如何覆盖使用HttpsURLConnection时向服务器发送由机器人的cipherlist？ [英] How to override the cipherlist sent to the server by Android when using HttpsURLConnection?

问题描述

在TLS协商期间，客户端发送支持的密码列表给服务器，服务器选出一个，和加密启动。我想改变这个cipherlist搭载Android发送到服务器，当我使用 HttpsURLConnection 进行通信。

During TLS negotiation, clients send a list of supported ciphers to the server, the server picks one, and encryption starts. I want to change this cipherlist sent to the server by Android, when I'm using HttpsURLConnection for communication.

我知道，我可以使用 setSSLSocketFactory 的 HttpsURLConnection 对象上设置它为使用 SSLSocketFactory的。当我想改变所用的TrustManager等这是非常有用的 SSLSocket 的 SSLSocketFactory的返回。

I know that I can use setSSLSocketFactory on the HttpsURLConnection object to set it up to use a SSLSocketFactory. This is useful when I want to change the trustmanager etc used by the SSLSocket returned by the SSLSocketFactory.

我知道一般这个密码组列表可以使用 SSLParameters 对象，并将其传递给 SSlsocket 编辑或的SSLEngine 使用对象所提供的方法。

I know that in general this ciphersuite list can be edited using an SSLParameters object and passing it to SSlsocket or SSLEngine objects using the methods they provide.

但是 SSLSocketFactory的似乎不揭露这种方法！

BUT the SSLSocketFactory does not seem to expose such methods!

我无法找到一个方法来修改 SSLParameters 返回的的<$ C $创建SSLSocket 对象C> SSLSocketFactory的我传递给 HttpsURLConnection 。

I cannot find a way to change the SSLParameters of the returned SSLSocket objects created by the SSLSocketFactory I pass to HttpsURLConnection.

怎么办？

我想这也与Java的一般，不仅是Android系统。也许有一个面向对象的方式来做到这一点（例如延长 SSLSocketFactory的并提供给 HttpsURLConnection ？）

I guess this is also relevant to Java in general, not only Android. Maybe there's an OO way to do it (e.g. extend SSLSocketFactory and provide that to HttpsURLConnection?)

推荐答案

这一块code是有点生。请小心使用。

This piece of code is a bit raw. please use with care.

public class PreferredCipherSuiteSSLSocketFactory extends SSLSocketFactory {


private static final String PREFERRED_CIPHER_SUITE = "TLS_RSA_WITH_AES_128_CBC_SHA";

private final SSLSocketFactory delegate;

public PreferredCipherSuiteSSLSocketFactory(SSLSocketFactory delegate) {

    this.delegate = delegate;
}

@Override
public String[] getDefaultCipherSuites() {

    return setupPreferredDefaultCipherSuites(this.delegate);
}

@Override
public String[] getSupportedCipherSuites() {

    return setupPreferredSupportedCipherSuites(this.delegate);
}

@Override
public Socket createSocket(String arg0, int arg1) throws IOException,
        UnknownHostException {

    Socket socket = this.delegate.createSocket(arg0, arg1);
    String[] cipherSuites = setupPreferredDefaultCipherSuites(delegate);
    ((SSLSocket)socket).setEnabledCipherSuites(cipherSuites);

    return socket;
}

@Override
public Socket createSocket(InetAddress arg0, int arg1) throws IOException {

    Socket socket = this.delegate.createSocket(arg0, arg1);
    String[] cipherSuites = setupPreferredDefaultCipherSuites(delegate);
    ((SSLSocket)socket).setEnabledCipherSuites(cipherSuites);

    return socket;
}

@Override
public Socket createSocket(Socket arg0, String arg1, int arg2, boolean arg3)
        throws IOException {

    Socket socket = this.delegate.createSocket(arg0, arg1, arg2, arg3);
    String[] cipherSuites = setupPreferredDefaultCipherSuites(delegate);
    ((SSLSocket)socket).setEnabledCipherSuites(cipherSuites);

    return socket;
}

@Override
public Socket createSocket(String arg0, int arg1, InetAddress arg2, int arg3)
        throws IOException, UnknownHostException {

    Socket socket = this.delegate.createSocket(arg0, arg1, arg2, arg3);
    String[] cipherSuites = setupPreferredDefaultCipherSuites(delegate);
    ((SSLSocket)socket).setEnabledCipherSuites(cipherSuites);

    return socket;
}

@Override
public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2,
        int arg3) throws IOException {

    Socket socket = this.delegate.createSocket(arg0, arg1, arg2, arg3);
    String[] cipherSuites = setupPreferredDefaultCipherSuites(delegate);
    ((SSLSocket)socket).setEnabledCipherSuites(cipherSuites);

    return socket;
}

private static String[] setupPreferredDefaultCipherSuites(SSLSocketFactory sslSocketFactory) {

    String[] defaultCipherSuites = sslSocketFactory.getDefaultCipherSuites();

    ArrayList<String> suitesList = new ArrayList<String>(Arrays.asList(defaultCipherSuites));
    suitesList.remove(PREFERRED_CIPHER_SUITE);
    suitesList.add(0, PREFERRED_CIPHER_SUITE);

    return suitesList.toArray(new String[suitesList.size()]);
}

private static String[] setupPreferredSupportedCipherSuites(SSLSocketFactory sslSocketFactory) {

    String[] supportedCipherSuites = sslSocketFactory.getSupportedCipherSuites();

    ArrayList<String> suitesList = new ArrayList<String>(Arrays.asList(supportedCipherSuites));
    suitesList.remove(PREFERRED_CIPHER_SUITE);
    suitesList.add(0, PREFERRED_CIPHER_SUITE);

    return suitesList.toArray(new String[suitesList.size()]);
}
}

当你要使用它。

            HttpsURLConnection connection = (HttpsURLConnection) (new URL(url))
                .openConnection();
        SSLContext context = SSLContext.getInstance("TLS");
        TrustManager tm[] = {new SSLPinningTrustManager()};
        context.init(null, tm, null);
        SSLSocketFactory preferredCipherSuiteSSLSocketFactory = new PreferredCipherSuiteSSLSocketFactory(context.getSocketFactory());
        connection.setSSLSocketFactory(preferredCipherSuiteSSLSocketFactory);
                    connection.connect();

谢谢你。

这篇关于如何覆盖使用HttpsURLConnection时向服务器发送由机器人的cipherlist？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！