151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/* 22c87ad3a45cecf9e344487cad1abfdebe79f2c7cNarayan Kamath * Copyright (C) 2014 The Android Open Source Project 389e6fad5ebb5cd58f12593021fb86dfea5334091Przemyslaw Szczepaniak * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. 451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is free software; you can redistribute it and/or modify it 751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * under the terms of the GNU General Public License version 2 only, as 851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * published by the Free Software Foundation. Oracle designates this 951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * particular file as subject to the "Classpath" exception as provided 1051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by Oracle in the LICENSE file that accompanied this code. 1151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is distributed in the hope that it will be useful, but WITHOUT 1351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 1451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 1551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * version 2 for more details (a copy is included in the LICENSE file that 1651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * accompanied this code). 1751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * You should have received a copy of the GNU General Public License version 1951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2 along with this work; if not, write to the Free Software Foundation, 2051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or visit www.oracle.com if you need additional information or have any 2451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * questions. 2551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 2651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipackage javax.net.ssl; 2851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.net.URL; 3051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.net.HttpURLConnection; 3151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.Principal; 3251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.cert.X509Certificate; 3351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 3451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/** 3551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>HttpsURLConnection</code> extends <code>HttpURLConnection</code> 3651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * with support for https-specific features. 3751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 3851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * See <A HREF="http://www.w3.org/pub/WWW/Protocols/"> 3951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * http://www.w3.org/pub/WWW/Protocols/</A> and 4051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <A HREF="http://www.ietf.org/"> RFC 2818 </A> 4151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * for more details on the 4251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * https specification. 4351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 4451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This class uses <code>HostnameVerifier</code> and 4551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>SSLSocketFactory</code>. 4651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * There are default implementations defined for both classes. 4751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * However, the implementations can be replaced on a per-class (static) or 4851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * per-instance basis. All new <code>HttpsURLConnection</code>s instances 4951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * will be assigned 5051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the "default" static values at instance creation, but they can be overriden 5151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by calling the appropriate per-instance set method(s) before 5251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>connect</code>ing. 5351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.4 5551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 5651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiabstract public 5751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiclass HttpsURLConnection extends HttpURLConnection 5851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski{ 5951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 6051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Creates an <code>HttpsURLConnection</code> using the 6151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * URL specified. 6251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 6351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param url the URL 6451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 6551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski protected HttpsURLConnection(URL url) { 6651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski super(url); 6751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 6851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 6951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 7051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the cipher suite in use on this connection. 7151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 7251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the cipher suite 7351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IllegalStateException if this method is called before 7451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the connection has been established. 7551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 7651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract String getCipherSuite(); 7751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 7851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 7951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the certificate(s) that were sent to the server during 8051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * handshaking. 8151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 8251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Note: This method is useful only when using certificate-based 8351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * cipher suites. 8451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 8551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * When multiple certificates are available for use in a 8651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * handshake, the implementation chooses what it considers the 8751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * "best" certificate chain available, and transmits that to 8851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the other side. This method allows the caller to know 8951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * which certificate chain was actually sent. 9051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 9151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return an ordered array of certificates, 9251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * with the client's own certificate first followed by any 9351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate authorities. If no certificates were sent, 9451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * then null is returned. 9551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IllegalStateException if this method is called before 9651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the connection has been established. 9751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getLocalPrincipal() 9851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 9951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract java.security.cert.Certificate [] getLocalCertificates(); 10051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 10151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 10251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the server's certificate chain which was established 10351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * as part of defining the session. 