SSLCertificateSocketFactory.java revision 007392a8a17df8b608f4ccd9129436cb570090d3 
1/*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.net;
18
19import android.os.SystemProperties;
20import android.util.Log;
21import com.android.org.conscrypt.OpenSSLContextImpl;
22import com.android.org.conscrypt.OpenSSLSocketImpl;
23import com.android.org.conscrypt.SSLClientSessionCache;
24import java.io.IOException;
25import java.net.InetAddress;
26import java.net.Socket;
27import java.net.SocketException;
28import java.security.KeyManagementException;
29import java.security.PrivateKey;
30import java.security.cert.X509Certificate;
31import javax.net.SocketFactory;
32import javax.net.ssl.HostnameVerifier;
33import javax.net.ssl.HttpsURLConnection;
34import javax.net.ssl.KeyManager;
35import javax.net.ssl.SSLException;
36import javax.net.ssl.SSLPeerUnverifiedException;
37import javax.net.ssl.SSLSession;
38import javax.net.ssl.SSLSocket;
39import javax.net.ssl.SSLSocketFactory;
40import javax.net.ssl.TrustManager;
41import javax.net.ssl.X509TrustManager;
42
43/**
44 * SSLSocketFactory implementation with several extra features:
45 *
46 * <ul>
47 * <li>Timeout specification for SSL handshake operations
48 * <li>Hostname verification in most cases (see WARNINGs below)
49 * <li>Optional SSL session caching with {@link SSLSessionCache}
50 * <li>Optionally bypass all SSL certificate checks
51 * </ul>
52 *
53 * The handshake timeout does not apply to actual TCP socket connection.
54 * If you want a connection timeout as well, use {@link #createSocket()}
55 * and {@link Socket#connect(SocketAddress, int)}, after which you
56 * must verify the identity of the server you are connected to.
57 *
58 * <p class="caution"><b>Most {@link SSLSocketFactory} implementations do not
59 * verify the server's identity, allowing man-in-the-middle attacks.</b>
60 * This implementation does check the server's certificate hostname, but only
61 * for createSocket variants that specify a hostname.  When using methods that
62 * use {@link InetAddress} or which return an unconnected socket, you MUST
63 * verify the server's identity yourself to ensure a secure connection.</p>
64 *
65 * <p>One way to verify the server's identity is to use
66 * {@link HttpsURLConnection#getDefaultHostnameVerifier()} to get a
67 * {@link HostnameVerifier} to verify the certificate hostname.
68 *
69 * <p>On development devices, "setprop socket.relaxsslcheck yes" bypasses all
70 * SSL certificate and hostname checks for testing purposes.  This setting
71 * requires root access.
72 */
73public class SSLCertificateSocketFactory extends SSLSocketFactory {
74    private static final String TAG = "SSLCertificateSocketFactory";
75
76    private static final TrustManager[] INSECURE_TRUST_MANAGER = new TrustManager[] {
77        new X509TrustManager() {
78            public X509Certificate[] getAcceptedIssuers() { return null; }
79            public void checkClientTrusted(X509Certificate[] certs, String authType) { }
80            public void checkServerTrusted(X509Certificate[] certs, String authType) { }
81        }
82    };
83
84    private SSLSocketFactory mInsecureFactory = null;
85    private SSLSocketFactory mSecureFactory = null;
86    private TrustManager[] mTrustManagers = null;
87    private KeyManager[] mKeyManagers = null;
88    private byte[] mNpnProtocols = null;
89    private byte[] mAlpnProtocols = null;
90    private PrivateKey mChannelIdPrivateKey = null;
91
92    private final int mHandshakeTimeoutMillis;
93    private final SSLClientSessionCache mSessionCache;
94    private final boolean mSecure;
95
96    /** @deprecated Use {@link #getDefault(int)} instead. */
97    @Deprecated
98    public SSLCertificateSocketFactory(int handshakeTimeoutMillis) {
99        this(handshakeTimeoutMillis, null, true);
100    }
101
102    private SSLCertificateSocketFactory(
103            int handshakeTimeoutMillis, SSLSessionCache cache, boolean secure) {
104        mHandshakeTimeoutMillis = handshakeTimeoutMillis;
105        mSessionCache = cache == null ? null : cache.mSessionCache;
106        mSecure = secure;
107    }
108
109    /**
110     * Returns a new socket factory instance with an optional handshake timeout.
