From 728e055471aa020223aeb929aebd6aa10deeb2ff Mon Sep 17 00:00:00 2001 From: FongMi Date: Tue, 21 Nov 2023 23:14:34 +0800 Subject: [PATCH] Clean code --- app/build.gradle | 1 + .../main/java/com/fongmi/android/tv/App.java | 4 + .../java/com/github/catvod/net/OkHttp.java | 43 ++++++- .../java/com/github/catvod/net/SSLCompat.java | 121 ------------------ 4 files changed, 45 insertions(+), 124 deletions(-) delete mode 100644 catvod/src/main/java/com/github/catvod/net/SSLCompat.java diff --git a/app/build.gradle b/app/build.gradle index f6fcf0666..1cdbca7bd 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -119,6 +119,7 @@ dependencies { implementation 'com.guolindev.permissionx:permissionx:1.7.1' implementation 'com.hierynomus:smbj:0.11.5' implementation 'org.chromium.net:cronet-embedded:76.3809.111' + implementation 'org.conscrypt:conscrypt-android:2.5.2' implementation 'org.eclipse.jetty:jetty-client:8.1.21.v20160908' implementation 'org.eclipse.jetty:jetty-server:8.1.21.v20160908' implementation 'org.eclipse.jetty:jetty-servlet:8.1.21.v20160908' diff --git a/app/src/main/java/com/fongmi/android/tv/App.java b/app/src/main/java/com/fongmi/android/tv/App.java index 6c7aa6bed..f944ed47a 100644 --- a/app/src/main/java/com/fongmi/android/tv/App.java +++ b/app/src/main/java/com/fongmi/android/tv/App.java @@ -25,6 +25,9 @@ import com.orhanobut.logger.LogAdapter; import com.orhanobut.logger.Logger; import com.orhanobut.logger.PrettyFormatStrategy; +import org.conscrypt.Conscrypt; + +import java.security.Security; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; @@ -98,6 +101,7 @@ public class App extends Application { @Override protected void attachBaseContext(Context base) { + Security.insertProviderAt(Conscrypt.newProvider(), 1); super.attachBaseContext(base); Init.set(base); } diff --git a/catvod/src/main/java/com/github/catvod/net/OkHttp.java b/catvod/src/main/java/com/github/catvod/net/OkHttp.java index df852cc17..52b0c6339 100644 --- a/catvod/src/main/java/com/github/catvod/net/OkHttp.java +++ b/catvod/src/main/java/com/github/catvod/net/OkHttp.java @@ -8,10 +8,19 @@ import com.github.catvod.utils.Path; import com.github.catvod.utils.Util; import com.google.common.net.HttpHeaders; +import java.security.SecureRandom; +import java.security.cert.X509Certificate; import java.util.Map; import java.util.Objects; import java.util.concurrent.TimeUnit; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + import okhttp3.Cache; import okhttp3.Call; import okhttp3.Dns; @@ -45,8 +54,8 @@ public class OkHttp { } public void setDoh(Doh doh) { - OkHttpClient dohClient = new OkHttpClient.Builder().cache(new Cache(Path.doh(), CACHE)).hostnameVerifier(SSLCompat.VERIFIER).sslSocketFactory(new SSLCompat(), SSLCompat.TM).build(); - dns = doh.getUrl().isEmpty() ? null : new DnsOverHttps.Builder().client(dohClient).url(HttpUrl.get(doh.getUrl())).bootstrapDnsHosts(doh.getHosts()).build(); + OkHttpClient dohClient = new OkHttpClient.Builder().cache(new Cache(Path.doh(), CACHE)).build(); + dns = doh.getUrl().isEmpty() ? null : new DnsOverHttps.Builder().client(new OkHttpClient.Builder().cache(new Cache(Path.doh(), CACHE)).build()).url(HttpUrl.get(doh.getUrl())).bootstrapDnsHosts(doh.getHosts()).build(); client = null; } @@ -129,8 +138,36 @@ public class OkHttp { } private static OkHttpClient.Builder getBuilder() { - OkHttpClient.Builder builder = new OkHttpClient.Builder().addInterceptor(new OkhttpInterceptor()).connectTimeout(TIMEOUT, TimeUnit.MILLISECONDS).readTimeout(TIMEOUT, TimeUnit.MILLISECONDS).writeTimeout(TIMEOUT, TimeUnit.MILLISECONDS).dns(dns()).hostnameVerifier(SSLCompat.VERIFIER).sslSocketFactory(new SSLCompat(), SSLCompat.TM); + OkHttpClient.Builder builder = new OkHttpClient.Builder().addInterceptor(new OkhttpInterceptor()).connectTimeout(TIMEOUT, TimeUnit.MILLISECONDS).readTimeout(TIMEOUT, TimeUnit.MILLISECONDS).writeTimeout(TIMEOUT, TimeUnit.MILLISECONDS).dns(dns()); builder.proxySelector(selector()); + ignoreSSLErrors(builder); return builder; } + + private static void ignoreSSLErrors(OkHttpClient.Builder builder) { + try { + SSLContext context = SSLContext.getInstance("SSL"); + context.init(null, TM, new SecureRandom()); + HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory()); + builder.sslSocketFactory(context.getSocketFactory(), (X509TrustManager) TM[0]); + builder.hostnameVerifier((hostname, session) -> true); + } catch (Exception e) { + e.printStackTrace(); + } + } + + private static final TrustManager[] TM = new TrustManager[]{new X509TrustManager() { + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) { + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) { + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[]{}; + } + }}; } diff --git a/catvod/src/main/java/com/github/catvod/net/SSLCompat.java b/catvod/src/main/java/com/github/catvod/net/SSLCompat.java deleted file mode 100644 index 3af1a8f13..000000000 --- a/catvod/src/main/java/com/github/catvod/net/SSLCompat.java +++ /dev/null @@ -1,121 +0,0 @@ -package com.github.catvod.net; - -import android.annotation.SuppressLint; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.Socket; -import java.security.cert.X509Certificate; -import java.util.Arrays; -import java.util.HashSet; -import java.util.LinkedList; -import java.util.List; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.X509TrustManager; - -public class SSLCompat extends SSLSocketFactory { - - public static final HostnameVerifier VERIFIER = (hostname, session) -> true; - private static String[] cipherSuites; - private static String[] protocols; - private SSLSocketFactory factory; - - static { - try { - SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); - List protocols = new LinkedList<>(); - for (String protocol : socket.getSupportedProtocols()) if (!protocol.toUpperCase().contains("SSL")) protocols.add(protocol); - SSLCompat.protocols = protocols.toArray(new String[protocols.size()]); - List allowedCiphers = Arrays.asList("TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); - List availableCiphers = Arrays.asList(socket.getSupportedCipherSuites()); - HashSet preferredCiphers = new HashSet<>(allowedCiphers); - preferredCiphers.retainAll(availableCiphers); - preferredCiphers.addAll(new HashSet<>(Arrays.asList(socket.getEnabledCipherSuites()))); - SSLCompat.cipherSuites = preferredCiphers.toArray(new String[preferredCiphers.size()]); - } catch (IOException e) { - e.printStackTrace(); - } - } - - public SSLCompat() { - try { - SSLContext context = SSLContext.getInstance("TLS"); - context.init(null, new X509TrustManager[]{TM}, null); - HttpsURLConnection.setDefaultSSLSocketFactory(factory = context.getSocketFactory()); - } catch (Exception e) { - e.printStackTrace(); - } - } - - @Override - public String[] getDefaultCipherSuites() { - return cipherSuites; - } - - @Override - public String[] getSupportedCipherSuites() { - return cipherSuites; - } - - @Override - public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { - Socket ssl = factory.createSocket(s, host, port, autoClose); - if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); - return ssl; - } - - @Override - public Socket createSocket(String host, int port) throws IOException { - Socket ssl = factory.createSocket(host, port); - if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); - return ssl; - } - - @Override - public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException { - Socket ssl = factory.createSocket(host, port, localHost, localPort); - if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); - return ssl; - } - - @Override - public Socket createSocket(InetAddress host, int port) throws IOException { - Socket ssl = factory.createSocket(host, port); - if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); - return ssl; - } - - @Override - public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { - Socket ssl = factory.createSocket(address, port, localAddress, localPort); - if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); - return ssl; - } - - private void upgradeTLS(SSLSocket ssl) { - if (protocols != null) ssl.setEnabledProtocols(protocols); - if (cipherSuites != null) ssl.setEnabledCipherSuites(cipherSuites); - } - - @SuppressLint({"TrustAllX509TrustManager", "CustomX509TrustManager"}) - public static final X509TrustManager TM = new X509TrustManager() { - - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) { - } - - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType) { - } - - @Override - public X509Certificate[] getAcceptedIssuers() { - return new X509Certificate[]{}; - } - }; -}