The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2008 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package android.net; |
| 18 | |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 19 | import android.os.SystemProperties; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 20 | import android.util.Log; |
Kenny Root | 12e7522 | 2013-04-23 22:34:24 -0700 | [diff] [blame] | 21 | import com.android.org.conscrypt.OpenSSLContextImpl; |
| 22 | import com.android.org.conscrypt.OpenSSLSocketImpl; |
| 23 | import com.android.org.conscrypt.SSLClientSessionCache; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 24 | import java.io.IOException; |
| 25 | import java.net.InetAddress; |
| 26 | import java.net.Socket; |
Brian Carlstrom | 7ab7a8b | 2012-09-21 16:33:50 -0700 | [diff] [blame] | 27 | import java.net.SocketException; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 28 | import java.security.KeyManagementException; |
Alex Klyubin | ac5eb03 | 2013-03-12 10:30:59 -0700 | [diff] [blame] | 29 | import java.security.PrivateKey; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 30 | import java.security.cert.X509Certificate; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 31 | import javax.net.SocketFactory; |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 32 | import javax.net.ssl.HostnameVerifier; |
| 33 | import javax.net.ssl.HttpsURLConnection; |
Ben Komalo | 1b52806 | 2011-05-03 09:40:15 -0700 | [diff] [blame] | 34 | import javax.net.ssl.KeyManager; |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 35 | import javax.net.ssl.SSLException; |
| 36 | import javax.net.ssl.SSLPeerUnverifiedException; |
| 37 | import javax.net.ssl.SSLSession; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 38 | import javax.net.ssl.SSLSocket; |
| 39 | import javax.net.ssl.SSLSocketFactory; |
| 40 | import javax.net.ssl.TrustManager; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 41 | import javax.net.ssl.X509TrustManager; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 42 | |
| 43 | /** |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 44 | * SSLSocketFactory implementation with several extra features: |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 45 | * |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 46 | * <ul> |
| 47 | * <li>Timeout specification for SSL handshake operations |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 48 | * <li>Hostname verification in most cases (see WARNINGs below) |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 49 | * <li>Optional SSL session caching with {@link SSLSessionCache} |
Dan Egnor | 9d4b575 | 2010-02-13 20:34:51 -0800 | [diff] [blame] | 50 | * <li>Optionally bypass all SSL certificate checks |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 51 | * </ul> |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 52 | * |
| 53 | * The handshake timeout does not apply to actual TCP socket connection. |
| 54 | * If you want a connection timeout as well, use {@link #createSocket()} |
| 55 | * and {@link Socket#connect(SocketAddress, int)}, after which you |
| 56 | * must verify the identity of the server you are connected to. |
| 57 | * |
| 58 | * <p class="caution"><b>Most {@link SSLSocketFactory} implementations do not |
| 59 | * verify the server's identity, allowing man-in-the-middle attacks.</b> |
| 60 | * This implementation does check the server's certificate hostname, but only |
| 61 | * for createSocket variants that specify a hostname. When using methods that |
| 62 | * use {@link InetAddress} or which return an unconnected socket, you MUST |
| 63 | * verify the server's identity yourself to ensure a secure connection.</p> |
| 64 | * |
| 65 | * <p>One way to verify the server's identity is to use |
| 66 | * {@link HttpsURLConnection#getDefaultHostnameVerifier()} to get a |
| 67 | * {@link HostnameVerifier} to verify the certificate hostname. |
| 68 | * |
| 69 | * <p>On development devices, "setprop socket.relaxsslcheck yes" bypasses all |
| 70 | * SSL certificate and hostname checks for testing purposes. This setting |
| 71 | * requires root access. |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 72 | */ |
| 73 | public class SSLCertificateSocketFactory extends SSLSocketFactory { |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 74 | private static final String TAG = "SSLCertificateSocketFactory"; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 75 | |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 76 | private static final TrustManager[] INSECURE_TRUST_MANAGER = new TrustManager[] { |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 77 | new X509TrustManager() { |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 78 | public X509Certificate[] getAcceptedIssuers() { return null; } |
