Skip to content
GitLab
Explore
Sign in
Register
Commits on Source (5)
Drop libandroid-23-java from B-D.
· 0f2302bb
Markus Koschany
authored
Jan 05, 2019
0f2302bb
Ignore com.android:android:jar:23
· e000ca26
Markus Koschany
authored
Jan 05, 2019
e000ca26
Add no-android.patch
· 87e09392
Markus Koschany
authored
Jan 05, 2019
87e09392
Update changelog
· 3ffabe7c
Markus Koschany
authored
Jan 05, 2019
3ffabe7c
Use canonical VCS URI.
· 12080186
Markus Koschany
authored
Jan 05, 2019
12080186
Show whitespace changes
Inline
Side-by-side
debian/changelog
View file @
12080186
libokhttp-java (3.12.1-2) unstable; urgency=medium
* Drop libandroid-23-java from B-D and add no-android.patch. The Android
module was ignored anyway. Hence we do not have to depend on
libandroid-23-java. (Closes: #918282)
-- Markus Koschany <apo@debian.org> Sat, 05 Jan 2019 13:04:58 +0100
libokhttp-java (3.12.1-1) unstable; urgency=medium
* New upstream version 3.12.1.
...
...
debian/control
View file @
12080186
...
...
@@ -9,13 +9,12 @@ Build-Depends:
debhelper (>= 11),
default-jdk,
javahelper,
libandroid-23-java,
libanimal-sniffer-java,
libokio-java (>= 1.14.0),
maven-debian-helper (>= 2.1)
Standards-Version: 4.3.0
Vcs-Git: https://
anonscm
.debian.org/
git/pkg-java
/libokhttp-java.git
Vcs-Browser: https://
anonscm
.debian.org/
cgit/pkg-java
/libokhttp-java
.git
Vcs-Git: https://
salsa
.debian.org/
java-team
/libokhttp-java.git
Vcs-Browser: https://
salsa
.debian.org/
java-team
/libokhttp-java
Homepage: https://github.com/square/okhttp
Package: libokhttp-java
...
...
debian/maven.ignoreRules
View file @
12080186
...
...
@@ -20,3 +20,4 @@ org.codehaus.mojo templating-maven-plugin * * * *
org.codehaus.plexus plexus-compiler-javac-errorprone * * * *
com.google.errorprone error_prone_core * * * *
org.conscrypt conscrypt-openjdk-uber * * * *
com.android android * * * *
debian/patches/no-android.patch
0 → 100644
View file @
12080186
From: Markus Koschany <apo@debian.org>
Date: Sat, 5 Jan 2019 23:08:57 +0100
Subject: no android
We can't support the Android platform as long as libandroid-23-java is RC
buggy.
---
.../okhttp3/internal/platform/AndroidPlatform.java | 457 ---------------------
.../java/okhttp3/internal/platform/Platform.java | 2 +-
2 files changed, 1 insertion(+), 458 deletions(-)
delete mode 100644 okhttp/src/main/java/okhttp3/internal/platform/AndroidPlatform.java
diff --git a/okhttp/src/main/java/okhttp3/internal/platform/AndroidPlatform.java b/okhttp/src/main/java/okhttp3/internal/platform/AndroidPlatform.java
deleted file mode 100644
index 08b102c..0000000
--- a/okhttp/src/main/java/okhttp3/internal/platform/AndroidPlatform.java
+++ /dev/null
@@ -1,457 +0,0 @@
-/*
- * Copyright (C) 2016 Square, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package okhttp3.internal.platform;
-
-import android.os.Build;
-import android.util.Log;
-import java.io.IOException;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.net.InetSocketAddress;
-import java.net.Socket;
-import java.security.NoSuchAlgorithmException;
-import java.security.Security;
-import java.security.cert.Certificate;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509Certificate;
-import java.util.List;
-import javax.annotation.Nullable;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLPeerUnverifiedException;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.X509TrustManager;
-import okhttp3.Protocol;
-import okhttp3.internal.Util;
-import okhttp3.internal.tls.BasicTrustRootIndex;
-import okhttp3.internal.tls.CertificateChainCleaner;
-import okhttp3.internal.tls.TrustRootIndex;
-
-import static okhttp3.internal.Util.assertionError;
-
-/** Android 2.3 or better. */
-class AndroidPlatform extends Platform {
- private static final int MAX_LOG_LENGTH = 4000;
-
- private final Class<?> sslParametersClass;
- private final OptionalMethod<Socket> setUseSessionTickets;
- private final OptionalMethod<Socket> setHostname;
-
- // Non-null on Android 5.0+.
