Finishes handshake-test-2

This commit is contained in:
Vavassor 2017-04-11 17:07:56 -04:00
parent fd472fbe1f
commit 48c9b71f92
6 changed files with 263 additions and 150 deletions

View File

@ -38,7 +38,6 @@ dependencies {
compile 'com.mikhaellopez:circularfillableloaders:1.2.0' compile 'com.mikhaellopez:circularfillableloaders:1.2.0'
compile 'com.squareup.retrofit2:retrofit:2.2.0' compile 'com.squareup.retrofit2:retrofit:2.2.0'
compile 'com.squareup.retrofit2:converter-gson:2.1.0' compile 'com.squareup.retrofit2:converter-gson:2.1.0'
compile 'com.squareup.okhttp3:logging-interceptor:3.6.0'
compile 'com.github.chrisbanes:PhotoView:1.3.1' compile 'com.github.chrisbanes:PhotoView:1.3.1'
compile 'com.mikepenz:google-material-typeface:3.0.1.0.original@aar' compile 'com.mikepenz:google-material-typeface:3.0.1.0.original@aar'
compile 'com.github.arimorty:floatingsearchview:2.0.3' compile 'com.github.arimorty:floatingsearchview:2.0.3'

View File

@ -34,10 +34,7 @@ import com.google.gson.Gson;
import com.google.gson.GsonBuilder; import com.google.gson.GsonBuilder;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import okhttp3.ConnectionSpec;
import okhttp3.Dispatcher; import okhttp3.Dispatcher;
import okhttp3.Interceptor; import okhttp3.Interceptor;
import okhttp3.OkHttpClient; import okhttp3.OkHttpClient;
@ -121,9 +118,29 @@ public class BaseActivity extends AppCompatActivity {
.registerTypeAdapter(Spanned.class, new SpannedTypeAdapter()) .registerTypeAdapter(Spanned.class, new SpannedTypeAdapter())
.create(); .create();
OkHttpClient okHttpClient = OkHttpUtils.getCompatibleClientBuilder()
.addInterceptor(new Interceptor() {
@Override
public Response intercept(Chain chain) throws IOException {
Request originalRequest = chain.request();
Request.Builder builder = originalRequest.newBuilder();
String accessToken = getAccessToken();
if (accessToken != null) {
builder.header("Authorization", String.format("Bearer %s",
accessToken));
}
Request newRequest = builder.build();
return chain.proceed(newRequest);
}
})
.dispatcher(mastodonApiDispatcher)
.build();
Retrofit retrofit = new Retrofit.Builder() Retrofit retrofit = new Retrofit.Builder()
.baseUrl(getBaseUrl()) .baseUrl(getBaseUrl())
.client(OkHttpUtils.getCompatibleClient()) .client(okHttpClient)
.addConverterFactory(GsonConverterFactory.create(gson)) .addConverterFactory(GsonConverterFactory.create(gson))
.build(); .build();

View File

@ -18,10 +18,15 @@ package com.keylesspalace.tusky;
/**A wrapper for android.util.Log that allows for disabling logging, such as for release builds.*/ /**A wrapper for android.util.Log that allows for disabling logging, such as for release builds.*/
public class Log { public class Log {
private static final boolean LOGGING_ENABLED = BuildConfig.DEBUG; private static final boolean LOGGING_ENABLED = BuildConfig.DEBUG;
private static String longBoy;
private static String watchedTag;
public static void i(String tag, String string) { public static void i(String tag, String string) {
if (LOGGING_ENABLED) { if (LOGGING_ENABLED) {
android.util.Log.i(tag, string); android.util.Log.i(tag, string);
if (tag.equals(watchedTag)) {
longBoy += string + '\n';
}
} }
} }
@ -48,4 +53,14 @@ public class Log {
android.util.Log.w(tag, string); android.util.Log.w(tag, string);
} }
} }
static void watchTag(String tag) {
longBoy = "";
watchedTag = tag;
}
static String getWatchedMessages() {
watchedTag = null;
return longBoy;
}
} }

View File

@ -24,6 +24,7 @@ import android.content.pm.PackageManager;
import android.net.Uri; import android.net.Uri;
import android.os.Bundle; import android.os.Bundle;
import android.preference.PreferenceManager; import android.preference.PreferenceManager;
import android.support.annotation.NonNull;
import android.support.v7.app.AppCompatActivity; import android.support.v7.app.AppCompatActivity;
import android.text.method.LinkMovementMethod; import android.text.method.LinkMovementMethod;
import android.view.View; import android.view.View;
@ -58,126 +59,7 @@ public class LoginActivity extends AppCompatActivity {
@BindView(R.id.edit_text_domain) EditText editText; @BindView(R.id.edit_text_domain) EditText editText;
@BindView(R.id.button_login) Button button; @BindView(R.id.button_login) Button button;
@BindView(R.id.whats_an_instance) TextView whatsAnInstance; @BindView(R.id.whats_an_instance) TextView whatsAnInstance;
@BindView(R.id.debug_log_display) TextView debugLogDisplay;
/**
* Chain together the key-value pairs into a query string, for either appending to a URL or
* as the content of an HTTP request.
*/
private static String toQueryString(Map<String, String> parameters) {
StringBuilder s = new StringBuilder();
String between = "";
for (Map.Entry<String, String> entry : parameters.entrySet()) {
s.append(between);
s.append(Uri.encode(entry.getKey()));
s.append("=");
s.append(Uri.encode(entry.getValue()));
between = "&";
}
return s.toString();
}
/** Make sure the user-entered text is just a fully-qualified domain name. */
private static String validateDomain(String s) {
// Strip any schemes out.
s = s.replaceFirst("http://", "");
s = s.replaceFirst("https://", "");
// If a username was included (e.g. username@example.com), just take what's after the '@'.
int at = s.indexOf('@');
if (at != -1) {
s = s.substring(at + 1);
}
return s.trim();
}
private String getOauthRedirectUri() {
String scheme = getString(R.string.oauth_scheme);
String host = getString(R.string.oauth_redirect_host);
return scheme + "://" + host + "/";
}
private void redirectUserToAuthorizeAndLogin(EditText editText) {
/* To authorize this app and log in it's necessary to redirect to the domain given,
* activity_login there, and the server will redirect back to the app with its response. */
String endpoint = MastodonAPI.ENDPOINT_AUTHORIZE;
String redirectUri = getOauthRedirectUri();
Map<String, String> parameters = new HashMap<>();
parameters.put("client_id", clientId);
parameters.put("redirect_uri", redirectUri);
parameters.put("response_type", "code");
parameters.put("scope", OAUTH_SCOPES);
String url = "https://" + domain + endpoint + "?" + toQueryString(parameters);
Intent viewIntent = new Intent(Intent.ACTION_VIEW, Uri.parse(url));
if (viewIntent.resolveActivity(getPackageManager()) != null) {
startActivity(viewIntent);
} else {
editText.setError(getString(R.string.error_no_web_browser_found));
}
}
private MastodonAPI getApiFor(String domain) {
Retrofit retrofit = new Retrofit.Builder()
.baseUrl("https://" + domain)
.client(OkHttpUtils.getCompatibleClient())
.addConverterFactory(GsonConverterFactory.create())
.build();
return retrofit.create(MastodonAPI.class);
}
/**
* Obtain the oauth client credentials for this app. This is only necessary the first time the
* app is run on a given server instance. So, after the first authentication, they are
* saved in SharedPreferences and every subsequent run they are simply fetched from there.
*/
private void onButtonClick(final EditText editText) {
domain = validateDomain(editText.getText().toString());
/* Attempt to get client credentials from SharedPreferences, and if not present
* (such as in the case that the domain has never been accessed before)
* authenticate with the server and store the received credentials to use next
* time. */
String prefClientId = preferences.getString(domain + "/client_id", null);
String prefClientSecret = preferences.getString(domain + "/client_secret", null);
if (prefClientId != null && prefClientSecret != null) {
clientId = prefClientId;
clientSecret = prefClientSecret;
redirectUserToAuthorizeAndLogin(editText);
} else {
Callback<AppCredentials> callback = new Callback<AppCredentials>() {
@Override
public void onResponse(Call<AppCredentials> call, Response<AppCredentials> response) {
if (!response.isSuccessful()) {
editText.setError(getString(R.string.error_failed_app_registration));
Log.e(TAG, "App authentication failed. " + response.message());
return;
}
AppCredentials credentials = response.body();
clientId = credentials.clientId;
clientSecret = credentials.clientSecret;
SharedPreferences.Editor editor = preferences.edit();
editor.putString(domain + "/client_id", clientId);
editor.putString(domain + "/client_secret", clientSecret);
editor.apply();
redirectUserToAuthorizeAndLogin(editText);
}
@Override
public void onFailure(Call<AppCredentials> call, Throwable t) {
editText.setError(getString(R.string.error_failed_app_registration));
t.printStackTrace();
}
};
try {
getApiFor(domain)
.authenticateApp(getString(R.string.app_name), getOauthRedirectUri(),
OAUTH_SCOPES, getString(R.string.app_website))
.enqueue(callback);
} catch (IllegalArgumentException e) {
editText.setError(getString(R.string.error_invalid_domain));
}
}
}
@Override @Override
protected void onCreate(Bundle savedInstanceState) { protected void onCreate(Bundle savedInstanceState) {
