email: add support for Server Name Indication (SNI)

Change the underlying socket factory reference to SSLCertificateSocketFactory which has support for SNI since 4.2, and remove the access to the obsolete methods from the old factory reference. This change will setup the socket with a proper hostname prior to the ssl handshake. Change-Id: Ic3315f3924f33470ea2da14e8ac3b946d039b1d5 JIRA: CYAN-3775 Issue: https://jira.cyanogenmod.org/browse/CYAN-3775 Signed-off-by: Jorge Ruesga <jorge@ruesga.com>
author: Jorge Ruesga <jorge@ruesga.com> 2014-04-03 00:10:22 +0200
committer: Michael Bestas <mikeioannina@gmail.com> 2016-12-30 20:13:31 +0200
commit: 63d0d7c58afcf8fddf6338fadfd447a118123729 (patch)
tree: dcd5d5aca90347fa61efa57e935e70bf853b092d /emailcommon
parent: 3a51e3f6effa62a579995ad132404720f2834686 (diff)
download: android_packages_apps_Email-63d0d7c58afcf8fddf6338fadfd447a118123729.tar.gz
android_packages_apps_Email-63d0d7c58afcf8fddf6338fadfd447a118123729.tar.bz2
android_packages_apps_Email-63d0d7c58afcf8fddf6338fadfd447a118123729.zip
2 files changed, 34 insertions, 1 deletions
diff --git a/emailcommon/Android.mk b/emailcommon/Android.mk
index 654e20d60..14ea55078 100644
--- a/emailcommon/Android.mk
+++ b/emailcommon/Android.mk
@@ -42,7 +42,7 @@ LOCAL_SRC_FILES += $(call all-java-files-under, $(apache_src_dir))
 LOCAL_SRC_FILES += $(imported_unified_email_files)
 LOCAL_SRC_FILES += $(call all-java-files-under, $(unified_email_src_dir)/com/android/emailcommon)
 
-LOCAL_SDK_VERSION := 14
+LOCAL_SDK_VERSION := 17
 
 LOCAL_RESOURCE_DIR := $(LOCAL_PATH)/res
 
diff --git a/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java b/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java
index b7a59b81d..4d19e158c 100644
--- a/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java
+++ b/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java
@@ -33,6 +33,8 @@
 
 package com.android.emailcommon.utility;
 
+import com.android.mail.utils.LogUtils;
+
 import org.apache.http.conn.scheme.HostNameResolver;
 import org.apache.http.conn.scheme.LayeredSocketFactory;
 import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
@@ -49,7 +51,10 @@ import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
+
 import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.Socket;
@@ -144,6 +149,9 @@ import java.security.UnrecoverableKeyException;
 
 public class SSLSocketFactory implements LayeredSocketFactory {
 
+    private static final boolean LOG_ENABLED = false;
+    private static final String TAG = "Email.SslFactory";
+
     public static final String TLS   = "TLS";
     public static final String SSL   = "SSL";
     public static final String SSLV2 = "SSLv2";
@@ -323,6 +331,10 @@ public class SSLSocketFactory implements LayeredSocketFactory {
         sslsock.connect(remoteAddress, connTimeout);
 
         sslsock.setSoTimeout(soTimeout);
+
+        // Set Server Name Indication if is available for this socket
+        setSocketHostname(sslsock, host);
+
         try {
             hostnameVerifier.verify(host, sslsock);
             // verifyHostName() didn't blowup - good!
@@ -386,6 +398,10 @@ public class SSLSocketFactory implements LayeredSocketFactory {
               port,
               autoClose
         );
+
+        // Set Server Name Indication if it's available for this socket
+        setSocketHostname(sslSocket, host);
+
         hostnameVerifier.verify(host, sslSocket);
         // verifyHostName() didn't blowup - good!
         return sslSocket;
@@ -402,4 +418,21 @@ public class SSLSocketFactory implements LayeredSocketFactory {
         return hostnameVerifier;
     }
 
+    private void setSocketHostname(SSLSocket sslSocket, String hostname) {
+        try {
+            Method method = sslSocket.getClass().getMethod("setHostname", String.class);
+            method.invoke(sslSocket, hostname);
+            return;
+        } catch (NoSuchMethodException ex) {
+            // Ignore
+        } catch (InvocationTargetException ex) {
+            // Ignore
+        } catch (IllegalAccessException ex) {
+            // Ignore
+        }
+        if (LOG_ENABLED) {
+            LogUtils.i(TAG, "setHostname isn't available for this socket.");
+        }
+    }
+
 }
author	Jorge Ruesga <jorge@ruesga.com>	2014-04-03 00:10:22 +0200
committer	Michael Bestas <mikeioannina@gmail.com>	2016-12-30 20:13:31 +0200
commit	63d0d7c58afcf8fddf6338fadfd447a118123729 (patch)
tree	dcd5d5aca90347fa61efa57e935e70bf853b092d /emailcommon
parent	3a51e3f6effa62a579995ad132404720f2834686 (diff)
download	android_packages_apps_Email-63d0d7c58afcf8fddf6338fadfd447a118123729.tar.gz android_packages_apps_Email-63d0d7c58afcf8fddf6338fadfd447a118123729.tar.bz2 android_packages_apps_Email-63d0d7c58afcf8fddf6338fadfd447a118123729.zip