- private final OptionalMethod<Socket> getAlpnSelectedProtocol;
- private final OptionalMethod<Socket> setAlpnProtocols;
-
- private final CloseGuard closeGuard = CloseGuard.get();
-
- AndroidPlatform(Class<?> sslParametersClass, OptionalMethod<Socket> setUseSessionTickets,
- OptionalMethod<Socket> setHostname, OptionalMethod<Socket> getAlpnSelectedProtocol,
- OptionalMethod<Socket> setAlpnProtocols) {
- this.sslParametersClass = sslParametersClass;
- this.setUseSessionTickets = setUseSessionTickets;
- this.setHostname = setHostname;
- this.getAlpnSelectedProtocol = getAlpnSelectedProtocol;
- this.setAlpnProtocols = setAlpnProtocols;
- }
-
- @Override public void connectSocket(Socket socket, InetSocketAddress address,
- int connectTimeout) throws IOException {
- try {
- socket.connect(address, connectTimeout);
- } catch (AssertionError e) {
- if (Util.isAndroidGetsocknameError(e)) throw new IOException(e);
- throw e;
- } catch (SecurityException e) {
- // Before android 4.3, socket.connect could throw a SecurityException
- // if opening a socket resulted in an EACCES error.
- IOException ioException = new IOException("Exception in connect");
- ioException.initCause(e);
- throw ioException;
- } catch (ClassCastException e) {
- // On android 8.0, socket.connect throws a ClassCastException due to a bug
- // see https://issuetracker.google.com/issues/63649622
- if (Build.VERSION.SDK_INT == 26) {
- IOException ioException = new IOException("Exception in connect");
- ioException.initCause(e);
- throw ioException;
- } else {
- throw e;
- }
- }
- }
-
- @Override protected @Nullable X509TrustManager trustManager(SSLSocketFactory sslSocketFactory) {
- Object context = readFieldOrNull(sslSocketFactory, sslParametersClass, "sslParameters");
- if (context == null) {
- // If that didn't work, try the Google Play Services SSL provider before giving up. This
- // must be loaded by the SSLSocketFactory's class loader.
- try {
- Class<?> gmsSslParametersClass = Class.forName(
- "com.google.android.gms.org.conscrypt.SSLParametersImpl", false,
- sslSocketFactory.getClass().getClassLoader());
- context = readFieldOrNull(sslSocketFactory, gmsSslParametersClass, "sslParameters");
- } catch (ClassNotFoundException e) {
- return super.trustManager(sslSocketFactory);
- }
- }
-
- X509TrustManager x509TrustManager = readFieldOrNull(
- context, X509TrustManager.class, "x509TrustManager");
- if (x509TrustManager != null) return x509TrustManager;
-
- return readFieldOrNull(context, X509TrustManager.class, "trustManager");
- }
-
- @Override public void configureTlsExtensions(
- SSLSocket sslSocket, String hostname, List<Protocol> protocols) {
- // Enable SNI and session tickets.
- if (hostname != null) {
- setUseSessionTickets.invokeOptionalWithoutCheckedException(sslSocket, true);
- setHostname.invokeOptionalWithoutCheckedException(sslSocket, hostname);
- }
-
- // Enable ALPN.
- if (setAlpnProtocols != null && setAlpnProtocols.isSupported(sslSocket)) {
- Object[] parameters = {concatLengthPrefixed(protocols)};
- setAlpnProtocols.invokeWithoutCheckedException(sslSocket, parameters);
- }
- }
-
- @Override public @Nullable String getSelectedProtocol(SSLSocket socket) {
- if (getAlpnSelectedProtocol == null) return null;
- if (!getAlpnSelectedProtocol.isSupported(socket)) return null;
-
- byte[] alpnResult = (byte[]) getAlpnSelectedProtocol.invokeWithoutCheckedException(socket);
- return alpnResult != null ? new String(alpnResult, Util.UTF_8) : null;
- }
-
- @Override public void log(int level, String message, @Nullable Throwable t) {
- int logLevel = level == WARN ? Log.WARN : Log.DEBUG;
- if (t != null) message = message + '\n' + Log.getStackTraceString(t);
-
- // Split by line, then ensure each line can fit into Log's maximum length.