111     *
112     * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0
113     *         for none.  The socket timeout is reset to 0 after the handshake.
114     * @return a new SSLSocketFactory with the specified parameters
115     */
116    public static SocketFactory getDefault(int handshakeTimeoutMillis) {
117        return new SSLCertificateSocketFactory(handshakeTimeoutMillis, null, true);
118    }
119
120    /**
121     * Returns a new socket factory instance with an optional handshake timeout
122     * and SSL session cache.
123     *
124     * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0
125     *         for none.  The socket timeout is reset to 0 after the handshake.
126     * @param cache The {@link SSLSessionCache} to use, or null for no cache.
127     * @return a new SSLSocketFactory with the specified parameters
128     */
129    public static SSLSocketFactory getDefault(int handshakeTimeoutMillis, SSLSessionCache cache) {
130        return new SSLCertificateSocketFactory(handshakeTimeoutMillis, cache, true);
131    }
132
133    /**
134     * Returns a new instance of a socket factory with all SSL security checks
135     * disabled, using an optional handshake timeout and SSL session cache.
136     *
137     * <p class="caution"><b>Warning:</b> Sockets created using this factory
138     * are vulnerable to man-in-the-middle attacks!</p>. The caller must implement
139     * its own verification.
140     *
141     * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0
142     *         for none.  The socket timeout is reset to 0 after the handshake.
143     * @param cache The {@link SSLSessionCache} to use, or null for no cache.
144     * @return an insecure SSLSocketFactory with the specified parameters
145     */
146    public static SSLSocketFactory getInsecure(int handshakeTimeoutMillis, SSLSessionCache cache) {
147        return new SSLCertificateSocketFactory(handshakeTimeoutMillis, cache, false);
148    }
149
150    /**
151     * Returns a socket factory (also named SSLSocketFactory, but in a different
152     * namespace) for use with the Apache HTTP stack.
153     *
154     * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0
155     *         for none.  The socket timeout is reset to 0 after the handshake.
156     * @param cache The {@link SSLSessionCache} to use, or null for no cache.
157     * @return a new SocketFactory with the specified parameters
158     */
159    public static org.apache.http.conn.ssl.SSLSocketFactory getHttpSocketFactory(
160            int handshakeTimeoutMillis, SSLSessionCache cache) {
161        return new org.apache.http.conn.ssl.SSLSocketFactory(
162                new SSLCertificateSocketFactory(handshakeTimeoutMillis, cache, true));
163    }
164
165    /**
166     * Verify the hostname of the certificate used by the other end of a
167     * connected socket.  You MUST call this if you did not supply a hostname
168     * to {@link #createSocket()}.  It is harmless to call this method
169     * redundantly if the hostname has already been verified.
170     *
171     * <p>Wildcard certificates are allowed to verify any matching hostname,
172     * so "foo.bar.example.com" is verified if the peer has a certificate
173     * for "*.example.com".
174     *
175     * @param socket An SSL socket which has been connected to a server
176     * @param hostname The expected hostname of the remote server
177     * @throws IOException if something goes wrong handshaking with the server
178     * @throws SSLPeerUnverifiedException if the server cannot prove its identity
179     *
180     * @hide
181     */
182    public static void verifyHostname(Socket socket, String hostname) throws IOException {
183        if (!(socket instanceof SSLSocket)) {
184            throw new IllegalArgumentException("Attempt to verify non-SSL socket");
185        }
186
187        if (!isSslCheckRelaxed()) {
188            // The code at the start of OpenSSLSocketImpl.startHandshake()
189            // ensures that the call is idempotent, so we can safely call it.