10451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 10551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Note: This method can be used only when using certificate-based 10651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * cipher suites; using it with non-certificate-based cipher suites, 10751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * such as Kerberos, will throw an SSLPeerUnverifiedException. 10851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 10951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return an ordered array of server certificates, 11051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * with the peer's own certificate first followed by 11151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * any certificate authorities. 11251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws SSLPeerUnverifiedException if the peer is not verified. 11351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IllegalStateException if this method is called before 11451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the connection has been established. 11551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getPeerPrincipal() 11651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 11751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract java.security.cert.Certificate [] getServerCertificates() 11851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws SSLPeerUnverifiedException; 11951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 12051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 12151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the server's principal which was established as part of 12251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * defining the session. 12351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 12451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Note: Subclasses should override this method. If not overridden, it 12551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * will default to returning the X500Principal of the server's end-entity 12651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate for certificate-based ciphersuites, or throw an 12751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * SSLPeerUnverifiedException for non-certificate based ciphersuites, 12851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * such as Kerberos. 12951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 13051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the server's principal. Returns an X500Principal of the 13151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * end-entity certiticate for X509-based cipher suites, and 13251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * KerberosPrincipal for Kerberos cipher suites. 13351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 13451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws SSLPeerUnverifiedException if the peer was not verified 13551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IllegalStateException if this method is called before 13651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the connection has been established. 13751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 13851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getServerCertificates() 13951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getLocalPrincipal() 14051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 14151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.5 14251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 14351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public Principal getPeerPrincipal() 14451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws SSLPeerUnverifiedException { 14551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 14651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski java.security.cert.Certificate[] certs = getServerCertificates(); 14789e6fad5ebb5cd58f12593021fb86dfea5334091Przemyslaw Szczepaniak return ((X509Certificate)certs[0]).getSubjectX500Principal(); 14851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 14951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 15051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 15151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the principal that was sent to the server during handshaking. 15251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 15351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Note: Subclasses should override this method. If not overridden, it 15451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * will default to returning the X500Principal of the end-entity certificate 15551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * that was sent to the server for certificate-based ciphersuites or, 15651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * return null for non-certificate based ciphersuites, such as Kerberos. 15751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 15851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the principal sent to the server. Returns an X500Principal 15951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * of the end-entity certificate for X509-based cipher suites, and 16051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * KerberosPrincipal for Kerberos cipher suites. If no principal was 16151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * sent, then null is returned. 16251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 16351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IllegalStateException if this method is called before 16451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the connection has been established. 16551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 16651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getLocalCertificates() 16751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getPeerPrincipal() 16851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 16951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.5 17051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 17151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public Principal getLocalPrincipal() { 17251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 17351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski java.security.cert.Certificate[] certs = getLocalCertificates(); 17451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (certs != null) { 17589e6fad5ebb5cd58f12593021fb86dfea5334091Przemyslaw Szczepaniak return ((X509Certificate)certs[0]).getSubjectX500Principal(); 17651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else { 17751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return null; 17851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 17951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 18051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 18109828c081bb594bc76a948ab79ff435ab1f97325Adam Vartanian // BEGIN Android-changed: Use lazily-created OkHttp hostname verifier 18209828c081bb594bc76a948ab79ff435ab1f97325Adam Vartanian // The RI default hostname verifier is a static member of the class, which means 18309828c081bb594bc76a948ab79ff435ab1f97325Adam Vartanian // it's created when the class is initialized. As well, its default verifier 18409828c081bb594bc76a948ab79ff435ab1f97325Adam Vartanian // just fails all verification attempts, whereas we use OkHttp's verifier. 185419d15f19dcb247d6188bb6954cb55e8c5ddf20aPrzemyslaw Szczepaniak /* 1862e1b9c6550cefe75aee07f0b9637c3fc4b539555Sergio Giro * Holds the default instance so class preloading doesn't create an instance of 187419d15f19dcb247d6188bb6954cb55e8c5ddf20aPrzemyslaw Szczepaniak * it. 18851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 189419d15f19dcb247d6188bb6954cb55e8c5ddf20aPrzemyslaw Szczepaniak private static class NoPreloadHolder { 190419d15f19dcb247d6188bb6954cb55e8c5ddf20aPrzemyslaw Szczepaniak public static HostnameVerifier defaultHostnameVerifier; 1912e1b9c6550cefe75aee07f0b9637c3fc4b539555Sergio Giro public static final Class<? extends HostnameVerifier> originalDefaultHostnameVerifierClass; 192419d15f19dcb247d6188bb6954cb55e8c5ddf20aPrzemyslaw Szczepaniak static { 193419d15f19dcb247d6188bb6954cb55e8c5ddf20aPrzemyslaw Szczepaniak try { 1942e1b9c6550cefe75aee07f0b9637c3fc4b539555Sergio Giro /** 1952e1b9c6550cefe75aee07f0b9637c3fc4b539555Sergio Giro * <code>HostnameVerifier</code> provides a callback mechanism so that 1962e1b9c6550cefe75aee07f0b9637c3fc4b539555Sergio Giro * implementers of this interface can supply a policy for 1972e1b9c6550cefe75aee07f0b9637c3fc4b539555Sergio Giro * handling the case where the host to connect to and 1982e1b9c6550cefe75aee07f0b9637c3fc4b539555Sergio Giro * the server name from the certificate mismatch. 