Support tls 1.3

2 years ago · 8ce9a09b39
parent 90565e952e
commit 8ce9a09b39
6 changed files with 111 additions and 120 deletions
--- a/app/build.gradle
+++ b/app/build.gradle
@ -117,7 +117,6 @@ dependencies {
    implementation 'com.google.zxing:core:3.3.0'
    implementation 'com.guolindev.permissionx:permissionx:1.7.1'
    implementation 'org.chromium.net:cronet-embedded:101.4951.41'
-    implementation 'org.conscrypt:conscrypt-android:2.5.2'
    implementation 'org.greenrobot:eventbus:3.3.1'
    implementation 'org.nanohttpd:nanohttpd:2.3.1'
    implementation('org.simpleframework:simple-xml:2.7.1') { exclude group: 'stax', module: 'stax-api' exclude group: 'xpp3', module: 'xpp3' }
--- a/app/src/main/java/com/fongmi/android/tv/App.java
+++ b/app/src/main/java/com/fongmi/android/tv/App.java
@ -93,7 +93,6 @@ public class App extends Application {
        super.onCreate();
        Notify.createChannel();
        Logger.addLogAdapter(getLogAdapter());
-        Security.insertProviderAt(Conscrypt.newProvider(), 1);
        OkHttp.get().setDoh(Doh.objectFrom(Setting.getDoh()));
        CaocConfig.Builder.create().backgroundMode(CaocConfig.BACKGROUND_MODE_SILENT).errorActivity(CrashActivity.class).apply();
        registerActivityLifecycleCallbacks(new ActivityLifecycleCallbacks() {
--- a/catvod/build.gradle
+++ b/catvod/build.gradle
@ -21,5 +21,6 @@ dependencies {
    api 'com.orhanobut:logger:2.2.0'
    api 'com.squareup.okhttp3:okhttp:' + okhttpVersion
    api 'com.squareup.okhttp3:okhttp-dnsoverhttps:' + okhttpVersion
+    api 'org.conscrypt:conscrypt-android:2.5.2'
    api 'org.jsoup:jsoup:' + jsoupVersion
 }
--- a/catvod/src/main/java/com/github/catvod/net/OkHttp.java
+++ b/catvod/src/main/java/com/github/catvod/net/OkHttp.java
@ -5,12 +5,15 @@ import android.util.ArrayMap;
 import com.github.catvod.bean.Doh;
 import com.github.catvod.utils.Path;

+import java.util.Arrays;
+import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.concurrent.TimeUnit;

 import okhttp3.Cache;
 import okhttp3.Call;
+import okhttp3.ConnectionSpec;
 import okhttp3.Dns;
 import okhttp3.Headers;
 import okhttp3.HttpUrl;
@ -37,7 +40,7 @@ public class OkHttp {
    }

    public void setDoh(Doh doh) {
-        OkHttpClient dohClient = new OkHttpClient.Builder().cache(new Cache(Path.doh(), CACHE)).hostnameVerifier(SSLSocketFactoryCompat.hostnameVerifier).sslSocketFactory(new SSLSocketFactoryCompat(), SSLSocketFactoryCompat.trustAllCert).build();
+        OkHttpClient dohClient = new OkHttpClient.Builder().connectionSpecs(getConnectionSpec()).cache(new Cache(Path.doh(), CACHE)).hostnameVerifier(SSLCompat.VERIFIER).sslSocketFactory(new SSLCompat(), SSLCompat.TM).build();
        dns = doh.getUrl().isEmpty() ? null : new DnsOverHttps.Builder().client(dohClient).url(HttpUrl.get(doh.getUrl())).bootstrapDnsHosts(doh.getHosts()).build();
        client = null;
        noRedirect = null;
@ -58,7 +61,7 @@ public class OkHttp {
    }

    public static OkHttpClient client(int timeout) {
-        return new OkHttpClient.Builder().connectTimeout(timeout, TimeUnit.MILLISECONDS).readTimeout(timeout, TimeUnit.MILLISECONDS).writeTimeout(timeout, TimeUnit.MILLISECONDS).dns(dns()).hostnameVerifier(SSLSocketFactoryCompat.hostnameVerifier).sslSocketFactory(new SSLSocketFactoryCompat(), SSLSocketFactoryCompat.trustAllCert).build();
+        return new OkHttpClient.Builder().connectionSpecs(getConnectionSpec()).connectTimeout(timeout, TimeUnit.MILLISECONDS).readTimeout(timeout, TimeUnit.MILLISECONDS).writeTimeout(timeout, TimeUnit.MILLISECONDS).dns(dns()).hostnameVerifier(SSLCompat.VERIFIER).sslSocketFactory(new SSLCompat(), SSLCompat.TM).build();
    }

    public static Call newCall(String url) {
@ -85,6 +88,10 @@ public class OkHttp {
        return client.newCall(new Request.Builder().url(url).post(body).build());
    }

