1 /* 2 * Copyright 2014 Square Inc. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package com.squareup.okhttp; 17 18 import java.io.IOException; 19 import java.net.InetAddress; 20 import java.net.Socket; 21 import java.util.ArrayList; 22 import java.util.List; 23 import javax.net.ssl.SSLSocket; 24 import javax.net.ssl.SSLSocketFactory; 25 26 /** 27 * An SSLSocketFactory that delegates calls. Sockets created by the delegate are wrapped with ones 28 * that will not accept the {@link #TLS_FALLBACK_SCSV} cipher, thus bypassing server-side fallback 29 * checks on platforms that support it. Unfortunately this wrapping will disable any 30 * reflection-based calls to SSLSocket from Platform. 31 */ 32 public class FallbackTestClientSocketFactory extends DelegatingSSLSocketFactory { 33 /** 34 * The cipher suite used during TLS connection fallback to indicate a fallback. 35 * See https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 36 */ 37 public static final String TLS_FALLBACK_SCSV = "TLS_FALLBACK_SCSV"; 38 FallbackTestClientSocketFactory(SSLSocketFactory delegate)39 public FallbackTestClientSocketFactory(SSLSocketFactory delegate) { 40 super(delegate); 41 } 42 configureSocket(SSLSocket sslSocket)43 @Override protected SSLSocket configureSocket(SSLSocket sslSocket) throws IOException { 44 return new TlsFallbackScsvDisabledSSLSocket(sslSocket); 45 } 46 47 private static class TlsFallbackScsvDisabledSSLSocket extends DelegatingSSLSocket { 48 TlsFallbackScsvDisabledSSLSocket(SSLSocket socket)49 public TlsFallbackScsvDisabledSSLSocket(SSLSocket socket) { 50 super(socket); 51 } 52 setEnabledCipherSuites(String[] suites)53 @Override public void setEnabledCipherSuites(String[] suites) { 54 List<String> enabledCipherSuites = new ArrayList<String>(suites.length); 55 for (String suite : suites) { 56 if (!suite.equals(TLS_FALLBACK_SCSV)) { 57 enabledCipherSuites.add(suite); 58 } 59 } 60 delegate.setEnabledCipherSuites( 61 enabledCipherSuites.toArray(new String[enabledCipherSuites.size()])); 62 } 63 } 64 } 65