- for (int i = 0, length = message.length(); i < length; i++) {
- int newline = message.indexOf('\n', i);
- newline = newline != -1 ? newline : length;
- do {
- int end = Math.min(newline, i + MAX_LOG_LENGTH);
- Log.println(logLevel, "OkHttp", message.substring(i, end));
- i = end;
- } while (i < newline);
- }
- }
-
- @Override public Object getStackTraceForCloseable(String closer) {
- return closeGuard.createAndOpen(closer);
- }
-
- @Override public void logCloseableLeak(String message, Object stackTrace) {
- boolean reported = closeGuard.warnIfOpen(stackTrace);
- if (!reported) {
- // Unable to report via CloseGuard. As a last-ditch effort, send it to the logger.
- log(WARN, message, null);
- }
- }
-
- @Override public boolean isCleartextTrafficPermitted(String hostname) {
- try {
- Class<?> networkPolicyClass = Class.forName("android.security.NetworkSecurityPolicy");
- Method getInstanceMethod = networkPolicyClass.getMethod("getInstance");
- Object networkSecurityPolicy = getInstanceMethod.invoke(null);
- return api24IsCleartextTrafficPermitted(hostname, networkPolicyClass, networkSecurityPolicy);
- } catch (ClassNotFoundException | NoSuchMethodException e) {
- return super.isCleartextTrafficPermitted(hostname);
- } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
- throw assertionError("unable to determine cleartext support", e);
- }
- }
-
- private boolean api24IsCleartextTrafficPermitted(String hostname, Class<?> networkPolicyClass,
- Object networkSecurityPolicy) throws InvocationTargetException, IllegalAccessException {
- try {
- Method isCleartextTrafficPermittedMethod = networkPolicyClass
- .getMethod("isCleartextTrafficPermitted", String.class);
- return (boolean) isCleartextTrafficPermittedMethod.invoke(networkSecurityPolicy, hostname);
- } catch (NoSuchMethodException e) {
- return api23IsCleartextTrafficPermitted(hostname, networkPolicyClass, networkSecurityPolicy);
- }
- }
-
- private boolean api23IsCleartextTrafficPermitted(String hostname, Class<?> networkPolicyClass,
- Object networkSecurityPolicy) throws InvocationTargetException, IllegalAccessException {
- try {
- Method isCleartextTrafficPermittedMethod = networkPolicyClass
- .getMethod("isCleartextTrafficPermitted");
- return (boolean) isCleartextTrafficPermittedMethod.invoke(networkSecurityPolicy);
- } catch (NoSuchMethodException e) {
- return super.isCleartextTrafficPermitted(hostname);
- }
- }
-
- /**
- * Checks to see if Google Play Services Dynamic Security Provider is present which provides ALPN
- * support. If it isn't checks to see if device is Android 5.0+ since 4.x device have broken
- * ALPN support.
- */
- private static boolean supportsAlpn() {
- if (Security.getProvider("GMSCore_OpenSSL") != null) {
- return true;
- } else {
- try {
- Class.forName("android.net.Network"); // Arbitrary class added in Android 5.0.
- return true;
- } catch (ClassNotFoundException ignored) { }
- }
- return false;
- }
-
- public CertificateChainCleaner buildCertificateChainCleaner(X509TrustManager trustManager) {
- try {
- Class<?> extensionsClass = Class.forName("android.net.http.X509TrustManagerExtensions");
- Constructor<?> constructor = extensionsClass.getConstructor(X509TrustManager.class);
- Object extensions = constructor.newInstance(trustManager);
- Method checkServerTrusted = extensionsClass.getMethod(
- "checkServerTrusted", X509Certificate[].class, String.class, String.class);
- return new AndroidCertificateChainCleaner(extensions, checkServerTrusted);
- } catch (Exception e) {
- return super.buildCertificateChainCleaner(trustManager);
- }
- }
-
- public static Platform buildIfSupported() {
- // Attempt to find Android 2.3+ APIs.
- try {
- Class<?> sslParametersClass;
- try {
- sslParametersClass = Class.forName("com.android.org.conscrypt.SSLParametersImpl");
- } catch (ClassNotFoundException e) {
- // Older platform before being unbundled.
