == null) { throw new IllegalArgumentException("Parameters may not be null"); } @@ -189,7 +223,7 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int) */ public Socket createSocket(String host, int port) - throws IOException, UnknownHostException { + throws IOException { return getSSLContext().getSocketFactory().createSocket( host, port @@ -204,7 +238,7 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory String host, int port, boolean autoClose) - throws IOException, UnknownHostException { + throws IOException { return getSSLContext().getSocketFactory().createSocket( socket, host, diff --git a/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java b/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java index f566f5a..4bfb12b 100644 --- a/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java +++ b/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java @@ -58,14 +58,14 @@ import javax.net.ssl.X509TrustManager; *

*/ -public class EasyX509TrustManager implements X509TrustManager +class EasyX509TrustManager implements X509TrustManager { private X509TrustManager standardTrustManager = null; /** * Constructor for EasyX509TrustManager. */ - public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException { + EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException { super(); TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); factory.init(keystore); @@ -73,7 +73,7 @@ public class EasyX509TrustManager implements X509TrustManager if (trustmanagers.length == 0) { throw new NoSuchAlgorithmException("no trust manager found"); } - this.standardTrustManager = (X509TrustManager)trustmanagers[0]; + standardTrustManager = (X509TrustManager)trustmanagers[0]; } /** @@ -98,6 +98,6 @@ public class EasyX509TrustManager implements X509TrustManager * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() */ public X509Certificate[] getAcceptedIssuers() { - return this.standardTrustManager.getAcceptedIssuers(); + return standardTrustManager.getAcceptedIssuers(); } }