+    private static List<ConnectionSpec> getConnectionSpec() {
+        return Arrays.asList(ConnectionSpec.RESTRICTED_TLS, ConnectionSpec.COMPATIBLE_TLS, ConnectionSpec.MODERN_TLS, ConnectionSpec.CLEARTEXT);
+    }
+
    private static HttpUrl buildUrl(String url, ArrayMap<String, String> params) {
        HttpUrl.Builder builder = Objects.requireNonNull(HttpUrl.parse(url)).newBuilder();
        for (Map.Entry<String, String> entry : params.entrySet()) builder.addQueryParameter(entry.getKey(), entry.getValue());
--- a/catvod/src/main/java/com/github/catvod/net/SSLCompat.java
+++ b/catvod/src/main/java/com/github/catvod/net/SSLCompat.java
@ -0,0 +1,101 @@
+package com.github.catvod.net;
+
+import android.annotation.SuppressLint;
+
+import org.conscrypt.Conscrypt;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.security.Provider;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+public class SSLCompat extends SSLSocketFactory {
+
+    public static final HostnameVerifier VERIFIER = (hostname, session) -> true;
+
+    private SSLSocketFactory factory;
+
+    public SSLCompat() {
+        try {
+            Provider provider = Conscrypt.newProvider();
+            Security.insertProviderAt(provider, 1);
+            SSLContext context = SSLContext.getInstance("TLS", provider);
+            context.init(null, new TrustManager[]{TM}, null);
+            factory = context.getSocketFactory();
+            HttpsURLConnection.setDefaultSSLSocketFactory(factory);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    @Override
+    public String[] getDefaultCipherSuites() {
+        return factory.getDefaultCipherSuites();
+    }
+
+    @Override
+    public String[] getSupportedCipherSuites() {
+        return factory.getSupportedCipherSuites();
+    }
+
+    @Override
+    public Socket createSocket() throws IOException {
+        return enableTLSOnSocket(factory.createSocket());
+    }
+
+    @Override
+    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
+        return enableTLSOnSocket(factory.createSocket(s, host, port, autoClose));
+    }
+
+    @Override
+    public Socket createSocket(String host, int port) throws IOException {
+        return enableTLSOnSocket(factory.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
+        return enableTLSOnSocket(factory.createSocket(host, port, localHost, localPort));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress host, int port) throws IOException {
+        return enableTLSOnSocket(factory.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
+        return enableTLSOnSocket(factory.createSocket(address, port, localAddress, localPort));
+    }
+
+    private Socket enableTLSOnSocket(Socket socket) {
+        if (socket instanceof SSLSocket) ((SSLSocket) socket).setEnabledProtocols(new String[]{"TLSv1.2", "TLSv1.3"});
+        return socket;
+    }
+
+    @SuppressLint({"TrustAllX509TrustManager", "CustomX509TrustManager"})
+    public static final X509TrustManager TM = new X509TrustManager() {
+        @Override
+        public void checkClientTrusted(X509Certificate[] chain, String authType) {
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] chain, String authType) {
+        }
+
+        @Override
+        public X509Certificate[] getAcceptedIssuers() {
+            return new X509Certificate[]{};
+        }
+    };
+}
--- a/catvod/src/main/java/com/github/catvod/net/SSLSocketFactoryCompat.java
+++ b/catvod/src/main/java/com/github/catvod/net/SSLSocketFactoryCompat.java
@ -1,116 +0,0 @@
-package com.github.catvod.net;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.Socket;
-import java.security.GeneralSecurityException;
-import java.security.cert.X509Certificate;
-import java.util.LinkedList;
-import java.util.List;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.X509TrustManager;
-
-public class SSLSocketFactoryCompat extends SSLSocketFactory {
-
-    public static final HostnameVerifier hostnameVerifier = (hostname, session) -> true;
-
-    public static final X509TrustManager trustAllCert = new X509TrustManager() {
-        @Override
-        public void checkClientTrusted(X509Certificate[] chain, String authType) {
-        }
-
-        @Override
-        public void checkServerTrusted(X509Certificate[] chain, String authType) {
-        }
-
-        @Override
-        public X509Certificate[] getAcceptedIssuers() {
-            return new X509Certificate[]{};
-        }
-    };
-
-    static String[] protocols = null;
-    static String[] cipherSuites = null;
-
-    static {
-        try {
-            SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
-            if (socket != null) {
-                List<String> protocols = new LinkedList<>();
-                for (String protocol : socket.getSupportedProtocols()) if (!protocol.toUpperCase().contains("SSL")) protocols.add(protocol);
-                SSLSocketFactoryCompat.protocols = protocols.toArray(new String[protocols.size()]);
-            }
-        } catch (IOException e) {
-            throw new RuntimeException(e);
-        }
-    }
-
-    private final SSLSocketFactory defaultFactory;
-
-    public SSLSocketFactoryCompat() {
-        try {
-            SSLContext sslContext = SSLContext.getInstance("TLS");
-            sslContext.init(null, new X509TrustManager[]{SSLSocketFactoryCompat.trustAllCert}, null);
-            defaultFactory = sslContext.getSocketFactory();
-            HttpsURLConnection.setDefaultSSLSocketFactory(defaultFactory);
-        } catch (GeneralSecurityException e) {
-            throw new AssertionError();
-        }
-    }
-
-    private void upgradeTLS(SSLSocket ssl) {
-        if (protocols != null) {
-            ssl.setEnabledProtocols(protocols);
-        }
-    }
-
-    @Override
-    public String[] getDefaultCipherSuites() {
-        return cipherSuites;
-    }
-
-    @Override
-    public String[] getSupportedCipherSuites() {
-        return cipherSuites;
-    }
-
-    @Override
-    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
-        Socket ssl = defaultFactory.createSocket(s, host, port, autoClose);
-        if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl);
-        return ssl;
-    }
-
-    @Override
-    public Socket createSocket(String host, int port) throws IOException {
-        Socket ssl = defaultFactory.createSocket(host, port);
-        if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl);
-        return ssl;
-    }
-
-    @Override
-    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
-        Socket ssl = defaultFactory.createSocket(host, port, localHost, localPort);
-        if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl);
-        return ssl;
-    }
-
-    @Override
-    public Socket createSocket(InetAddress host, int port) throws IOException {
-        Socket ssl = defaultFactory.createSocket(host, port);
-        if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl);
-        return ssl;
-    }
-
-    @Override
-    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
-        Socket ssl = defaultFactory.createSocket(address, port, localAddress, localPort);
-        if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl);
-        return ssl;
-    }
-}