| 79 | public void checkClientTrusted(X509Certificate[] certs, String authType) { } |
| 80 | public void checkServerTrusted(X509Certificate[] certs, String authType) { } |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 81 | } |
| 82 | }; |
| 83 | |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 84 | private SSLSocketFactory mInsecureFactory = null; |
| 85 | private SSLSocketFactory mSecureFactory = null; |
Ben Komalo | 1b52806 | 2011-05-03 09:40:15 -0700 | [diff] [blame] | 86 | private TrustManager[] mTrustManagers = null; |
| 87 | private KeyManager[] mKeyManagers = null; |
Jesse Wilson | f5fb5e8 | 2012-03-23 15:55:03 -0400 | [diff] [blame] | 88 | private byte[] mNpnProtocols = null; |
Kenny Root | 100d729 | 2013-06-25 12:00:34 -0700 | [diff] [blame] | 89 | private byte[] mAlpnProtocols = null; |
Alex Klyubin | ac5eb03 | 2013-03-12 10:30:59 -0700 | [diff] [blame] | 90 | private PrivateKey mChannelIdPrivateKey = null; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 91 | |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 92 | private final int mHandshakeTimeoutMillis; |
| 93 | private final SSLClientSessionCache mSessionCache; |
Dan Egnor | 9d4b575 | 2010-02-13 20:34:51 -0800 | [diff] [blame] | 94 | private final boolean mSecure; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 95 | |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 96 | /** @deprecated Use {@link #getDefault(int)} instead. */ |
Jesse Wilson | 28c7425 | 2010-11-04 14:09:18 -0700 | [diff] [blame] | 97 | @Deprecated |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 98 | public SSLCertificateSocketFactory(int handshakeTimeoutMillis) { |
Dan Egnor | 9d4b575 | 2010-02-13 20:34:51 -0800 | [diff] [blame] | 99 | this(handshakeTimeoutMillis, null, true); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 100 | } |
| 101 | |
Dan Egnor | 9d4b575 | 2010-02-13 20:34:51 -0800 | [diff] [blame] | 102 | private SSLCertificateSocketFactory( |
Brian Carlstrom | 992f238 | 2012-09-26 14:33:47 -0700 | [diff] [blame] | 103 | int handshakeTimeoutMillis, SSLSessionCache cache, boolean secure) { |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 104 | mHandshakeTimeoutMillis = handshakeTimeoutMillis; |
| 105 | mSessionCache = cache == null ? null : cache.mSessionCache; |
Dan Egnor | 9d4b575 | 2010-02-13 20:34:51 -0800 | [diff] [blame] | 106 | mSecure = secure; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 107 | } |
| 108 | |
| 109 | /** |
Dan Egnor | 9d4b575 | 2010-02-13 20:34:51 -0800 | [diff] [blame] | 110 | * Returns a new socket factory instance with an optional handshake timeout. |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 111 | * |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 112 | * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0 |
| 113 | * for none. The socket timeout is reset to 0 after the handshake. |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 114 | * @return a new SSLSocketFactory with the specified parameters |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 115 | */ |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 116 | public static SocketFactory getDefault(int handshakeTimeoutMillis) { |
Dan Egnor | 9d4b575 | 2010-02-13 20:34:51 -0800 | [diff] [blame] | 117 | return new SSLCertificateSocketFactory(handshakeTimeoutMillis, null, true); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 118 | } |
| 119 | |
| 120 | /** |
Dan Egnor | 9d4b575 | 2010-02-13 20:34:51 -0800 | [diff] [blame] | 121 | * Returns a new socket factory instance with an optional handshake timeout |
| 122 | * and SSL session cache. |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 123 | * |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 124 | * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0 |
| 125 | * for none. The socket timeout is reset to 0 after the handshake. |
Jesse Wilson | ff55699 | 2011-03-23 16:43:39 -0700 | [diff] [blame] | 126 | * @param cache The {@link SSLSessionCache} to use, or null for no cache. |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 127 | * @return a new SSLSocketFactory with the specified parameters |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 128 | */ |
Dan Egnor | 9d4b575 | 2010-02-13 20:34:51 -0800 | [diff] [blame] | 129 | public static SSLSocketFactory getDefault(int handshakeTimeoutMillis, SSLSessionCache cache) { |
