From 8ce9a09b3948c6847a869fc423f01775a56f5cc0 Mon Sep 17 00:00:00 2001 From: FongMi Date: Tue, 8 Aug 2023 18:20:21 +0800 Subject: [PATCH] Support tls 1.3 --- app/build.gradle | 1 - .../main/java/com/fongmi/android/tv/App.java | 1 - catvod/build.gradle | 1 + .../java/com/github/catvod/net/OkHttp.java | 11 +- .../java/com/github/catvod/net/SSLCompat.java | 101 +++++++++++++++ .../catvod/net/SSLSocketFactoryCompat.java | 116 ------------------ 6 files changed, 111 insertions(+), 120 deletions(-) create mode 100644 catvod/src/main/java/com/github/catvod/net/SSLCompat.java delete mode 100644 catvod/src/main/java/com/github/catvod/net/SSLSocketFactoryCompat.java diff --git a/app/build.gradle b/app/build.gradle index e815c12f0..36131d381 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -117,7 +117,6 @@ dependencies { implementation 'com.google.zxing:core:3.3.0' implementation 'com.guolindev.permissionx:permissionx:1.7.1' implementation 'org.chromium.net:cronet-embedded:101.4951.41' - implementation 'org.conscrypt:conscrypt-android:2.5.2' implementation 'org.greenrobot:eventbus:3.3.1' implementation 'org.nanohttpd:nanohttpd:2.3.1' implementation('org.simpleframework:simple-xml:2.7.1') { exclude group: 'stax', module: 'stax-api' exclude group: 'xpp3', module: 'xpp3' } diff --git a/app/src/main/java/com/fongmi/android/tv/App.java b/app/src/main/java/com/fongmi/android/tv/App.java index d390573c0..b12360b4b 100644 --- a/app/src/main/java/com/fongmi/android/tv/App.java +++ b/app/src/main/java/com/fongmi/android/tv/App.java @@ -93,7 +93,6 @@ public class App extends Application { super.onCreate(); Notify.createChannel(); Logger.addLogAdapter(getLogAdapter()); - Security.insertProviderAt(Conscrypt.newProvider(), 1); OkHttp.get().setDoh(Doh.objectFrom(Setting.getDoh())); CaocConfig.Builder.create().backgroundMode(CaocConfig.BACKGROUND_MODE_SILENT).errorActivity(CrashActivity.class).apply(); registerActivityLifecycleCallbacks(new ActivityLifecycleCallbacks() { diff --git a/catvod/build.gradle b/catvod/build.gradle index bfdf34309..c3277f5d2 100644 --- a/catvod/build.gradle +++ b/catvod/build.gradle @@ -21,5 +21,6 @@ dependencies { api 'com.orhanobut:logger:2.2.0' api 'com.squareup.okhttp3:okhttp:' + okhttpVersion api 'com.squareup.okhttp3:okhttp-dnsoverhttps:' + okhttpVersion + api 'org.conscrypt:conscrypt-android:2.5.2' api 'org.jsoup:jsoup:' + jsoupVersion } \ No newline at end of file diff --git a/catvod/src/main/java/com/github/catvod/net/OkHttp.java b/catvod/src/main/java/com/github/catvod/net/OkHttp.java index 17f2614be..e86920b6c 100644 --- a/catvod/src/main/java/com/github/catvod/net/OkHttp.java +++ b/catvod/src/main/java/com/github/catvod/net/OkHttp.java @@ -5,12 +5,15 @@ import android.util.ArrayMap; import com.github.catvod.bean.Doh; import com.github.catvod.utils.Path; +import java.util.Arrays; +import java.util.List; import java.util.Map; import java.util.Objects; import java.util.concurrent.TimeUnit; import okhttp3.Cache; import okhttp3.Call; +import okhttp3.ConnectionSpec; import okhttp3.Dns; import okhttp3.Headers; import okhttp3.HttpUrl; @@ -37,7 +40,7 @@ public class OkHttp { } public void setDoh(Doh doh) { - OkHttpClient dohClient = new OkHttpClient.Builder().cache(new Cache(Path.doh(), CACHE)).hostnameVerifier(SSLSocketFactoryCompat.hostnameVerifier).sslSocketFactory(new SSLSocketFactoryCompat(), SSLSocketFactoryCompat.trustAllCert).build(); + OkHttpClient dohClient = new OkHttpClient.Builder().connectionSpecs(getConnectionSpec()).cache(new Cache(Path.doh(), CACHE)).hostnameVerifier(SSLCompat.VERIFIER).sslSocketFactory(new SSLCompat(), SSLCompat.TM).build(); dns = doh.getUrl().isEmpty() ? null : new DnsOverHttps.Builder().client(dohClient).url(HttpUrl.get(doh.getUrl())).bootstrapDnsHosts(doh.getHosts()).build(); client = null; noRedirect = null; @@ -58,7 +61,7 @@ public class OkHttp { } public static OkHttpClient client(int timeout) { - return new OkHttpClient.Builder().connectTimeout(timeout, TimeUnit.MILLISECONDS).readTimeout(timeout, TimeUnit.MILLISECONDS).writeTimeout(timeout, TimeUnit.MILLISECONDS).dns(dns()).hostnameVerifier(SSLSocketFactoryCompat.hostnameVerifier).sslSocketFactory(new SSLSocketFactoryCompat(), SSLSocketFactoryCompat.trustAllCert).build(); + return new OkHttpClient.Builder().connectionSpecs(getConnectionSpec()).connectTimeout(timeout, TimeUnit.MILLISECONDS).readTimeout(timeout, TimeUnit.MILLISECONDS).writeTimeout(timeout, TimeUnit.MILLISECONDS).dns(dns()).hostnameVerifier(SSLCompat.VERIFIER).sslSocketFactory(new SSLCompat(), SSLCompat.TM).build(); } public static Call newCall(String url) { @@ -85,6 +88,10 @@ public class OkHttp { return client.newCall(new Request.Builder().url(url).post(body).build()); } + private static List getConnectionSpec() { + return Arrays.asList(ConnectionSpec.RESTRICTED_TLS, ConnectionSpec.COMPATIBLE_TLS, ConnectionSpec.MODERN_TLS, ConnectionSpec.CLEARTEXT); + } + private static HttpUrl buildUrl(String url, ArrayMap params) { HttpUrl.Builder builder = Objects.requireNonNull(HttpUrl.parse(url)).newBuilder(); for (Map.Entry entry : params.entrySet()) builder.addQueryParameter(entry.getKey(), entry.getValue()); diff --git a/catvod/src/main/java/com/github/catvod/net/SSLCompat.java b/catvod/src/main/java/com/github/catvod/net/SSLCompat.java new file mode 100644 index 000000000..17f5a1bda --- /dev/null +++ b/catvod/src/main/java/com/github/catvod/net/SSLCompat.java @@ -0,0 +1,101 @@ +package com.github.catvod.net; + +import android.annotation.SuppressLint; + +import org.conscrypt.Conscrypt; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.security.Provider; +import java.security.Security; +import java.security.cert.X509Certificate; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + +public class SSLCompat extends SSLSocketFactory { + + public static final HostnameVerifier VERIFIER = (hostname, session) -> true; + + private SSLSocketFactory factory; + + public SSLCompat() { + try { + Provider provider = Conscrypt.newProvider(); + Security.insertProviderAt(provider, 1); + SSLContext context = SSLContext.getInstance("TLS", provider); + context.init(null, new TrustManager[]{TM}, null); + factory = context.getSocketFactory(); + HttpsURLConnection.setDefaultSSLSocketFactory(factory); + } catch (Exception e) { + e.printStackTrace(); + } + } + + @Override + public String[] getDefaultCipherSuites() { + return factory.getDefaultCipherSuites(); + } + + @Override + public String[] getSupportedCipherSuites() { + return factory.getSupportedCipherSuites(); + } + + @Override + public Socket createSocket() throws IOException { + return enableTLSOnSocket(factory.createSocket()); + } + + @Override + public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { + return enableTLSOnSocket(factory.createSocket(s, host, port, autoClose)); + } + + @Override + public Socket createSocket(String host, int port) throws IOException { + return enableTLSOnSocket(factory.createSocket(host, port)); + } + + @Override + public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException { + return enableTLSOnSocket(factory.createSocket(host, port, localHost, localPort)); + } + + @Override + public Socket createSocket(InetAddress host, int port) throws IOException { + return enableTLSOnSocket(factory.createSocket(host, port)); + } + + @Override + public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { + return enableTLSOnSocket(factory.createSocket(address, port, localAddress, localPort)); + } + + private Socket enableTLSOnSocket(Socket socket) { + if (socket instanceof SSLSocket) ((SSLSocket) socket).setEnabledProtocols(new String[]{"TLSv1.2", "TLSv1.3"}); + return