From beae854526ce1fc04d9aa1efe979099e5f13ce42 Mon Sep 17 00:00:00 2001 From: Andrew Stephan Date: Mon, 18 Jul 2016 15:42:30 -0400 Subject: [PATCH] updates to only allow tlsv1.1 and tlsv1.2 --- plugin.xml | 3 +- .../synconset/CordovaHTTP/HttpRequest.java | 4 +- .../CordovaHTTP/TLSSocketFactory.java | 63 +++++++++++++++++++ 3 files changed, 67 insertions(+), 3 deletions(-) create mode 100644 src/android/com/synconset/CordovaHTTP/TLSSocketFactory.java diff --git a/plugin.xml b/plugin.xml index 06203f6..fc26d9c 100644 --- a/plugin.xml +++ b/plugin.xml @@ -2,7 +2,7 @@ + version="1.2.0"> SSL Pinning @@ -78,5 +78,6 @@ + diff --git a/src/android/com/synconset/CordovaHTTP/HttpRequest.java b/src/android/com/synconset/CordovaHTTP/HttpRequest.java index 78dce7a..d6ac37b 100644 --- a/src/android/com/synconset/CordovaHTTP/HttpRequest.java +++ b/src/android/com/synconset/CordovaHTTP/HttpRequest.java @@ -305,7 +305,7 @@ public class HttpRequest { try { SSLContext context = SSLContext.getInstance("TLS"); context.init(null, trustAllCerts, new SecureRandom()); - TRUSTED_FACTORY = context.getSocketFactory(); + TRUSTED_FACTORY = new TLSSocketFactory(context); } catch (GeneralSecurityException e) { IOException ioException = new IOException( "Security exception configuring SSL context"); @@ -455,7 +455,7 @@ public class HttpRequest { // Create an SSLContext that uses our TrustManager SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, tmf.getTrustManagers(), null); - PINNED_FACTORY = sslContext.getSocketFactory(); + PINNED_FACTORY = new TLSSocketFactory(context); } /** diff --git a/src/android/com/synconset/CordovaHTTP/TLSSocketFactory.java b/src/android/com/synconset/CordovaHTTP/TLSSocketFactory.java new file mode 100644 index 0000000..b8806df --- /dev/null +++ b/src/android/com/synconset/CordovaHTTP/TLSSocketFactory.java @@ -0,0 +1,63 @@ +package com.github.kevinsawicki.http; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; + +public class TLSSocketFactory extends SSLSocketFactory { + + private SSLSocketFactory internalSSLSocketFactory; + + public TLSSocketFactory(SSLContext context) { + internalSSLSocketFactory = context.getSocketFactory(); + } + + @Override + public String[] getDefaultCipherSuites() { + return internalSSLSocketFactory.getDefaultCipherSuites(); + } + + @Override + public String[] getSupportedCipherSuites() { + return internalSSLSocketFactory.getSupportedCipherSuites(); + } + + @Override + public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { + return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, port, autoClose)); + } + + @Override + public Socket createSocket(String host, int port) throws IOException, UnknownHostException { + return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port)); + } + + @Override + public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { + return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port, localHost, localPort)); + } + + @Override + public Socket createSocket(InetAddress host, int port) throws IOException { + return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port)); + } + + @Override + public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { + return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort)); + } + + private Socket enableTLSOnSocket(Socket socket) { + if(socket != null && (socket instanceof SSLSocket)) { + ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"}); + } + return socket; + } +} \ No newline at end of file