Merge "Revert "email: add support for Server Name Indication (SNI)""
diff --git a/emailcommon/Android.mk b/emailcommon/Android.mk
index 14ea550..654e20d 100644
--- a/emailcommon/Android.mk
+++ b/emailcommon/Android.mk
@@ -42,7 +42,7 @@
LOCAL_SRC_FILES += $(imported_unified_email_files)
LOCAL_SRC_FILES += $(call all-java-files-under, $(unified_email_src_dir)/com/android/emailcommon)
-LOCAL_SDK_VERSION := 17
+LOCAL_SDK_VERSION := 14
LOCAL_RESOURCE_DIR := $(LOCAL_PATH)/res
diff --git a/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java b/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java
index 433cef8..b7a59b8 100644
--- a/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java
+++ b/emailcommon/src/com/android/emailcommon/utility/SSLSocketFactory.java
@@ -33,10 +33,6 @@
package com.android.emailcommon.utility;
-import android.annotation.TargetApi;
-import android.net.SSLCertificateSocketFactory;
-import android.os.Build;
-
import org.apache.http.conn.scheme.HostNameResolver;
import org.apache.http.conn.scheme.LayeredSocketFactory;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
@@ -46,6 +42,7 @@
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;
+import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
@@ -159,9 +156,21 @@
public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
= new StrictHostnameVerifier();
+ /**
+ * The factory using the default JVM settings for secure connections.
+ */
+ private static final SSLSocketFactory DEFAULT_FACTORY = new SSLSocketFactory();
+
+ /**
+ * Gets an singleton instance of the SSLProtocolSocketFactory.
+ * @return a SSLProtocolSocketFactory
+ */
+ public static SSLSocketFactory getSocketFactory() {
+ return DEFAULT_FACTORY;
+ }
private final SSLContext sslcontext;
- private final SSLCertificateSocketFactory socketfactory;
+ private final javax.net.ssl.SSLSocketFactory socketfactory;
private final HostNameResolver nameResolver;
private X509HostnameVerifier hostnameVerifier = BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
@@ -188,7 +197,7 @@
}
sslcontext = SSLContext.getInstance(algorithm);
sslcontext.init(keymanagers, trustmanagers, random);
- socketfactory = (SSLCertificateSocketFactory) sslcontext.getSocketFactory();
+ socketfactory = sslcontext.getSocketFactory();
this.nameResolver = nameResolver;
}
@@ -217,13 +226,25 @@
* Constructs an HttpClient SSLSocketFactory backed by the given JSSE
* SSLSocketFactory.
*/
- public SSLSocketFactory(SSLCertificateSocketFactory socketfactory) {
+ public SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory) {
super();
sslcontext = null;
this.socketfactory = socketfactory;
nameResolver = null;
}
+ /**
+ * Creates the default SSL socket factory.
+ * This constructor is used exclusively to instantiate the factory for
+ * {@link #getSocketFactory getSocketFactory}.
+ */
+ private SSLSocketFactory() {
+ super();
+ sslcontext = null;
+ socketfactory = HttpsURLConnection.getDefaultSSLSocketFactory();
+ nameResolver = null;
+ }
+
private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password)
throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
if (keystore == null) {
@@ -259,7 +280,6 @@
// non-javadoc, see interface org.apache.http.conn.SocketFactory
@Override
- @TargetApi(17)
public Socket connectSocket(
final Socket sock,
final String host,
@@ -303,12 +323,6 @@
sslsock.connect(remoteAddress, connTimeout);
sslsock.setSoTimeout(soTimeout);
-
- if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
- // Turn on Server Name Indication (SNI)
- socketfactory.setHostname(sslsock, host);
- }
-
try {
hostnameVerifier.verify(host, sslsock);
// verifyHostName() didn't blowup - good!
@@ -360,43 +374,19 @@
// non-javadoc, see interface LayeredSocketFactory
@Override
- @TargetApi(17)
public Socket createSocket(
final Socket socket,
final String host,
final int port,
final boolean autoClose
) throws IOException, UnknownHostException {
- // Close the plain socket if requested. The underlaying socket factory will
- // create a new socket.
- if (autoClose) {
- socket.close();
- }
-
- // We don't want to verify the hostname from the previous socket here (we must call
- // setHostname in order to proper get SNI working), so just create a new ssl socket
- // based in the previous socket
SSLSocket sslSocket = (SSLSocket) socketfactory.createSocket(
- socket.getInetAddress(),
- port
+ socket,
+ host,
+ port,
+ autoClose
);
-
- if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
- // Turn on Server Name Indication (SNI)
- socketfactory.setHostname(sslSocket, host);
- }
-
- try {
- hostnameVerifier.verify(host, sslSocket);
- // verifyHostName() didn't blowup - good!
- } catch (IOException iox) {
- // close the socket before re-throwing the exception
- if (autoClose) {
- try { sslSocket.close(); } catch (Exception x) { /*ignore*/ }
- }
- throw iox;
- }
-
+ hostnameVerifier.verify(host, sslSocket);
// verifyHostName() didn't blowup - good!
return sslSocket;
}
