diff --git a/app/src/main/java/com/github/catvod/net/OkHttp.java b/app/src/main/java/com/github/catvod/net/OkHttp.java index 1e85cc14..ce12ee67 100644 --- a/app/src/main/java/com/github/catvod/net/OkHttp.java +++ b/app/src/main/java/com/github/catvod/net/OkHttp.java @@ -3,17 +3,10 @@ package com.github.catvod.net; import com.github.catvod.crawler.Spider; import java.io.IOException; -import java.security.SecureRandom; -import java.security.cert.X509Certificate; import java.util.List; import java.util.Map; import java.util.concurrent.TimeUnit; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; - import okhttp3.Dns; import okhttp3.Headers; import okhttp3.OkHttpClient; @@ -108,35 +101,6 @@ public class OkHttp { } public static OkHttpClient.Builder getBuilder() { - OkHttpClient.Builder builder = new OkHttpClient.Builder().addInterceptor(new OkhttpInterceptor()).dns(dns()).connectTimeout(30, TimeUnit.SECONDS).readTimeout(30, TimeUnit.SECONDS).writeTimeout(30, TimeUnit.SECONDS); - ignoreSSLErrors(builder); - return builder; + return new OkHttpClient.Builder().addInterceptor(new OkhttpInterceptor()).dns(dns()).connectTimeout(30, TimeUnit.SECONDS).readTimeout(30, TimeUnit.SECONDS).writeTimeout(30, TimeUnit.SECONDS).hostnameVerifier(SSLCompat.VERIFIER).sslSocketFactory(new SSLCompat(), SSLCompat.TM); } - - private static void ignoreSSLErrors(OkHttpClient.Builder builder) { - try { - SSLContext context = SSLContext.getInstance("SSL"); - context.init(null, TM, new SecureRandom()); - HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory()); - builder.sslSocketFactory(context.getSocketFactory(), (X509TrustManager) TM[0]); - builder.hostnameVerifier((hostname, session) -> true); - } catch (Exception e) { - e.printStackTrace(); - } - } - - private static final TrustManager[] TM = new TrustManager[]{new X509TrustManager() { - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) { - } - - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType) { - } - - @Override - public X509Certificate[] getAcceptedIssuers() { - return new X509Certificate[]{}; - } - }}; } diff --git a/app/src/main/java/com/github/catvod/net/SSLCompat.java b/app/src/main/java/com/github/catvod/net/SSLCompat.java new file mode 100644 index 00000000..b0a1d33a --- /dev/null +++ b/app/src/main/java/com/github/catvod/net/SSLCompat.java @@ -0,0 +1,117 @@ +package com.github.catvod.net; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.X509TrustManager; + +public class SSLCompat extends SSLSocketFactory { + + public static final HostnameVerifier VERIFIER = (hostname, session) -> true; + private static String[] cipherSuites; + private static String[] protocols; + private SSLSocketFactory factory; + + static { + try { + SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); + List protocols = new LinkedList<>(); + for (String protocol : socket.getSupportedProtocols()) if (!protocol.toUpperCase().contains("SSL")) protocols.add(protocol); + SSLCompat.protocols = protocols.toArray(new String[protocols.size()]); + List allowedCiphers = Arrays.asList("TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); + List availableCiphers = Arrays.asList(socket.getSupportedCipherSuites()); + HashSet preferredCiphers = new HashSet<>(allowedCiphers); + preferredCiphers.retainAll(availableCiphers); + preferredCiphers.addAll(new HashSet<>(Arrays.asList(socket.getEnabledCipherSuites()))); + SSLCompat.cipherSuites = preferredCiphers.toArray(new String[preferredCiphers.size()]); + } catch (IOException e) { + e.printStackTrace(); + } + } + + public SSLCompat() { + try { + SSLContext context = SSLContext.getInstance("TLS"); + context.init(null, new X509TrustManager[]{TM}, null); + HttpsURLConnection.setDefaultSSLSocketFactory(factory = context.getSocketFactory()); + } catch (Exception e) { + e.printStackTrace(); + } + } + + @Override + public String[] getDefaultCipherSuites() { + return cipherSuites; + } + + @Override + public String[] getSupportedCipherSuites() { + return cipherSuites; + } + + @Override + public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { + Socket ssl = factory.createSocket(s, host, port, autoClose); + if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); + return ssl; + } + + @Override + public Socket createSocket(String host, int port) throws IOException { + Socket ssl = factory.createSocket(host, port); + if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); + return ssl; + } + + @Override + public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException { + Socket ssl = factory.createSocket(host, port, localHost, localPort); + if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); + return ssl; + } + + @Override + public Socket createSocket(InetAddress host, int port) throws IOException { + Socket ssl = factory.createSocket(host, port); + if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); + return ssl; + } + + @Override + public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { + Socket ssl = factory.createSocket(address, port, localAddress, localPort); + if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); + return ssl; + } + + private void upgradeTLS(SSLSocket ssl) { + if (protocols != null) ssl.setEnabledProtocols(protocols); + if (cipherSuites != null) ssl.setEnabledCipherSuites(cipherSuites); + } + + public static final X509TrustManager TM = new X509TrustManager() { + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) { + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) { + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[]{}; + } + }; +} diff --git a/jar/custom_spider.jar b/jar/custom_spider.jar index f6051d29..5acb6f08 100644 Binary files a/jar/custom_spider.jar and b/jar/custom_spider.jar differ diff --git a/jar/custom_spider.jar.md5 b/jar/custom_spider.jar.md5 index 357dfe95..9e11b472 100644 --- a/jar/custom_spider.jar.md5 +++ b/jar/custom_spider.jar.md5 @@ -1 +1 @@ -c19508fcd9d418b38ed63d75d6b72b57 +56a830b94ff0c5ec09fc68bd2f12f2de