Loading src/com/fsck/k9/mail/store/ImapStore.java +1 −4 Original line number Diff line number Diff line Loading @@ -50,7 +50,6 @@ import java.util.zip.InflaterInputStream; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import org.apache.commons.io.IOUtils; Loading Loading @@ -97,7 +96,6 @@ import com.fsck.k9.mail.store.ImapResponseParser.ImapList; import com.fsck.k9.mail.store.ImapResponseParser.ImapResponse; import com.fsck.k9.mail.store.imap.ImapUtility; import com.fsck.k9.mail.transport.imap.ImapSettings; import com.fsck.k9.mail.transport.TrustedSocketFactory; import com.jcraft.jzlib.JZlib; import com.jcraft.jzlib.ZOutputStream; Loading Loading @@ -2451,8 +2449,7 @@ public class ImapStore extends Store { sslContext.init(null, new TrustManager[] { TrustManagerFactory.get(mSettings.getHost(), secure) }, new SecureRandom()); mSocket = sslContext.getSocketFactory().createSocket(); TrustedSocketFactory.hardenSocket((SSLSocket)mSocket); mSocket = TrustedSocketFactory.createSocket(sslContext); } else { mSocket = new Socket(); } Loading src/com/fsck/k9/mail/store/Pop3Store.java +1 −4 Original line number Diff line number Diff line Loading @@ -7,14 +7,12 @@ import com.fsck.k9.Account; import com.fsck.k9.K9; import com.fsck.k9.controller.MessageRetrievalListener; import com.fsck.k9.helper.Utility; import com.fsck.k9.mail.transport.TrustedSocketFactory; import com.fsck.k9.mail.*; import com.fsck.k9.mail.internet.MimeMessage; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import java.io.*; import java.net.*; Loading Loading @@ -332,8 +330,7 @@ public class Pop3Store extends Store { sslContext.init(null, new TrustManager[] { TrustManagerFactory.get(mHost, secure) }, new SecureRandom()); mSocket = sslContext.getSocketFactory().createSocket(); TrustedSocketFactory.hardenSocket((SSLSocket)mSocket); mSocket = TrustedSocketFactory.createSocket(sslContext); } else { mSocket = new Socket(); } Loading src/com/fsck/k9/mail/transport/TrustedSocketFactory.java→src/com/fsck/k9/mail/store/TrustedSocketFactory.java +15 −54 Original line number Diff line number Diff line package com.fsck.k9.mail.transport; import com.fsck.k9.mail.store.TrustManagerFactory; import org.apache.http.conn.ConnectTimeoutException; import org.apache.http.conn.scheme.LayeredSocketFactory; import org.apache.http.params.HttpParams; package com.fsck.k9.mail.store; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.*; public class TrustedSocketFactory implements LayeredSocketFactory { private SSLSocketFactory mSocketFactory; private org.apache.http.conn.ssl.SSLSocketFactory mSchemeSocketFactory; /** * Filter and reorder list of cipher suites and TLS versions. * * <p> * See: <a href="http://op-co.de/blog/posts/android_ssl_downgrade/">http://op-co.de/blog/posts/android_ssl_downgrade/</a> * </p> */ public class TrustedSocketFactory { protected static final String ENABLED_CIPHERS[]; protected static final String ENABLED_PROTOCOLS[]; Loading Loading @@ -81,32 +78,14 @@ public class TrustedSocketFactory implements LayeredSocketFactory { return enabled.toArray(new String[enabled.size()]); } public TrustedSocketFactory(String host, boolean secure) throws NoSuchAlgorithmException, KeyManagementException { SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, new TrustManager[] { TrustManagerFactory.get(host, secure) }, new SecureRandom()); mSocketFactory = sslContext.getSocketFactory(); mSchemeSocketFactory = org.