@Override public @Nullable String getSelectedProtocol(SSLSocket socket) { try { AlpnProvider provider = (AlpnProvider) Proxy.getInvocationHandler(getMethod.invoke(null, socket)); if (!provider.unsupported && provider.selected == null) { Platform.get().log(INFO, "ALPN callback dropped: HTTP/2 is disabled. " + "Is alpn-boot on the boot class path?", null); return null; } return provider.unsupported ? null : provider.selected; } catch (InvocationTargetException | IllegalAccessException e) { throw new AssertionError("failed to get ALPN selected protocol", e); } }
private static SSLSocketFactory newSslSocketFactory(X509TrustManager trustManager) { try { SSLContext sslContext = Platform.get().getSSLContext(); sslContext.init(null, new TrustManager[] { trustManager }, null); return sslContext.getSocketFactory(); } catch (GeneralSecurityException e) { throw new AssertionError("No System TLS", e); // The system has no TLS. Just give up. } }
Platform.get().configureTlsExtensions(sslSocket, null, protocols); String protocolString = Platform.get().getSelectedProtocol(sslSocket); protocol = protocolString != null ? Protocol.get(protocolString) : Protocol.HTTP_1_1;
public static CertificateChainCleaner get(X509TrustManager trustManager) { return Platform.get().buildCertificateChainCleaner(trustManager); }
public CertificateChainCleaner buildCertificateChainCleaner(SSLSocketFactory sslSocketFactory) { X509TrustManager trustManager = trustManager(sslSocketFactory); if (trustManager == null) { throw new IllegalStateException("Unable to extract the trust manager on " + Platform.get() + ", sslSocketFactory is " + sslSocketFactory.getClass()); } return buildCertificateChainCleaner(trustManager); }
Platform.get().configureTlsExtensions( sslSocket, address.url().host(), address.protocols()); ? Platform.get().getSelectedProtocol(sslSocket) : null; socket = sslSocket; } finally { if (sslSocket != null) { Platform.get().afterHandshake(sslSocket);
private SSLSocket doSsl(Socket socket) throws IOException { SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket( socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true); sslSocket.setUseClientMode(false); Platform.get().configureTlsExtensions(sslSocket, null, Collections.singletonList(Protocol.HTTP_2)); sslSocket.startHandshake(); return sslSocket; }
private void captureCallStackTrace() { Object callStackTrace = Platform.get().getStackTraceForCloseable("response.body().close()"); retryAndFollowUpInterceptor.setCallStackTrace(callStackTrace); }
String message = "A connection to " + connection.route().address().url() + " was leaked. Did you forget to close a response body?"; Platform.get().logCloseableLeak(message, streamAllocRef.callStackTrace);
/** Does all the work necessary to build a full HTTP or HTTPS connection on a raw socket. */ private void connectSocket(int connectTimeout, int readTimeout, Call call, EventListener eventListener) throws IOException { Proxy proxy = route.proxy(); Address address = route.address(); rawSocket = proxy.type() == Proxy.Type.DIRECT || proxy.type() == Proxy.Type.HTTP ? address.socketFactory().createSocket() : new Socket(proxy); eventListener.connectStart(call, route.socketAddress(), proxy); rawSocket.setSoTimeout(readTimeout); try { Platform.get().connectSocket(rawSocket, route.socketAddress(), connectTimeout); } catch (ConnectException e) { ConnectException ce = new ConnectException("Failed to connect to " + route.socketAddress()); ce.initCause(e); throw ce; } // The following try/catch block is a pseudo hacky way to get around a crash on Android 7.0 // More details: // https://github.com/square/okhttp/issues/3245 // https://android-review.googlesource.com/#/c/271775/ try { source = Okio.buffer(Okio.source(rawSocket)); sink = Okio.buffer(Okio.sink(rawSocket)); } catch (NullPointerException npe) { if (NPE_THROW_WITH_NULL.equals(npe.getMessage())) { throw new IOException(npe); } } }
if (!Platform.get().isCleartextTrafficPermitted(host)) { throw new RouteException(new UnknownServiceException( "CLEARTEXT communication to " + host + " not permitted by network security policy"));
public void logCloseableLeak(String message, Object stackTrace) { if (stackTrace == null) { message += " To see where this was allocated, set the OkHttpClient logger level to FINE: " + "Logger.getLogger(OkHttpClient.class.getName()).setLevel(Level.FINE);"; } log(WARN, message, (Throwable) stackTrace); }
Platform.get().configureSslSocketFactory(sslSocketFactory);
private void run() throws Exception { ServerSocket serverSocket = new ServerSocket(8888); serverSocket.setReuseAddress(true); while (true) { Socket socket = null; try { socket = serverSocket.accept(); SSLSocket sslSocket = doSsl(socket); String protocolString = Platform.get().getSelectedProtocol(sslSocket); Protocol protocol = protocolString != null ? Protocol.get(protocolString) : null; if (protocol != Protocol.HTTP_2) { throw new ProtocolException("Protocol " + protocol + " unsupported"); } Http2Connection connection = new Http2Connection.Builder(false) .socket(sslSocket) .listener(this) .build(); connection.start(); } catch (IOException e) { logger.log(Level.INFO, "Http2Server connection failure: " + e); Util.closeQuietly(socket); } catch (Exception e) { logger.log(Level.WARNING, "Http2Server unexpected failure", e); Util.closeQuietly(socket); } } }
private static void sendRequest(OkHttpClient client, String url) { System.out.printf("%-40s ", url); System.out.flush(); System.out.println(Platform.get()); Request request = new Request.Builder().url(url).build(); try (Response response = client.newCall(request).execute()) { Handshake handshake = response.handshake(); System.out.println(handshake.tlsVersion() + " " + handshake.cipherSuite() + " " + response.protocol() + " " + response.code + " " + response.body.bytes().length + "b"); } catch (IOException ioe) { System.out.println(ioe.toString()); } } }
@Override public void configureTlsExtensions( SSLSocket sslSocket, String hostname, List<Protocol> protocols) { if (Conscrypt.isConscrypt(sslSocket)) { // Enable SNI and session tickets. if (hostname != null) { Conscrypt.setUseSessionTickets(sslSocket, true); Conscrypt.setHostname(sslSocket, hostname); } // Enable ALPN. List<String> names = Platform.alpnProtocolNames(protocols); Conscrypt.setApplicationProtocols(sslSocket, names.toArray(new String[0])); } else { super.configureTlsExtensions(sslSocket, hostname, protocols); } }
/** Attempt to match the host runtime to a capable Platform implementation. */ private static Platform findPlatform() { Platform android = AndroidPlatform.buildIfSupported(); if (android != null) { return android; } if (isConscryptPreferred()) { Platform conscrypt = ConscryptPlatform.buildIfSupported(); if (conscrypt != null) { return conscrypt; } } Platform jdk9 = Jdk9Platform.buildIfSupported(); if (jdk9 != null) { return jdk9; } Platform jdkWithJettyBoot = Jdk8WithJettyBootPlatform.buildIfSupported(); if (jdkWithJettyBoot != null) { return jdkWithJettyBoot; } // Probably an Oracle JDK like OpenJDK. return new Platform(); }
@Override public @Nullable String getSelectedProtocol(SSLSocket sslSocket) { if (Conscrypt.isConscrypt(sslSocket)) { return Conscrypt.getApplicationProtocol(sslSocket); } else { return super.getSelectedProtocol(sslSocket); } }
Platform.get().configureTlsExtensions( sslSocket, address.url().host(), address.protocols()); ? Platform.get().getSelectedProtocol(sslSocket) : null; socket = sslSocket; } finally { if (sslSocket != null) { Platform.get().afterHandshake(sslSocket);