- sslParametersClass = Class.forName(
- "org.apache.harmony.xnet.provider.jsse.SSLParametersImpl");
- }
-
- OptionalMethod<Socket> setUseSessionTickets = new OptionalMethod<>(
- null, "setUseSessionTickets", boolean.class);
- OptionalMethod<Socket> setHostname = new OptionalMethod<>(
- null, "setHostname", String.class);
- OptionalMethod<Socket> getAlpnSelectedProtocol = null;
- OptionalMethod<Socket> setAlpnProtocols = null;
-
- if (supportsAlpn()) {
- getAlpnSelectedProtocol
- = new OptionalMethod<>(byte[].class, "getAlpnSelectedProtocol");
- setAlpnProtocols
- = new OptionalMethod<>(null, "setAlpnProtocols", byte[].class);
- }
-
- return new AndroidPlatform(sslParametersClass, setUseSessionTickets, setHostname,
- getAlpnSelectedProtocol, setAlpnProtocols);
- } catch (ClassNotFoundException ignored) {
- // This isn't an Android runtime.
- }
-
- return null;
- }
-
- @Override
- public TrustRootIndex buildTrustRootIndex(X509TrustManager trustManager) {
-
- try {
- // From org.conscrypt.TrustManagerImpl, we want the method with this signature:
- // private TrustAnchor findTrustAnchorByIssuerAndSignature(X509Certificate lastCert);
- Method method = trustManager.getClass().getDeclaredMethod(
- "findTrustAnchorByIssuerAndSignature", X509Certificate.class);
- method.setAccessible(true);
- return new AndroidTrustRootIndex(trustManager, method);
- } catch (NoSuchMethodException e) {
- return super.buildTrustRootIndex(trustManager);
- }
- }
-
- /**
- * X509TrustManagerExtensions was added to Android in API 17 (Android 4.2, released in late 2012).
- * This is the best way to get a clean chain on Android because it uses the same code as the TLS
- * handshake.
- */
- static final class AndroidCertificateChainCleaner extends CertificateChainCleaner {
- private final Object x509TrustManagerExtensions;
- private final Method checkServerTrusted;
-
- AndroidCertificateChainCleaner(Object x509TrustManagerExtensions, Method checkServerTrusted) {
- this.x509TrustManagerExtensions = x509TrustManagerExtensions;
- this.checkServerTrusted = checkServerTrusted;
- }
-
- @SuppressWarnings({"unchecked", "SuspiciousToArrayCall"}) // Reflection on List<Certificate>.
- @Override public List<Certificate> clean(List<Certificate> chain, String hostname)
- throws SSLPeerUnverifiedException {
- try {
- X509Certificate[] certificates = chain.toArray(new X509Certificate[chain.size()]);
- return (List<Certificate>) checkServerTrusted.invoke(
- x509TrustManagerExtensions, certificates, "RSA", hostname);
- } catch (InvocationTargetException e) {
- SSLPeerUnverifiedException exception = new SSLPeerUnverifiedException(e.getMessage());
- exception.initCause(e);
- throw exception;
- } catch (IllegalAccessException e) {
- throw new AssertionError(e);
- }
- }
-
- @Override public boolean equals(Object other) {
- return other instanceof AndroidCertificateChainCleaner; // All instances are equivalent.
- }
-
- @Override public int hashCode() {
- return 0;
- }
- }
-
- /**
- * Provides access to the internal dalvik.system.CloseGuard class. Android uses this in
- * combination with android.os.StrictMode to report on leaked java.io.Closeable's. Available since
- * Android API 11.
- */
- static final class CloseGuard {
- private final Method getMethod;
- private final Method openMethod;
- private final Method warnIfOpenMethod;
-
- CloseGuard(Method getMethod, Method openMethod, Method warnIfOpenMethod) {
- this.getMethod = getMethod;
- this.openMethod = openMethod;
- this.warnIfOpenMethod = warnIfOpenMethod;
- }
-
- Object createAndOpen(String closer) {
- if (getMethod != null) {
- try {
- Object closeGuardInstance = getMethod.invoke(null);
- openMethod.invoke(closeGuardInstance, closer);
- return closeGuardInstance;
- } catch (Exception ignored) {
- }
- }
- return null;
- }
-
- boolean warnIfOpen(Object closeGuardInstance) {
- boolean reported = false;
- if (closeGuardInstance != null) {
- try {
- warnIfOpenMethod.invoke(closeGuardInstance);
- reported = true;
- } catch (Exception ignored) {
- }
- }
- return reported;
- }
-
- static CloseGuard get() {
- Method getMethod;
- Method openMethod;
- Method warnIfOpenMethod;
-
- try {
- Class<?> closeGuardClass = Class.forName("dalvik.system.CloseGuard");
- getMethod = closeGuardClass.getMethod("get");
- openMethod = closeGuardClass.getMethod("open", String.class);
- warnIfOpenMethod = closeGuardClass.getMethod("warnIfOpen");
- } catch (Exception ignored) {
- getMethod = null;
- openMethod = null;
- warnIfOpenMethod = null;
- }
- return new CloseGuard(getMethod, openMethod, warnIfOpenMethod);
- }
- }
-
- /**
- * An index of trusted root certificates that exploits knowledge of Android implementation
- * details. This class is potentially much faster to initialize than {@link BasicTrustRootIndex}
- * because it doesn't need to load and index trusted CA certificates.
