@Override public void logCloseableLeak(String message, Object stackTrace) { boolean reported = closeGuard.warnIfOpen(stackTrace); if (!reported) { // Unable to report via CloseGuard. As a last-ditch effort, send it to the logger. log(WARN, message, null); } }
public void logCloseableLeak(String message, Object stackTrace) { if (stackTrace == null) { message += " To see where this was allocated, set the OkHttpClient logger level to FINE: " + "Logger.getLogger(OkHttpClient.class.getName()).setLevel(Level.FINE);"; } log(WARN, message, (Throwable) stackTrace); }
@Override public Object getStackTraceForCloseable(String closer) { return closeGuard.createAndOpen(closer); }
private static SSLSocketFactory newSslSocketFactory(X509TrustManager trustManager) { try { SSLContext sslContext = Platform.get().getSSLContext(); sslContext.init(null, new TrustManager[] { trustManager }, null); return sslContext.getSocketFactory(); } catch (GeneralSecurityException e) { throw new AssertionError("No System TLS", e); // The system has no TLS. Just give up. } }
public static CertificateChainCleaner get(X509TrustManager trustManager) { return Platform.get().buildCertificateChainCleaner(trustManager); }
public CertificateChainCleaner buildCertificateChainCleaner(SSLSocketFactory sslSocketFactory) { X509TrustManager trustManager = trustManager(sslSocketFactory); if (trustManager == null) { throw new IllegalStateException("Unable to extract the trust manager on " + Platform.get() + ", sslSocketFactory is " + sslSocketFactory.getClass()); } return buildCertificateChainCleaner(trustManager); }
private void captureCallStackTrace() { Object callStackTrace = Platform.get().getStackTraceForCloseable("response.body().close()"); retryAndFollowUpInterceptor.setCallStackTrace(callStackTrace); }
/** Attempt to match the host runtime to a capable Platform implementation. */ private static Platform findPlatform() { Platform android = AndroidPlatform.buildIfSupported(); if (android != null) { return android; } if (isConscryptPreferred()) { Platform conscrypt = ConscryptPlatform.buildIfSupported(); if (conscrypt != null) { return conscrypt; } } Platform jdk9 = Jdk9Platform.buildIfSupported(); if (jdk9 != null) { return jdk9; } Platform jdkWithJettyBoot = Jdk8WithJettyBootPlatform.buildIfSupported(); if (jdkWithJettyBoot != null) { return jdkWithJettyBoot; } // Probably an Oracle JDK like OpenJDK. return new Platform(); }
@Override public boolean isCleartextTrafficPermitted(String hostname) { try { Class<?> networkPolicyClass = Class.forName("android.security.NetworkSecurityPolicy"); Method getInstanceMethod = networkPolicyClass.getMethod("getInstance"); Object networkSecurityPolicy = getInstanceMethod.invoke(null); return api24IsCleartextTrafficPermitted(hostname, networkPolicyClass, networkSecurityPolicy); } catch (ClassNotFoundException | NoSuchMethodException e) { return super.isCleartextTrafficPermitted(hostname); } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { throw new AssertionError("unable to determine cleartext support", e); } }
@Override public @Nullable String getSelectedProtocol(SSLSocket sslSocket) { if (Conscrypt.isConscrypt(sslSocket)) { return Conscrypt.getApplicationProtocol(sslSocket); } else { return super.getSelectedProtocol(sslSocket); } }
public static Jdk9Platform buildIfSupported() { // Find JDK 9 new methods try { Method setProtocolMethod = SSLParameters.class.getMethod("setApplicationProtocols", String[].class); Method getProtocolMethod = SSLSocket.class.getMethod("getApplicationProtocol"); return new Jdk9Platform(setProtocolMethod, getProtocolMethod); } catch (NoSuchMethodException ignored) { // pre JDK 9 } return null; } }
