diff options
author | Jorge Ruesga <jorge@ruesga.com> | 2014-04-03 00:10:22 +0200 |
---|---|---|
committer | Michael Bestas <mikeioannina@gmail.com> | 2016-12-30 20:13:31 +0200 |
commit | 63d0d7c58afcf8fddf6338fadfd447a118123729 (patch) | |
tree | dcd5d5aca90347fa61efa57e935e70bf853b092d /emailcommon | |
parent | 3a51e3f6effa62a579995ad132404720f2834686 (diff) | |
download | android_packages_apps_Email-63d0d7c58afcf8fddf6338fadfd447a118123729.tar.gz android_packages_apps_Email-63d0d7c58afcf8fddf6338fadfd447a118123729.tar.bz2 android_packages_apps_Email-63d0d7c58afcf8fddf6338fadfd447a118123729.zip |
email: add support for Server Name Indication (SNI)
Change the underlying socket factory reference to SSLCertificateSocketFactory which
has support for SNI since 4.2, and remove the access to the obsolete methods from
the old factory reference.
This change will setup the socket with a proper hostname prior to the ssl handshake.
Change-Id: Ic3315f3924f33470ea2da14e8ac3b946d039b1d5
JIRA: CYAN-3775
Issue: https://jira.cyanogenmod.org/browse/CYAN-3775
Signed-off-by: Jorge Ruesga <jorge@ruesga.com>
Diffstat (limited to 'emailcommon')
-rw-r--r-- | emailcommon/Android.mk | 2 | ||||
-rw-r--r-- | emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java | 33 |
2 files changed, 34 insertions, 1 deletions
diff --git a/emailcommon/Android.mk b/emailcommon/Android.mk index 654e20d60..14ea55078 100644 --- a/emailcommon/Android.mk +++ b/emailcommon/Android.mk @@ -42,7 +42,7 @@ LOCAL_SRC_FILES += $(call all-java-files-under, $(apache_src_dir)) LOCAL_SRC_FILES += $(imported_unified_email_files) LOCAL_SRC_FILES += $(call all-java-files-under, $(unified_email_src_dir)/com/android/emailcommon) -LOCAL_SDK_VERSION := 14 +LOCAL_SDK_VERSION := 17 LOCAL_RESOURCE_DIR := $(LOCAL_PATH)/res diff --git a/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java b/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java index b7a59b81d..4d19e158c 100644 --- a/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java +++ b/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java @@ -33,6 +33,8 @@ package com.android.emailcommon.utility; +import com.android.mail.utils.LogUtils; + import org.apache.http.conn.scheme.HostNameResolver; import org.apache.http.conn.scheme.LayeredSocketFactory; import org.apache.http.conn.ssl.AllowAllHostnameVerifier; @@ -49,7 +51,10 @@ import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; + import java.io.IOException; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.Socket; @@ -144,6 +149,9 @@ import java.security.UnrecoverableKeyException; public class SSLSocketFactory implements LayeredSocketFactory { + private static final boolean LOG_ENABLED = false; + private static final String TAG = "Email.SslFactory"; + public static final String TLS = "TLS"; public static final String SSL = "SSL"; public static final String SSLV2 = "SSLv2"; @@ -323,6 +331,10 @@ public class SSLSocketFactory implements LayeredSocketFactory { sslsock.connect(remoteAddress, connTimeout); sslsock.setSoTimeout(soTimeout); + + // Set Server Name Indication if is available for this socket + setSocketHostname(sslsock, host); + try { hostnameVerifier.verify(host, sslsock); // verifyHostName() didn't blowup - good! @@ -386,6 +398,10 @@ public class SSLSocketFactory implements LayeredSocketFactory { port, autoClose ); + + // Set Server Name Indication if it's available for this socket + setSocketHostname(sslSocket, host); + hostnameVerifier.verify(host, sslSocket); // verifyHostName() didn't blowup - good! return sslSocket; @@ -402,4 +418,21 @@ public class SSLSocketFactory implements LayeredSocketFactory { return hostnameVerifier; } + private void setSocketHostname(SSLSocket sslSocket, String hostname) { + try { + Method method = sslSocket.getClass().getMethod("setHostname", String.class); + method.invoke(sslSocket, hostname); + return; + } catch (NoSuchMethodException ex) { + // Ignore + } catch (InvocationTargetException ex) { + // Ignore + } catch (IllegalAccessException ex) { + // Ignore + } + if (LOG_ENABLED) { + LogUtils.i(TAG, "setHostname isn't available for this socket."); + } + } + } |