190            SSLSocket ssl = (SSLSocket) socket;
191            ssl.startHandshake();
192
193            SSLSession session = ssl.getSession();
194            if (session == null) {
195                throw new SSLException("Cannot verify SSL socket without session");
196            }
197            if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) {
198                throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
199            }
200        }
201    }
202
203    private SSLSocketFactory makeSocketFactory(
204            KeyManager[] keyManagers, TrustManager[] trustManagers) {
205        try {
206            OpenSSLContextImpl sslContext = new OpenSSLContextImpl();
207            sslContext.engineInit(keyManagers, trustManagers, null);
208            sslContext.engineGetClientSessionContext().setPersistentCache(mSessionCache);
209            return sslContext.engineGetSocketFactory();
210        } catch (KeyManagementException e) {
211            Log.wtf(TAG, e);
212            return (SSLSocketFactory) SSLSocketFactory.getDefault();  // Fallback
213        }
214    }
215
216    private static boolean isSslCheckRelaxed() {
217        return "1".equals(SystemProperties.get("ro.debuggable")) &&
218            "yes".equals(SystemProperties.get("socket.relaxsslcheck"));
219    }
220
221    private synchronized SSLSocketFactory getDelegate() {
222        // Relax the SSL check if instructed (for this factory, or systemwide)
223        if (!mSecure || isSslCheckRelaxed()) {
224            if (mInsecureFactory == null) {
225                if (mSecure) {
226                    Log.w(TAG, "*** BYPASSING SSL SECURITY CHECKS (socket.relaxsslcheck=yes) ***");
227                }
228                mInsecureFactory = makeSocketFactory(mKeyManagers, INSECURE_TRUST_MANAGER);
229            }
230            return mInsecureFactory;
231        } else {
232            if (mSecureFactory == null) {
233                mSecureFactory = makeSocketFactory(mKeyManagers, mTrustManagers);
234            }
235            return mSecureFactory;
236        }
237    }
238
239    /**
240     * Sets the {@link TrustManager}s to be used for connections made by this factory.
241     */
242    public void setTrustManagers(TrustManager[] trustManager) {
243        mTrustManagers = trustManager;
244
245        // Clear out all cached secure factories since configurations have changed.
246        mSecureFactory = null;
247        // Note - insecure factories only ever use the INSECURE_TRUST_MANAGER so they need not
248        // be cleared out here.
249    }
250
251    /**
252     * Sets the <a href="http://technotes.googlecode.com/git/nextprotoneg.html">Next
253     * Protocol Negotiation (NPN)</a> protocols that this peer is interested in.
254     *
255     * <p>For servers this is the sequence of protocols to advertise as
256     * supported, in order of preference. This list is sent unencrypted to
257     * all clients that support NPN.
258     *
259     * <p>For clients this is a list of supported protocols to match against the
260     * server's list. If there is no protocol supported by both client and
261     * server then the first protocol in the client's list will be selected.
262     * The order of the client's protocols is otherwise insignificant.
263     *
264     * @param npnProtocols a non-empty list of protocol byte arrays. All arrays
265     *     must be non-empty and of length less than 256.
266     */
267    public void setNpnProtocols(byte[][] npnProtocols) {
268        this.mNpnProtocols = toLengthPrefixedList(npnProtocols);
269    }
270
271    /**
272     * Sets the
273     * <a href="http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-01">
274     * Application Layer Protocol Negotiation (ALPN)</a> protocols that this peer
275     * is interested in.
276     *
277     * <p>For servers this is the sequence of protocols to advertise as
278     * supported, in order of preference. This list is sent unencrypted to
279     * all clients that support ALPN.
280     *
281     * <p>For clients this is a list of supported protocols to match against the
282     * server's list. If there is no protocol supported by both client and
283     * server then the first protocol in the client's list will be selected.
284     * The order of the client's protocols is otherwise insignificant.
285     *
286     * @param protocols a non-empty list of protocol byte arrays. All arrays
287     *     must be non-empty and of length less than 256.
288     * @hide
289     */
290    public void setAlpnProtocols(byte[][] protocols) {
291        this.mAlpnProtocols = toLengthPrefixedList(protocols);
292    }
293
294    /**
295     * Returns an array containing the concatenation of length-prefixed byte
296     * strings.
297     */
298    static byte[] toLengthPrefixedList(byte[]... items) {
299        if (items.length == 0) {
300            throw new IllegalArgumentException("items.length == 0");
301        }
302        int totalLength = 0;
303        for (byte[] s : items) {
304            if (s.length == 0 || s.length > 255) {
305                throw new IllegalArgumentException("s.length == 0 || s.length > 255: " + s.length);
306            }
307            totalLength += 1 + s.length;
308        }
309        byte[] result = new byte[totalLength];
310        int pos = 0;
311        for (byte[] s : items) {
312            result[pos++] = (byte) s.length;
313            for (byte b : s) {
314                result[pos++] = b;
315            }
316        }
317        return result;
318    }
319
320    /**
321     * Returns the <a href="http://technotes.googlecode.com/git/nextprotoneg.html">Next
322     * Protocol Negotiation (NPN)</a> protocol selected by client and server, or
323     * null if no protocol was negotiated.
