use conscrypt

Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
nextcloud · Aug 20, 2019 · 6014e90 · 6014e90
1 parent 4688995
commit 6014e90
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/build.gradle b/build.gradle
@@ -303,6 +303,7 @@ dependencies {
     annotationProcessor "org.projectlombok:lombok:1.18.8"
 
     ktlint "com.pinterest:ktlint:0.34.2"
+    implementation 'org.conscrypt:conscrypt-android:2.2.1'
 
     // dependencies for local unit tests
     testImplementation 'junit:junit:4.12'

diff --git a/src/main/java/com/owncloud/android/MainApp.java b/src/main/java/com/owncloud/android/MainApp.java
@@ -79,14 +79,21 @@
 import com.owncloud.android.utils.ReceiversHelper;
 import com.owncloud.android.utils.SecurityUtils;
 
+import org.conscrypt.Conscrypt;
+
 import java.lang.reflect.Method;
+import java.security.NoSuchAlgorithmException;
+import java.security.Security;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
 import javax.inject.Inject;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
 
 import androidx.annotation.RequiresApi;
 import androidx.annotation.StringRes;
@@ -218,6 +225,8 @@ protected void attachBaseContext(Context base) {
     public void onCreate() {
         super.onCreate();
 
+        insertConscrypt();
+
         SecurityKeyManager securityKeyManager = SecurityKeyManager.getInstance();
         SecurityKeyManagerConfig config = new SecurityKeyManagerConfig.Builder()
             .setEnableDebugLogging(BuildConfig.DEBUG)
@@ -345,7 +354,25 @@ public static void initContactsBackup(UserAccountManager accountManager) {
                 ContactsPreferenceActivity.startContactBackupJob(account);
             }
         }
+    }
 
+    private void insertConscrypt() {
+        Security.insertProviderAt(Conscrypt.newProvider(), 1);
+
+        try {
+            Conscrypt.Version version = Conscrypt.version();
+            Log_OC.i(TAG, "Using Conscrypt/"
+                + version.major()
+                + "."
+                + version.minor()
+                + "." + version.patch()
+                + " for TLS");
+            SSLEngine engine = SSLContext.getDefault().createSSLEngine();
+            Log_OC.i(TAG, "Enabled protocols: " + Arrays.toString(engine.getEnabledProtocols()) + " }");
+            Log_OC.i(TAG, "Enabled ciphers: " + Arrays.toString(engine.getEnabledCipherSuites()) + " }");
+        } catch (NoSuchAlgorithmException e) {
+            Log_OC.e(TAG, e.getMessage());
+        }
     }
 
     @SuppressLint("ApplySharedPref") // commit is done on purpose to write immediately