@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
throws IOException, UnknownHostException {
SSLSocket sslSocket = (SSLSocket) socketFactory.createSocket(socket, host, port, autoClose);
hostnameVerifier.verify(host, sslSocket);
return sslSocket;
}
@Override
public Socket connectSocket(
Socket sock,
String host,
int port,
InetAddress localAddress,
int localPort,
HttpParams params)
throws IOException, UnknownHostException, ConnectTimeoutException {
if (host == null) {
throw new IllegalArgumentException("Target host may not be null.");
}
if (params == null) {
throw new IllegalArgumentException("Parameters may not be null.");
}
if (App.DEBUG)
Log.e(
TAG + "delete",
"ConnectSocket with "
+ "\n\t host="
+ host
+ "\n\t port="
+ port
+ "\n\t localport="
+ localPort);
SSLSocket sslsock = (SSLSocket) ((sock != null) ? sock : createSocket());
if ((localAddress != null) || (localPort > 0)) {
if (localPort < 0) localPort = 0;
InetSocketAddress isa = new InetSocketAddress(localAddress, localPort);
sslsock.bind(isa);
}
int connTimeout = HttpConnectionParams.getConnectionTimeout(params);
int soTimeout = HttpConnectionParams.getSoTimeout(params);
InetSocketAddress remoteAddress = new InetSocketAddress(host, port);
sslsock.connect(remoteAddress, connTimeout);
sslsock.setSoTimeout(soTimeout);
try {
hostnameVerifier.verify(host, sslsock);
} catch (IOException iox) {
try {
sslsock.close();
} catch (Exception x) {
}
throw iox;
}
return sslsock;
}
// non-javadoc, see interface org.apache.http.conn.SocketFactory
public Socket connectSocket(
final Socket sock,
final String host,
final int port,
final InetAddress localAddress,
int localPort,
final HttpParams params)
throws IOException {
if (host == null) {
throw new IllegalArgumentException("Target host may not be null.");
}
if (params == null) {
throw new IllegalArgumentException("Parameters may not be null.");
}
SSLSocket sslsock = (SSLSocket) ((sock != null) ? sock : createSocket());
if ((localAddress != null) || (localPort > 0)) {
// we need to bind explicitly
if (localPort < 0) localPort = 0; // indicates "any"
InetSocketAddress isa = new InetSocketAddress(localAddress, localPort);
sslsock.bind(isa);
}
int connTimeout = HttpConnectionParams.getConnectionTimeout(params);
int soTimeout = HttpConnectionParams.getSoTimeout(params);
InetSocketAddress remoteAddress;
if (this.nameResolver != null) {
remoteAddress = new InetSocketAddress(this.nameResolver.resolve(host), port);
} else {
remoteAddress = new InetSocketAddress(host, port);
}
try {
sslsock.connect(remoteAddress, connTimeout);
} catch (SocketTimeoutException ex) {
throw new ConnectTimeoutException("Connect to " + remoteAddress + " timed out");
}
sslsock.setSoTimeout(soTimeout);
try {
hostnameVerifier.verify(host, sslsock);
// verifyHostName() didn't blowup - good!
} catch (IOException iox) {
// close the socket before re-throwing the exception
try {
sslsock.close();
} catch (Exception x) {
/*ignore*/
}
throw iox;
}
return sslsock;
}
// non-javadoc, see interface LayeredSocketFactory
public Socket createSocket(
final Socket socket, final String host, final int port, final boolean autoClose)
throws IOException, UnknownHostException {
SSLSocket sslSocket;
Metrics.getInstance().startStep(Metrics.STEP_3);
try {
sslSocket = (SSLSocket) this.socketfactory.createSocket(socket, host, port, autoClose);
} finally {
Metrics.getInstance().finishStep(Metrics.STEP_3);
}
hostnameVerifier.verify(host, sslSocket);
// verifyHostName() didn't blowup - good!
return sslSocket;
}
/**
* Verifies the identity of the server.
*
* <p>The server certificate is verified first.
*
* <p>Then, the host name is compared with the content of the server certificate using the current
* host name verifier, if any.
*
* @param socket
*/
private void verifyPeerIdentity(String host, int port, Socket socket) throws IOException {
try {
CertificateCombinedException failInHandshake = null;
/// 1. VERIFY THE SERVER CERTIFICATE through the registered TrustManager (that should be an
// instance of AdvancedX509TrustManager)
try {
SSLSocket sock =
(SSLSocket) socket; // a new SSLSession instance is created as a "side effect"
sock.startHandshake();
} catch (RuntimeException e) {
if (e instanceof CertificateCombinedException) {
failInHandshake = (CertificateCombinedException) e;
} else {
Throwable cause = e.getCause();
Throwable previousCause = null;
while (cause != null
&& cause != previousCause
&& !(cause instanceof CertificateCombinedException)) {
previousCause = cause;
cause = cause.getCause();
}
if (cause != null && cause instanceof CertificateCombinedException) {
failInHandshake = (CertificateCombinedException) cause;
}
}
if (failInHandshake == null) {
throw e;
}
failInHandshake.setHostInUrl(host);
}
/// 2. VERIFY HOSTNAME
SSLSession newSession = null;
boolean verifiedHostname = true;
if (mHostnameVerifier != null) {
if (failInHandshake != null) {
/// 2.1 : a new SSLSession instance was NOT created in the handshake
X509Certificate serverCert = failInHandshake.getServerCertificate();
try {
mHostnameVerifier.verify(host, serverCert);
} catch (SSLException e) {
verifiedHostname = false;
}
} else {
/// 2.2 : a new SSLSession instance was created in the handshake
newSession = ((SSLSocket) socket).getSession();
if (!mTrustManager.isKnownServer(
(X509Certificate) (newSession.getPeerCertificates()[0]))) {
verifiedHostname = mHostnameVerifier.verify(host, newSession);
}
}
}
/// 3. Combine the exceptions to throw, if any
if (!verifiedHostname) {
SSLPeerUnverifiedException pue =
new SSLPeerUnverifiedException(
"Names in the server certificate do not match to " + host + " in the URL");
if (failInHandshake == null) {
failInHandshake =
new CertificateCombinedException(
(X509Certificate) newSession.getPeerCertificates()[0]);
failInHandshake.setHostInUrl(host);
}
failInHandshake.setSslPeerUnverifiedException(pue);
pue.initCause(failInHandshake);
throw pue;
} else if (failInHandshake != null) {
SSLHandshakeException hse =
new SSLHandshakeException("Server certificate could not be verified");
hse.initCause(failInHandshake);
throw hse;
}
} catch (IOException io) {
try {
socket.close();
} catch (Exception x) {
// NOTHING - irrelevant exception for the caller
}
throw io;
}
}