Merge pull request #34 from razorpay/fix_tls

[TLS]: Support for TLSv1.2

Author: ankit-rzp

README.md

@@ -21,7 +21,7 @@ Add this dependency to your project's POM:
 <dependency>
  <groupId>com.razorpay</groupId>
  <artifactId>razorpay-java</artifactId>
- <version>1.3.6</version>
+ <version>1.3.7</version>
 </dependency>
 ```
 
@@ -30,7 +30,7 @@ Add this dependency to your project's POM:
 Add this dependency to your project's build file:
 
 ```groovy
-compile "com.razorpay:razorpay-java:1.3.6"
+compile "com.razorpay:razorpay-java:1.3.7"
 ```
 
 ## Usage

pom.xml

@@ -4,7 +4,7 @@
 
   <groupId>com.razorpay</groupId>
   <artifactId>razorpay-java</artifactId>
-  <version>1.3.6</version>
+  <version>1.3.7</version>
   <packaging>jar</packaging>
 
   <name>razorpay-java</name>
@@ -67,7 +67,7 @@
     <dependency>
       <groupId>org.apache.commons</groupId>
       <artifactId>commons-text</artifactId>
-      <version>1.4</version>
+      <version>1.3</version>
     </dependency>
 
   </dependencies>

src/main/java/com/razorpay/ApiUtils.java

@@ -1,17 +1,22 @@
 package com.razorpay;
 
 import java.io.IOException;
-import java.util.ArrayList;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Iterator;
-import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 import java.util.concurrent.TimeUnit;
 
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
 import org.json.JSONObject;
 
-import okhttp3.ConnectionSpec;
 import okhttp3.HttpUrl;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
@@ -34,16 +39,17 @@ static void createHttpClientInstance(boolean enableLogging) throws RazorpayExcep
       } else {
         loggingInterceptor.setLevel(HttpLoggingInterceptor.Level.NONE);
       }
-
-      List<ConnectionSpec> connectionSpecs = new ArrayList<ConnectionSpec>();
-      connectionSpecs.add(ConnectionSpec.MODERN_TLS);
 
-      client = new OkHttpClient.Builder()
-                               .readTimeout(60, TimeUnit.SECONDS)
-                               .writeTimeout(60, TimeUnit.SECONDS)
-                               .addInterceptor(loggingInterceptor)
-                               .connectionSpecs(connectionSpecs)
-                               .build();
+      try {
+        client = new OkHttpClient.Builder()
+                                 .readTimeout(60, TimeUnit.SECONDS)
+                                 .writeTimeout(60, TimeUnit.SECONDS)
+                                 .addInterceptor(loggingInterceptor)
+                                 .sslSocketFactory(new CustomTLSSocketFactory(), createDefaultTrustManager())
+                                 .build();
+      } catch (Exception e) {
+        throw new RazorpayException(e);
+      }
     }
 
     Properties properties = new Properties();
@@ -159,4 +165,15 @@ private static Response processRequest(Request request) throws RazorpayException
   static void addHeaders(Map<String, String> header) {
     headers.putAll(header);
   }
+  
+  private static X509TrustManager createDefaultTrustManager() throws NoSuchAlgorithmException, KeyStoreException {
+    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+    trustManagerFactory.init((KeyStore) null);
+    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
+    if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
+      throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
+    }
+    X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
+    return trustManager;
+  }
 }

src/main/java/com/razorpay/CustomTLSSocketFactory.java

@@ -0,0 +1,75 @@
+package com.razorpay;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+class CustomTLSSocketFactory extends SSLSocketFactory {
+
+  private SSLSocketFactory internalSSLSocketFactory;
+
+  CustomTLSSocketFactory() throws KeyManagementException, NoSuchAlgorithmException {
+    SSLContext context = SSLContext.getInstance("TLS");
+    context.init(null, null, null);
+    internalSSLSocketFactory = context.getSocketFactory();
+  }
+
+  @Override
+  public String[] getDefaultCipherSuites() {
+    return internalSSLSocketFactory.getDefaultCipherSuites();
+  }
+
+  @Override
+  public String[] getSupportedCipherSuites() {
+    return internalSSLSocketFactory.getSupportedCipherSuites();
+  }
+
+  @Override
+  public Socket createSocket() throws IOException {
+    return enableTLSOnSocket(internalSSLSocketFactory.createSocket());
+  }
+
+  @Override
+  public Socket createSocket(Socket s, String host, int port, boolean autoClose)
+      throws IOException {
+    return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, port, autoClose));
+  }
+
+  @Override
+  public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
+    return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
+  }
+
+  @Override
+  public Socket createSocket(String host, int port, InetAddress localHost, int localPort)
+      throws IOException, UnknownHostException {
+    return enableTLSOnSocket(
+        internalSSLSocketFactory.createSocket(host, port, localHost, localPort));
+  }
+
+  @Override
+  public Socket createSocket(InetAddress host, int port) throws IOException {
+    return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
+  }
+
+  @Override
+  public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
+      throws IOException {
+    return enableTLSOnSocket(
+        internalSSLSocketFactory.createSocket(address, port, localAddress, localPort));
+  }
+
+  private Socket enableTLSOnSocket(Socket socket) {
+    if (socket != null && (socket instanceof SSLSocket)) {
+      ((SSLSocket) socket).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
+    }
+    return socket;
+  }
+}