Fix ECC being crippled on Android 7.0

2017-04-23 16:02:04 +02:00 · 2017-04-23 16:02:04 +02:00 · b4317b8864
parent 63b56269ff
commit b4317b8864
1 changed files with 41 additions and 0 deletions
--- a/twidere/src/main/kotlin/org/mariotaku/twidere/util/HttpClientFactory.kt
+++ b/twidere/src/main/kotlin/org/mariotaku/twidere/util/HttpClientFactory.kt
@ -16,6 +16,14 @@ import java.io.IOException
 import java.net.InetSocketAddress
 import java.net.Proxy
 import java.util.concurrent.TimeUnit
+import okhttp3.ConnectionSpec
+import java.util.ArrayList
+import android.util.Log
+import java.security.NoSuchAlgorithmException
+import javax.net.ssl.SSLContext
+import android.os.Build
+
+


 /**
@ -33,9 +41,33 @@ object HttpClientFactory {
    fun initOkHttpClient(conf: HttpClientConfiguration, builder: OkHttpClient.Builder, dns: Dns,
            connectionPool: ConnectionPool, cache: Cache) {
        updateHttpClientConfiguration(builder, conf, dns, connectionPool, cache)
+        updateTLSConnectionSpecs(builder)
        DebugModeUtils.initForOkHttpClient(builder)
    }

+    internal fun nougatECCFix(specList: ArrayList<ConnectionSpec>) {
+        // Shamelessly stolen from Tusky
+        if (Build.VERSION.SDK_INT != Build.VERSION_CODES.N) {
+            return
+        }
+        val sslContext: SSLContext
+        try {
+            sslContext = SSLContext.getInstance("TLS")
+        } catch (e: NoSuchAlgorithmException) {
+            Log.e("HttpClientFactory", "Failed obtaining TLS Context.")
+            return
+        }
+
+        sslContext.init(null, null, null)
+        val cipherSuites = sslContext.socketFactory.defaultCipherSuites
+        val allowedList = cipherSuites.filterNotTo(ArrayList<String>()) { it.contains("ECDH") }
+        val spec = ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
+                .cipherSuites(*allowedList.toTypedArray())
+                .supportsTlsExtensions(true)
+                .build()
+        specList.add(spec)
+    }
+
    internal fun updateHttpClientConfiguration(builder: OkHttpClient.Builder, conf: HttpClientConfiguration,
            dns: Dns, connectionPool: ConnectionPool, cache: Cache) {
        conf.applyTo(builder)
@ -44,6 +76,15 @@ object HttpClientFactory {
        builder.cache(cache)
    }

+    internal fun updateTLSConnectionSpecs(builder: OkHttpClient.Builder) {
+        //Default spec list from OkHttpClient.DEFAULT_CONNECTION_SPECS
+        var specList: ArrayList<ConnectionSpec> = ArrayList()
+        specList.add(ConnectionSpec.MODERN_TLS)
+        nougatECCFix(specList)
+        specList.add(ConnectionSpec.CLEARTEXT)
+        builder.connectionSpecs(specList)
+    }
+
    class HttpClientConfiguration(val prefs: SharedPreferences) {

        var readTimeoutSecs: Long = -1