| 130 | return new SSLCertificateSocketFactory(handshakeTimeoutMillis, cache, true); |
| 131 | } |
| 132 | |
| 133 | /** |
| 134 | * Returns a new instance of a socket factory with all SSL security checks |
| 135 | * disabled, using an optional handshake timeout and SSL session cache. |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 136 | * |
| 137 | * <p class="caution"><b>Warning:</b> Sockets created using this factory |
Kenny Root | e19ca07 | 2014-08-13 12:08:48 -0700 | [diff] [blame] | 138 | * are vulnerable to man-in-the-middle attacks!</p> |
Dan Egnor | 9d4b575 | 2010-02-13 20:34:51 -0800 | [diff] [blame] | 139 | * |
| 140 | * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0 |
| 141 | * for none. The socket timeout is reset to 0 after the handshake. |
Jesse Wilson | ff55699 | 2011-03-23 16:43:39 -0700 | [diff] [blame] | 142 | * @param cache The {@link SSLSessionCache} to use, or null for no cache. |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 143 | * @return an insecure SSLSocketFactory with the specified parameters |
Dan Egnor | 9d4b575 | 2010-02-13 20:34:51 -0800 | [diff] [blame] | 144 | */ |
| 145 | public static SSLSocketFactory getInsecure(int handshakeTimeoutMillis, SSLSessionCache cache) { |
| 146 | return new SSLCertificateSocketFactory(handshakeTimeoutMillis, cache, false); |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 147 | } |
| 148 | |
| 149 | /** |
| 150 | * Returns a socket factory (also named SSLSocketFactory, but in a different |
| 151 | * namespace) for use with the Apache HTTP stack. |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 152 | * |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 153 | * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0 |
| 154 | * for none. The socket timeout is reset to 0 after the handshake. |
Jesse Wilson | ff55699 | 2011-03-23 16:43:39 -0700 | [diff] [blame] | 155 | * @param cache The {@link SSLSessionCache} to use, or null for no cache. |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 156 | * @return a new SocketFactory with the specified parameters |
Narayan Kamath | 823675fd | 2014-10-23 17:35:01 +0100 | [diff] [blame] | 157 | * |
| 158 | * @deprecated Use {@link #getDefault()} along with a {@link javax.net.ssl.HttpsURLConnection} |
| 159 | * instead. The Apache HTTP client is no longer maintained and may be removed in a future |
| 160 | * release. Please visit <a href="http://android-developers.blogspot.com/2011/09/androids-http-clients.html">this webpage</a> |
| 161 | * for further details. |
Narayan Kamath | 406e1ed | 2014-12-10 18:55:12 +0000 | [diff] [blame] | 162 | * |
| 163 | * @removed |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 164 | */ |
Narayan Kamath | 823675fd | 2014-10-23 17:35:01 +0100 | [diff] [blame] | 165 | @Deprecated |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 166 | public static org.apache.http.conn.ssl.SSLSocketFactory getHttpSocketFactory( |
Jesse Wilson | ff55699 | 2011-03-23 16:43:39 -0700 | [diff] [blame] | 167 | int handshakeTimeoutMillis, SSLSessionCache cache) { |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 168 | return new org.apache.http.conn.ssl.SSLSocketFactory( |
Dan Egnor | 9d4b575 | 2010-02-13 20:34:51 -0800 | [diff] [blame] | 169 | new SSLCertificateSocketFactory(handshakeTimeoutMillis, cache, true)); |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 170 | } |
| 171 | |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 172 | /** |
| 173 | * Verify the hostname of the certificate used by the other end of a |
| 174 | * connected socket. You MUST call this if you did not supply a hostname |
| 175 | * to {@link #createSocket()}. It is harmless to call this method |
| 176 | * redundantly if the hostname has already been verified. |
| 177 | * |
| 178 | * <p>Wildcard certificates are allowed to verify any matching hostname, |
| 179 | * so "foo.bar.example.com" is verified if the peer has a certificate |
| 180 | * for "*.example.com". |
| 181 | * |
| 182 | * @param socket An SSL socket which has been connected to a server |
| 183 | * @param hostname The expected hostname of the remote server |
| 184 | * @throws IOException if something goes wrong handshaking with the server |
| 185 | * @throws SSLPeerUnverifiedException if the server cannot prove its identity |
| 186 | * |
| 187 | * @hide |
| 188 | */ |
| 189 | public static void verifyHostname(Socket socket, String hostname) throws IOException { |
| 190 | if (!(socket instanceof SSLSocket)) { |
