Created
May 1, 2017 08:04
-
-
Save 0xced/e188c7cd32e67dfe0b9c33c7fc26d910 to your computer and use it in GitHub Desktop.
Compatibility SSL socket factory for OkHttp, see https://github.com/square/okhttp/pull/2066
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.io.IOException; | |
import java.net.InetAddress; | |
import java.net.Socket; | |
import java.net.UnknownHostException; | |
import java.util.Arrays; | |
import java.util.HashSet; | |
import java.util.Set; | |
import javax.net.ssl.SSLSocket; | |
import javax.net.ssl.SSLSocketFactory; | |
public class CompatibilitySSLSocketFactory extends SSLSocketFactory { | |
private SSLSocketFactory sslSocketFactory; | |
private Set<String> additionalCipherSuites; | |
public CompatibilitySSLSocketFactory(SSLSocketFactory sslSocketFactory, String... additionalCipherSuites) { | |
this.sslSocketFactory = sslSocketFactory; | |
this.additionalCipherSuites = new HashSet(Arrays.asList(additionalCipherSuites)); | |
} | |
private SSLSocket configureSocket(SSLSocket socket) { | |
socket.setEnabledCipherSuites(getDefaultCipherSuites()); | |
return socket; | |
} | |
@Override | |
public String[] getDefaultCipherSuites() { | |
Set<String> defaultCipherSuites = new HashSet(Arrays.asList(sslSocketFactory.getDefaultCipherSuites())); | |
defaultCipherSuites.addAll(additionalCipherSuites); | |
return defaultCipherSuites.toArray(new String[defaultCipherSuites.size()]); | |
} | |
@Override | |
public String[] getSupportedCipherSuites() { | |
return sslSocketFactory.getSupportedCipherSuites(); | |
} | |
@Override | |
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { | |
SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket(s, host, port, autoClose); | |
return configureSocket(socket); | |
} | |
@Override | |
public Socket createSocket(String host, int port) throws IOException, UnknownHostException { | |
SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket(host, port); | |
return configureSocket(socket); | |
} | |
@Override | |
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { | |
SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket(host, port, localHost, localPort); | |
return configureSocket(socket); | |
} | |
@Override | |
public Socket createSocket(InetAddress host, int port) throws IOException { | |
SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket(host, port); | |
return configureSocket(socket); | |
} | |
@Override | |
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { | |
SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket(address, port, localAddress, localPort); | |
return configureSocket(socket); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public OkHttpClient GetHttpClient(CertificatePinner certificatePinner) { | |
SSLSocketFactory socketFactory = new CompatibilitySSLSocketFactory((SSLSocketFactory) SSLSocketFactory.getDefault(), "SSL_RSA_WITH_3DES_EDE_CBC_SHA"); | |
TrustManagerFactory trustManagerFactory; | |
try { | |
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); | |
trustManagerFactory.init((KeyStore) null); | |
} catch (Exception e) { | |
Timber.e(e, "TrustManagerFactory exception"); | |
return null; | |
} | |
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); | |
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) { | |
Timber.e("Unexpected default trust managers: %s", Arrays.toString(trustManagers)); | |
return null; | |
} | |
return new OkHttpClient.Builder() | |
.connectionSpecs(Collections.singletonList(ConnectionSpec.MODERN_TLS)) | |
.certificatePinner(certificatePinner) | |
.sslSocketFactory(socketFactory, (X509TrustManager) trustManagers[0]) | |
.build(); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment