Skip to content

Commit

Permalink
Fixes square#2513 - NetworkSecurityPolicy based ConnectionSpec setup.
Browse files Browse the repository at this point in the history
  • Loading branch information
venilnoronha authored and squarejesse committed Apr 27, 2016
1 parent 209c6c5 commit e3cd9b9
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 2 deletions.
10 changes: 8 additions & 2 deletions okhttp/src/main/java/okhttp3/OkHttpClient.java
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,16 @@ public class OkHttpClient implements Cloneable, Call.Factory {
private static final List<Protocol> DEFAULT_PROTOCOLS = Util.immutableList(
Protocol.HTTP_2, Protocol.SPDY_3, Protocol.HTTP_1_1);

private static final List<ConnectionSpec> DEFAULT_CONNECTION_SPECS = Util.immutableList(
ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS, ConnectionSpec.CLEARTEXT);
private static final List<ConnectionSpec> DEFAULT_CONNECTION_SPECS;

static {
List<ConnectionSpec> connSpecs = new ArrayList<>(Arrays.asList(ConnectionSpec.MODERN_TLS,
ConnectionSpec.COMPATIBLE_TLS));
if (Platform.get().isCleartextTrafficPermitted()) {
connSpecs.add(ConnectionSpec.CLEARTEXT);
}
DEFAULT_CONNECTION_SPECS = Util.immutableList(connSpecs);

Internal.instance = new Internal() {
@Override public void addLenient(Headers.Builder builder, String line) {
builder.addLenient(line);
Expand Down
27 changes: 27 additions & 0 deletions okhttp/src/main/java/okhttp3/internal/Platform.java
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,10 @@
*
* <p>Supported on Android 2.3+ and OpenJDK 7+. There are no public APIs to recover the trust
* manager that was used to create an {@link SSLSocketFactory}.
*
* <h3>Android Cleartext Permit Detection</h3>
*
* <p>Supported on Android 6.0+ via {@code NetworkSecurityPolicy}.
*/
public class Platform {
private static final Platform PLATFORM = findPlatform();
Expand Down Expand Up @@ -128,6 +132,10 @@ public void log(String message) {
System.out.println(message);
}

public boolean isCleartextTrafficPermitted() {
return true;
}

public static List<String> alpnProtocolNames(List<Protocol> protocols) {
List<String> names = new ArrayList<>(protocols.size());
for (int i = 0, size = protocols.size(); i < size; i++) {
Expand Down Expand Up @@ -298,6 +306,25 @@ public Android(Class<?> sslParametersClass, OptionalMethod<Socket> setUseSession
} while (i < newline);
}
}

@Override public boolean isCleartextTrafficPermitted() {
try {
Class<?> networkPolicyClass = Class.forName("android.security.NetworkSecurityPolicy");
Method getInstanceMethod = networkPolicyClass.getMethod("getInstance");
Object networkSecurityPolicy = getInstanceMethod.invoke(null);
Method isCleartextTrafficPermittedMethod = networkPolicyClass
.getMethod("isCleartextTrafficPermitted");
boolean cleartextPermitted = (boolean) isCleartextTrafficPermittedMethod
.invoke(networkSecurityPolicy);
return cleartextPermitted;
} catch (ClassNotFoundException e) {
return super.isCleartextTrafficPermitted();
} catch (NoSuchMethodException | IllegalAccessException | IllegalArgumentException
| InvocationTargetException e) {
throw new AssertionError();
}
}

}

/**
Expand Down

0 comments on commit e3cd9b9

Please sign in to comment.