| 191 | throw new IllegalArgumentException("Attempt to verify non-SSL socket"); |
| 192 | } |
| 193 | |
| 194 | if (!isSslCheckRelaxed()) { |
| 195 | // The code at the start of OpenSSLSocketImpl.startHandshake() |
| 196 | // ensures that the call is idempotent, so we can safely call it. |
| 197 | SSLSocket ssl = (SSLSocket) socket; |
| 198 | ssl.startHandshake(); |
| 199 | |
| 200 | SSLSession session = ssl.getSession(); |
| 201 | if (session == null) { |
| 202 | throw new SSLException("Cannot verify SSL socket without session"); |
| 203 | } |
Kenny Root | 928ee1e | 2013-07-23 20:36:03 -0700 | [diff] [blame] | 204 | if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) { |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 205 | throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname); |
| 206 | } |
| 207 | } |
| 208 | } |
| 209 | |
Ben Komalo | 1b52806 | 2011-05-03 09:40:15 -0700 | [diff] [blame] | 210 | private SSLSocketFactory makeSocketFactory( |
| 211 | KeyManager[] keyManagers, TrustManager[] trustManagers) { |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 212 | try { |
Kenny Root | 8a97063 | 2014-10-31 10:28:04 -0700 | [diff] [blame] | 213 | OpenSSLContextImpl sslContext = OpenSSLContextImpl.getPreferred(); |
Ben Komalo | 1b52806 | 2011-05-03 09:40:15 -0700 | [diff] [blame] | 214 | sslContext.engineInit(keyManagers, trustManagers, null); |
Brian Carlstrom | 2c42c8f | 2010-09-14 00:11:14 -0700 | [diff] [blame] | 215 | sslContext.engineGetClientSessionContext().setPersistentCache(mSessionCache); |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 216 | return sslContext.engineGetSocketFactory(); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 217 | } catch (KeyManagementException e) { |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 218 | Log.wtf(TAG, e); |
| 219 | return (SSLSocketFactory) SSLSocketFactory.getDefault(); // Fallback |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 220 | } |
| 221 | } |
| 222 | |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 223 | private static boolean isSslCheckRelaxed() { |
| 224 | return "1".equals(SystemProperties.get("ro.debuggable")) && |
| 225 | "yes".equals(SystemProperties.get("socket.relaxsslcheck")); |
| 226 | } |
| 227 | |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 228 | private synchronized SSLSocketFactory getDelegate() { |
Dan Egnor | 9d4b575 | 2010-02-13 20:34:51 -0800 | [diff] [blame] | 229 | // Relax the SSL check if instructed (for this factory, or systemwide) |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 230 | if (!mSecure || isSslCheckRelaxed()) { |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 231 | if (mInsecureFactory == null) { |
Dan Egnor | 9d4b575 | 2010-02-13 20:34:51 -0800 | [diff] [blame] | 232 | if (mSecure) { |
| 233 | Log.w(TAG, "*** BYPASSING SSL SECURITY CHECKS (socket.relaxsslcheck=yes) ***"); |
Kenny Root | e19ca07 | 2014-08-13 12:08:48 -0700 | [diff] [blame] | 234 | } else { |
| 235 | Log.w(TAG, "Bypassing SSL security checks at caller's request"); |
Dan Egnor | 9d4b575 | 2010-02-13 20:34:51 -0800 | [diff] [blame] | 236 | } |
Ben Komalo | 1b52806 | 2011-05-03 09:40:15 -0700 | [diff] [blame] | 237 | mInsecureFactory = makeSocketFactory(mKeyManagers, INSECURE_TRUST_MANAGER); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 238 | } |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 239 | return mInsecureFactory; |
| 240 | } else { |
| 241 | if (mSecureFactory == null) { |
Ben Komalo | 1b52806 | 2011-05-03 09:40:15 -0700 | [diff] [blame] | 242 | mSecureFactory = makeSocketFactory(mKeyManagers, mTrustManagers); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 243 | } |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 244 | return mSecureFactory; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 245 | } |
| 246 | } |
| 247 | |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 248 | /** |
Ben Komalo | 1b52806 | 2011-05-03 09:40:15 -0700 | [diff] [blame] | 249 | * Sets the {@link TrustManager}s to be used for connections made by this factory. |
Ben Komalo | 1b52806 | 2011-05-03 09:40:15 -0700 | [diff] [blame] | 250 | */ |
| 251 | public void setTrustManagers(TrustManager[] trustManager) { |
| 252 | mTrustManagers = trustManager; |
| 253 | |
| 254 | // Clear out all cached secure factories since configurations have changed. |
| 255 | mSecureFactory = null; |
| 256 | // Note - insecure factories only ever use the INSECURE_TRUST_MANAGER so they need not |
| 257 | // be cleared out here. |
| 258 | } |
| 259 | |