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory(); mSchemeSocketFactory.setHostnameVerifier( org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); } public Socket connectSocket(Socket sock, String host, int port, InetAddress localAddress, int localPort, HttpParams params) throws IOException, UnknownHostException, ConnectTimeoutException { return mSchemeSocketFactory.connectSocket(sock, host, port, localAddress, localPort, params); } public static Socket createSocket(SSLContext sslContext) throws IOException { SSLSocket socket = (SSLSocket) sslContext.getSocketFactory().createSocket(); hardenSocket(socket); public Socket createSocket() throws IOException { return mSocketFactory.createSocket(); return socket; } public boolean isSecure(Socket sock) throws IllegalArgumentException { return mSchemeSocketFactory.isSecure(sock); } public static void hardenSocket(SSLSocket sock) { private static void hardenSocket(SSLSocket sock) { if (ENABLED_CIPHERS != null) { sock.setEnabledCipherSuites(ENABLED_CIPHERS); } Loading @@ -114,22 +93,4 @@ public class TrustedSocketFactory implements LayeredSocketFactory { sock.setEnabledProtocols(ENABLED_PROTOCOLS); } } public Socket createSocket( final Socket socket, final String host, final int port, final boolean autoClose ) throws IOException, UnknownHostException { SSLSocket sslSocket = (SSLSocket) mSocketFactory.createSocket( socket, host, port, autoClose ); //hostnameVerifier.verify(host, sslSocket); // verifyHostName() didn't blowup - good! hardenSocket(sslSocket); return sslSocket; } } src/com/fsck/k9/mail/transport/SmtpTransport.java +2 −3 Original line number Diff line number Diff line Loading @@ -14,10 +14,10 @@ import com.fsck.k9.mail.filter.SmtpDataStuffing; import com.fsck.k9.mail.internet.MimeUtility; import com.fsck.k9.mail.store.TrustManagerFactory; import com.fsck.k9.mail.store.LocalStore.LocalMessage; import com.fsck.k9.mail.store.TrustedSocketFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; Loading Loading @@ -245,8 +245,7 @@ public class SmtpTransport extends Transport { sslContext.init(null, new TrustManager[] { TrustManagerFactory.get(mHost, secure) }, new SecureRandom()); mSocket = sslContext.getSocketFactory().createSocket(); TrustedSocketFactory.hardenSocket((SSLSocket)mSocket); mSocket = TrustedSocketFactory.createSocket(sslContext); mSocket.connect(socketAddress, SOCKET_CONNECT_TIMEOUT); } else { mSocket = new Socket(); Loading Loading
src/com/fsck/k9/mail/store/ImapStore.java +1 −4 Original line number Diff line number Diff line Loading @@ -50,7 +50,6 @@ import java.util.zip.InflaterInputStream; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import org.apache.commons.io.IOUtils; Loading Loading @@ -97,7 +96,6 @@ import com.fsck.k9.mail.store.ImapResponseParser.ImapList; import com.fsck.k9.mail.store.ImapResponseParser.ImapResponse; import com.fsck.k9.mail.store.imap.ImapUtility; import com.fsck.k9.mail.transport.imap.ImapSettings; import com.fsck.k9.mail.transport.TrustedSocketFactory; import com.jcraft.jzlib.JZlib; import com.jcraft.jzlib.ZOutputStream; Loading Loading @@ -2451,8 +2449,7 @@ public class ImapStore extends Store { sslContext.init(null, new TrustManager[] { TrustManagerFactory.get(mSettings.getHost(), secure) }, new SecureRandom()); mSocket = sslContext.getSocketFactory().createSocket(); TrustedSocketFactory.hardenSocket((SSLSocket)mSocket); mSocket = TrustedSocketFactory.createSocket(sslContext); } else { mSocket = new Socket(); } Loading
src/com/fsck/k9/mail/store/Pop3Store.java +1 −4 Original line number Diff line number Diff line Loading @@ -7,14 +7,12 @@ import com.fsck.k9.Account; import com.fsck.k9.K9; import com.fsck.k9.controller.MessageRetrievalListener; import com.fsck.k9.helper.Utility; import com.fsck.k9.mail.transport.TrustedSocketFactory; import com.fsck.k9.mail.*; import com.fsck.k9.mail.internet.MimeMessage; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import java.io.*; import java.net.*; Loading Loading @@ -332,8 +330,7 @@ public class Pop3Store extends Store { sslContext.init(null, new TrustManager[] { TrustManagerFactory.get(mHost, secure) }, new SecureRandom()); mSocket = sslContext.getSocketFactory().createSocket(); TrustedSocketFactory.hardenSocket((SSLSocket)mSocket); mSocket = TrustedSocketFactory.createSocket(sslContext); } else { mSocket = new Socket(); } Loading