private boolean api23IsCleartextTrafficPermitted(String hostname, Class<?> networkPolicyClass, Object networkSecurityPolicy) throws InvocationTargetException, IllegalAccessException { try { Method isCleartextTrafficPermittedMethod = networkPolicyClass .getMethod("isCleartextTrafficPermitted"); return (boolean) isCleartextTrafficPermittedMethod.invoke(networkSecurityPolicy); } catch (NoSuchMethodException e) { return super.isCleartextTrafficPermitted(hostname); } }
private boolean api24IsCleartextTrafficPermitted(String hostname, Class<?> networkPolicyClass, Object networkSecurityPolicy) throws InvocationTargetException, IllegalAccessException { try { Method isCleartextTrafficPermittedMethod = networkPolicyClass .getMethod("isCleartextTrafficPermitted", String.class); return (boolean) isCleartextTrafficPermittedMethod.invoke(networkSecurityPolicy, hostname); } catch (NoSuchMethodException e) { return api23IsCleartextTrafficPermitted(hostname, networkPolicyClass, networkSecurityPolicy); } }
@Override public SSLContext getSSLContext() { try { return SSLContext.getInstance("TLSv1.3", getProvider()); } catch (NoSuchAlgorithmException e) { try { // Allow for Conscrypt 1.2 return SSLContext.getInstance("TLS", getProvider()); } catch (NoSuchAlgorithmException e2) { throw new IllegalStateException("No TLS provider", e); } } }
@Override public void configureTlsExtensions( SSLSocket sslSocket, String hostname, List<Protocol> protocols) { List<String> names = alpnProtocolNames(protocols); try { Object alpnProvider = Proxy.newProxyInstance(Platform.class.getClassLoader(), new Class[] {clientProviderClass, serverProviderClass}, new AlpnProvider(names)); putMethod.invoke(null, sslSocket, alpnProvider); } catch (InvocationTargetException | IllegalAccessException e) { throw new AssertionError("failed to set ALPN", e); } }
public static ConscryptPlatform buildIfSupported() { try { // Trigger an early exception over a fatal error, prefer a RuntimeException over Error. Class.forName("org.conscrypt.Conscrypt"); if (!Conscrypt.isAvailable()) { return null; } return new ConscryptPlatform(); } catch (ClassNotFoundException e) { return null; } }
public static Platform buildIfSupported() { // Find Jetty's ALPN extension for OpenJDK. try { String alpnClassName = "org.eclipse.jetty.alpn.ALPN"; Class<?> alpnClass = Class.forName(alpnClassName); Class<?> providerClass = Class.forName(alpnClassName + "$Provider"); Class<?> clientProviderClass = Class.forName(alpnClassName + "$ClientProvider"); Class<?> serverProviderClass = Class.forName(alpnClassName + "$ServerProvider"); Method putMethod = alpnClass.getMethod("put", SSLSocket.class, providerClass); Method getMethod = alpnClass.getMethod("get", SSLSocket.class); Method removeMethod = alpnClass.getMethod("remove", SSLSocket.class); return new Jdk8WithJettyBootPlatform( putMethod, getMethod, removeMethod, clientProviderClass, serverProviderClass); } catch (ClassNotFoundException | NoSuchMethodException ignored) { } return null; }
private static SSLSocketFactory createInsecureSslSocketFactory(TrustManager trustManager) { try { SSLContext context = Platform.get().getSSLContext(); context.init(null, new TrustManager[] {trustManager}, null); return context.getSocketFactory(); } catch (Exception e) { throw new AssertionError(e); } }
/** * Sets the socket factory used to secure HTTPS connections. If unset, the system default will * be used. * * @deprecated {@code SSLSocketFactory} does not expose its {@link X509TrustManager}, which is * a field that OkHttp needs to build a clean certificate chain. This method instead must * use reflection to extract the trust manager. Applications should prefer to call {@link * #sslSocketFactory(SSLSocketFactory, X509TrustManager)}, which avoids such reflection. */ public Builder sslSocketFactory(SSLSocketFactory sslSocketFactory) { if (sslSocketFactory == null) throw new NullPointerException("sslSocketFactory == null"); this.sslSocketFactory = sslSocketFactory; this.certificateChainCleaner = Platform.get().buildCertificateChainCleaner(sslSocketFactory); return this; }