| 260 | /** |
Jesse Wilson | f5fb5e8 | 2012-03-23 15:55:03 -0400 | [diff] [blame] | 261 | * Sets the <a href="http://technotes.googlecode.com/git/nextprotoneg.html">Next |
| 262 | * Protocol Negotiation (NPN)</a> protocols that this peer is interested in. |
| 263 | * |
| 264 | * <p>For servers this is the sequence of protocols to advertise as |
| 265 | * supported, in order of preference. This list is sent unencrypted to |
| 266 | * all clients that support NPN. |
| 267 | * |
| 268 | * <p>For clients this is a list of supported protocols to match against the |
| 269 | * server's list. If there is no protocol supported by both client and |
| 270 | * server then the first protocol in the client's list will be selected. |
| 271 | * The order of the client's protocols is otherwise insignificant. |
| 272 | * |
Jesse Wilson | 2108ead | 2012-05-17 13:46:17 -0400 | [diff] [blame] | 273 | * @param npnProtocols a non-empty list of protocol byte arrays. All arrays |
| 274 | * must be non-empty and of length less than 256. |
Jesse Wilson | f5fb5e8 | 2012-03-23 15:55:03 -0400 | [diff] [blame] | 275 | */ |
| 276 | public void setNpnProtocols(byte[][] npnProtocols) { |
Kenny Root | 100d729 | 2013-06-25 12:00:34 -0700 | [diff] [blame] | 277 | this.mNpnProtocols = toLengthPrefixedList(npnProtocols); |
| 278 | } |
| 279 | |
| 280 | /** |
| 281 | * Sets the |
| 282 | * <a href="http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-01"> |
| 283 | * Application Layer Protocol Negotiation (ALPN)</a> protocols that this peer |
| 284 | * is interested in. |
| 285 | * |
| 286 | * <p>For servers this is the sequence of protocols to advertise as |
| 287 | * supported, in order of preference. This list is sent unencrypted to |
| 288 | * all clients that support ALPN. |
| 289 | * |
| 290 | * <p>For clients this is a list of supported protocols to match against the |
| 291 | * server's list. If there is no protocol supported by both client and |
| 292 | * server then the first protocol in the client's list will be selected. |
| 293 | * The order of the client's protocols is otherwise insignificant. |
| 294 | * |
| 295 | * @param protocols a non-empty list of protocol byte arrays. All arrays |
| 296 | * must be non-empty and of length less than 256. |
| 297 | * @hide |
| 298 | */ |
| 299 | public void setAlpnProtocols(byte[][] protocols) { |
| 300 | this.mAlpnProtocols = toLengthPrefixedList(protocols); |
Jesse Wilson | f5fb5e8 | 2012-03-23 15:55:03 -0400 | [diff] [blame] | 301 | } |
| 302 | |
| 303 | /** |
| 304 | * Returns an array containing the concatenation of length-prefixed byte |
| 305 | * strings. |
| 306 | */ |
Kenny Root | 100d729 | 2013-06-25 12:00:34 -0700 | [diff] [blame] | 307 | static byte[] toLengthPrefixedList(byte[]... items) { |
| 308 | if (items.length == 0) { |
| 309 | throw new IllegalArgumentException("items.length == 0"); |
Jesse Wilson | 2108ead | 2012-05-17 13:46:17 -0400 | [diff] [blame] | 310 | } |
Jesse Wilson | f5fb5e8 | 2012-03-23 15:55:03 -0400 | [diff] [blame] | 311 | int totalLength = 0; |
Kenny Root | 100d729 | 2013-06-25 12:00:34 -0700 | [diff] [blame] | 312 | for (byte[] s : items) { |
Jesse Wilson | f5fb5e8 | 2012-03-23 15:55:03 -0400 | [diff] [blame] | 313 | if (s.length == 0 || s.length > 255) { |
| 314 | throw new IllegalArgumentException("s.length == 0 || s.length > 255: " + s.length); |
| 315 | } |
| 316 | totalLength += 1 + s.length; |
| 317 | } |
| 318 | byte[] result = new byte[totalLength]; |
| 319 | int pos = 0; |
Kenny Root | 100d729 | 2013-06-25 12:00:34 -0700 | [diff] [blame] | 320 | for (byte[] s : items) { |
Jesse Wilson | f5fb5e8 | 2012-03-23 15:55:03 -0400 | [diff] [blame] | 321 | result[pos++] = (byte) s.length; |
| 322 | for (byte b : s) { |
| 323 | result[pos++] = b; |
| 324 | } |
| 325 | } |
| 326 | return result; |
| 327 | } |
| 328 | |
| 329 | /** |
| 330 | * Returns the <a href="http://technotes.googlecode.com/git/nextprotoneg.html">Next |
| 331 | * Protocol Negotiation (NPN)</a> protocol selected by client and server, or |
| 332 | * null if no protocol was negotiated. |
| 333 | * |
| 334 | * @param socket a socket created by this factory. |
Narayan Kamath | b4db962 | 2012-09-17 17:59:00 +0100 | [diff] [blame] | 335 | * @throws IllegalArgumentException if the socket was not created by this factory. |
Jesse Wilson | f5fb5e8 | 2012-03-23 15:55:03 -0400 | [diff] [blame] | 336 | */ |
| 337 | public byte[] getNpnSelectedProtocol(Socket socket) { |
Narayan Kamath | b4db962 | 2012-09-17 17:59:00 +0100 | [diff] [blame] | 338 | return castToOpenSSLSocket(socket).getNpnSelectedProtocol(); |
