Skip to content
This repository has been archived by the owner on Nov 8, 2023. It is now read-only.

Commit

Permalink
Revert "email: add support for Server Name Indication (SNI)"
Browse files Browse the repository at this point in the history 
This reverts commit a7a4831.

Bug: 13744933
Change-Id: I68b95dcca20042639d02d3609ad03aaa3eca0353
  • Loading branch information
@scottkennedy
scottkennedy committed Apr 1, 2014
1 parent a7a4831 commit 0bba34b
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 44 deletions.
2 changes: 1 addition & 1 deletion emailcommon/Android.mk
View file
Expand Up @@ -42,7 +42,7 @@ LOCAL_SRC_FILES += $(call all-java-files-under, $(apache_src_dir))
LOCAL_SRC_FILES += $(imported_unified_email_files)
LOCAL_SRC_FILES += $(call all-java-files-under, $(unified_email_src_dir)/com/android/emailcommon)

LOCAL_SDK_VERSION := 17
LOCAL_SDK_VERSION := 14

LOCAL_RESOURCE_DIR := $(LOCAL_PATH)/res

Expand Down
76 changes: 33 additions & 43 deletions emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java
View file
Expand Up @@ -33,10 +33,6 @@

package com.android.emailcommon.utility;

import android.annotation.TargetApi;
import android.net.SSLCertificateSocketFactory;
import android.os.Build;

import org.apache.http.conn.scheme.HostNameResolver;
import org.apache.http.conn.scheme.LayeredSocketFactory;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
Expand All @@ -46,6 +42,7 @@
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
Expand Down Expand Up @@ -159,9 +156,21 @@ public class SSLSocketFactory implements LayeredSocketFactory {

public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
= new StrictHostnameVerifier();
/**
* The factory using the default JVM settings for secure connections.
*/
private static final SSLSocketFactory DEFAULT_FACTORY = new SSLSocketFactory();

/**
* Gets an singleton instance of the SSLProtocolSocketFactory.
* @return a SSLProtocolSocketFactory
*/
public static SSLSocketFactory getSocketFactory() {
return DEFAULT_FACTORY;
}

private final SSLContext sslcontext;
private final SSLCertificateSocketFactory socketfactory;
private final javax.net.ssl.SSLSocketFactory socketfactory;
private final HostNameResolver nameResolver;
private X509HostnameVerifier hostnameVerifier = BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;

Expand All @@ -188,7 +197,7 @@ public SSLSocketFactory(
}
sslcontext = SSLContext.getInstance(algorithm);
sslcontext.init(keymanagers, trustmanagers, random);
socketfactory = (SSLCertificateSocketFactory) sslcontext.getSocketFactory();
socketfactory = sslcontext.getSocketFactory();
this.nameResolver = nameResolver;
}

Expand Down Expand Up @@ -217,13 +226,25 @@ public SSLSocketFactory(final KeyStore truststore)
* Constructs an HttpClient SSLSocketFactory backed by the given JSSE
* SSLSocketFactory.
*/
public SSLSocketFactory(SSLCertificateSocketFactory socketfactory) {
public SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory) {
super();
sslcontext = null;
this.socketfactory = socketfactory;
nameResolver = null;
}

/**
* Creates the default SSL socket factory.
* This constructor is used exclusively to instantiate the factory for
* {@link #getSocketFactory getSocketFactory}.
*/
private SSLSocketFactory() {
super();
sslcontext = null;
socketfactory = HttpsURLConnection.getDefaultSSLSocketFactory();
nameResolver = null;
}

private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password)
throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
if (keystore == null) {
Expand Down Expand Up @@ -259,7 +280,6 @@ public Socket createSocket()

// non-javadoc, see interface org.apache.http.conn.SocketFactory
@Override
@TargetApi(17)
public Socket connectSocket(
final Socket sock,
final String host,
Expand Down Expand Up @@ -303,12 +323,6 @@ public Socket connectSocket(
sslsock.connect(remoteAddress, connTimeout);

sslsock.setSoTimeout(soTimeout);

if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
// Turn on Server Name Indication (SNI)
socketfactory.setHostname(sslsock, host);
}

try {
hostnameVerifier.verify(host, sslsock);
// verifyHostName() didn't blowup - good!
Expand Down Expand Up @@ -360,43 +374,19 @@ public boolean isSecure(Socket sock)

// non-javadoc, see interface LayeredSocketFactory
@Override
@TargetApi(17)
public Socket createSocket(
final Socket socket,
final String host,
final int port,
final boolean autoClose
) throws IOException, UnknownHostException {
// Close the plain socket if requested. The underlaying socket factory will
// create a new socket.
if (autoClose) {
socket.close();
}

// We don't want to verify the hostname from the previous socket here (we must call
// setHostname in order to proper get SNI working), so just create a new ssl socket
// based in the previous socket
SSLSocket sslSocket = (SSLSocket) socketfactory.createSocket(
socket.getInetAddress(),
port
socket,
host,
port,
autoClose
);

if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
// Turn on Server Name Indication (SNI)
socketfactory.setHostname(sslSocket, host);
}

try {
hostnameVerifier.verify(host, sslSocket);
// verifyHostName() didn't blowup - good!
} catch (IOException iox) {
// close the socket before re-throwing the exception
if (autoClose) {
try { sslSocket.close(); } catch (Exception x) { /*ignore*/ }
}
throw iox;
}

hostnameVerifier.verify(host, sslSocket);
// verifyHostName() didn't blowup - good!
return sslSocket;
}
Expand Down

0 comments on commit 0bba34b

Please sign in to comment.