Merge pull request #33 from taskrabbit/tls

bleonard · web-flow · commit 794f6e7e40ec · 2016-09-30T12:09:36.000-07:00
Force TLS to 1.1 or 1.2
diff --git a/android/app/src/main/java/com/sample/MainActivity.java b/android/app/src/main/java/com/sample/MainActivity.java
@@ -1,5 +1,7 @@
 package com.sample;
 
+import android.os.Bundle;
+
 import com.facebook.react.ReactActivity;
 
 public class MainActivity extends ReactActivity {
@@ -12,4 +14,11 @@ public class MainActivity extends ReactActivity {
     protected String getMainComponentName() {
         return "Sample";
     }
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        TLSSetup.configure();
+    }
 }
diff --git a/android/app/src/main/java/com/sample/TLSSetup.java b/android/app/src/main/java/com/sample/TLSSetup.java
@@ -0,0 +1,44 @@
+package com.sample;
+
+import android.util.Log;
+import com.facebook.react.modules.network.OkHttpClientProvider;
+import com.facebook.react.modules.network.ReactCookieJarContainer;
+import okhttp3.ConnectionSpec;
+import okhttp3.OkHttpClient;
+import okhttp3.TlsVersion;
+
+import javax.net.ssl.*;
+import java.util.Arrays;
+import java.util.concurrent.TimeUnit;
+
+public class TLSSetup {
+
+    static String TAG = "TLSSetup";
+
+    public static void configure(){
+        try {
+            SSLContext sc = SSLContext.getInstance("TLSv1.1");
+            sc.init(null, null, null);
+            ConnectionSpec cs = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
+                    .tlsVersions(TlsVersion.TLS_1_2, TlsVersion.TLS_1_1)
+                    .build();
+            // Taken from OkHttpClientProvider.java
+            // Set no timeout by default
+            OkHttpClient sClient = new OkHttpClient.Builder()
+                    .connectTimeout(0, TimeUnit.MILLISECONDS)
+                    .readTimeout(0, TimeUnit.MILLISECONDS)
+                    .writeTimeout(0, TimeUnit.MILLISECONDS)
+                    .cookieJar(new ReactCookieJarContainer())
+                    // set sslSocketFactory
+                    .sslSocketFactory(new TLSSocketFactory(sc.getSocketFactory()))
+                    // set connectionSpecs
+                    .connectionSpecs(Arrays.asList(cs, ConnectionSpec.COMPATIBLE_TLS, ConnectionSpec.CLEARTEXT))
+                    .build();
+
+            OkHttpClientProvider.replaceOkHttpClient(sClient);
+        } catch (Exception e) {
+            Log.e(TAG, e.getMessage());
+        }
+    }
+
+}
diff --git a/android/app/src/main/java/com/sample/TLSSocketFactory.java b/android/app/src/main/java/com/sample/TLSSocketFactory.java
@@ -0,0 +1,67 @@
+package com.sample;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+/**
+ * Taken from https://gist.github.com/mlc/549409f649251897ebef
+ *
+ * Enables TLS when creating SSLSockets.
+ *
+ * @link https://developer.android.com/reference/javax/net/ssl/SSLSocket.html
+ * @see SSLSocketFactory
+ */
+class TLSSocketFactory extends SSLSocketFactory {
+    final SSLSocketFactory delegate;
+
+    public TLSSocketFactory(SSLSocketFactory delegate) {
+        this.delegate = delegate;
+    }
+
+    @Override
+    public String[] getDefaultCipherSuites() {
+        return delegate.getDefaultCipherSuites();
+    }
+
+    @Override
+    public String[] getSupportedCipherSuites() {
+        return delegate.getSupportedCipherSuites();
+    }
+
+    @Override
+    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
+        return patch(delegate.createSocket(s, host, port, autoClose));
+    }
+
+    @Override
+    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
+        return patch(delegate.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
+        return patch(delegate.createSocket(host, port, localHost, localPort));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress host, int port) throws IOException {
+        return patch(delegate.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
+        return patch(delegate.createSocket(address, port, localAddress, localPort));
+    }
+
+    private Socket patch(Socket s) {
+        if (s instanceof SSLSocket) {
+            ((SSLSocket) s).setEnabledProtocols(((SSLSocket) s).getSupportedProtocols());
+        }
+        return s;
+    }
+}
