2 * Copyright (C) 2008 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 import android.os.SystemProperties;
20 import android.util.Log;
21 import com.android.org.conscrypt.OpenSSLContextImpl;
22 import com.android.org.conscrypt.OpenSSLSocketImpl;
23 import com.android.org.conscrypt.SSLClientSessionCache;
24 import java.io.IOException;
25 import java.net.InetAddress;
26 import java.net.Socket;
27 import java.net.SocketException;
28 import java.security.KeyManagementException;
29 import java.security.PrivateKey;
30 import java.security.cert.X509Certificate;
31 import javax.net.SocketFactory;
32 import javax.net.ssl.HostnameVerifier;
33 import javax.net.ssl.HttpsURLConnection;
34 import javax.net.ssl.KeyManager;
35 import javax.net.ssl.SSLException;
36 import javax.net.ssl.SSLPeerUnverifiedException;
37 import javax.net.ssl.SSLSession;
38 import javax.net.ssl.SSLSocket;
39 import javax.net.ssl.SSLSocketFactory;
40 import javax.net.ssl.TrustManager;
41 import javax.net.ssl.X509TrustManager;
44 * SSLSocketFactory implementation with several extra features:
47 * <li>Timeout specification for SSL handshake operations
48 * <li>Hostname verification in most cases (see WARNINGs below)
49 * <li>Optional SSL session caching with {@link SSLSessionCache}
50 * <li>Optionally bypass all SSL certificate checks
53 * The handshake timeout does not apply to actual TCP socket connection.
54 * If you want a connection timeout as well, use {@link #createSocket()}
55 * and {@link Socket#connect(SocketAddress, int)}, after which you
56 * must verify the identity of the server you are connected to.
58 * <p class="caution"><b>Most {@link SSLSocketFactory} implementations do not
59 * verify the server's identity, allowing man-in-the-middle attacks.</b>
60 * This implementation does check the server's certificate hostname, but only
61 * for createSocket variants that specify a hostname. When using methods that
62 * use {@link InetAddress} or which return an unconnected socket, you MUST
63 * verify the server's identity yourself to ensure a secure connection.</p>
65 * <p>One way to verify the server's identity is to use
66 * {@link HttpsURLConnection#getDefaultHostnameVerifier()} to get a
67 * {@link HostnameVerifier} to verify the certificate hostname.
69 * <p>On development devices, "setprop socket.relaxsslcheck yes" bypasses all
70 * SSL certificate and hostname checks for testing purposes. This setting
71 * requires root access.
73 public class SSLCertificateSocketFactory extends SSLSocketFactory {
74 private static final String TAG = "SSLCertificateSocketFactory";
76 private static final TrustManager[] INSECURE_TRUST_MANAGER = new TrustManager[] {
77 new X509TrustManager() {
78 public X509Certificate[] getAcceptedIssuers() { return null; }
79 public void checkClientTrusted(X509Certificate[] certs, String authType) { }
80 public void checkServerTrusted(X509Certificate[] certs, String authType) { }
84 private SSLSocketFactory mInsecureFactory = null;
85 private SSLSocketFactory mSecureFactory = null;
86 private TrustManager[] mTrustManagers = null;
87 private KeyManager[] mKeyManagers = null;
88 private byte[] mNpnProtocols = null;
89 private byte[] mAlpnProtocols = null;
90 private PrivateKey mChannelIdPrivateKey = null;
92 private final int mHandshakeTimeoutMillis;
93 private final SSLClientSessionCache mSessionCache;
94 private final boolean mSecure;
96 /** @deprecated Use {@link #getDefault(int)} instead. */
98 public SSLCertificateSocketFactory(int handshakeTimeoutMillis) {
99 this(handshakeTimeoutMillis, null, true);
102 private SSLCertificateSocketFactory(
103 int handshakeTimeoutMillis, SSLSessionCache cache, boolean secure) {
104 mHandshakeTimeoutMillis = handshakeTimeoutMillis;
105 mSessionCache = cache == null ? null : cache.mSessionCache;
110 * Returns a new socket factory instance with an optional handshake timeout.
112 * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0
113 * for none. The socket timeout is reset to 0 after the handshake.
114 * @return a new SSLSocketFactory with the specified parameters
116 public static SocketFactory getDefault(int handshakeTimeoutMillis) {
117 return new SSLCertificateSocketFactory(handshakeTimeoutMillis, null, true);
121 * Returns a new socket factory instance with an optional handshake timeout
122 * and SSL session cache.
124 * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0
125 * for none. The socket timeout is reset to 0 after the handshake.
126 * @param cache The {@link SSLSessionCache} to use, or null for no cache.
