修复SSL网络错误

2022-11-03 20:42:36 +08:00
parent 8fcb4ac7e2
commit fb457e4fd0
2 changed files with 99 additions and 1 deletions
--- a/library/src/main/java/com/yizhuan/xchat_android_library/net/rxnet/factory/Tls12SocketFactory.java
+++ b/library/src/main/java/com/yizhuan/xchat_android_library/net/rxnet/factory/Tls12SocketFactory.java
@@ -0,0 +1,68 @@
+package com.yizhuan.xchat_android_library.net.rxnet.factory;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+/**
+ * Enables TLS v1.2 when creating SSLSockets.
+ * <p/>
+ * For some reason, android supports TLS v1.2 from API 16, but enables it by
+ * default only from API 20.
+ * @link https://developer.android.com/reference/javax/net/ssl/SSLSocket.html
+ * @see SSLSocketFactory
+ */
+public class Tls12SocketFactory extends SSLSocketFactory {
+    private static final String[] TLS_V12_ONLY = {"TLSv1.2"};
+
+    final SSLSocketFactory delegate;
+
+    public Tls12SocketFactory(SSLSocketFactory base) {
+        this.delegate = base;
+    }
+
+    @Override
+    public String[] getDefaultCipherSuites() {
+        return delegate.getDefaultCipherSuites();
+    }
+
+    @Override
+    public String[] getSupportedCipherSuites() {
+        return delegate.getSupportedCipherSuites();
+    }
+
+    @Override
+    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
+        return patch(delegate.createSocket(s, host, port, autoClose));
+    }
+
+    @Override
+    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
+        return patch(delegate.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
+        return patch(delegate.createSocket(host, port, localHost, localPort));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress host, int port) throws IOException {
+        return patch(delegate.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
+        return patch(delegate.createSocket(address, port, localAddress, localPort));
+    }
+
+    private Socket patch(Socket s) {
+        if (s instanceof SSLSocket) {
+            ((SSLSocket) s).setEnabledProtocols(TLS_V12_ONLY);
+        }
+        return s;
+    }
+}
--- a/library/src/main/java/com/yizhuan/xchat_android_library/net/rxnet/manager/RxNetManager.java
+++ b/library/src/main/java/com/yizhuan/xchat_android_library/net/rxnet/manager/RxNetManager.java
@@ -1,11 +1,14 @@
 package com.yizhuan.xchat_android_library.net.rxnet.manager;

 import android.content.Context;
+import android.os.Build;
+import android.util.Log;

 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 import com.yizhuan.xchat_android_library.BuildConfig;
 import com.yizhuan.xchat_android_library.net.rxnet.converter.GsonConverterFactory;
+import com.yizhuan.xchat_android_library.net.rxnet.factory.Tls12SocketFactory;
 import com.yizhuan.xchat_android_library.net.rxnet.https.HttpsUtils;
 import com.yizhuan.xchat_android_library.net.rxnet.interceptor.HttpLoggingInterceptor;
 import com.yizhuan.xchat_android_library.net.rxnet.utils.RxNetLog;
@@ -23,11 +26,14 @@ import java.util.Objects;
 import java.util.concurrent.TimeUnit;

 import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;

 import okhttp3.Cache;
 import okhttp3.ConnectionPool;
+import okhttp3.ConnectionSpec;
 import okhttp3.Interceptor;
 import okhttp3.OkHttpClient;
+import okhttp3.TlsVersion;
 import retrofit2.Retrofit;
 import retrofit2.adapter.rxjava2.RxJava2CallAdapterFactory;

@@ -97,7 +103,7 @@ public final class RxNetManager {
        if (hostnameVerifier != null) {
            mBuilder.hostnameVerifier(hostnameVerifier);
        }
-        mOkHttpClient = mBuilder.build();
+        mOkHttpClient = enableTls12OnPreLollipop(mBuilder).build();
        Gson gson = new GsonBuilder().setDateFormat("yyyy-MM-dd HH:mm:ss").serializeNulls().create();
        mRetrofit = new Retrofit.Builder()
                .client(mOkHttpClient)
@@ -108,6 +114,30 @@ public final class RxNetManager {

    }

+    public static OkHttpClient.Builder enableTls12OnPreLollipop(OkHttpClient.Builder client) {
+        if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 22) {
+            try {
+                SSLContext sc = SSLContext.getInstance("TLSv1.2");
+                sc.init(null, null, null);
+                client.sslSocketFactory(new Tls12SocketFactory(sc.getSocketFactory()));
+
+                ConnectionSpec cs = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
+                        .tlsVersions(TlsVersion.TLS_1_2)
+                        .build();
+
+                List<ConnectionSpec> specs = new ArrayList<>();
+                specs.add(cs);
+                specs.add(ConnectionSpec.COMPATIBLE_TLS);
+                specs.add(ConnectionSpec.CLEARTEXT);
+
+                client.connectionSpecs(specs);
+            } catch (Exception exc) {
+                Log.e("OkHttpTLSCompat", "Error while setting TLS 1.2", exc);
+            }
+        }
+
+        return client;
+    }

    public Retrofit getRetrofit() {
        return mRetrofit;