From 6caa816a63cf287b20483741326dc2e9c0253d0c Mon Sep 17 00:00:00 2001 From: Adam Vartanian Date: Fri, 18 Jan 2019 15:42:43 +0000 Subject: [PATCH] Deprecate SSLCertificateSocketFactory See the bug for the full context, but the short version is that this class is difficult to use properly, has a number of questionable methods, ignores the provider system, and largely exists to support functionality for which there are now standard APIs. Test: make docs Change-Id: I3b155b23bba41a72f20c149986318b75fa6d2eb0 Fixes: 112031620 --- api/current.txt | 34 +++++++++---------- api/removed.txt | 2 +- .../net/SSLCertificateSocketFactory.java | 9 +++++ 3 files changed, 27 insertions(+), 18 deletions(-) diff --git a/api/current.txt b/api/current.txt index a7cc380553e38..09ee23be239e0 100755 --- a/api/current.txt +++ b/api/current.txt @@ -27559,24 +27559,24 @@ package android.net { field public static final android.os.Parcelable.Creator CREATOR; } - public class SSLCertificateSocketFactory extends javax.net.ssl.SSLSocketFactory { + @Deprecated public class SSLCertificateSocketFactory extends javax.net.ssl.SSLSocketFactory { ctor @Deprecated public SSLCertificateSocketFactory(int); - method public java.net.Socket createSocket(java.net.Socket, String, int, boolean) throws java.io.IOException; - method public java.net.Socket createSocket(java.net.InetAddress, int, java.net.InetAddress, int) throws java.io.IOException; - method public java.net.Socket createSocket(java.net.InetAddress, int) throws java.io.IOException; - method public java.net.Socket createSocket(String, int, java.net.InetAddress, int) throws java.io.IOException; - method public java.net.Socket createSocket(String, int) throws java.io.IOException; - method public static javax.net.SocketFactory getDefault(int); - method public static javax.net.ssl.SSLSocketFactory getDefault(int, android.net.SSLSessionCache); - method public String[] getDefaultCipherSuites(); - method public static javax.net.ssl.SSLSocketFactory getInsecure(int, android.net.SSLSessionCache); - method public byte[] getNpnSelectedProtocol(java.net.Socket); - method public String[] getSupportedCipherSuites(); - method public void setHostname(java.net.Socket, String); - method public void setKeyManagers(javax.net.ssl.KeyManager[]); - method public void setNpnProtocols(byte[][]); - method public void setTrustManagers(javax.net.ssl.TrustManager[]); - method public void setUseSessionTickets(java.net.Socket, boolean); + method @Deprecated public java.net.Socket createSocket(java.net.Socket, String, int, boolean) throws java.io.IOException; + method @Deprecated public java.net.Socket createSocket(java.net.InetAddress, int, java.net.InetAddress, int) throws java.io.IOException; + method @Deprecated public java.net.Socket createSocket(java.net.InetAddress, int) throws java.io.IOException; + method @Deprecated public java.net.Socket createSocket(String, int, java.net.InetAddress, int) throws java.io.IOException; + method @Deprecated public java.net.Socket createSocket(String, int) throws java.io.IOException; + method @Deprecated public static javax.net.SocketFactory getDefault(int); + method @Deprecated public static javax.net.ssl.SSLSocketFactory getDefault(int, android.net.SSLSessionCache); + method @Deprecated public String[] getDefaultCipherSuites(); + method @Deprecated public static javax.net.ssl.SSLSocketFactory getInsecure(int, android.net.SSLSessionCache); + method @Deprecated public byte[] getNpnSelectedProtocol(java.net.Socket); + method @Deprecated public String[] getSupportedCipherSuites(); + method @Deprecated public void setHostname(java.net.Socket, String); + method @Deprecated public void setKeyManagers(javax.net.ssl.KeyManager[]); + method @Deprecated public void setNpnProtocols(byte[][]); + method @Deprecated public void setTrustManagers(javax.net.ssl.TrustManager[]); + method @Deprecated public void setUseSessionTickets(java.net.Socket, boolean); } public final class SSLSessionCache { diff --git a/api/removed.txt b/api/removed.txt index 356ed912f74ea..05d52d4e40c0c 100644 --- a/api/removed.txt +++ b/api/removed.txt @@ -320,7 +320,7 @@ package android.net { @IntDef({0x0, 0xa, 0x14, 0x1e}) @java.lang.annotation.Retention(java.lang.annotation.RetentionPolicy.SOURCE) public static @interface NetworkBadging.Badging { } - public class SSLCertificateSocketFactory extends javax.net.ssl.SSLSocketFactory { + @Deprecated public class SSLCertificateSocketFactory extends javax.net.ssl.SSLSocketFactory { method @Deprecated public static org.apache.http.conn.ssl.SSLSocketFactory getHttpSocketFactory(int, android.net.SSLSessionCache); } diff --git a/core/java/android/net/SSLCertificateSocketFactory.java b/core/java/android/net/SSLCertificateSocketFactory.java index abc1cac02c7ee..90dccb5b82d5b 100644 --- a/core/java/android/net/SSLCertificateSocketFactory.java +++ b/core/java/android/net/SSLCertificateSocketFactory.java @@ -86,7 +86,16 @@ import javax.net.ssl.X509TrustManager; *

On development devices, "setprop socket.relaxsslcheck yes" bypasses all * SSL certificate and hostname checks for testing purposes. This setting * requires root access. + * + * @deprecated This class has less error-prone replacements using standard APIs. To create an + * {@code SSLSocket}, obtain an {@link SSLSocketFactory} from {@link SSLSocketFactory#getDefault()} + * or {@link javax.net.ssl.SSLContext#getSocketFactory()}. To verify hostnames, pass + * {@code "HTTPS"} to + * {@link javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm(String)}. To enable ALPN, + * use {@link javax.net.ssl.SSLParameters#setApplicationProtocols(String[])}. To enable SNI, + * use {@link javax.net.ssl.SSLParameters#setServerNames(java.util.List)}. */ +@Deprecated public class SSLCertificateSocketFactory extends SSLSocketFactory { @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 115609023) private static final String TAG = "SSLCertificateSocketFactory";