diff --git a/app/build.gradle b/app/build.gradle index a9df4c8f..b20c80fb 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -41,6 +41,7 @@ dependencies { implementation('com.squareup.okhttp3:okhttp:3.12.13') { force = true } implementation 'wang.harlon.quickjs:wrapper-android:0.20.2' implementation 'com.google.net.cronet:cronet-okhttp:0.1.0' + implementation 'org.conscrypt:conscrypt-android:2.5.2' implementation 'com.google.code.gson:gson:2.8.6' implementation 'cn.wanghaomiao:JsoupXpath:2.5.1' implementation 'com.google.zxing:core:3.3.0' diff --git a/app/src/main/java/com/github/catvod/net/OkHttp.java b/app/src/main/java/com/github/catvod/net/OkHttp.java index 44fac466..489a9a81 100644 --- a/app/src/main/java/com/github/catvod/net/OkHttp.java +++ b/app/src/main/java/com/github/catvod/net/OkHttp.java @@ -36,7 +36,7 @@ public class OkHttp { } public static OkHttpClient.Builder getBuilder() { - return new OkHttpClient.Builder().dns(safeDns()).readTimeout(30, TimeUnit.SECONDS).writeTimeout(30, TimeUnit.SECONDS).connectTimeout(30, TimeUnit.SECONDS).hostnameVerifier(SSLSocketFactoryCompat.hostnameVerifier).sslSocketFactory(new SSLSocketFactoryCompat(), SSLSocketFactoryCompat.trustAllCert); + return new OkHttpClient.Builder().dns(safeDns()).readTimeout(30, TimeUnit.SECONDS).writeTimeout(30, TimeUnit.SECONDS).connectTimeout(30, TimeUnit.SECONDS).sslSocketFactory(SSLCompat.get(), SSLCompat.TM); } public static OkHttpClient client() { diff --git a/app/src/main/java/com/github/catvod/net/SSLCompat.java b/app/src/main/java/com/github/catvod/net/SSLCompat.java new file mode 100644 index 00000000..7993cfa7 --- /dev/null +++ b/app/src/main/java/com/github/catvod/net/SSLCompat.java @@ -0,0 +1,94 @@ +package com.github.catvod.net; + +import org.conscrypt.Conscrypt; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; +import java.security.KeyManagementException; +import java.security.Provider; +import java.security.Security; + +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + +public class SSLCompat extends SSLSocketFactory { + + private final SSLSocketFactory socketFactory; + public static final X509TrustManager TM; + + static { + try { + TM = Conscrypt.getDefaultX509TrustManager(); + } catch (KeyManagementException e) { + throw new RuntimeException(e); + } + } + + public SSLCompat(SSLSocketFactory factory) { + HttpsURLConnection.setDefaultSSLSocketFactory(factory); + socketFactory = factory; + } + + public static SSLCompat get() { + try { + Provider provider = Conscrypt.newProvider(); + Security.insertProviderAt(provider, 1); + SSLContext context = SSLContext.getInstance("TLS", provider); + context.init(null, new TrustManager[]{TM}, null); + return new SSLCompat(context.getSocketFactory()); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + @Override + public String[] getDefaultCipherSuites() { + return socketFactory.getDefaultCipherSuites(); + } + + @Override + public String[] getSupportedCipherSuites() { + return socketFactory.getSupportedCipherSuites(); + } + + @Override + public Socket createSocket() throws IOException { + return enableTLSOnSocket(socketFactory.createSocket()); + } + + @Override + public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { + return enableTLSOnSocket(socketFactory.createSocket(s, host, port, autoClose)); + } + + @Override + public Socket createSocket(String host, int port) throws IOException { + return enableTLSOnSocket(socketFactory.createSocket(host, port)); + } + + @Override + public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { + return enableTLSOnSocket(socketFactory.createSocket(host, port, localHost, localPort)); + } + + @Override + public Socket createSocket(InetAddress host, int port) throws IOException { + return enableTLSOnSocket(socketFactory.createSocket(host, port)); + } + + @Override + public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { + return enableTLSOnSocket(socketFactory.createSocket(address, port, localAddress, localPort)); + } + + private Socket enableTLSOnSocket(Socket socket) { + if (socket instanceof SSLSocket) ((SSLSocket) socket).setEnabledProtocols(new String[]{"TLSv1.2", "TLSv1.3"}); + return socket; + } +} diff --git a/app/src/main/java/com/github/catvod/net/SSLSocketFactoryCompat.java b/app/src/main/java/com/github/catvod/net/SSLSocketFactoryCompat.java deleted