Skip to content
This repository has been archived by the owner on Jan 21, 2022. It is now read-only.

TLS1.3 support and ENCRYPTION_PADDING_NONE is added #392

Open
wants to merge 3 commits into
base: MAS-2.1.00
Choose a base branch
from
Open

TLS1.3 support and ENCRYPTION_PADDING_NONE is added #392

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4aac2a3
TLS1.3 support for Android MAS SDK and ENCRYPTION_PADDING_NONE is add…
Aug 19, 2021
6b22b90
Changing the TLS 1.3 support for Android Q and below
Aug 23, 2021
16906e1
Change the keyword name SUPPORTED_TLS_FROM_ANDROID_Q
Aug 23, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 12 additions & 2 deletions mas-foundation/src/main/java/com/ca/mas/core/io/ssl/TLSSocketFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@

package com.ca.mas.core.io.ssl;

import android.os.Build;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
Expand All @@ -21,7 +23,9 @@ class TLSSocketFactory extends SSLSocketFactory {
private static final String SSL_TLS_V1_PROTOCOL = "TLSv1";
private static final String SSL_TLS_V1_1_PROTOCOL = "TLSv1.1";
private static final String SSL_TLS_V1_2_PROTOCOL = "TLSv1.2";
private static final String SSL_TLS_V1_3_PROTOCOL = "TLSv1.3";
private static final String[] SUPPORTED_TLS = {SSL_V3_PROTOCOL, SSL_TLS_V1_PROTOCOL, SSL_TLS_V1_1_PROTOCOL, SSL_TLS_V1_2_PROTOCOL};
private static final String[] SUPPORTED_TLS_FROM_ANDROID_Q = {SSL_V3_PROTOCOL, SSL_TLS_V1_PROTOCOL, SSL_TLS_V1_1_PROTOCOL, SSL_TLS_V1_2_PROTOCOL, SSL_TLS_V1_3_PROTOCOL};

TLSSocketFactory(SSLSocketFactory sslSocketFactory) {
this.sslSocketFactory = sslSocketFactory;
Expand Down Expand Up @@ -68,8 +72,14 @@ public Socket createSocket(InetAddress address, int port, InetAddress localAddre
}

private Socket enableTLS(Socket socket) {
if (socket != null && (socket instanceof SSLSocket)) {
((SSLSocket) socket).setEnabledProtocols(SUPPORTED_TLS);
if ((socket instanceof SSLSocket)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the null check removed here ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because instanceof covers that null check. It is actually redundant. IDE was showing the same.

if (Build.VERSION.SDK_INT < Build.VERSION_CODES.Q) {
((SSLSocket) socket).setEnabledProtocols(SUPPORTED_TLS);
}
else
{
((SSLSocket) socket).setEnabledProtocols(SUPPORTED_TLS_FROM_ANDROID_Q);
}
}
return socket;
}
Expand Down
3 changes: 2 additions & 1 deletion mas-foundation/src/main/java/com/ca/mas/core/security/AndroidMKeyRepository.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
import static android.security.keystore.KeyProperties.DIGEST_SHA256;
import static android.security.keystore.KeyProperties.DIGEST_SHA384;
import static android.security.keystore.KeyProperties.DIGEST_SHA512;
import static android.security.keystore.KeyProperties.ENCRYPTION_PADDING_NONE;
import static android.security.keystore.KeyProperties.ENCRYPTION_PADDING_PKCS7;
import static android.security.keystore.KeyProperties.ENCRYPTION_PADDING_RSA_OAEP;
import static android.security.keystore.KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1;
Expand Down Expand Up @@ -59,7 +60,7 @@ KeyGenParameterSpec.Builder getKeyGenParameterSpecBuilder(String alias, Generate
.setRandomizedEncryptionRequired(false)
.setBlockModes(BLOCK_MODE_CBC, BLOCK_MODE_CTR, BLOCK_MODE_ECB, BLOCK_MODE_GCM)
.setDigests(DIGEST_NONE, DIGEST_MD5, DIGEST_SHA1, DIGEST_SHA256, DIGEST_SHA384, DIGEST_SHA512)
.setEncryptionPaddings(ENCRYPTION_PADDING_PKCS7, ENCRYPTION_PADDING_RSA_OAEP, ENCRYPTION_PADDING_RSA_PKCS1)
.setEncryptionPaddings(ENCRYPTION_PADDING_PKCS7, ENCRYPTION_PADDING_RSA_OAEP, ENCRYPTION_PADDING_RSA_PKCS1, ENCRYPTION_PADDING_NONE)
.setSignaturePaddings(SIGNATURE_PADDING_RSA_PSS, SIGNATURE_PADDING_RSA_PKCS1);
}

Expand Down