diff --git a/app/src/main/java/com/github/catvod/net/OkHttp.java b/app/src/main/java/com/github/catvod/net/OkHttp.java index ce12ee6..24cbf34 100644 --- a/app/src/main/java/com/github/catvod/net/OkHttp.java +++ b/app/src/main/java/com/github/catvod/net/OkHttp.java @@ -101,6 +101,6 @@ public class OkHttp { } public static OkHttpClient.Builder getBuilder() { - return new OkHttpClient.Builder().addInterceptor(new OkhttpInterceptor()).dns(dns()).connectTimeout(30, TimeUnit.SECONDS).readTimeout(30, TimeUnit.SECONDS).writeTimeout(30, TimeUnit.SECONDS).hostnameVerifier(SSLCompat.VERIFIER).sslSocketFactory(new SSLCompat(), SSLCompat.TM); + return new OkHttpClient.Builder().addInterceptor(new OkhttpInterceptor()).dns(dns()).connectTimeout(30, TimeUnit.SECONDS).readTimeout(30, TimeUnit.SECONDS).writeTimeout(30, TimeUnit.SECONDS).hostnameVerifier((hostname, session) -> true).sslSocketFactory(new SSLCompat(), SSLCompat.TM); } } diff --git a/app/src/main/java/com/github/catvod/net/SSLCompat.java b/app/src/main/java/com/github/catvod/net/SSLCompat.java index b0a1d33..3af4a81 100644 --- a/app/src/main/java/com/github/catvod/net/SSLCompat.java +++ b/app/src/main/java/com/github/catvod/net/SSLCompat.java @@ -1,5 +1,7 @@ package com.github.catvod.net; +import android.annotation.SuppressLint; + import java.io.IOException; import java.net.InetAddress; import java.net.Socket; @@ -9,7 +11,6 @@ import java.util.HashSet; import java.util.LinkedList; import java.util.List; -import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; @@ -18,30 +19,22 @@ import javax.net.ssl.X509TrustManager; public class SSLCompat extends SSLSocketFactory { - public static final HostnameVerifier VERIFIER = (hostname, session) -> true; - private static String[] cipherSuites; - private static String[] protocols; private SSLSocketFactory factory; + private String[] cipherSuites; + private String[] protocols; - static { + public SSLCompat() { try { + List list = new LinkedList<>(); SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); - List protocols = new LinkedList<>(); - for (String protocol : socket.getSupportedProtocols()) if (!protocol.toUpperCase().contains("SSL")) protocols.add(protocol); - SSLCompat.protocols = protocols.toArray(new String[protocols.size()]); + for (String protocol : socket.getSupportedProtocols()) if (!protocol.toUpperCase().contains("SSL")) list.add(protocol); + protocols = list.toArray(new String[0]); List allowedCiphers = Arrays.asList("TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); List availableCiphers = Arrays.asList(socket.getSupportedCipherSuites()); HashSet preferredCiphers = new HashSet<>(allowedCiphers); preferredCiphers.retainAll(availableCiphers); preferredCiphers.addAll(new HashSet<>(Arrays.asList(socket.getEnabledCipherSuites()))); - SSLCompat.cipherSuites = preferredCiphers.toArray(new String[preferredCiphers.size()]); - } catch (IOException e) { - e.printStackTrace(); - } - } - - public SSLCompat() { - try { + cipherSuites = preferredCiphers.toArray(new String[0]); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, new X509TrustManager[]{TM}, null); HttpsURLConnection.setDefaultSSLSocketFactory(factory = context.getSocketFactory()); @@ -100,7 +93,9 @@ public class SSLCompat extends SSLSocketFactory { if (cipherSuites != null) ssl.setEnabledCipherSuites(cipherSuites); } + @SuppressLint({"TrustAllX509TrustManager", "CustomX509TrustManager"}) public static final X509TrustManager TM = new X509TrustManager() { + @Override public void checkClientTrusted(X509Certificate[] chain, String authType) { }