127 * @return a new SSLSocketFactory with the specified parameters
129 public static SSLSocketFactory getDefault(int handshakeTimeoutMillis, SSLSessionCache cache) {
130 return new SSLCertificateSocketFactory(handshakeTimeoutMillis, cache, true);
134 * Returns a new instance of a socket factory with all SSL security checks
135 * disabled, using an optional handshake timeout and SSL session cache.
137 * <p class="caution"><b>Warning:</b> Sockets created using this factory
138 * are vulnerable to man-in-the-middle attacks!</p>
140 * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0
141 * for none. The socket timeout is reset to 0 after the handshake.
142 * @param cache The {@link SSLSessionCache} to use, or null for no cache.
143 * @return an insecure SSLSocketFactory with the specified parameters
145 public static SSLSocketFactory getInsecure(int handshakeTimeoutMillis, SSLSessionCache cache) {
146 return new SSLCertificateSocketFactory(handshakeTimeoutMillis, cache, false);
150 * Returns a socket factory (also named SSLSocketFactory, but in a different
151 * namespace) for use with the Apache HTTP stack.
153 * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0
154 * for none. The socket timeout is reset to 0 after the handshake.
155 * @param cache The {@link SSLSessionCache} to use, or null for no cache.
156 * @return a new SocketFactory with the specified parameters
158 * @deprecated Use {@link #getDefault()} along with a {@link javax.net.ssl.HttpsURLConnection}
159 * instead. The Apache HTTP client is no longer maintained and may be removed in a future
160 * release. Please visit <a href="http://android-developers.blogspot.com/2011/09/androids-http-clients.html">this webpage</a>
161 * for further details.
166 public static org.apache.http.conn.ssl.SSLSocketFactory getHttpSocketFactory(
167 int handshakeTimeoutMillis, SSLSessionCache cache) {
168 return new org.apache.http.conn.ssl.SSLSocketFactory(
169 new SSLCertificateSocketFactory(handshakeTimeoutMillis, cache, true));
173 * Verify the hostname of the certificate used by the other end of a
174 * connected socket. You MUST call this if you did not supply a hostname
175 * to {@link #createSocket()}. It is harmless to call this method
176 * redundantly if the hostname has already been verified.
178 * <p>Wildcard certificates are allowed to verify any matching hostname,
179 * so "foo.bar.example.com" is verified if the peer has a certificate
180 * for "*.example.com".
182 * @param socket An SSL socket which has been connected to a server
183 * @param hostname The expected hostname of the remote server
184 * @throws IOException if something goes wrong handshaking with the server
185 * @throws SSLPeerUnverifiedException if the server cannot prove its identity
189 public static void verifyHostname(Socket socket, String hostname) throws IOException {
190 if (!(socket instanceof SSLSocket)) {
191 throw new IllegalArgumentException("Attempt to verify non-SSL socket");
194 if (!isSslCheckRelaxed()) {
195 // The code at the start of OpenSSLSocketImpl.startHandshake()
196 // ensures that the call is idempotent, so we can safely call it.
197 SSLSocket ssl = (SSLSocket) socket;
198 ssl.startHandshake();
200 SSLSession session = ssl.getSession();
201 if (session == null) {
202 throw new SSLException("Cannot verify SSL socket without session");
204 if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) {
205 throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
210 private SSLSocketFactory makeSocketFactory(
211 KeyManager[] keyManagers, TrustManager[] trustManagers) {
213 OpenSSLContextImpl sslContext = OpenSSLContextImpl.getPreferred();
214 sslContext.engineInit(keyManagers, trustManagers, null);
215 sslContext.engineGetClientSessionContext().setPersistentCache(mSessionCache);
216 return sslContext.engineGetSocketFactory();
217 } catch (KeyManagementException e) {
219 return (SSLSocketFactory) SSLSocketFactory.getDefault(); // Fallback
223 private static boolean isSslCheckRelaxed() {
224 return "1".equals(SystemProperties.get("ro.debuggable")) &&
225 "yes".equals(SystemProperties.get("socket.relaxsslcheck"));
228 private synchronized SSLSocketFactory getDelegate() {
229 // Relax the SSL check if instructed (for this factory, or systemwide)
230 if (!mSecure || isSslCheckRelaxed()) {
231 if (mInsecureFactory == null) {
233 Log.w(TAG, "*** BYPASSING SSL SECURITY CHECKS (socket.relaxsslcheck=yes) ***");
235 Log.w(TAG, "Bypassing SSL security checks at caller's request");
237 mInsecureFactory = makeSocketFactory(mKeyManagers, INSECURE_TRUST_MANAGER);
239 return mInsecureFactory;
241 if (mSecureFactory == null) {
242 mSecureFactory = makeSocketFactory(mKeyManagers, mTrustManagers);
244 return mSecureFactory;
249 * Sets the {@link TrustManager}s to be used for connections made by this factory.
251 public void setTrustManagers(TrustManager[] trustManager) {
252 mTrustManagers = trustManager;
254 // Clear out all cached secure factories since configurations have changed.