src/com/fsck/k9/mail/transport/TrustedSocketFactory.java→src/com/fsck/k9/mail/store/TrustedSocketFactory.java +15 −54 Original line number Diff line number Diff line package com.fsck.k9.mail.transport; import com.fsck.k9.mail.store.TrustManagerFactory; import org.apache.http.conn.ConnectTimeoutException; import org.apache.http.conn.scheme.LayeredSocketFactory; import org.apache.http.params.HttpParams; package com.fsck.k9.mail.store; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.*; public class TrustedSocketFactory implements LayeredSocketFactory { private SSLSocketFactory mSocketFactory; private org.apache.http.conn.ssl.SSLSocketFactory mSchemeSocketFactory; /** * Filter and reorder list of cipher suites and TLS versions. * * <p> * See: <a href="http://op-co.de/blog/posts/android_ssl_downgrade/">http://op-co.de/blog/posts/android_ssl_downgrade/</a> * </p> */ public class TrustedSocketFactory { protected static final String ENABLED_CIPHERS[]; protected static final String ENABLED_PROTOCOLS[]; Loading Loading @@ -81,32 +78,14 @@ public class TrustedSocketFactory implements LayeredSocketFactory { return enabled.toArray(new String[enabled.size()]); } public TrustedSocketFactory(String host, boolean secure) throws NoSuchAlgorithmException, KeyManagementException { SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, new TrustManager[] { TrustManagerFactory.get(host, secure) }, new SecureRandom()); mSocketFactory = sslContext.getSocketFactory(); mSchemeSocketFactory = org.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory(); mSchemeSocketFactory.setHostnameVerifier( org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); } public Socket connectSocket(Socket sock, String host, int port, InetAddress localAddress, int localPort, HttpParams params) throws IOException, UnknownHostException, ConnectTimeoutException { return mSchemeSocketFactory.connectSocket(sock, host, port, localAddress, localPort, params); } public static Socket createSocket(SSLContext sslContext) throws IOException { SSLSocket socket = (SSLSocket) sslContext.getSocketFactory().createSocket(); hardenSocket(socket); public Socket createSocket() throws IOException { return mSocketFactory.createSocket(); return socket; } public boolean isSecure(Socket sock) throws IllegalArgumentException { return mSchemeSocketFactory.isSecure(sock); } public static void hardenSocket(SSLSocket sock) { private static void hardenSocket(SSLSocket sock) { if (ENABLED_CIPHERS != null) { sock.setEnabledCipherSuites(ENABLED_CIPHERS); } Loading @@ -114,22 +93,4 @@ public class TrustedSocketFactory implements LayeredSocketFactory { sock.setEnabledProtocols(ENABLED_PROTOCOLS); } } public Socket createSocket( final Socket socket, final String host, final int port, final boolean autoClose ) throws IOException, UnknownHostException { SSLSocket sslSocket = (SSLSocket) mSocketFactory.createSocket( socket, host, port, autoClose ); //hostnameVerifier.verify(host, sslSocket); // verifyHostName() didn't blowup - good! hardenSocket(sslSocket); return sslSocket; } }
src/com/fsck/k9/mail/transport/SmtpTransport.java +2 −3 Original line number Diff line number Diff line Loading @@ -14,10 +14,10 @@ import com.fsck.k9.mail.filter.SmtpDataStuffing; import com.fsck.k9.mail.internet.MimeUtility; import com.fsck.k9.mail.store.TrustManagerFactory; import com.fsck.k9.mail.store.LocalStore.LocalMessage; import com.fsck.k9.mail.store.TrustedSocketFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; Loading Loading @@ -245,8 +245,7 @@ public class SmtpTransport extends Transport { sslContext.init(null, new TrustManager[] { TrustManagerFactory.get(mHost, secure) }, new SecureRandom()); mSocket = sslContext.getSocketFactory().createSocket(); TrustedSocketFactory.hardenSocket((SSLSocket)mSocket); mSocket = TrustedSocketFactory.createSocket(sslContext); mSocket.connect(socketAddress, SOCKET_CONNECT_TIMEOUT); } else { mSocket = new Socket(); Loading
