1 /* This Source Code Form is subject to the terms of the Mozilla Public
2  * License, v. 2.0. If a copy of the MPL was not distributed with this
3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 
5 package org.mozilla.gecko.sync.net;
6 
7 import java.io.IOException;
8 import java.net.Socket;
9 
10 import javax.net.ssl.SSLContext;
11 import javax.net.ssl.SSLSocket;
12 
13 import org.mozilla.gecko.background.common.GlobalConstants;
14 import org.mozilla.gecko.background.common.log.Logger;
15 
16 import ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory;
17 import ch.boye.httpclientandroidlib.params.HttpParams;
18 
19 public class TLSSocketFactory extends SSLSocketFactory {
20   private static final String LOG_TAG = "TLSSocketFactory";
21 
22   // Guarded by `this`.
23   private static String[] cipherSuites = GlobalConstants.DEFAULT_CIPHER_SUITES;
24 
TLSSocketFactory(SSLContext sslContext)25   public TLSSocketFactory(SSLContext sslContext) {
26     super(sslContext);
27   }
28 
29   /**
30    * Attempt to specify the cipher suites to use for a connection. If
31    * setting fails (as it will on Android 2.2, because the wrong names
32    * are in use to specify ciphers), attempt to set the defaults.
33    *
34    * We store the list of cipher suites in `cipherSuites`, which
35    * avoids this fallback handling having to be executed more than once.
36    *
37    * This method is synchronized to ensure correct use of that member.
38    *
39    * See Bug 717691 for more details.
40    *
41    * @param socket
42    *        The SSLSocket on which to operate.
43    */
setEnabledCipherSuites(SSLSocket socket)44   public static synchronized void setEnabledCipherSuites(SSLSocket socket) {
45     try {
46       socket.setEnabledCipherSuites(cipherSuites);
47     } catch (IllegalArgumentException e) {
48       cipherSuites = socket.getSupportedCipherSuites();
49       Logger.warn(LOG_TAG, "Setting enabled cipher suites failed: " + e.getMessage());
50       Logger.warn(LOG_TAG, "Using " + cipherSuites.length + " supported suites.");
51       socket.setEnabledCipherSuites(cipherSuites);
52     }
53   }
54 
55   @Override
createSocket(HttpParams params)56   public Socket createSocket(HttpParams params) throws IOException {
57     SSLSocket socket = (SSLSocket) super.createSocket(params);
58     socket.setEnabledProtocols(GlobalConstants.DEFAULT_PROTOCOLS);
59     setEnabledCipherSuites(socket);
60     return socket;
61   }
62 }
63