Blame - android/main/java/libcore/net/http/HttpsHandler.java - platform/external/okhttp

blob: 3dd870ea8eaec00ff14138a3dddf215d31f0ff1b [file] [log] [blame]

Tobias Thierer	5be1851	2016-06-24 19:23:19 +0100	[diff] [blame]	1	/*
				2	* Licensed to the Apache Software Foundation (ASF) under one or more
				3	* contributor license agreements. See the NOTICE file distributed with
				4	* this work for additional information regarding copyright ownership.
				5	* The ASF licenses this file to You under the Apache License, Version 2.0
				6	* (the "License"); you may not use this file except in compliance with
				7	* the License. You may obtain a copy of the License at
				8	*
				9	* http://www.apache.org/licenses/LICENSE-2.0
				10	*
				11	* Unless required by applicable law or agreed to in writing, software
				12	* distributed under the License is distributed on an "AS IS" BASIS,
				13	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				14	* See the License for the specific language governing permissions and
				15	* limitations under the License.
				16	*/
				17
Tobias Thierer	fd27541	2017-04-11 21:01:50 +0100	[diff] [blame^]	18	package libcore.net.http;
				19
				20	import com.squareup.okhttp.CertificatePinner;
				21	import com.squareup.okhttp.ConnectionSpec;
				22	import com.squareup.okhttp.ConnectionSpecs;
				23	import com.squareup.okhttp.OkHttpClient;
				24	import com.squareup.okhttp.OkUrlFactories;
				25	import com.squareup.okhttp.OkUrlFactory;
				26	import com.squareup.okhttp.Protocol;
Tobias Thierer	5be1851	2016-06-24 19:23:19 +0100	[diff] [blame]	27
				28	import java.net.Proxy;
Tobias Thierer	d9a7a71	2016-10-17 17:51:32 +0100	[diff] [blame]	29	import java.util.Collections;
Tobias Thierer	5be1851	2016-06-24 19:23:19 +0100	[diff] [blame]	30	import java.util.List;
				31
				32	import javax.net.ssl.HttpsURLConnection;
				33
				34	public final class HttpsHandler extends HttpHandler {
				35
				36	/**
Tobias Thierer	d9a7a71	2016-10-17 17:51:32 +0100	[diff] [blame]	37	* The connection spec to use when connecting to an https:// server. Note that Android does
				38	* not set the cipher suites or TLS versions to use so the socket's defaults will be used
				39	* instead. When the SSLSocketFactory is provided by the app or GMS core we will not
				40	* override the enabled ciphers or TLS versions set on the sockets it produces with a
				41	* list hardcoded at release time. This is deliberate.
Tobias Thierer	5be1851	2016-06-24 19:23:19 +0100	[diff] [blame]	42	*/
Tobias Thierer	fd27541	2017-04-11 21:01:50 +0100	[diff] [blame^]	43	private static final ConnectionSpec TLS_CONNECTION_SPEC = ConnectionSpecs.builder(true)
Tobias Thierer	d9a7a71	2016-10-17 17:51:32 +0100	[diff] [blame]	44	.allEnabledCipherSuites()
				45	.allEnabledTlsVersions()
Tobias Thierer	5be1851	2016-06-24 19:23:19 +0100	[diff] [blame]	46	.supportsTlsExtensions(true)
				47	.build();
				48
Tobias Thierer	d9a7a71	2016-10-17 17:51:32 +0100	[diff] [blame]	49	private static final List<Protocol> HTTP_1_1_ONLY =
				50	Collections.singletonList(Protocol.HTTP_1_1);
Tobias Thierer	5be1851	2016-06-24 19:23:19 +0100	[diff] [blame]	51
				52	private final ConfigAwareConnectionPool configAwareConnectionPool =
				53	ConfigAwareConnectionPool.getInstance();
				54
				55	@Override protected int getDefaultPort() {
				56	return 443;
				57	}
				58
				59	@Override
				60	protected OkUrlFactory newOkUrlFactory(Proxy proxy) {
				61	OkUrlFactory okUrlFactory = createHttpsOkUrlFactory(proxy);
				62	// For HttpsURLConnections created through java.net.URL Android uses a connection pool that
				63	// is aware when the default network changes so that pooled connections are not re-used when
				64	// the default network changes.
				65	okUrlFactory.client().setConnectionPool(configAwareConnectionPool.get());
				66	return okUrlFactory;
				67	}
				68
				69	/**
				70	* Creates an OkHttpClient suitable for creating {@link HttpsURLConnection} instances on
				71	* Android.
				72	*/
				73	// Visible for android.net.Network.
				74	public static OkUrlFactory createHttpsOkUrlFactory(Proxy proxy) {
				75	// The HTTPS OkHttpClient is an HTTP OkHttpClient with extra configuration.
				76	OkUrlFactory okUrlFactory = HttpHandler.createHttpOkUrlFactory(proxy);
				77
				78	// All HTTPS requests are allowed.
Tobias Thierer	fd27541	2017-04-11 21:01:50 +0100	[diff] [blame^]	79	OkUrlFactories.setUrlFilter(okUrlFactory, null);
Tobias Thierer	5be1851	2016-06-24 19:23:19 +0100	[diff] [blame]	80
				81	OkHttpClient okHttpClient = okUrlFactory.client();
				82
				83	// Only enable HTTP/1.1 (implies HTTP/1.0). Disable SPDY / HTTP/2.0.
				84	okHttpClient.setProtocols(HTTP_1_1_ONLY);
				85
Tobias Thierer	d9a7a71	2016-10-17 17:51:32 +0100	[diff] [blame]	86	okHttpClient.setConnectionSpecs(Collections.singletonList(TLS_CONNECTION_SPEC));
Tobias Thierer	5be1851	2016-06-24 19:23:19 +0100	[diff] [blame]	87
				88	// Android support certificate pinning via NetworkSecurityConfig so there is no need to
				89	// also expose OkHttp's mechanism. The OkHttpClient underlying https HttpsURLConnections
				90	// in Android should therefore always use the default certificate pinner, whose set of
				91	// {@code hostNamesToPin} is empty.
				92	okHttpClient.setCertificatePinner(CertificatePinner.DEFAULT);
				93
				94	// OkHttp does not automatically honor the system-wide HostnameVerifier set with
				95	// HttpsURLConnection.setDefaultHostnameVerifier().
				96	okUrlFactory.client().setHostnameVerifier(HttpsURLConnection.getDefaultHostnameVerifier());
				97	// OkHttp does not automatically honor the system-wide SSLSocketFactory set with
				98	// HttpsURLConnection.setDefaultSSLSocketFactory().
				99	// See https://github.com/square/okhttp/issues/184 for details.
				100	okHttpClient.setSslSocketFactory(HttpsURLConnection.getDefaultSSLSocketFactory());
				101
				102	return okUrlFactory;
				103	}
				104	}