255 mSecureFactory = null;
256 // Note - insecure factories only ever use the INSECURE_TRUST_MANAGER so they need not
257 // be cleared out here.
261 * Sets the <a href="http://technotes.googlecode.com/git/nextprotoneg.html">Next
262 * Protocol Negotiation (NPN)</a> protocols that this peer is interested in.
264 * <p>For servers this is the sequence of protocols to advertise as
265 * supported, in order of preference. This list is sent unencrypted to
266 * all clients that support NPN.
268 * <p>For clients this is a list of supported protocols to match against the
269 * server's list. If there is no protocol supported by both client and
270 * server then the first protocol in the client's list will be selected.
271 * The order of the client's protocols is otherwise insignificant.
273 * @param npnProtocols a non-empty list of protocol byte arrays. All arrays
274 * must be non-empty and of length less than 256.
276 public void setNpnProtocols(byte[][] npnProtocols) {
277 this.mNpnProtocols = toLengthPrefixedList(npnProtocols);
282 * <a href="http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-01">
283 * Application Layer Protocol Negotiation (ALPN)</a> protocols that this peer
286 * <p>For servers this is the sequence of protocols to advertise as
287 * supported, in order of preference. This list is sent unencrypted to
288 * all clients that support ALPN.
290 * <p>For clients this is a list of supported protocols to match against the
291 * server's list. If there is no protocol supported by both client and
292 * server then the first protocol in the client's list will be selected.
293 * The order of the client's protocols is otherwise insignificant.
295 * @param protocols a non-empty list of protocol byte arrays. All arrays
296 * must be non-empty and of length less than 256.
299 public void setAlpnProtocols(byte[][] protocols) {
300 this.mAlpnProtocols = toLengthPrefixedList(protocols);
304 * Returns an array containing the concatenation of length-prefixed byte
307 static byte[] toLengthPrefixedList(byte[]... items) {
308 if (items.length == 0) {
309 throw new IllegalArgumentException("items.length == 0");
312 for (byte[] s : items) {
313 if (s.length == 0 || s.length > 255) {
314 throw new IllegalArgumentException("s.length == 0 || s.length > 255: " + s.length);
316 totalLength += 1 + s.length;
318 byte[] result = new byte[totalLength];
320 for (byte[] s : items) {
321 result[pos++] = (byte) s.length;
330 * Returns the <a href="http://technotes.googlecode.com/git/nextprotoneg.html">Next
331 * Protocol Negotiation (NPN)</a> protocol selected by client and server, or
332 * null if no protocol was negotiated.
334 * @param socket a socket created by this factory.
335 * @throws IllegalArgumentException if the socket was not created by this factory.
337 public byte[] getNpnSelectedProtocol(Socket socket) {
338 return castToOpenSSLSocket(socket).getNpnSelectedProtocol();
343 * <a href="http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-01">Application
344 * Layer Protocol Negotiation (ALPN)</a> protocol selected by client and server, or null
345 * if no protocol was negotiated.
347 * @param socket a socket created by this factory.
348 * @throws IllegalArgumentException if the socket was not created by this factory.
351 public byte[] getAlpnSelectedProtocol(Socket socket) {
352 return castToOpenSSLSocket(socket).getAlpnSelectedProtocol();
356 * Sets the {@link KeyManager}s to be used for connections made by this factory.
358 public void setKeyManagers(KeyManager[] keyManagers) {
359 mKeyManagers = keyManagers;
361 // Clear out any existing cached factories since configurations have changed.
362 mSecureFactory = null;
363 mInsecureFactory = null;
367 * Sets the private key to be used for TLS Channel ID by connections made by this
370 * @param privateKey private key (enables TLS Channel ID) or {@code null} for no key (disables
371 * TLS Channel ID). The private key has to be an Elliptic Curve (EC) key based on the
372 * NIST P-256 curve (aka SECG secp256r1 or ANSI X9.62 prime256v1).
376 public void setChannelIdPrivateKey(PrivateKey privateKey) {
377 mChannelIdPrivateKey = privateKey;
381 * Enables <a href="http://tools.ietf.org/html/rfc5077#section-3.2">session ticket</a>
382 * support on the given socket.
384 * @param socket a socket created by this factory
385 * @param useSessionTickets {@code true} to enable session ticket support on this socket.
386 * @throws IllegalArgumentException if the socket was not created by this factory.
388 public void setUseSessionTickets(Socket socket, boolean useSessionTickets) {
389 castToOpenSSLSocket(socket).setUseSessionTickets(useSessionTickets);
393 * Turns on <a href="http://tools.ietf.org/html/rfc6066#section-3">Server
394 * Name Indication (SNI)</a> on a given socket.
396 * @param socket a socket created by this factory.
397 * @param hostName the desired SNI hostname, null to disable.