@ -259,14 +141,133 @@ public class LoginActivity extends AppCompatActivity {
super.onSaveInstanceState(outState); super.onSaveInstanceState(outState);
} }
private void onLoginSuccess(String accessToken) { /** Make sure the user-entered text is just a fully-qualified domain name. */
@NonNull
private static String validateDomain(String s) {
// Strip any schemes out.
s = s.replaceFirst("http://", "");
s = s.replaceFirst("https://", "");
// If a username was included (e.g. username@example.com), just take what's after the '@'.
int at = s.indexOf('@');
if (at != -1) {
s = s.substring(at + 1);
}
return s.trim();
}
private String getOauthRedirectUri() {
String scheme = getString(R.string.oauth_scheme);
String host = getString(R.string.oauth_redirect_host);
return scheme + "://" + host + "/";
}
private MastodonAPI getApiFor(String domain) {
Retrofit retrofit = new Retrofit.Builder()
.baseUrl("https://" + domain)
.client(OkHttpUtils.getCompatibleClient())
.addConverterFactory(GsonConverterFactory.create())
.build();
return retrofit.create(MastodonAPI.class);
}
/**
* Obtain the oauth client credentials for this app. This is only necessary the first time the
* app is run on a given server instance. So, after the first authentication, they are
* saved in SharedPreferences and every subsequent run they are simply fetched from there.
*/
private void onButtonClick(final EditText editText) {
domain = validateDomain(editText.getText().toString());
/* Attempt to get client credentials from SharedPreferences, and if not present
* (such as in the case that the domain has never been accessed before)
* authenticate with the server and store the received credentials to use next
* time. */
String prefClientId = preferences.getString(domain + "/client_id", null);
String prefClientSecret = preferences.getString(domain + "/client_secret", null);
if (prefClientId != null && prefClientSecret != null) {
clientId = prefClientId;
clientSecret = prefClientSecret;
redirectUserToAuthorizeAndLogin(editText);
} else {
Log.watchTag(OkHttpUtils.TAG);
Callback<AppCredentials> callback = new Callback<AppCredentials>() {
@Override
public void onResponse(Call<AppCredentials> call,
Response<AppCredentials> response) {
if (!response.isSuccessful()) {
debugLogDisplay.setText(Log.getWatchedMessages());
editText.setError(getString(R.string.error_failed_app_registration));
Log.e(TAG, "App authentication failed. " + response.message());
return;
}
AppCredentials credentials = response.body();
clientId = credentials.clientId;
clientSecret = credentials.clientSecret;
SharedPreferences.Editor editor = preferences.edit(); SharedPreferences.Editor editor = preferences.edit();
editor.putString("domain", domain); editor.putString(domain + "/client_id", clientId);
editor.putString("accessToken", accessToken); editor.putString(domain + "/client_secret", clientSecret);
editor.commit(); editor.apply();
Intent intent = new Intent(this, MainActivity.class); Log.watchTag(null);
startActivity(intent); redirectUserToAuthorizeAndLogin(editText);
finish(); }
@Override
public void onFailure(Call<AppCredentials> call, Throwable t) {
debugLogDisplay.setText(Log.getWatchedMessages());
editText.setError(getString(R.string.error_failed_app_registration));
t.printStackTrace();
}
};
try {
getApiFor(domain)
.authenticateApp(getString(R.string.app_name), getOauthRedirectUri(),
OAUTH_SCOPES, getString(R.string.app_website))
.enqueue(callback);
} catch (IllegalArgumentException e) {
editText.setError(getString(R.string.error_invalid_domain));
}
}
}
/**
* Chain together the key-value pairs into a query string, for either appending to a URL or
* as the content of an HTTP request.
*/
@NonNull
private static String toQueryString(Map<String, String> parameters) {
StringBuilder s = new StringBuilder();
String between = "";
for (Map.Entry<String, String> entry : parameters.entrySet()) {
s.append(between);
s.append(Uri.encode(entry.getKey()));
s.append("=");
s.append(Uri.encode(entry.getValue()));
between = "&";
}
return s.toString();
}
private void redirectUserToAuthorizeAndLogin(EditText editText) {
/* To authorize this app and log in it's necessary to redirect to the domain given,
* activity_login there, and the server will redirect back to the app with its response. */
String endpoint = MastodonAPI.ENDPOINT_AUTHORIZE;
String redirectUri = getOauthRedirectUri();
Map<String, String> parameters = new HashMap<>();
parameters.put("client_id", clientId);
parameters.put("redirect_uri", redirectUri);
parameters.put("response_type", "code");
parameters.put("scope", OAUTH_SCOPES);
String url = "https://" + domain + endpoint + "?" + toQueryString(parameters);
Intent viewIntent = new Intent(Intent.ACTION_VIEW, Uri.parse(url));
if (viewIntent.resolveActivity(getPackageManager()) != null) {
startActivity(viewIntent);
} else {
editText.setError(getString(R.string.error_no_web_browser_found));
}
} }
@Override @Override
@ -350,4 +351,14 @@ public class LoginActivity extends AppCompatActivity {
} }
} }
} }
private void onLoginSuccess(String accessToken) {
SharedPreferences.Editor editor = preferences.edit();
editor.putString("domain", domain);
editor.putString("accessToken", accessToken);
editor.commit();
Intent intent = new Intent(this, MainActivity.class);
startActivity(intent);
finish();
}
} }