324     *
325     * @param socket a socket created by this factory.
326     * @throws IllegalArgumentException if the socket was not created by this factory.
327     */
328    public byte[] getNpnSelectedProtocol(Socket socket) {
329        return castToOpenSSLSocket(socket).getNpnSelectedProtocol();
330    }
331
332    /**
333     * Returns the
334     * <a href="http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-01">Application
335     * Layer Protocol Negotiation (ALPN)</a> protocol selected by client and server, or null
336     * if no protocol was negotiated.
337     *
338     * @param socket a socket created by this factory.
339     * @throws IllegalArgumentException if the socket was not created by this factory.
340     * @hide
341     */
342    public byte[] getAlpnSelectedProtocol(Socket socket) {
343        return castToOpenSSLSocket(socket).getAlpnSelectedProtocol();
344    }
345
346    /**
347     * Sets the {@link KeyManager}s to be used for connections made by this factory.
348     */
349    public void setKeyManagers(KeyManager[] keyManagers) {
350        mKeyManagers = keyManagers;
351
352        // Clear out any existing cached factories since configurations have changed.
353        mSecureFactory = null;
354        mInsecureFactory = null;
355    }
356
357    /**
358     * Sets the private key to be used for TLS Channel ID by connections made by this
359     * factory.
360     *
361     * @param privateKey private key (enables TLS Channel ID) or {@code null} for no key (disables
362     *        TLS Channel ID). The private key has to be an Elliptic Curve (EC) key based on the
363     *        NIST P-256 curve (aka SECG secp256r1 or ANSI X9.62 prime256v1).
364     *
365     * @hide
366     */
367    public void setChannelIdPrivateKey(PrivateKey privateKey) {
368        mChannelIdPrivateKey = privateKey;
369    }
370
371    /**
372     * Enables <a href="http://tools.ietf.org/html/rfc5077#section-3.2">session ticket</a>
373     * support on the given socket.
374     *
375     * @param socket a socket created by this factory
376     * @param useSessionTickets {@code true} to enable session ticket support on this socket.
377     * @throws IllegalArgumentException if the socket was not created by this factory.
378     */
379    public void setUseSessionTickets(Socket socket, boolean useSessionTickets) {
380        castToOpenSSLSocket(socket).setUseSessionTickets(useSessionTickets);
381    }
382
383    /**
384     * Turns on <a href="http://tools.ietf.org/html/rfc6066#section-3">Server
385     * Name Indication (SNI)</a> on a given socket.
386     *
387     * @param socket a socket created by this factory.
388     * @param hostName the desired SNI hostname, null to disable.
389     * @throws IllegalArgumentException if the socket was not created by this factory.
390     */
391    public void setHostname(Socket socket, String hostName) {
392        castToOpenSSLSocket(socket).setHostname(hostName);
393    }
394
395    /**
396     * Sets this socket's SO_SNDTIMEO write timeout in milliseconds.
397     * Use 0 for no timeout.
398     * To take effect, this option must be set before the blocking method was called.
399     *
400     * @param socket a socket created by this factory.
401     * @param timeout the desired write timeout in milliseconds.
402     * @throws IllegalArgumentException if the socket was not created by this factory.
403     *
404     * @hide
405     */
406    public void setSoWriteTimeout(Socket socket, int writeTimeoutMilliseconds)
407            throws SocketException {
408        castToOpenSSLSocket(socket).setSoWriteTimeout(writeTimeoutMilliseconds);
409    }
410
411    private static OpenSSLSocketImpl castToOpenSSLSocket(Socket socket) {
412        if (!(socket instanceof OpenSSLSocketImpl)) {
413            throw new IllegalArgumentException("Socket not created by this factory: "
414                    + socket);
415        }
416
417        return (OpenSSLSocketImpl) socket;
418    }
419
420    /**
421     * {@inheritDoc}
422     *
423     * <p>This method verifies the peer's certificate hostname after connecting
424     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).
