Update ssl

3 years ago · 06b878239a
parent 2b1651dbb7
commit 06b878239a
5 changed files with 20 additions and 4 deletions
--- a/app/build.gradle
+++ b/app/build.gradle
@ -33,7 +33,7 @@ android {

 dependencies {
    implementation 'com.squareup.okhttp3:okhttp:3.12.13'
-    implementation 'com.google.code.gson:gson:2.9.1'
+    implementation 'com.google.code.gson:gson:2.8.6'
    implementation 'cn.wanghaomiao:JsoupXpath:2.5.1'
    implementation 'com.google.zxing:core:3.3.0'
    implementation 'org.jsoup:jsoup:1.15.3'
--- a/app/src/main/java/com/github/catvod/net/OkHttpUtil.java
+++ b/app/src/main/java/com/github/catvod/net/OkHttpUtil.java
@ -24,7 +24,7 @@ public class OkHttpUtil {
    public static OkHttpClient defaultClient() {
        synchronized (lockO) {
            if (defaultClient == null) {
-                OkHttpClient.Builder builder = new OkHttpClient.Builder().dns(safeDns()).readTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS).writeTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS).connectTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS).retryOnConnectionFailure(true).sslSocketFactory(new SSLSocketFactoryCompat(), SSLSocketFactoryCompat.trustAllCert);
+                OkHttpClient.Builder builder = new OkHttpClient.Builder().dns(safeDns()).readTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS).writeTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS).connectTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS).retryOnConnectionFailure(true).hostnameVerifier(SSLSocketFactoryCompat.hostnameVerifier).sslSocketFactory(new SSLSocketFactoryCompat(), SSLSocketFactoryCompat.trustAllCert);
                defaultClient = builder.build();
            }
            return defaultClient;
--- a/app/src/main/java/com/github/catvod/net/SSLSocketFactoryCompat.java
+++ b/app/src/main/java/com/github/catvod/net/SSLSocketFactoryCompat.java
@ -5,9 +5,13 @@ import java.net.InetAddress;
 import java.net.Socket;
 import java.security.GeneralSecurityException;
 import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.HashSet;
 import java.util.LinkedList;
 import java.util.List;

+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
@ -15,6 +19,8 @@ import javax.net.ssl.X509TrustManager;

 public class SSLSocketFactoryCompat extends SSLSocketFactory {

+    public static final HostnameVerifier hostnameVerifier = (hostname, session) -> true;
+
    public static final X509TrustManager trustAllCert = new X509TrustManager() {

        @Override
@ -41,6 +47,12 @@ public class SSLSocketFactoryCompat extends SSLSocketFactory {
                List<String> protocols = new LinkedList<>();
                for (String protocol : socket.getSupportedProtocols()) if (!protocol.toUpperCase().contains("SSL")) protocols.add(protocol);
                SSLSocketFactoryCompat.protocols = protocols.toArray(new String[protocols.size()]);
+                List<String> allowedCiphers = Arrays.asList("TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
+                List<String> availableCiphers = Arrays.asList(socket.getSupportedCipherSuites());
+                HashSet<String> preferredCiphers = new HashSet<>(allowedCiphers);
+                preferredCiphers.retainAll(availableCiphers);
+                preferredCiphers.addAll(new HashSet<>(Arrays.asList(socket.getEnabledCipherSuites())));
+                SSLSocketFactoryCompat.cipherSuites = preferredCiphers.toArray(new String[preferredCiphers.size()]);
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
@ -54,8 +66,9 @@ public class SSLSocketFactoryCompat extends SSLSocketFactory {
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, new X509TrustManager[]{SSLSocketFactoryCompat.trustAllCert}, null);
            defaultFactory = sslContext.getSocketFactory();
+            HttpsURLConnection.setDefaultSSLSocketFactory(defaultFactory);
        } catch (GeneralSecurityException e) {
-            throw new AssertionError(); // The system has no TLS. Just give up.
+            throw new AssertionError();
        }
    }

@ -63,6 +76,9 @@ public class SSLSocketFactoryCompat extends SSLSocketFactory {
        if (protocols != null) {
            ssl.setEnabledProtocols(protocols);
        }
+        if (cipherSuites != null) {
+            ssl.setEnabledCipherSuites(cipherSuites);
+        }
    }

    @Override
--- a/jar/custom_spider.jar
+++ b/jar/custom_spider.jar
--- a/jar/custom_spider.jar.md5
+++ b/jar/custom_spider.jar.md5
@ -1 +1 @@
-0253ba01e6a8e8f11716139823b8baab
+e889b257fb9dbaf519f3c095231c12ea