View File

@ -21,7 +21,6 @@ import android.support.annotation.NonNull;
import java.io.IOException; import java.io.IOException;
import java.net.InetAddress; import java.net.InetAddress;
import java.net.Socket; import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException; import java.security.KeyManagementException;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.KeyStoreException; import java.security.KeyStoreException;
@ -30,6 +29,8 @@ import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.SSLSocketFactory;
@ -39,11 +40,19 @@ import javax.net.ssl.X509TrustManager;
import okhttp3.ConnectionSpec; import okhttp3.ConnectionSpec;
import okhttp3.OkHttpClient; import okhttp3.OkHttpClient;
import okhttp3.logging.HttpLoggingInterceptor;
class OkHttpUtils { class OkHttpUtils {
private static final String TAG = "OkHttpUtils"; // logging tag static final String TAG = "OkHttpUtils"; // logging tag
/**
* Makes a Builder with the maximum range of TLS versions and cipher suites enabled.
*
* It first tries the "approved" list of cipher suites given in OkHttp (the default in
* ConnectionSpec.MODERN_TLS) and if that doesn't work falls back to the set of ALL enabled,
* then falls back to plain http.
*
* TLS 1.1 and 1.2 have to be manually enabled on API levels 16-20.
*/
@NonNull @NonNull
static OkHttpClient.Builder getCompatibleClientBuilder() { static OkHttpClient.Builder getCompatibleClientBuilder() {
ConnectionSpec fallback = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) ConnectionSpec fallback = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
@ -56,12 +65,8 @@ class OkHttpUtils {
specList.add(fallback); specList.add(fallback);
specList.add(ConnectionSpec.CLEARTEXT); specList.add(ConnectionSpec.CLEARTEXT);
HttpLoggingInterceptor loggingInterceptor = new HttpLoggingInterceptor();
loggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
OkHttpClient.Builder builder = new OkHttpClient.Builder() OkHttpClient.Builder builder = new OkHttpClient.Builder()
.connectionSpecs(specList) .connectionSpecs(specList);
.addInterceptor(loggingInterceptor);
return enableHigherTlsOnPreLollipop(builder); return enableHigherTlsOnPreLollipop(builder);
} }
@ -72,7 +77,7 @@ class OkHttpUtils {
} }
private static OkHttpClient.Builder enableHigherTlsOnPreLollipop(OkHttpClient.Builder builder) { private static OkHttpClient.Builder enableHigherTlsOnPreLollipop(OkHttpClient.Builder builder) {
if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 22) { // if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 22) {
try { try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance( TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm()); TrustManagerFactory.getDefaultAlgorithm());
@ -89,22 +94,23 @@ class OkHttpUtils {
sslContext.init(null, new TrustManager[] { trustManager }, null); sslContext.init(null, new TrustManager[] { trustManager }, null);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
builder.sslSocketFactory(new Tls11And12SocketFactory(sslSocketFactory), builder.sslSocketFactory(new SSLSocketFactoryCompat(sslSocketFactory),
trustManager); trustManager);
} catch (NoSuchAlgorithmException|KeyStoreException|KeyManagementException e) { } catch (NoSuchAlgorithmException|KeyStoreException|KeyManagementException e) {
Log.e(TAG, "Failed enabling TLS 1.1 & 1.2. " + e.getMessage()); Log.e(TAG, "Failed enabling TLS 1.1 & 1.2. " + e.getMessage());
} }
} // }
return builder; return builder;
} }
private static class Tls11And12SocketFactory extends SSLSocketFactory { private static class SSLSocketFactoryCompat extends SSLSocketFactory {
private static final String[] TLS_VERSIONS = { "TLSv1.1", "TLSv1.2" }; private static final String[] DESIRED_TLS_VERSIONS = { "TLSv1", "TLSv1.1", "TLSv1.2",
"TLSv1.3" };
final SSLSocketFactory delegate; final SSLSocketFactory delegate;
Tls11And12SocketFactory(SSLSocketFactory base) { SSLSocketFactoryCompat(SSLSocketFactory base) {
