use https everywhere. And rewrite URLs if necessary.

xwords4/android/app/src/main/java/org/eehouse/android/xw4/DictsDelegate.java

@@ -61,7 +61,6 @@ import org.json.JSONObject;
 
 import java.io.Serializable;
 
-import java.net.HttpURLConnection;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -69,6 +68,7 @@ import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Map;
 import java.util.Set;
+import javax.net.ssl.HttpsURLConnection;
 
 public class DictsDelegate extends ListDelegateBase
     implements View.OnClickListener, AdapterView.OnItemLongClickListener,
@@ -1225,7 +1225,8 @@ public class DictsDelegate extends ListDelegateBase
             // parse less data
             String name = null;
             String proc = String.format( "listDicts?lc=%s", m_lc );
-            HttpURLConnection conn = NetUtils.makeHttpUpdateConn( m_context, proc );
+            HttpsURLConnection conn = NetUtils.makeHttpsUpdateConn( m_context,
+                                                                    proc );
             if ( null != conn ) {
                 JSONObject theOne = null;
                 String langName = null;
@@ -1310,7 +1311,8 @@ public class DictsDelegate extends ListDelegateBase
         public Boolean doInBackground( Void... unused )
         {
             boolean success = false;
-            HttpURLConnection conn = NetUtils.makeHttpUpdateConn( m_context, "listDicts" );
+            HttpsURLConnection conn = NetUtils.makeHttpsUpdateConn( m_context,
+                                                                    "listDicts" );
             if ( null != conn ) {
                 String json = NetUtils.runConn( conn, new JSONObject() );
                 if ( !isCancelled() ) {

xwords4/android/app/src/main/java/org/eehouse/android/xw4/NetUtils.java

@@ -36,7 +36,6 @@ import java.io.DataOutputStream;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.io.OutputStreamWriter;
-import java.net.HttpURLConnection;
 import java.net.InetAddress;
 import java.net.Socket;
 import java.net.URL;
@@ -44,6 +43,7 @@ import java.net.URLEncoder;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Map;
+import javax.net.ssl.HttpsURLConnection;
 
 import javax.net.SocketFactory;
 
@@ -100,7 +100,7 @@ public class NetUtils {
                     one.put( "seed", m_obits[ii].m_seed );
                     params.put( one );
                 }
-                HttpURLConnection conn = makeHttpRelayConn( m_context, "kill" );
+                HttpsURLConnection conn = makeHttpsRelayConn( m_context, "kill" );
                 String resStr = runConn( conn, params );
                 Log.d( TAG, "runViaWeb(): kill(%s) => %s", params, resStr );
 
@@ -194,27 +194,36 @@ public class NetUtils {
         return host;
     }
 
-    protected static HttpURLConnection makeHttpRelayConn( Context context,
+    public static String ensureHttps( String url )
-                                                           String proc )
+    {
+        String result = url.replaceFirst( "^http:", "https:" );
+        if ( ! url.equals( result ) ) {
+            Log.d( TAG, "ensureHttps(%s) => %s", url, result );
+        }
+        return result;
+    }
+
+    protected static HttpsURLConnection makeHttpsRelayConn( Context context,
+                                                            String proc )
     {
         String url = XWPrefs.getDefaultRelayUrl( context );
-        return makeHttpConn( context, url, proc );
+        return makeHttpsConn( context, url, proc );
     }
 
-    protected static HttpURLConnection makeHttpUpdateConn( Context context,
+    protected static HttpsURLConnection makeHttpsUpdateConn( Context context,
-                                                           String proc )
+                                                             String proc )
     {
         String url = XWPrefs.getDefaultUpdateUrl( context );
-        return makeHttpConn( context, url, proc );
+        return makeHttpsConn( context, url, proc );
     }
 
-    private static HttpURLConnection makeHttpConn( Context context,
+    private static HttpsURLConnection makeHttpsConn( Context context,
-                                                   String path, String proc )
+                                                     String path, String proc )
     {
-        HttpURLConnection result = null;
+        HttpsURLConnection result = null;
         try {
-            String url = String.format( "%s/%s", path, proc );
+            String url = String.format( "%s/%s", ensureHttps( path ), proc );
-            result = (HttpURLConnection)new URL(url).openConnection();
+            result = (HttpsURLConnection)new URL(url).openConnection(); // class cast exception
         } catch ( java.net.MalformedURLException mue ) {
             Assert.assertNull( result );
             Log.ex( TAG, mue );
@@ -225,17 +234,17 @@ public class NetUtils {
         return result;
     }
 
-    protected static String runConn( HttpURLConnection conn, JSONArray param )
+    protected static String runConn( HttpsURLConnection conn, JSONArray param )
     {
         return runConn( conn, param.toString() );
     }
 
-    protected static String runConn( HttpURLConnection conn, JSONObject param )
+    protected static String runConn( HttpsURLConnection conn, JSONObject param )
     {
         return runConn( conn, param.toString() );
     }
 
-    private static String runConn( HttpURLConnection conn, String param )
+    private static String runConn( HttpsURLConnection conn, String param )
     {
         String result = null;
         Map<String, String> params = new HashMap<String, String>();
@@ -260,7 +269,7 @@ public class NetUtils {
                 os.close();
 
                 int responseCode = conn.getResponseCode();
-                if ( HttpURLConnection.HTTP_OK == responseCode ) {
+                if ( HttpsURLConnection.HTTP_OK == responseCode ) {
                     InputStream is = conn.getInputStream();
                     BufferedInputStream bis = new BufferedInputStream( is );
 

xwords4/android/app/src/main/java/org/eehouse/android/xw4/RelayInviteDelegate.java

@@ -41,7 +41,6 @@ import android.widget.FrameLayout;
 import android.widget.Spinner;
 
 import java.io.Serializable;
-import java.net.HttpURLConnection;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Comparator;
@@ -52,7 +51,6 @@ import java.util.Set;
 import org.json.JSONArray;
 import org.json.JSONObject;
 
-
 import org.eehouse.android.xw4.DlgDelegate.Action;
 
 public class RelayInviteDelegate extends InviteDelegate {

xwords4/android/app/src/main/java/org/eehouse/android/xw4/RelayService.java

@@ -51,7 +51,6 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.DatagramPacket;
 import java.net.DatagramSocket;
-import java.net.HttpURLConnection;
 import java.net.InetAddress;
 import java.net.Socket;
 import java.util.ArrayList;
@@ -63,6 +62,7 @@ import java.util.concurrent.LinkedBlockingQueue;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.concurrent.atomic.AtomicReference;
+import javax.net.ssl.HttpsURLConnection;
 
 public class RelayService extends JobIntentService
     implements NetStateCache.StateChangedIf {
@@ -1183,8 +1183,8 @@ public class RelayService extends JobIntentService
                 Log.d( TAG, "sendViaWeb(): sending %d at once", packets.size() );
 
                 final RelayService service = getService();
-                HttpURLConnection conn = NetUtils
+                HttpsURLConnection conn = NetUtils
-                    .makeHttpRelayConn( service, "post" );
+                    .makeHttpsRelayConn( service, "post" );
                 if ( null == conn ) {
                     Log.e( TAG, "sendViaWeb(): null conn for POST" );
                 } else {

xwords4/android/app/src/main/java/org/eehouse/android/xw4/UpdateCheckReceiver.java

@@ -31,13 +31,12 @@ import android.net.Uri;
 import android.os.AsyncTask;
 import android.os.SystemClock;
 
+import java.io.File;
+import javax.net.ssl.HttpsURLConnection;
 import org.eehouse.android.xw4.loc.LocUtils;
 import org.json.JSONArray;
 import org.json.JSONObject;
 
-import java.io.File;
-import java.net.HttpURLConnection;
-
 public class UpdateCheckReceiver extends BroadcastReceiver {
     private static final String TAG = UpdateCheckReceiver.class.getSimpleName();
 
@@ -259,8 +258,8 @@ public class UpdateCheckReceiver extends BroadcastReceiver {
         @Override
         protected String doInBackground( Void... unused )
         {
-            HttpURLConnection conn
+            HttpsURLConnection conn
-                = NetUtils.makeHttpUpdateConn( m_context, "getUpdates" );
+                = NetUtils.makeHttpsUpdateConn( m_context, "getUpdates" );
             String json = null;
             if ( null != conn ) {
                 json = NetUtils.runConn( conn, m_params );
@@ -307,7 +306,7 @@ public class UpdateCheckReceiver extends BroadcastReceiver {
                             }
 
                             Intent intent;
-                            String url = app.getString( k_URL );
+                            String url = NetUtils.ensureHttps( app.getString( k_URL ) );
                             if ( useBrowser ) {
                                 intent = new Intent( Intent.ACTION_VIEW,
                                                      Uri.parse(url) );

xwords4/android/app/src/main/res/values/strings.xml

@@ -2773,6 +2773,6 @@
   condition of being listed on the Google Play Store. Thus
   play-via-SMS no longer works on copies of CrossWords obtained
   through the Play Store (as this one was.) If you miss this feature,
-  please check http://eehouse.org/sms.html for updates on the
+  please check https://eehouse.org/sms.html for updates on the
   situation.</string>
 </resources>