Jesse Wilson | f5fb5e8 | 2012-03-23 15:55:03 -0400 | [diff] [blame] | 339 | } |
| 340 | |
| 341 | /** |
Kenny Root | 100d729 | 2013-06-25 12:00:34 -0700 | [diff] [blame] | 342 | * Returns the |
| 343 | * <a href="http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-01">Application |
| 344 | * Layer Protocol Negotiation (ALPN)</a> protocol selected by client and server, or null |
| 345 | * if no protocol was negotiated. |
| 346 | * |
| 347 | * @param socket a socket created by this factory. |
| 348 | * @throws IllegalArgumentException if the socket was not created by this factory. |
| 349 | * @hide |
| 350 | */ |
| 351 | public byte[] getAlpnSelectedProtocol(Socket socket) { |
| 352 | return castToOpenSSLSocket(socket).getAlpnSelectedProtocol(); |
| 353 | } |
| 354 | |
| 355 | /** |
Ben Komalo | 1b52806 | 2011-05-03 09:40:15 -0700 | [diff] [blame] | 356 | * Sets the {@link KeyManager}s to be used for connections made by this factory. |
Ben Komalo | 1b52806 | 2011-05-03 09:40:15 -0700 | [diff] [blame] | 357 | */ |
| 358 | public void setKeyManagers(KeyManager[] keyManagers) { |
| 359 | mKeyManagers = keyManagers; |
| 360 | |
| 361 | // Clear out any existing cached factories since configurations have changed. |
| 362 | mSecureFactory = null; |
| 363 | mInsecureFactory = null; |
| 364 | } |
| 365 | |
Narayan Kamath | b4db962 | 2012-09-17 17:59:00 +0100 | [diff] [blame] | 366 | /** |
Alex Klyubin | ac5eb03 | 2013-03-12 10:30:59 -0700 | [diff] [blame] | 367 | * Sets the private key to be used for TLS Channel ID by connections made by this |
Alex Klyubin | 4ef6c9b | 2013-01-18 12:50:39 -0800 | [diff] [blame] | 368 | * factory. |
| 369 | * |
| 370 | * @param privateKey private key (enables TLS Channel ID) or {@code null} for no key (disables |
| 371 | * TLS Channel ID). The private key has to be an Elliptic Curve (EC) key based on the |
| 372 | * NIST P-256 curve (aka SECG secp256r1 or ANSI X9.62 prime256v1). |
| 373 | * |
| 374 | * @hide |
| 375 | */ |
Alex Klyubin | ac5eb03 | 2013-03-12 10:30:59 -0700 | [diff] [blame] | 376 | public void setChannelIdPrivateKey(PrivateKey privateKey) { |
Alex Klyubin | 4ef6c9b | 2013-01-18 12:50:39 -0800 | [diff] [blame] | 377 | mChannelIdPrivateKey = privateKey; |
| 378 | } |
| 379 | |
| 380 | /** |
Narayan Kamath | b4db962 | 2012-09-17 17:59:00 +0100 | [diff] [blame] | 381 | * Enables <a href="http://tools.ietf.org/html/rfc5077#section-3.2">session ticket</a> |
| 382 | * support on the given socket. |
| 383 | * |
| 384 | * @param socket a socket created by this factory |
| 385 | * @param useSessionTickets {@code true} to enable session ticket support on this socket. |
| 386 | * @throws IllegalArgumentException if the socket was not created by this factory. |
| 387 | */ |
| 388 | public void setUseSessionTickets(Socket socket, boolean useSessionTickets) { |
| 389 | castToOpenSSLSocket(socket).setUseSessionTickets(useSessionTickets); |
| 390 | } |
| 391 | |
| 392 | /** |
| 393 | * Turns on <a href="http://tools.ietf.org/html/rfc6066#section-3">Server |
| 394 | * Name Indication (SNI)</a> on a given socket. |
| 395 | * |
| 396 | * @param socket a socket created by this factory. |
| 397 | * @param hostName the desired SNI hostname, null to disable. |
| 398 | * @throws IllegalArgumentException if the socket was not created by this factory. |
| 399 | */ |
| 400 | public void setHostname(Socket socket, String hostName) { |
| 401 | castToOpenSSLSocket(socket).setHostname(hostName); |
| 402 | } |
| 403 | |
Brian Carlstrom | 7ab7a8b | 2012-09-21 16:33:50 -0700 | [diff] [blame] | 404 | /** |
| 405 | * Sets this socket's SO_SNDTIMEO write timeout in milliseconds. |
| 406 | * Use 0 for no timeout. |
| 407 | * To take effect, this option must be set before the blocking method was called. |
| 408 | * |
| 409 | * @param socket a socket created by this factory. |
Brian Carlstrom | 992f238 | 2012-09-26 14:33:47 -0700 | [diff] [blame] | 410 | * @param timeout the desired write timeout in milliseconds. |
Brian Carlstrom | 7ab7a8b | 2012-09-21 16:33:50 -0700 | [diff] [blame] | 411 | * @throws IllegalArgumentException if the socket was not created by this factory. |
Brian Carlstrom | 992f238 | 2012-09-26 14:33:47 -0700 | [diff] [blame] | 412 | * |
| 413 | * @hide |
Brian Carlstrom | 7ab7a8b | 2012-09-21 16:33:50 -0700 | [diff] [blame] | 414 | */ |
| 415 | public void setSoWriteTimeout(Socket socket, int writeTimeoutMilliseconds) |
| 416 | throws SocketException { |
| 417 | castToOpenSSLSocket(socket).setSoWriteTimeout(writeTimeoutMilliseconds); |
