Fix TLS context create, TLSv1.2 > 1.1 > 1.0 > SSL

src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java

@@ -30,22 +30,25 @@
 
 package org.apache.commons.httpclient.contrib.ssl;
 
+import android.util.Log;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.HttpClientError;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.Socket;
 import java.net.SocketAddress;
 import java.net.UnknownHostException;
+import java.security.NoSuchAlgorithmException;
 
 import javax.net.SocketFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 
-import org.apache.commons.httpclient.ConnectTimeoutException;
-import org.apache.commons.httpclient.HttpClientError;
-import org.apache.commons.httpclient.params.HttpConnectionParams;
-import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
-
 /**
  * <p>
  * EasySSLProtocolSocketFactory can be used to creats SSL {@link Socket}s
@@ -96,6 +99,7 @@ import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
 public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory {
 
 	private SSLContext sslcontext = null;
+	private static final String TAG = EasySSLProtocolSocketFactory.class.getSimpleName();
 
 	/**
 	 * Constructor for EasySSLProtocolSocketFactory.
@@ -105,8 +109,30 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory
 	}
 
 	private static SSLContext createEasySSLContext() {
+		SSLContext context = EasySSLProtocolSocketFactory.tryCreateSSLContext("TLSv1.2");
+		if (context == null) {
+			context = EasySSLProtocolSocketFactory.tryCreateSSLContext("TLSv1.1");
+			Log.i(EasySSLProtocolSocketFactory.TAG, "SSLContext set to TLSv1.1");
+		}
+		else {
+			Log.i(EasySSLProtocolSocketFactory.TAG, "SSLContext set to TLSv1.2");
+		}
+
+		if (context == null) {
+			context = EasySSLProtocolSocketFactory.tryCreateSSLContext("TLSv1");
+			Log.i(EasySSLProtocolSocketFactory.TAG, "SSLContext set to TLSv1");
+		}
+
+		if (context == null) {
+			context = EasySSLProtocolSocketFactory.tryCreateSSLContext("SSL");
+			Log.i(EasySSLProtocolSocketFactory.TAG, "SSLContext set to SSL");
+		}
+
+		if (context == null) {
+			throw new HttpClientError("Failed to create SSLContext");
+		}
+
 		try {
-			SSLContext context = SSLContext.getInstance("SSL");
 			context.init(
 					null,
 					new TrustManager[] {new EasyX509TrustManager(null)},
@@ -117,11 +143,19 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory
 		}
 	}
 
-	private SSLContext getSSLContext() {
+	private static SSLContext tryCreateSSLContext(String ctx) {
-		if (this.sslcontext == null) {
+		try {
-			this.sslcontext = createEasySSLContext();
+			return SSLContext.getInstance(ctx);
+		} catch (NoSuchAlgorithmException e) {
+			return null;
 		}
-		return this.sslcontext;
+	}
+
+	private SSLContext getSSLContext() {
+		if (sslcontext == null) {
+			sslcontext = EasySSLProtocolSocketFactory.createEasySSLContext();
+		}
+		return sslcontext;
 	}
 
 	/**
@@ -132,7 +166,7 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory
 			int port,
 			InetAddress clientHost,
 			int clientPort)
-			throws IOException, UnknownHostException {
+			throws IOException {
 
 		return getSSLContext().getSocketFactory().createSocket(
 				host,
@@ -162,12 +196,12 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory
 	 * determined
 	 */
 	public Socket createSocket(
-			final String host,
+			String host,
-			final int port,
+			int port,
-			final InetAddress localAddress,
+			InetAddress localAddress,
-			final int localPort,
+			int localPort,
-			final HttpConnectionParams params
+			HttpConnectionParams params
-	) throws IOException, UnknownHostException, ConnectTimeoutException {
+	) throws IOException {
 		if (params == null) {
 			throw new IllegalArgumentException("Parameters may not be null");
 		}
@@ -189,7 +223,7 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory
 	 * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
 	 */
 	public Socket createSocket(String host, int port)
-			throws IOException, UnknownHostException {
+			throws IOException {
 		return getSSLContext().getSocketFactory().createSocket(
 				host,
 				port
@@ -204,7 +238,7 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory
 			String host,
 			int port,
 			boolean autoClose)
-			throws IOException, UnknownHostException {
+			throws IOException {
 		return getSSLContext().getSocketFactory().createSocket(
 				socket,
 				host,

src/main/java/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java

@@ -58,14 +58,14 @@ import javax.net.ssl.X509TrustManager;
  * </p>
  */
 
-public class EasyX509TrustManager implements X509TrustManager
+class EasyX509TrustManager implements X509TrustManager
 {
 	private X509TrustManager standardTrustManager = null;
 
 	/**
 	 * Constructor for EasyX509TrustManager.
 	 */
-	public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
+	EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
 		super();
 		TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
 		factory.init(keystore);
@@ -73,7 +73,7 @@ public class EasyX509TrustManager implements X509TrustManager
 		if (trustmanagers.length == 0) {
 			throw new NoSuchAlgorithmException("no trust manager found");
 		}
-		this.standardTrustManager = (X509TrustManager)trustmanagers[0];
+		standardTrustManager = (X509TrustManager)trustmanagers[0];
 	}
 
 	/**
@@ -98,6 +98,6 @@ public class EasyX509TrustManager implements X509TrustManager
 	 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
 	 */
 	public X509Certificate[] getAcceptedIssuers() {
-		return this.standardTrustManager.getAcceptedIssuers();
+		return standardTrustManager.getAcceptedIssuers();
 	}
 }