file mode 100644 index f8db4608..00000000 --- a/app/src/main/java/com/github/catvod/net/SSLSocketFactoryCompat.java +++ /dev/null @@ -1,128 +0,0 @@ -package com.github.catvod.net; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.Socket; -import java.security.GeneralSecurityException; -import java.security.cert.X509Certificate; -import java.util.Arrays; -import java.util.HashSet; -import java.util.LinkedList; -import java.util.List; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.X509TrustManager; - -public class SSLSocketFactoryCompat extends SSLSocketFactory { - - public static final HostnameVerifier hostnameVerifier = (hostname, session) -> true; - - public static final X509TrustManager trustAllCert = new X509TrustManager() { - - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) { - } - - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType) { - } - - @Override - public X509Certificate[] getAcceptedIssuers() { - return new X509Certificate[]{}; - } - }; - - static String[] protocols = null; - static String[] cipherSuites = null; - - static { - try { - SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); - if (socket != null) { - List protocols = new LinkedList<>(); - for (String protocol : socket.getSupportedProtocols()) if (!protocol.toUpperCase().contains("SSL")) protocols.add(protocol); - SSLSocketFactoryCompat.protocols = protocols.toArray(new String[protocols.size()]); - List allowedCiphers = Arrays.asList("TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); - List availableCiphers = Arrays.asList(socket.getSupportedCipherSuites()); - HashSet preferredCiphers = new HashSet<>(allowedCiphers); - preferredCiphers.retainAll(availableCiphers); - preferredCiphers.addAll(new HashSet<>(Arrays.asList(socket.getEnabledCipherSuites()))); - SSLSocketFactoryCompat.cipherSuites = preferredCiphers.toArray(new String[preferredCiphers.size()]); - } - } catch (IOException e) { - throw new RuntimeException(e); - } - } - - private final SSLSocketFactory defaultFactory; - - public SSLSocketFactoryCompat() { - try { - SSLContext sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, new X509TrustManager[]{SSLSocketFactoryCompat.trustAllCert}, null); - defaultFactory = sslContext.getSocketFactory(); - HttpsURLConnection.setDefaultSSLSocketFactory(defaultFactory); - } catch (GeneralSecurityException e) { - throw new AssertionError(); - } - } - - private void upgradeTLS(SSLSocket ssl) { - if (protocols != null) { - ssl.setEnabledProtocols(protocols); - } - if (cipherSuites != null) { - ssl.setEnabledCipherSuites(cipherSuites); - } - } - - @Override - public String[] getDefaultCipherSuites() { - return cipherSuites; - } - - @Override - public String[] getSupportedCipherSuites() { - return cipherSuites; - } - - @Override - public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { - Socket ssl = defaultFactory.createSocket(s, host, port, autoClose); - if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); - return ssl; - } - - @Override - public Socket createSocket(String host, int port) throws IOException { - Socket ssl = defaultFactory.createSocket(host, port); - if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); - return ssl; - } - - @Override - public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException { - Socket ssl = defaultFactory.createSocket(host, port, localHost, localPort); - if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); - return ssl; - } - - @Override - public Socket createSocket(InetAddress host, int port) throws IOException { - Socket ssl = defaultFactory.createSocket(host, port); - if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); - return ssl; - } - - @Override - public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { - Socket ssl = defaultFactory.createSocket(address, port, localAddress, localPort); - if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); - return ssl; - } -} diff --git a/jar/custom_spider.jar b/jar/custom_spider.jar index 008ef9d6..3e73c8f2 100644 Binary files a/jar/custom_spider.jar and b/jar/custom_spider.jar differ diff --git a/jar/custom_spider.jar.md5 b/jar/custom_spider.jar.md5 index 611cf801..ca68568f 100644 --- a/jar/custom_spider.jar.md5 +++ b/jar/custom_spider.jar.md5 @@ -1 +1 @@ -12d5373a579b207be00c71f70f97f1a0 +12e6194d611c0605a5c284502684f958