| 418 | } |
| 419 | |
Narayan Kamath | b4db962 | 2012-09-17 17:59:00 +0100 | [diff] [blame] | 420 | private static OpenSSLSocketImpl castToOpenSSLSocket(Socket socket) { |
| 421 | if (!(socket instanceof OpenSSLSocketImpl)) { |
| 422 | throw new IllegalArgumentException("Socket not created by this factory: " |
| 423 | + socket); |
| 424 | } |
| 425 | |
| 426 | return (OpenSSLSocketImpl) socket; |
| 427 | } |
Ben Komalo | 1b52806 | 2011-05-03 09:40:15 -0700 | [diff] [blame] | 428 | |
| 429 | /** |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 430 | * {@inheritDoc} |
| 431 | * |
Andrew Stadler | df27c0c | 2010-07-12 15:31:40 -0700 | [diff] [blame] | 432 | * <p>This method verifies the peer's certificate hostname after connecting |
| 433 | * (unless created with {@link #getInsecure(int, SSLSessionCache)}). |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 434 | */ |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 435 | @Override |
| 436 | public Socket createSocket(Socket k, String host, int port, boolean close) throws IOException { |
| 437 | OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(k, host, port, close); |
Jesse Wilson | f5fb5e8 | 2012-03-23 15:55:03 -0400 | [diff] [blame] | 438 | s.setNpnProtocols(mNpnProtocols); |
Kenny Root | 100d729 | 2013-06-25 12:00:34 -0700 | [diff] [blame] | 439 | s.setAlpnProtocols(mAlpnProtocols); |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 440 | s.setHandshakeTimeout(mHandshakeTimeoutMillis); |
Alex Klyubin | 4ef6c9b | 2013-01-18 12:50:39 -0800 | [diff] [blame] | 441 | s.setChannelIdPrivateKey(mChannelIdPrivateKey); |
Andrew Stadler | df27c0c | 2010-07-12 15:31:40 -0700 | [diff] [blame] | 442 | if (mSecure) { |
| 443 | verifyHostname(s, host); |
| 444 | } |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 445 | return s; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 446 | } |
| 447 | |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 448 | /** |
| 449 | * Creates a new socket which is not connected to any remote host. |
| 450 | * You must use {@link Socket#connect} to connect the socket. |
| 451 | * |
| 452 | * <p class="caution"><b>Warning:</b> Hostname verification is not performed |
| 453 | * with this method. You MUST verify the server's identity after connecting |
| 454 | * the socket to avoid man-in-the-middle attacks.</p> |
| 455 | */ |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 456 | @Override |
| 457 | public Socket createSocket() throws IOException { |
| 458 | OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(); |
Jesse Wilson | f5fb5e8 | 2012-03-23 15:55:03 -0400 | [diff] [blame] | 459 | s.setNpnProtocols(mNpnProtocols); |
Kenny Root | 100d729 | 2013-06-25 12:00:34 -0700 | [diff] [blame] | 460 | s.setAlpnProtocols(mAlpnProtocols); |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 461 | s.setHandshakeTimeout(mHandshakeTimeoutMillis); |
Alex Klyubin | 4ef6c9b | 2013-01-18 12:50:39 -0800 | [diff] [blame] | 462 | s.setChannelIdPrivateKey(mChannelIdPrivateKey); |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 463 | return s; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 464 | } |
| 465 | |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 466 | /** |
| 467 | * {@inheritDoc} |
| 468 | * |
| 469 | * <p class="caution"><b>Warning:</b> Hostname verification is not performed |
| 470 | * with this method. You MUST verify the server's identity after connecting |
| 471 | * the socket to avoid man-in-the-middle attacks.</p> |
| 472 | */ |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 473 | @Override |
| 474 | public Socket createSocket(InetAddress addr, int port, InetAddress localAddr, int localPort) |
| 475 | throws IOException { |
| 476 | OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket( |
| 477 | addr, port, localAddr, localPort); |
Jesse Wilson | f5fb5e8 | 2012-03-23 15:55:03 -0400 | [diff] [blame] | 478 | s.setNpnProtocols(mNpnProtocols); |
Kenny Root | 100d729 | 2013-06-25 12:00:34 -0700 | [diff] [blame] | 479 | s.setAlpnProtocols(mAlpnProtocols); |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 480 | s.setHandshakeTimeout(mHandshakeTimeoutMillis); |
Alex Klyubin | 4ef6c9b | 2013-01-18 12:50:39 -0800 | [diff] [blame] | 481 | s.setChannelIdPrivateKey(mChannelIdPrivateKey); |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 482 | return s; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 483 | } |
| 484 | |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 485 | /** |
| 486 | * {@inheritDoc} |
| 487 | * |
