use the retainAll socket filtering mechanism for android project

paypal · Mar 16, 2016 · dd64831 · dd64831
1 parent b3ae3aa
commit dd64831
Showing 1 changed file with 8 additions and 9 deletions.
diff --git a/android/app/src/main/java/com/paypal/developer/paypaltlscheck/TlsSocketFactory.java b/android/app/src/main/java/com/paypal/developer/paypaltlscheck/TlsSocketFactory.java
@@ -1,13 +1,12 @@
 package com.paypal.developer.paypaltlscheck;
 
-import android.util.Log;
-
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.Socket;
 import java.net.UnknownHostException;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
 import java.util.Arrays;
 
 import javax.net.ssl.SSLContext;
@@ -60,13 +59,13 @@ public Socket createSocket(InetAddress address, int port, InetAddress localAddre
     }
 
     private Socket enableTLSOnSocket(Socket socket) {
-        if(socket != null && (socket instanceof SSLSocket)) {
-            SSLSocket sslSocket = (SSLSocket) socket;
-            Log.d("TEST-supportedProtocols", Arrays.asList(sslSocket.getSupportedProtocols()).toString());
-                    // We could enable TLSv1.2 only here, but we take a permissive approach for the client
-                    // and leave it up to the server to require TLSv1.2
-            sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
-            Log.d("TEST-enabledProtocols", Arrays.asList(sslSocket.getEnabledProtocols()).toString());
+        if(socket instanceof SSLSocket) {
+            ArrayList<String> supportedProtocols =
+                    new ArrayList<>(Arrays.asList(((SSLSocket) socket).getSupportedProtocols()));
+            supportedProtocols.retainAll(Arrays.asList("TLSv1.2", "TLSv1.1", "TLSv1"));
+
+            ((SSLSocket)socket).setEnabledProtocols(supportedProtocols.toArray(
+                    new String[supportedProtocols.size()]));
         }
         return socket;
     }