1992e1b9c6550cefe75aee07f0b9637c3fc4b539555Sergio Giro */ 200419d15f19dcb247d6188bb6954cb55e8c5ddf20aPrzemyslaw Szczepaniak defaultHostnameVerifier = (HostnameVerifier) 201419d15f19dcb247d6188bb6954cb55e8c5ddf20aPrzemyslaw Szczepaniak Class.forName("com.android.okhttp.internal.tls.OkHostnameVerifier") 202419d15f19dcb247d6188bb6954cb55e8c5ddf20aPrzemyslaw Szczepaniak .getField("INSTANCE").get(null); 2032e1b9c6550cefe75aee07f0b9637c3fc4b539555Sergio Giro originalDefaultHostnameVerifierClass = defaultHostnameVerifier.getClass(); 204419d15f19dcb247d6188bb6954cb55e8c5ddf20aPrzemyslaw Szczepaniak } catch (Exception e) { 205419d15f19dcb247d6188bb6954cb55e8c5ddf20aPrzemyslaw Szczepaniak throw new AssertionError("Failed to obtain okhttp HostnameVerifier", e); 206419d15f19dcb247d6188bb6954cb55e8c5ddf20aPrzemyslaw Szczepaniak } 207419d15f19dcb247d6188bb6954cb55e8c5ddf20aPrzemyslaw Szczepaniak } 20851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 20951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 21051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 21151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The <code>hostnameVerifier</code> for this object. 21251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 2132e1b9c6550cefe75aee07f0b9637c3fc4b539555Sergio Giro protected HostnameVerifier hostnameVerifier; 21409828c081bb594bc76a948ab79ff435ab1f97325Adam Vartanian // END Android-changed: Use lazily-created OkHttp hostname verifier 21551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 21651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 21751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Sets the default <code>HostnameVerifier</code> inherited by a 21851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * new instance of this class. 21951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 22051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * If this method is not called, the default 22151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>HostnameVerifier</code> assumes the connection should not 22251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * be permitted. 22351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 22451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param v the default host name verifier 22551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IllegalArgumentException if the <code>HostnameVerifier</code> 22651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * parameter is null. 22751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws SecurityException if a security manager exists and its 22851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>checkPermission</code> method does not allow 22951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>SSLPermission("setHostnameVerifier")</code> 23051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getDefaultHostnameVerifier() 23151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 23251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public static void setDefaultHostnameVerifier(HostnameVerifier v) { 23351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (v == null) { 23451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new IllegalArgumentException( 23551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski "no default HostnameVerifier specified"); 23651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 23751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 23851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski SecurityManager sm = System.getSecurityManager(); 23951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (sm != null) { 24051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski sm.checkPermission(new SSLPermission("setHostnameVerifier")); 24151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 242419d15f19dcb247d6188bb6954cb55e8c5ddf20aPrzemyslaw Szczepaniak NoPreloadHolder.defaultHostnameVerifier = v; 24351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 24451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 24551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 24651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the default <code>HostnameVerifier</code> that is inherited 24751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by new instances of this class. 24851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 24951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the default host name verifier 25051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setDefaultHostnameVerifier(HostnameVerifier) 25151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 25251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public static HostnameVerifier getDefaultHostnameVerifier() { 2532e1b9c6550cefe75aee07f0b9637c3fc4b539555Sergio Giro return NoPreloadHolder.defaultHostnameVerifier; 254f7ab2bc37debba91864bfec6572a3e7bbe994c58Piotr Jastrzebski } 255f7ab2bc37debba91864bfec6572a3e7bbe994c58Piotr Jastrzebski 25651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 25751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Sets the <code>HostnameVerifier</code> for this instance. 25851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 25951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * New instances of this class inherit the default static hostname 26051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * verifier set by {@link #setDefaultHostnameVerifier(HostnameVerifier) 26151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * setDefaultHostnameVerifier}. Calls to this method replace 26251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * this object's <code>HostnameVerifier</code>. 26351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 26451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param v the host name verifier 26551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IllegalArgumentException if the <code>HostnameVerifier</code> 26651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * parameter is null. 26751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getHostnameVerifier() 26851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setDefaultHostnameVerifier(HostnameVerifier) 26951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 27051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public void setHostnameVerifier(HostnameVerifier v) { 27151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (v == null) { 27251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new IllegalArgumentException( 27351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski "no HostnameVerifier specified"); 27451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 27551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 27651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski hostnameVerifier = v; 27751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 27851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 27951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 28051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the <code>HostnameVerifier</code> in place on this instance. 