From ccebf753276a65a7c3743222d841675668175346 Mon Sep 17 00:00:00 2001
From: tom79 <tschneider.ac@gmail.com>
Date: Wed, 22 May 2019 19:03:45 +0200
Subject: [PATCH] Add factory accepting all certificates, will be used only
 with *.onion URL

---
 .../android/client/TLSSocketOnionFactory.java | 117 ++++++++++++++++++
 1 file changed, 117 insertions(+)
 create mode 100644 app/src/main/java/app/fedilab/android/client/TLSSocketOnionFactory.java

diff --git a/app/src/main/java/app/fedilab/android/client/TLSSocketOnionFactory.java b/app/src/main/java/app/fedilab/android/client/TLSSocketOnionFactory.java
new file mode 100644
index 000000000..cf7c067f1
--- /dev/null
+++ b/app/src/main/java/app/fedilab/android/client/TLSSocketOnionFactory.java
@@ -0,0 +1,117 @@
+package app.fedilab.android.client;
+
+
+import android.annotation.SuppressLint;
+import android.content.SharedPreferences;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+import app.fedilab.android.activities.MainApplication;
+import app.fedilab.android.helper.Helper;
+
+/**
+ * Created by Thomas on 21/05/2019.
+ *
+ */
+
+public class TLSSocketOnionFactory extends SSLSocketFactory {
+
+    private SSLSocketFactory sSLSocketFactory;
+    private SSLContext sslContext;
+
+    public TLSSocketOnionFactory() throws KeyManagementException, NoSuchAlgorithmException {
+
+        sslContext = SSLContext.getInstance("TLS");
+        TrustManager tm = new X509TrustManager() {
+            @SuppressLint("TrustAllX509TrustManager")
+            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+            }
+
+            @SuppressLint("TrustAllX509TrustManager")
+            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+            }
+
+            public X509Certificate[] getAcceptedIssuers() {
+                return null;
+            }
+        };
+        sslContext.init(null, new TrustManager[] { tm }, null);
+        sSLSocketFactory = sslContext.getSocketFactory();
+    }
+
+    public SSLContext getSSLContext(){
+        return this.sslContext;
+    }
+
+    public SSLEngine getSSLEngine(){
+        return this.sslContext.createSSLEngine();
+    }
+
+    @Override
+    public String[] getDefaultCipherSuites() {
+        return sSLSocketFactory.getDefaultCipherSuites();
+    }
+
+    @Override
+    public String[] getSupportedCipherSuites() {
+        return sSLSocketFactory.getSupportedCipherSuites();
+    }
+
+    @Override
+    public Socket createSocket() throws IOException {
+        return enableTLSOnSocket(sSLSocketFactory.createSocket());
+    }
+
+    @Override
+    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
+        return enableTLSOnSocket(sSLSocketFactory.createSocket(s, host, port, autoClose));
+    }
+
+    @Override
+    public Socket createSocket(String host, int port) throws IOException {
+        return enableTLSOnSocket(sSLSocketFactory.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
+        return enableTLSOnSocket(sSLSocketFactory.createSocket(host, port, localHost, localPort));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress host, int port) throws IOException {
+        return enableTLSOnSocket(sSLSocketFactory.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
+        return enableTLSOnSocket(sSLSocketFactory.createSocket(address, port, localAddress, localPort));
+    }
+
+    private Socket enableTLSOnSocket(Socket socket) {
+        if((socket instanceof SSLSocket)) {
+            boolean security_provider = false;
+            try {
+                SharedPreferences sharedpreferences = MainApplication.getApp().getSharedPreferences(Helper.APP_PREFS, android.content.Context.MODE_PRIVATE);
+                security_provider = sharedpreferences.getBoolean(Helper.SET_SECURITY_PROVIDER, true);
+            }catch (Exception ignored){}
+            if( security_provider)
+                ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2", "TLSv1.3"});
+            else
+                ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
+        }
+        return socket;
+    }
+}
\ No newline at end of file