this.delegate = base; this.delegate = base;
} }
@ -125,13 +131,13 @@ class OkHttpUtils {
} }
@Override @Override
public Socket createSocket(String host, int port) throws IOException, UnknownHostException { public Socket createSocket(String host, int port) throws IOException {
return patch(delegate.createSocket(host, port)); return patch(delegate.createSocket(host, port));
} }
@Override @Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) public Socket createSocket(String host, int port, InetAddress localHost, int localPort)
throws IOException, UnknownHostException { throws IOException {
return patch(delegate.createSocket(host, port, localHost, localPort)); return patch(delegate.createSocket(host, port, localHost, localPort));
} }
@ -146,10 +152,52 @@ class OkHttpUtils {
return patch(delegate.createSocket(address, port, localAddress, localPort)); return patch(delegate.createSocket(address, port, localAddress, localPort));
} }
@NonNull
private static String[] getMatches(String[] wanted, String[] have) {
List<String> a = new ArrayList<>(Arrays.asList(wanted));
List<String> b = Arrays.asList(have);
a.retainAll(b);
return a.toArray(new String[0]);
}
@NonNull
private static List<String> getDifferences(String[] wanted, String[] have) {
List<String> a = new ArrayList<>(Arrays.asList(wanted));
List<String> b = Arrays.asList(have);
a.removeAll(b);
return a;
}
private Socket patch(Socket socket) { private Socket patch(Socket socket) {
if (socket instanceof SSLSocket) { if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket; SSLSocket sslSocket = (SSLSocket) socket;
sslSocket.setEnabledProtocols(TLS_VERSIONS); String[] protocols = getMatches(DESIRED_TLS_VERSIONS,
sslSocket.getSupportedProtocols());
sslSocket.setEnabledProtocols(protocols);
// Add a debug listener.
String[] enabledProtocols = sslSocket.getEnabledProtocols();
List<String> disabledProtocols = getDifferences(sslSocket.getSupportedProtocols(),
enabledProtocols);
String[] enabledSuites = sslSocket.getEnabledCipherSuites();
List<String> disabledSuites = getDifferences(sslSocket.getSupportedCipherSuites(),
enabledSuites);
Log.i(TAG, "Socket Created-----");
Log.i(TAG, "enabled protocols: " + Arrays.toString(enabledProtocols));
Log.i(TAG, "disabled protocols: " + disabledProtocols.toString());
Log.i(TAG, "enabled cipher suites: " + Arrays.toString(enabledSuites));
Log.i(TAG, "disabled cipher suites: " + disabledSuites.toString());
sslSocket.addHandshakeCompletedListener(new HandshakeCompletedListener() {
@Override
public void handshakeCompleted(HandshakeCompletedEvent event) {
String host = event.getSession().getPeerHost();
String protocol = event.getSession().getProtocol();
String cipherSuite = event.getCipherSuite();
Log.i(TAG, String.format("Handshake: %s %s %s", host, protocol,
cipherSuite));
}
});
} }
return socket; return socket;
} }

View File

@ -13,11 +13,34 @@
android:gravity="center" android:gravity="center"
android:layout_height="wrap_content"> android:layout_height="wrap_content">
<HorizontalScrollView
android:layout_width="match_parent"
android:layout_height="300dp">
<ScrollView
android:layout_width="wrap_content"
android:layout_height="match_parent"
android:background="#000000"
android:layout_marginBottom="25dp">
<TextView
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:id="@+id/debug_log_display"
android:textIsSelectable="true"
android:textColor="#ffffff" />
</ScrollView>
</HorizontalScrollView>
<!--
<ImageView <ImageView
android:layout_width="wrap_content" android:layout_width="wrap_content"
android:layout_height="wrap_content" android:layout_height="wrap_content"
android:layout_marginBottom="50dp" android:layout_marginBottom="50dp"
android:src="@drawable/elephant_friend"/> android:src="@drawable/elephant_friend"/>
-->
<android.support.design.widget.TextInputLayout <android.support.design.widget.TextInputLayout
android:layout_height="wrap_content" android:layout_height="wrap_content"