From 0bba34b1d3906400f2b906771114f91bb77eb83b Mon Sep 17 00:00:00 2001 From: Scott Kennedy Date: Tue, 1 Apr 2014 20:22:12 +0000 Subject: [PATCH] Revert "email: add support for Server Name Indication (SNI)" This reverts commit a7a483144d466d151ab646523a22af47de10bc18. Bug: 13744933 Change-Id: I68b95dcca20042639d02d3609ad03aaa3eca0353 --- emailcommon/Android.mk | 2 +- .../emailcommon/utility/SSLSocketFactory.java | 76 ++++++++----------- 2 files changed, 34 insertions(+), 44 deletions(-) diff --git a/emailcommon/Android.mk b/emailcommon/Android.mk index 14ea55078f..654e20d601 100644 --- a/emailcommon/Android.mk +++ b/emailcommon/Android.mk @@ -42,7 +42,7 @@ LOCAL_SRC_FILES += $(call all-java-files-under, $(apache_src_dir)) LOCAL_SRC_FILES += $(imported_unified_email_files) LOCAL_SRC_FILES += $(call all-java-files-under, $(unified_email_src_dir)/com/android/emailcommon) -LOCAL_SDK_VERSION := 17 +LOCAL_SDK_VERSION := 14 LOCAL_RESOURCE_DIR := $(LOCAL_PATH)/res diff --git a/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java b/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java index 433cef8702..b7a59b81dd 100644 --- a/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java +++ b/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java @@ -33,10 +33,6 @@ package com.android.emailcommon.utility; -import android.annotation.TargetApi; -import android.net.SSLCertificateSocketFactory; -import android.os.Build; - import org.apache.http.conn.scheme.HostNameResolver; import org.apache.http.conn.scheme.LayeredSocketFactory; import org.apache.http.conn.ssl.AllowAllHostnameVerifier; @@ -46,6 +42,7 @@ import org.apache.http.params.HttpConnectionParams; import org.apache.http.params.HttpParams; +import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; @@ -159,9 +156,21 @@ public class SSLSocketFactory implements LayeredSocketFactory { public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER = new StrictHostnameVerifier(); + /** + * The factory using the default JVM settings for secure connections. + */ + private static final SSLSocketFactory DEFAULT_FACTORY = new SSLSocketFactory(); + + /** + * Gets an singleton instance of the SSLProtocolSocketFactory. + * @return a SSLProtocolSocketFactory + */ + public static SSLSocketFactory getSocketFactory() { + return DEFAULT_FACTORY; + } private final SSLContext sslcontext; - private final SSLCertificateSocketFactory socketfactory; + private final javax.net.ssl.SSLSocketFactory socketfactory; private final HostNameResolver nameResolver; private X509HostnameVerifier hostnameVerifier = BROWSER_COMPATIBLE_HOSTNAME_VERIFIER; @@ -188,7 +197,7 @@ public SSLSocketFactory( } sslcontext = SSLContext.getInstance(algorithm); sslcontext.init(keymanagers, trustmanagers, random); - socketfactory = (SSLCertificateSocketFactory) sslcontext.getSocketFactory(); + socketfactory = sslcontext.getSocketFactory(); this.nameResolver = nameResolver; } @@ -217,13 +226,25 @@ public SSLSocketFactory(final KeyStore truststore) * Constructs an HttpClient SSLSocketFactory backed by the given JSSE * SSLSocketFactory. */ - public SSLSocketFactory(SSLCertificateSocketFactory socketfactory) { + public SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory) { super(); sslcontext = null; this.socketfactory = socketfactory; nameResolver = null; } + /** + * Creates the default SSL socket factory. + * This constructor is used exclusively to instantiate the factory for + * {@link #getSocketFactory getSocketFactory}. + */ + private SSLSocketFactory() { + super(); + sslcontext = null; + socketfactory = HttpsURLConnection.getDefaultSSLSocketFactory(); + nameResolver = null; + } + private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException { if (keystore == null) { @@ -259,7 +280,6 @@ public Socket createSocket() // non-javadoc, see interface org.apache.http.conn.SocketFactory @Override - @TargetApi(17) public Socket connectSocket( final Socket sock, final String host, @@ -303,12 +323,6 @@ public Socket connectSocket( sslsock.connect(remoteAddress, connTimeout); sslsock.setSoTimeout(soTimeout); - - if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) { - // Turn on Server Name Indication (SNI) - socketfactory.setHostname(sslsock, host); - } - try { hostnameVerifier.verify(host, sslsock); // verifyHostName() didn't blowup - good! @@ -360,43 +374,19 @@ public boolean isSecure(Socket sock) // non-javadoc, see interface LayeredSocketFactory @Override - @TargetApi(17) public Socket createSocket( final Socket socket, final String host, final int port, final boolean autoClose ) throws IOException, UnknownHostException { - // Close the plain socket if requested. The underlaying socket factory will - // create a new socket. - if (autoClose) { - socket.close(); - } - - // We don't want to verify the hostname from the previous socket here (we must call - // setHostname in order to proper get SNI working), so just create a new ssl socket - // based in the previous socket SSLSocket sslSocket = (SSLSocket) socketfactory.createSocket( - socket.getInetAddress(), - port + socket, + host, + port, + autoClose ); - - if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) { - // Turn on Server Name Indication (SNI) - socketfactory.setHostname(sslSocket, host); - } - - try { - hostnameVerifier.verify(host, sslSocket); - // verifyHostName() didn't blowup - good! - } catch (IOException iox) { - // close the socket before re-throwing the exception - if (autoClose) { - try { sslSocket.close(); } catch (Exception x) { /*ignore*/ } - } - throw iox; - } - + hostnameVerifier.verify(host, sslSocket); // verifyHostName() didn't blowup - good! return sslSocket; }