socket; + } + + @SuppressLint({"TrustAllX509TrustManager", "CustomX509TrustManager"}) + public static final X509TrustManager TM = new X509TrustManager() { + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) { + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) { + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[]{}; + } + }; +} diff --git a/catvod/src/main/java/com/github/catvod/net/SSLSocketFactoryCompat.java b/catvod/src/main/java/com/github/catvod/net/SSLSocketFactoryCompat.java deleted file mode 100644 index d8aa6e427..000000000 --- a/catvod/src/main/java/com/github/catvod/net/SSLSocketFactoryCompat.java +++ /dev/null @@ -1,116 +0,0 @@ -package com.github.catvod.net; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.Socket; -import java.security.GeneralSecurityException; -import java.security.cert.X509Certificate; -import java.util.LinkedList; -import java.util.List; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.X509TrustManager; - -public class SSLSocketFactoryCompat extends SSLSocketFactory { - - public static final HostnameVerifier hostnameVerifier = (hostname, session) -> true; - - public static final X509TrustManager trustAllCert = new X509TrustManager() { - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) { - } - - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType) { - } - - @Override - public X509Certificate[] getAcceptedIssuers() { - return new X509Certificate[]{}; - } - }; - - static String[] protocols = null; - static String[] cipherSuites = null; - - static { - try { - SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); - if (socket != null) { - List protocols = new LinkedList<>(); - for (String protocol : socket.getSupportedProtocols()) if (!protocol.toUpperCase().contains("SSL")) protocols.add(protocol); - SSLSocketFactoryCompat.protocols = protocols.toArray(new String[protocols.size()]); - } - } catch (IOException e) { - throw new RuntimeException(e); - } - } - - private final SSLSocketFactory defaultFactory; - - public SSLSocketFactoryCompat() { - try { - SSLContext sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, new X509TrustManager[]{SSLSocketFactoryCompat.trustAllCert}, null); - defaultFactory = sslContext.getSocketFactory(); - HttpsURLConnection.setDefaultSSLSocketFactory(defaultFactory); - } catch (GeneralSecurityException e) { - throw new AssertionError(); - } - } - - private void upgradeTLS(SSLSocket ssl) { - if (protocols != null) { - ssl.setEnabledProtocols(protocols); - } - } - - @Override - public String[] getDefaultCipherSuites() { - return cipherSuites; - } - - @Override - public String[] getSupportedCipherSuites() { - return cipherSuites; - } - - @Override - public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { - Socket ssl = defaultFactory.createSocket(s, host, port, autoClose); - if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); - return ssl; - } - - @Override - public Socket createSocket(String host, int port) throws IOException { - Socket ssl = defaultFactory.createSocket(host, port); - if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); - return ssl; - } - - @Override - public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException { - Socket ssl = defaultFactory.createSocket(host, port, localHost, localPort); - if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); - return ssl; - } - - @Override - public Socket createSocket(InetAddress host, int port) throws IOException { - Socket ssl = defaultFactory.createSocket(host, port); - if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); - return ssl; - } - - @Override - public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { - Socket ssl = defaultFactory.createSocket(address, port, localAddress, localPort); - if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); - return ssl; - } -}