Refactoring

5 years ago · f3489df28c
parent 3574e1f45e
commit f3489df28c
1 changed files with 28 additions and 20 deletions
--- a/app/src/main/java/eu/faircode/email/EmailService.java
+++ b/app/src/main/java/eu/faircode/email/EmailService.java
@ -773,29 +773,37 @@ public class EmailService implements AutoCloseable {
        private Socket configure(Socket socket) {
            if (socket instanceof SSLSocket) {
                // https://developer.android.com/reference/javax/net/ssl/SSLSocket.html
                SSLSocket sslSocket = (SSLSocket) socket;
-                List<String> protocols = new ArrayList<>();
+                if (!secure) {
-                for (String protocol :
+                    sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
-                        secure ? sslSocket.getEnabledProtocols() : sslSocket.getSupportedProtocols())
+
-                    if (secure && harden && SSL_PROTOCOL_BLACKLIST.contains(protocol))
+                    List<String> ciphers = new ArrayList<>();
-                        Log.i("SSL disabling protocol=" + protocol);
+                    for (String cipher : sslSocket.getSupportedCipherSuites())
-                    else
+                        if (!cipher.endsWith("_SCSV"))
-                        protocols.add(protocol);
+                            ciphers.add(cipher);
-                Log.i("SSL protocols=" + TextUtils.join(",", protocols));
+                    sslSocket.setEnabledCipherSuites(ciphers.toArray(new String[0]));
-                sslSocket.setEnabledProtocols(protocols.toArray(new String[0]));
+                } else if (harden) {
-
+                    List<String> protocols = new ArrayList<>();
-                ArrayList<String> ciphers = new ArrayList<>();
+                    for (String protocol : sslSocket.getEnabledProtocols())
-                for (String cipher :
+                        if (SSL_PROTOCOL_BLACKLIST.contains(protocol))
-                        secure ? sslSocket.getEnabledCipherSuites() : sslSocket.getSupportedCipherSuites()) {
+                            Log.i("SSL disabling protocol=" + protocol);
-                    if (secure && harden && SSL_CIPHER_BLACKLIST.matcher(cipher).matches())
+                        else
-                        Log.i("SSL disabling cipher=" + cipher);
+                            protocols.add(protocol);
-                    else if (secure || !cipher.endsWith("_SCSV"))
+                    sslSocket.setEnabledProtocols(protocols.toArray(new String[0]));
-                        ciphers.add(cipher);
+
                    List<String> ciphers = new ArrayList<>();
                    for (String cipher : sslSocket.getEnabledCipherSuites()) {
                        if (SSL_CIPHER_BLACKLIST.matcher(cipher).matches())
                            Log.i("SSL disabling cipher=" + cipher);
                        else
                            ciphers.add(cipher);
                    }
                    sslSocket.setEnabledCipherSuites(ciphers.toArray(new String[0]));
                }
-                Log.i("SSL ciphers=" + TextUtils.join(",", ciphers));
+
-                sslSocket.setEnabledCipherSuites(ciphers.toArray(new String[0]));
+                Log.i("SSL protocols=" + TextUtils.join(",", sslSocket.getEnabledProtocols()));
                Log.i("SSL ciphers=" + TextUtils.join(",", sslSocket.getEnabledCipherSuites()));
            }
            return socket;