398 * @throws IllegalArgumentException if the socket was not created by this factory.
400 public void setHostname(Socket socket, String hostName) {
401 castToOpenSSLSocket(socket).setHostname(hostName);
405 * Sets this socket's SO_SNDTIMEO write timeout in milliseconds.
406 * Use 0 for no timeout.
407 * To take effect, this option must be set before the blocking method was called.
409 * @param socket a socket created by this factory.
410 * @param timeout the desired write timeout in milliseconds.
411 * @throws IllegalArgumentException if the socket was not created by this factory.
415 public void setSoWriteTimeout(Socket socket, int writeTimeoutMilliseconds)
416 throws SocketException {
417 castToOpenSSLSocket(socket).setSoWriteTimeout(writeTimeoutMilliseconds);
420 private static OpenSSLSocketImpl castToOpenSSLSocket(Socket socket) {
421 if (!(socket instanceof OpenSSLSocketImpl)) {
422 throw new IllegalArgumentException("Socket not created by this factory: "
426 return (OpenSSLSocketImpl) socket;
432 * <p>This method verifies the peer's certificate hostname after connecting
433 * (unless created with {@link #getInsecure(int, SSLSessionCache)}).
436 public Socket createSocket(Socket k, String host, int port, boolean close) throws IOException {
437 OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(k, host, port, close);
438 s.setNpnProtocols(mNpnProtocols);
439 s.setAlpnProtocols(mAlpnProtocols);
440 s.setHandshakeTimeout(mHandshakeTimeoutMillis);
441 s.setChannelIdPrivateKey(mChannelIdPrivateKey);
443 verifyHostname(s, host);
449 * Creates a new socket which is not connected to any remote host.
450 * You must use {@link Socket#connect} to connect the socket.
452 * <p class="caution"><b>Warning:</b> Hostname verification is not performed
453 * with this method. You MUST verify the server's identity after connecting
454 * the socket to avoid man-in-the-middle attacks.</p>
457 public Socket createSocket() throws IOException {
458 OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket();
459 s.setNpnProtocols(mNpnProtocols);
460 s.setAlpnProtocols(mAlpnProtocols);
461 s.setHandshakeTimeout(mHandshakeTimeoutMillis);
462 s.setChannelIdPrivateKey(mChannelIdPrivateKey);
469 * <p class="caution"><b>Warning:</b> Hostname verification is not performed
470 * with this method. You MUST verify the server's identity after connecting
471 * the socket to avoid man-in-the-middle attacks.</p>
474 public Socket createSocket(InetAddress addr, int port, InetAddress localAddr, int localPort)
476 OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(
477 addr, port, localAddr, localPort);
478 s.setNpnProtocols(mNpnProtocols);
479 s.setAlpnProtocols(mAlpnProtocols);
480 s.setHandshakeTimeout(mHandshakeTimeoutMillis);
481 s.setChannelIdPrivateKey(mChannelIdPrivateKey);
488 * <p class="caution"><b>Warning:</b> Hostname verification is not performed
489 * with this method. You MUST verify the server's identity after connecting
490 * the socket to avoid man-in-the-middle attacks.</p>
493 public Socket createSocket(InetAddress addr, int port) throws IOException {
494 OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(addr, port);
495 s.setNpnProtocols(mNpnProtocols);
496 s.setAlpnProtocols(mAlpnProtocols);
497 s.setHandshakeTimeout(mHandshakeTimeoutMillis);
498 s.setChannelIdPrivateKey(mChannelIdPrivateKey);
505 * <p>This method verifies the peer's certificate hostname after connecting
506 * (unless created with {@link #getInsecure(int, SSLSessionCache)}).
509 public Socket createSocket(String host, int port, InetAddress localAddr, int localPort)
511 OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(
512 host, port, localAddr, localPort);
513 s.setNpnProtocols(mNpnProtocols);
514 s.setAlpnProtocols(mAlpnProtocols);
515 s.setHandshakeTimeout(mHandshakeTimeoutMillis);
516 s.setChannelIdPrivateKey(mChannelIdPrivateKey);
518 verifyHostname(s, host);
526 * <p>This method verifies the peer's certificate hostname after connecting
527 * (unless created with {@link #getInsecure(int, SSLSessionCache)}).
530 public Socket createSocket(String host, int port) throws IOException {
531 OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(host, port);
532 s.setNpnProtocols(mNpnProtocols);
533 s.setAlpnProtocols(mAlpnProtocols);
534 s.setHandshakeTimeout(mHandshakeTimeoutMillis);
535 s.setChannelIdPrivateKey(mChannelIdPrivateKey);
537 verifyHostname(s, host);
543 public String[] getDefaultCipherSuites() {
544 return getDelegate().getDefaultCipherSuites();
548 public String[] getSupportedCipherSuites() {
549 return getDelegate().getSupportedCipherSuites();