| 488 | * <p class="caution"><b>Warning:</b> Hostname verification is not performed |
| 489 | * with this method. You MUST verify the server's identity after connecting |
| 490 | * the socket to avoid man-in-the-middle attacks.</p> |
| 491 | */ |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 492 | @Override |
| 493 | public Socket createSocket(InetAddress addr, int port) throws IOException { |
| 494 | OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(addr, port); |
Jesse Wilson | f5fb5e8 | 2012-03-23 15:55:03 -0400 | [diff] [blame] | 495 | s.setNpnProtocols(mNpnProtocols); |
Kenny Root | 100d729 | 2013-06-25 12:00:34 -0700 | [diff] [blame] | 496 | s.setAlpnProtocols(mAlpnProtocols); |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 497 | s.setHandshakeTimeout(mHandshakeTimeoutMillis); |
Alex Klyubin | 4ef6c9b | 2013-01-18 12:50:39 -0800 | [diff] [blame] | 498 | s.setChannelIdPrivateKey(mChannelIdPrivateKey); |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 499 | return s; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 500 | } |
| 501 | |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 502 | /** |
| 503 | * {@inheritDoc} |
| 504 | * |
Andrew Stadler | df27c0c | 2010-07-12 15:31:40 -0700 | [diff] [blame] | 505 | * <p>This method verifies the peer's certificate hostname after connecting |
| 506 | * (unless created with {@link #getInsecure(int, SSLSessionCache)}). |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 507 | */ |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 508 | @Override |
| 509 | public Socket createSocket(String host, int port, InetAddress localAddr, int localPort) |
| 510 | throws IOException { |
| 511 | OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket( |
| 512 | host, port, localAddr, localPort); |
Jesse Wilson | f5fb5e8 | 2012-03-23 15:55:03 -0400 | [diff] [blame] | 513 | s.setNpnProtocols(mNpnProtocols); |
Kenny Root | 100d729 | 2013-06-25 12:00:34 -0700 | [diff] [blame] | 514 | s.setAlpnProtocols(mAlpnProtocols); |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 515 | s.setHandshakeTimeout(mHandshakeTimeoutMillis); |
Alex Klyubin | 4ef6c9b | 2013-01-18 12:50:39 -0800 | [diff] [blame] | 516 | s.setChannelIdPrivateKey(mChannelIdPrivateKey); |
Andrew Stadler | df27c0c | 2010-07-12 15:31:40 -0700 | [diff] [blame] | 517 | if (mSecure) { |
| 518 | verifyHostname(s, host); |
| 519 | } |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 520 | return s; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 521 | } |
| 522 | |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 523 | /** |
| 524 | * {@inheritDoc} |
| 525 | * |
Andrew Stadler | df27c0c | 2010-07-12 15:31:40 -0700 | [diff] [blame] | 526 | * <p>This method verifies the peer's certificate hostname after connecting |
| 527 | * (unless created with {@link #getInsecure(int, SSLSessionCache)}). |
Dan Egnor | 7fc93c3 | 2010-06-29 17:51:28 -0700 | [diff] [blame] | 528 | */ |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 529 | @Override |
| 530 | public Socket createSocket(String host, int port) throws IOException { |
| 531 | OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(host, port); |
Jesse Wilson | f5fb5e8 | 2012-03-23 15:55:03 -0400 | [diff] [blame] | 532 | s.setNpnProtocols(mNpnProtocols); |
Kenny Root | 100d729 | 2013-06-25 12:00:34 -0700 | [diff] [blame] | 533 | s.setAlpnProtocols(mAlpnProtocols); |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 534 | s.setHandshakeTimeout(mHandshakeTimeoutMillis); |
Alex Klyubin | 4ef6c9b | 2013-01-18 12:50:39 -0800 | [diff] [blame] | 535 | s.setChannelIdPrivateKey(mChannelIdPrivateKey); |
Andrew Stadler | df27c0c | 2010-07-12 15:31:40 -0700 | [diff] [blame] | 536 | if (mSecure) { |
| 537 | verifyHostname(s, host); |
| 538 | } |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 539 | return s; |
| 540 | } |
| 541 | |
| 542 | @Override |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 543 | public String[] getDefaultCipherSuites() { |
Alex Klyubin | 019118a | 2013-10-28 16:16:38 -0700 | [diff] [blame] | 544 | return getDelegate().getDefaultCipherSuites(); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 545 | } |
| 546 | |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 547 | @Override |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 548 | public String[] getSupportedCipherSuites() { |
Dan Egnor | 60586f2 | 2010-02-08 21:56:38 -0800 | [diff] [blame] | 549 | return getDelegate().getSupportedCipherSuites(); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 550 | } |
| 551 | } |