Skip to content

Instantly share code, notes, and snippets.

@0xced

0xced/CompatibilitySSLSocketFactory.java

Created May 1, 2017 08:04
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 0xced/e188c7cd32e67dfe0b9c33c7fc26d910 to your computer and use it in GitHub Desktop.
Save 0xced/e188c7cd32e67dfe0b9c33c7fc26d910 to your computer and use it in GitHub Desktop.
Download ZIP
Compatibility SSL socket factory for OkHttp, see https://github.com/square/okhttp/pull/2066
Raw
CompatibilitySSLSocketFactory.java
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public class CompatibilitySSLSocketFactory extends SSLSocketFactory {
private SSLSocketFactory sslSocketFactory;
private Set<String> additionalCipherSuites;
public CompatibilitySSLSocketFactory(SSLSocketFactory sslSocketFactory, String... additionalCipherSuites) {
this.sslSocketFactory = sslSocketFactory;
this.additionalCipherSuites = new HashSet(Arrays.asList(additionalCipherSuites));
}
private SSLSocket configureSocket(SSLSocket socket) {
socket.setEnabledCipherSuites(getDefaultCipherSuites());
return socket;
}
@Override
public String[] getDefaultCipherSuites() {
Set<String> defaultCipherSuites = new HashSet(Arrays.asList(sslSocketFactory.getDefaultCipherSuites()));
defaultCipherSuites.addAll(additionalCipherSuites);
return defaultCipherSuites.toArray(new String[defaultCipherSuites.size()]);
}
@Override
public String[] getSupportedCipherSuites() {
return sslSocketFactory.getSupportedCipherSuites();
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket(s, host, port, autoClose);
return configureSocket(socket);
}
@Override
public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket(host, port);
return configureSocket(socket);
}
@Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket(host, port, localHost, localPort);
return configureSocket(socket);
}
@Override
public Socket createSocket(InetAddress host, int port) throws IOException {
SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket(host, port);
return configureSocket(socket);
}
@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket(address, port, localAddress, localPort);
return configureSocket(socket);
}
}
Raw
GetHttpClient.java
public OkHttpClient GetHttpClient(CertificatePinner certificatePinner) {
SSLSocketFactory socketFactory = new CompatibilitySSLSocketFactory((SSLSocketFactory) SSLSocketFactory.getDefault(), "SSL_RSA_WITH_3DES_EDE_CBC_SHA");
TrustManagerFactory trustManagerFactory;
try {
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
} catch (Exception e) {
Timber.e(e, "TrustManagerFactory exception");
return null;
}
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
Timber.e("Unexpected default trust managers: %s", Arrays.toString(trustManagers));
return null;
}
return new OkHttpClient.Builder()
.connectionSpecs(Collections.singletonList(ConnectionSpec.MODERN_TLS))
.certificatePinner(certificatePinner)
.sslSocketFactory(socketFactory, (X509TrustManager) trustManagers[0])
.build();
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment