From 48c331fd568eacbc0fd0c045d12970cb32716de1 Mon Sep 17 00:00:00 2001 From: Eric House Date: Thu, 31 Jan 2019 11:13:08 -0800 Subject: [PATCH] use https everywhere. And rewrite URLs if necessary. --- .../eehouse/android/xw4/DictsDelegate.java | 8 ++-- .../org/eehouse/android/xw4/NetUtils.java | 43 +++++++++++-------- .../android/xw4/RelayInviteDelegate.java | 2 - .../org/eehouse/android/xw4/RelayService.java | 6 +-- .../android/xw4/UpdateCheckReceiver.java | 11 +++-- .../app/src/main/res/values/strings.xml | 2 +- 6 files changed, 40 insertions(+), 32 deletions(-) diff --git a/xwords4/android/app/src/main/java/org/eehouse/android/xw4/DictsDelegate.java b/xwords4/android/app/src/main/java/org/eehouse/android/xw4/DictsDelegate.java index c945ae991..a4e2a7281 100644 --- a/xwords4/android/app/src/main/java/org/eehouse/android/xw4/DictsDelegate.java +++ b/xwords4/android/app/src/main/java/org/eehouse/android/xw4/DictsDelegate.java @@ -61,7 +61,6 @@ import org.json.JSONObject; import java.io.Serializable; -import java.net.HttpURLConnection; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; @@ -69,6 +68,7 @@ import java.util.HashSet; import java.util.Iterator; import java.util.Map; import java.util.Set; +import javax.net.ssl.HttpsURLConnection; public class DictsDelegate extends ListDelegateBase implements View.OnClickListener, AdapterView.OnItemLongClickListener, @@ -1225,7 +1225,8 @@ public class DictsDelegate extends ListDelegateBase // parse less data String name = null; String proc = String.format( "listDicts?lc=%s", m_lc ); - HttpURLConnection conn = NetUtils.makeHttpUpdateConn( m_context, proc ); + HttpsURLConnection conn = NetUtils.makeHttpsUpdateConn( m_context, + proc ); if ( null != conn ) { JSONObject theOne = null; String langName = null; @@ -1310,7 +1311,8 @@ public class DictsDelegate extends ListDelegateBase public Boolean doInBackground( Void... unused ) { boolean success = false; - HttpURLConnection conn = NetUtils.makeHttpUpdateConn( m_context, "listDicts" ); + HttpsURLConnection conn = NetUtils.makeHttpsUpdateConn( m_context, + "listDicts" ); if ( null != conn ) { String json = NetUtils.runConn( conn, new JSONObject() ); if ( !isCancelled() ) { diff --git a/xwords4/android/app/src/main/java/org/eehouse/android/xw4/NetUtils.java b/xwords4/android/app/src/main/java/org/eehouse/android/xw4/NetUtils.java index 3ea61d723..ea1ac0cd6 100644 --- a/xwords4/android/app/src/main/java/org/eehouse/android/xw4/NetUtils.java +++ b/xwords4/android/app/src/main/java/org/eehouse/android/xw4/NetUtils.java @@ -36,7 +36,6 @@ import java.io.DataOutputStream; import java.io.InputStream; import java.io.OutputStream; import java.io.OutputStreamWriter; -import java.net.HttpURLConnection; import java.net.InetAddress; import java.net.Socket; import java.net.URL; @@ -44,6 +43,7 @@ import java.net.URLEncoder; import java.util.ArrayList; import java.util.HashMap; import java.util.Map; +import javax.net.ssl.HttpsURLConnection; import javax.net.SocketFactory; @@ -100,7 +100,7 @@ public class NetUtils { one.put( "seed", m_obits[ii].m_seed ); params.put( one ); } - HttpURLConnection conn = makeHttpRelayConn( m_context, "kill" ); + HttpsURLConnection conn = makeHttpsRelayConn( m_context, "kill" ); String resStr = runConn( conn, params ); Log.d( TAG, "runViaWeb(): kill(%s) => %s", params, resStr ); @@ -194,27 +194,36 @@ public class NetUtils { return host; } - protected static HttpURLConnection makeHttpRelayConn( Context context, - String proc ) + public static String ensureHttps( String url ) + { + String result = url.replaceFirst( "^http:", "https:" ); + if ( ! url.equals( result ) ) { + Log.d( TAG, "ensureHttps(%s) => %s", url, result ); + } + return result; + } + + protected static HttpsURLConnection makeHttpsRelayConn( Context context, + String proc ) { String url = XWPrefs.getDefaultRelayUrl( context ); - return makeHttpConn( context, url, proc ); + return makeHttpsConn( context, url, proc ); } - protected static HttpURLConnection makeHttpUpdateConn( Context context, - String proc ) + protected static HttpsURLConnection makeHttpsUpdateConn( Context context, + String proc ) { String url = XWPrefs.getDefaultUpdateUrl( context ); - return makeHttpConn( context, url, proc ); + return makeHttpsConn( context, url, proc ); } - private static HttpURLConnection makeHttpConn( Context context, - String path, String proc ) + private static HttpsURLConnection makeHttpsConn( Context context, + String path, String proc ) { - HttpURLConnection result = null; + HttpsURLConnection result = null; try { - String url = String.format( "%s/%s", path, proc ); - result = (HttpURLConnection)new URL(url).openConnection(); + String url = String.format( "%s/%s", ensureHttps( path ), proc ); + result = (HttpsURLConnection)new URL(url).openConnection(); // class cast exception } catch ( java.net.MalformedURLException mue ) { Assert.assertNull( result ); Log.ex( TAG, mue ); @@ -225,17 +234,17 @@ public class NetUtils { return result; } - protected static String runConn( HttpURLConnection conn, JSONArray param ) + protected static String runConn( HttpsURLConnection conn, JSONArray param ) { return runConn( conn, param.toString() ); } - protected static String runConn( HttpURLConnection conn, JSONObject param ) + protected static String runConn( HttpsURLConnection conn, JSONObject param ) { return runConn( conn, param.toString() ); } - private static String runConn( HttpURLConnection conn, String param ) + private static String runConn( HttpsURLConnection conn, String param ) { String result = null; Map params = new HashMap(); @@ -260,7 +269,7 @@ public class NetUtils { os.close(); int responseCode = conn.getResponseCode(); - if ( HttpURLConnection.HTTP_OK == responseCode ) { + if ( HttpsURLConnection.HTTP_OK == responseCode ) { InputStream is = conn.getInputStream(); BufferedInputStream bis = new BufferedInputStream( is ); diff --git a/xwords4/android/app/src/main/java/org/eehouse/android/xw4/RelayInviteDelegate.java b/xwords4/android/app/src/main/java/org/eehouse/android/xw4/RelayInviteDelegate.java index 966cd3ad2..b86d4bc80 100644 --- a/xwords4/android/app/src/main/java/org/eehouse/android/xw4/RelayInviteDelegate.java +++ b/xwords4/android/app/src/main/java/org/eehouse/android/xw4/RelayInviteDelegate.java @@ -41,7 +41,6 @@ import android.widget.FrameLayout; import android.widget.Spinner; import java.io.Serializable; -import java.net.HttpURLConnection; import java.util.ArrayList; import java.util.Collections; import java.util.Comparator; @@ -52,7 +51,6 @@ import java.util.Set; import org.json.JSONArray; import org.json.JSONObject; - import org.eehouse.android.xw4.DlgDelegate.Action; public class RelayInviteDelegate extends InviteDelegate { diff --git a/xwords4/android/app/src/main/java/org/eehouse/android/xw4/RelayService.java b/xwords4/android/app/src/main/java/org/eehouse/android/xw4/RelayService.java index dbd854184..8a7022456 100644 --- a/xwords4/android/app/src/main/java/org/eehouse/android/xw4/RelayService.java +++ b/xwords4/android/app/src/main/java/org/eehouse/android/xw4/RelayService.java @@ -51,7 +51,6 @@ import java.io.InputStream; import java.io.OutputStream; import java.net.DatagramPacket; import java.net.DatagramSocket; -import java.net.HttpURLConnection; import java.net.InetAddress; import java.net.Socket; import java.util.ArrayList; @@ -63,6 +62,7 @@ import java.util.concurrent.LinkedBlockingQueue; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicInteger; import java.util.concurrent.atomic.AtomicReference; +import javax.net.ssl.HttpsURLConnection; public class RelayService extends JobIntentService implements NetStateCache.StateChangedIf { @@ -1183,8 +1183,8 @@ public class RelayService extends JobIntentService Log.d( TAG, "sendViaWeb(): sending %d at once", packets.size() ); final RelayService service = getService(); - HttpURLConnection conn = NetUtils - .makeHttpRelayConn( service, "post" ); + HttpsURLConnection conn = NetUtils + .makeHttpsRelayConn( service, "post" ); if ( null == conn ) { Log.e( TAG, "sendViaWeb(): null conn for POST" ); } else { diff --git a/xwords4/android/app/src/main/java/org/eehouse/android/xw4/UpdateCheckReceiver.java b/xwords4/android/app/src/main/java/org/eehouse/android/xw4/UpdateCheckReceiver.java index 300a96ddf..a10652688 100644 --- a/xwords4/android/app/src/main/java/org/eehouse/android/xw4/UpdateCheckReceiver.java +++ b/xwords4/android/app/src/main/java/org/eehouse/android/xw4/UpdateCheckReceiver.java @@ -31,13 +31,12 @@ import android.net.Uri; import android.os.AsyncTask; import android.os.SystemClock; +import java.io.File; +import javax.net.ssl.HttpsURLConnection; import org.eehouse.android.xw4.loc.LocUtils; import org.json.JSONArray; import org.json.JSONObject; -import java.io.File; -import java.net.HttpURLConnection; - public class UpdateCheckReceiver extends BroadcastReceiver { private static final String TAG = UpdateCheckReceiver.class.getSimpleName(); @@ -259,8 +258,8 @@ public class UpdateCheckReceiver extends BroadcastReceiver { @Override protected String doInBackground( Void... unused ) { - HttpURLConnection conn - = NetUtils.makeHttpUpdateConn( m_context, "getUpdates" ); + HttpsURLConnection conn + = NetUtils.makeHttpsUpdateConn( m_context, "getUpdates" ); String json = null; if ( null != conn ) { json = NetUtils.runConn( conn, m_params ); @@ -307,7 +306,7 @@ public class UpdateCheckReceiver extends BroadcastReceiver { } Intent intent; - String url = app.getString( k_URL ); + String url = NetUtils.ensureHttps( app.getString( k_URL ) ); if ( useBrowser ) { intent = new Intent( Intent.ACTION_VIEW, Uri.parse(url) ); diff --git a/xwords4/android/app/src/main/res/values/strings.xml b/xwords4/android/app/src/main/res/values/strings.xml index c83e3df64..7a2747aeb 100644 --- a/xwords4/android/app/src/main/res/values/strings.xml +++ b/xwords4/android/app/src/main/res/values/strings.xml @@ -2773,6 +2773,6 @@ condition of being listed on the Google Play Store. Thus play-via-SMS no longer works on copies of CrossWords obtained through the Play Store (as this one was.) If you miss this feature, - please check http://eehouse.org/sms.html for updates on the + please check https://eehouse.org/sms.html for updates on the situation.