28151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 28251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the host name verifier 28351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setHostnameVerifier(HostnameVerifier) 28451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setDefaultHostnameVerifier(HostnameVerifier) 28551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 28651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public HostnameVerifier getHostnameVerifier() { 28709828c081bb594bc76a948ab79ff435ab1f97325Adam Vartanian // Android-added: Use the default verifier if none is set 2882e1b9c6550cefe75aee07f0b9637c3fc4b539555Sergio Giro if (hostnameVerifier == null) { 289abd00f0eaa46f71f98e75a631c268c812d1ec7c1Sergio Giro hostnameVerifier = NoPreloadHolder.defaultHostnameVerifier; 2902e1b9c6550cefe75aee07f0b9637c3fc4b539555Sergio Giro } 29151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return hostnameVerifier; 29251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 29351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 29451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private static SSLSocketFactory defaultSSLSocketFactory = null; 29551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 29651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 29751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The <code>SSLSocketFactory</code> inherited when an instance 29851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * of this class is created. 29951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 30051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private SSLSocketFactory sslSocketFactory = getDefaultSSLSocketFactory(); 30151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 30251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 30351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Sets the default <code>SSLSocketFactory</code> inherited by new 30451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * instances of this class. 30551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 30651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The socket factories are used when creating sockets for secure 30751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * https URL connections. 30851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 30951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param sf the default SSL socket factory 31051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IllegalArgumentException if the SSLSocketFactory 31151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * parameter is null. 31251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws SecurityException if a security manager exists and its 31351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>checkSetFactory</code> method does not allow 31451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * a socket factory to be specified. 31551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getDefaultSSLSocketFactory() 31651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 31751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public static void setDefaultSSLSocketFactory(SSLSocketFactory sf) { 31851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (sf == null) { 31951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new IllegalArgumentException( 32051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski "no default SSLSocketFactory specified"); 32151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 32251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 32351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski SecurityManager sm = System.getSecurityManager(); 32451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (sm != null) { 32551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski sm.checkSetFactory(); 32651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 32751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski defaultSSLSocketFactory = sf; 32851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 32951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 33051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 33151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the default static <code>SSLSocketFactory</code> that is 33251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * inherited by new instances of this class. 33351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 33451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The socket factories are used when creating sockets for secure 33551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * https URL connections. 33651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 33751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the default <code>SSLSocketFactory</code> 33851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setDefaultSSLSocketFactory(SSLSocketFactory) 33951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 34051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public static SSLSocketFactory getDefaultSSLSocketFactory() { 34151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (defaultSSLSocketFactory == null) { 34251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski defaultSSLSocketFactory = 34351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski (SSLSocketFactory)SSLSocketFactory.getDefault(); 34451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 34551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return defaultSSLSocketFactory; 34651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 34751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 34851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 34951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Sets the <code>SSLSocketFactory</code> to be used when this instance 35051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * creates sockets for secure https URL connections. 35151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 35251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * New instances of this class inherit the default static 35351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>SSLSocketFactory</code> set by 35451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link #setDefaultSSLSocketFactory(SSLSocketFactory) 35551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * setDefaultSSLSocketFactory}. Calls to this method replace 35651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * this object's <code>SSLSocketFactory</code>. 35751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 35851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param sf the SSL socket factory 35951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IllegalArgumentException if the <code>SSLSocketFactory</code> 36051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * parameter is null. 36151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getSSLSocketFactory() 36251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 36351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public void setSSLSocketFactory(SSLSocketFactory sf) { 36451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (sf == null) { 36551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new IllegalArgumentException( 36651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski "no SSLSocketFactory specified"); 36751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 36851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 36951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski SecurityManager sm = System.getSecurityManager(); 37051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (sm != null) { 37151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski sm.checkSetFactory(); 37251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 37351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski sslSocketFactory = sf; 37451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 37551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 37651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 37751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the SSL socket factory to be used when creating sockets 37851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * for secure https URL connections. 37951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 38051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the <code>SSLSocketFactory</code> 38151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setSSLSocketFactory(SSLSocketFactory) 38251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 38351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public SSLSocketFactory getSSLSocketFactory() { 38451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return sslSocketFactory; 38551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 38651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski} 387