425     */
426    @Override
427    public Socket createSocket(Socket k, String host, int port, boolean close) throws IOException {
428        OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(k, host, port, close);
429        s.setNpnProtocols(mNpnProtocols);
430        s.setAlpnProtocols(mAlpnProtocols);
431        s.setHandshakeTimeout(mHandshakeTimeoutMillis);
432        s.setChannelIdPrivateKey(mChannelIdPrivateKey);
433        s.setHostname(host);
434        if (mSecure) {
435            verifyHostname(s, host);
436        }
437        return s;
438    }
439
440    /**
441     * Creates a new socket which is not connected to any remote host.
442     * You must use {@link Socket#connect} to connect the socket.
443     *
444     * <p class="caution"><b>Warning:</b> Hostname verification is not performed
445     * with this method.  You MUST verify the server's identity after connecting
446     * the socket to avoid man-in-the-middle attacks.</p>
447     */
448    @Override
449    public Socket createSocket() throws IOException {
450        OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket();
451        s.setNpnProtocols(mNpnProtocols);
452        s.setAlpnProtocols(mAlpnProtocols);
453        s.setHandshakeTimeout(mHandshakeTimeoutMillis);
454        s.setChannelIdPrivateKey(mChannelIdPrivateKey);
455        return s;
456    }
457
458    /**
459     * {@inheritDoc}
460     *
461     * <p class="caution"><b>Warning:</b> Hostname verification is not performed
462     * with this method.  You MUST verify the server's identity after connecting
463     * the socket to avoid man-in-the-middle attacks.</p>
464     */
465    @Override
466    public Socket createSocket(InetAddress addr, int port, InetAddress localAddr, int localPort)
467            throws IOException {
468        OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(
469                addr, port, localAddr, localPort);
470        s.setNpnProtocols(mNpnProtocols);
471        s.setAlpnProtocols(mAlpnProtocols);
472        s.setHandshakeTimeout(mHandshakeTimeoutMillis);
473        s.setChannelIdPrivateKey(mChannelIdPrivateKey);
474        return s;
475    }
476
477    /**
478     * {@inheritDoc}
479     *
480     * <p class="caution"><b>Warning:</b> Hostname verification is not performed
481     * with this method.  You MUST verify the server's identity after connecting
482     * the socket to avoid man-in-the-middle attacks.</p>
483     */
484    @Override
485    public Socket createSocket(InetAddress addr, int port) throws IOException {
486        OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(addr, port);
487        s.setNpnProtocols(mNpnProtocols);
488        s.setAlpnProtocols(mAlpnProtocols);
489        s.setHandshakeTimeout(mHandshakeTimeoutMillis);
490        s.setChannelIdPrivateKey(mChannelIdPrivateKey);
491        return s;
492    }
493
494    /**
495     * {@inheritDoc}
496     *
497     * <p>This method verifies the peer's certificate hostname after connecting
498     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).
499     */
500    @Override
501    public Socket createSocket(String host, int port, InetAddress localAddr, int localPort)
502            throws IOException {
503        OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(
504                host, port, localAddr, localPort);
505        s.setNpnProtocols(mNpnProtocols);
506        s.setAlpnProtocols(mAlpnProtocols);
507        s.setHandshakeTimeout(mHandshakeTimeoutMillis);
508        s.setChannelIdPrivateKey(mChannelIdPrivateKey);
509        if (mSecure) {
510            verifyHostname(s, host);
511        }
512        return s;
513    }
514
515    /**
516     * {@inheritDoc}
517     *
518     * <p>This method verifies the peer's certificate hostname after connecting
519     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).
520     */
521    @Override
522    public Socket createSocket(String host, int port) throws IOException {
523        OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(host, port);
524        s.setNpnProtocols(mNpnProtocols);
525        s.setAlpnProtocols(mAlpnProtocols);
526        s.setHandshakeTimeout(mHandshakeTimeoutMillis);
527        s.setChannelIdPrivateKey(mChannelIdPrivateKey);
528        if (mSecure) {
529            verifyHostname(s, host);
530        }
531        return s;
532    }
533
534    @Override
535    public String[] getDefaultCipherSuites() {
536        return getDelegate().getSupportedCipherSuites();
537    }
538
539    @Override
540    public String[] getSupportedCipherSuites() {
541        return getDelegate().getSupportedCipherSuites();
542    }
543}
544