- *
- * <p>This class uses APIs added to Android in API 14 (Android 4.0, released October 2011). This
- * class shouldn't be used in Android API 17 or better because those releases are better served by
- * {@link AndroidPlatform.AndroidCertificateChainCleaner}.
- */
- static final class AndroidTrustRootIndex implements TrustRootIndex {
- private final X509TrustManager trustManager;
- private final Method findByIssuerAndSignatureMethod;
-
- AndroidTrustRootIndex(X509TrustManager trustManager, Method findByIssuerAndSignatureMethod) {
- this.findByIssuerAndSignatureMethod = findByIssuerAndSignatureMethod;
- this.trustManager = trustManager;
- }
-
- @Override public X509Certificate findByIssuerAndSignature(X509Certificate cert) {
- try {
- TrustAnchor trustAnchor = (TrustAnchor) findByIssuerAndSignatureMethod.invoke(
- trustManager, cert);
- return trustAnchor != null
- ? trustAnchor.getTrustedCert()
- : null;
- } catch (IllegalAccessException e) {
- throw assertionError("unable to get issues and signature", e);
- } catch (InvocationTargetException e) {
- return null;
- }
- }
-
- @Override
- public boolean equals(Object obj) {
- if (obj == this) {
- return true;
- }
- if (!(obj instanceof AndroidTrustRootIndex)) {
- return false;
- }
- AndroidTrustRootIndex that = (AndroidTrustRootIndex) obj;
- return trustManager.equals(that.trustManager)
- && findByIssuerAndSignatureMethod.equals(that.findByIssuerAndSignatureMethod);
- }
-
- @Override
- public int hashCode() {
- return trustManager.hashCode() + 31 * findByIssuerAndSignatureMethod.hashCode();
- }
- }
-
- @Override public SSLContext getSSLContext() {
- boolean tryTls12;
- try {
- tryTls12 = (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 22);
- } catch (NoClassDefFoundError e) {
- // Not a real Android runtime; probably RoboVM or MoE
- // Try to load TLS 1.2 explicitly.
- tryTls12 = true;
- }
-
- if (tryTls12) {
- try {
- return SSLContext.getInstance("TLSv1.2");
- } catch (NoSuchAlgorithmException e) {
- // fallback to TLS
- }
- }
-
- try {
- return SSLContext.getInstance("TLS");
- } catch (NoSuchAlgorithmException e) {
- throw new IllegalStateException("No TLS provider", e);
- }
- }
-}
diff --git a/okhttp/src/main/java/okhttp3/internal/platform/Platform.java b/okhttp/src/main/java/okhttp3/internal/platform/Platform.java
index 95ff341..922eab4 100644
--- a/okhttp/src/main/java/okhttp3/internal/platform/Platform.java
+++ b/okhttp/src/main/java/okhttp3/internal/platform/Platform.java
@@ -198,7 +198,7 @@
public class Platform {
/** Attempt to match the host runtime to a capable Platform implementation. */
private static Platform findPlatform() {
- Platform android = AndroidPlatform.buildIfSupported();
+ Platform android = null;
if (android != null) {
return android;
debian/patches/no-javac-with-errorprone.patch
View file @
12080186
...
...
@@ -7,7 +7,7 @@ Subject: no javac with errorprone
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index
14a31f6..91fea7
4 100644
index
ffd392c..4bad39
4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -154,7 +154,7 @@
...
...
debian/patches/series
View file @
12080186
no-javac-with-errorprone.patch
no-Conscrypt.patch
no-android.patch
