Skip to content

Instantly share code, notes, and snippets.

@ibrahimlawal

ibrahimlawal/TLSSocketFactory.java

Forked from fkrauthan/TLSSocketFactory.java
Last active November 11, 2018 21:53
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ibrahimlawal/2410a5c4b8032ea10a31 to your computer and use it in GitHub Desktop.
Save ibrahimlawal/2410a5c4b8032ea10a31 to your computer and use it in GitHub Desktop.
Download ZIP
**A fork** Custom SSLSocketFactory Implementation to enable tls 1.2 for android 4.1 (16+) - modified to get system default TrustManagers and for use with retrofit 2 and okHttp 3.1.2;
Raw
TLSSocketFactory.java
package co.paystack.android.api.utils;
/**
* Created by ibrahimlawal on Mar/14/2016.
*
* @author fkrauthan
* @see http://blog.dev-area.net/2015/08/13/android-4-1-enable-tls-1-1-and-tls-1-2/
* @since 1.2.0
*
* Modified to work with okHttp3.1.2
* And so it only uses TLSv1.2
*/
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
public class TLSSocketFactory extends SSLSocketFactory {
// Field named delegate so okHttp 3.1.2 will be
// able to get our trust manager as suggested here:
// https://github.com/square/okhttp/issues/2323#issuecomment-185055040
private SSLSocketFactory delegate;
public TLSSocketFactory() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
SSLContext context = SSLContext.getInstance("TLS");
// Get, so we can use default Trust managers for our Factory
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
TrustManager[] tm = trustManagerFactory.getTrustManagers();
context.init(null, tm, null);
delegate = context.getSocketFactory();
}
@Override
public String[] getDefaultCipherSuites() {
return delegate.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return delegate.getSupportedCipherSuites();
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
return enableTLSOnSocket(delegate.createSocket(s, host, port, autoClose));
}
@Override
public Socket createSocket(String host, int port) throws IOException {
return enableTLSOnSocket(delegate.createSocket(host, port));
}
@Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
return enableTLSOnSocket(delegate.createSocket(host, port, localHost, localPort));
}
@Override
public Socket createSocket(InetAddress host, int port) throws IOException {
return enableTLSOnSocket(delegate.createSocket(host, port));
}
@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
return enableTLSOnSocket(delegate.createSocket(address, port, localAddress, localPort));
}
private Socket enableTLSOnSocket(Socket socket) {
if (socket != null && (socket instanceof SSLSocket)) {
// Only use TLSv1.2
((SSLSocket) socket).setEnabledProtocols(new String[]{"TLSv1.2"});
}
return socket;
}
}
Raw
Use with retrofit 2 and okHttp 3.1.2 .java
OkHttpClient okHttpClient = new OkHttpClient
.Builder()
.sslSocketFactory(new TLSSocketFactory())
.build();
Retrofit retrofit = new Retrofit.Builder()
.baseUrl(API_URL)
.client(okHttpClient)
.build();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment