diff --git a/app/src/main/java/org/schabi/newpipe/DownloaderImpl.java b/app/src/main/java/org/schabi/newpipe/DownloaderImpl.java index 5dd9d1b74..7e4ac304e 100644 --- a/app/src/main/java/org/schabi/newpipe/DownloaderImpl.java +++ b/app/src/main/java/org/schabi/newpipe/DownloaderImpl.java @@ -1,26 +1,42 @@ package org.schabi.newpipe; +import android.os.Build; import android.text.TextUtils; import org.schabi.newpipe.extractor.downloader.Downloader; import org.schabi.newpipe.extractor.downloader.Request; import org.schabi.newpipe.extractor.downloader.Response; import org.schabi.newpipe.extractor.exceptions.ReCaptchaException; +import org.schabi.newpipe.util.TLSSocketFactoryCompat; import java.io.IOException; import java.io.InputStream; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import java.util.Map; import java.util.concurrent.TimeUnit; -import androidx.annotation.NonNull; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; +import androidx.annotation.NonNull; import androidx.annotation.Nullable; +import okhttp3.CipherSuite; +import okhttp3.ConnectionSpec; import okhttp3.OkHttpClient; import okhttp3.RequestBody; import okhttp3.ResponseBody; +import static org.schabi.newpipe.MainActivity.DEBUG; + public class DownloaderImpl extends Downloader { public static final String USER_AGENT = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"; @@ -29,6 +45,9 @@ public class DownloaderImpl extends Downloader { private OkHttpClient client; private DownloaderImpl(OkHttpClient.Builder builder) { + if (Build.VERSION.SDK_INT == Build.VERSION_CODES.KITKAT) { + enableModernTLS(builder); + } this.client = builder .readTimeout(30, TimeUnit.SECONDS) //.cache(new Cache(new File(context.getExternalCacheDir(), "okhttp"), 16 * 1024 * 1024)) @@ -154,4 +173,47 @@ public class DownloaderImpl extends Downloader { return new Response(response.code(), response.message(), response.headers().toMultimap(), responseBodyToReturn); } + + /** + * Enable TLS 1.2 and 1.1 on Android Kitkat. This function is mostly taken from the documentation of + * OkHttpClient.Builder.sslSocketFactory(_,_) + *

+ * If there is an error, the function will safely fall back to doing nothing and printing the error to the console. + * + * @param builder The HTTPClient Builder on which TLS is enabled on (will be modified in-place) + */ + private static void enableModernTLS(OkHttpClient.Builder builder) { + try { + // get the default TrustManager + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance( + TrustManagerFactory.getDefaultAlgorithm()); + trustManagerFactory.init((KeyStore) null); + TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); + if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) { + throw new IllegalStateException("Unexpected default trust managers:" + + Arrays.toString(trustManagers)); + } + X509TrustManager trustManager = (X509TrustManager) trustManagers[0]; + + // insert our own TLSSocketFactory + SSLSocketFactory sslSocketFactory = TLSSocketFactoryCompat.getInstance(); + + builder.sslSocketFactory(sslSocketFactory, trustManager); + + // This will try to enable all modern CipherSuites(+2 more) that are supported on the device. + // Necessary because some servers (e.g. Framatube.org) don't support the old cipher suites. + // https://github.com/square/okhttp/issues/4053#issuecomment-402579554 + List cipherSuites = new ArrayList<>(); + cipherSuites.addAll(ConnectionSpec.MODERN_TLS.cipherSuites()); + cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA); + cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); + ConnectionSpec legacyTLS = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .cipherSuites(cipherSuites.toArray(new CipherSuite[0])) + .build(); + + builder.connectionSpecs(Arrays.asList(legacyTLS, ConnectionSpec.CLEARTEXT)); + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) { + if (DEBUG) e.printStackTrace(); + } + } } diff --git a/app/src/main/java/org/schabi/newpipe/MainActivity.java b/app/src/main/java/org/schabi/newpipe/MainActivity.java index 927fc1589..90d299c7f 100644 --- a/app/src/main/java/org/schabi/newpipe/MainActivity.java +++ b/app/src/main/java/org/schabi/newpipe/MainActivity.java @@ -72,6 +72,7 @@ import org.schabi.newpipe.util.PeertubeHelper; import org.schabi.newpipe.util.PermissionHelper; import org.schabi.newpipe.util.ServiceHelper; import org.schabi.newpipe.util.StateSaver; +import org.schabi.newpipe.util.TLSSocketFactoryCompat; import org.schabi.newpipe.util.ThemeHelper; import java.util.ArrayList; @@ -108,6 +109,11 @@ public class MainActivity extends AppCompatActivity { protected void onCreate(Bundle savedInstanceState) { if (DEBUG) Log.d(TAG, "onCreate() called with: savedInstanceState = [" + savedInstanceState + "]"); + // enable TLS1.1/1.2 for kitkat devices, to fix download and play for mediaCCC sources + if (Build.VERSION.SDK_INT == Build.VERSION_CODES.KITKAT) { + TLSSocketFactoryCompat.setAsDefault(); + } + ThemeHelper.setTheme(this, ServiceHelper.getSelectedServiceId(this)); super.onCreate(savedInstanceState); diff --git a/app/src/main/java/org/schabi/newpipe/settings/PeertubeInstanceListFragment.java b/app/src/main/java/org/schabi/newpipe/settings/PeertubeInstanceListFragment.java index d8c36e5cb..1f8d552d0 100644 --- a/app/src/main/java/org/schabi/newpipe/settings/PeertubeInstanceListFragment.java +++ b/app/src/main/java/org/schabi/newpipe/settings/PeertubeInstanceListFragment.java @@ -5,6 +5,7 @@ import android.content.Context; import android.content.SharedPreferences; import android.os.Bundle; import android.preference.PreferenceManager; +import android.text.InputType; import android.view.LayoutInflater; import android.view.Menu; import android.view.MenuInflater; @@ -203,17 +204,18 @@ public class PeertubeInstanceListFragment extends Fragment { private void showAddItemDialog(Context c) { final EditText urlET = new EditText(c); + urlET.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_URI); urlET.setHint(R.string.peertube_instance_add_help); AlertDialog dialog = new AlertDialog.Builder(c) .setTitle(R.string.peertube_instance_add_title) .setIcon(R.drawable.place_holder_peertube) - .setView(urlET) .setNegativeButton(R.string.cancel, null) .setPositiveButton(R.string.finish, (dialog1, which) -> { String url = urlET.getText().toString(); addInstance(url); }) .create(); + dialog.setView(urlET, 50, 0, 50, 0); dialog.show(); } @@ -237,6 +239,7 @@ public class PeertubeInstanceListFragment extends Fragment { @Nullable private String cleanUrl(String url){ + url = url.trim(); // if protocol not present, add https if(!url.startsWith("http")){ url = "https://" + url; diff --git a/app/src/main/java/org/schabi/newpipe/util/TLSSocketFactoryCompat.java b/app/src/main/java/org/schabi/newpipe/util/TLSSocketFactoryCompat.java new file mode 100644 index 000000000..d8b6f78f5 --- /dev/null +++ b/app/src/main/java/org/schabi/newpipe/util/TLSSocketFactoryCompat.java @@ -0,0 +1,104 @@ +package org.schabi.newpipe.util; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; + +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; + +import static org.schabi.newpipe.MainActivity.DEBUG; + + +/** + * This is an extension of the SSLSocketFactory which enables TLS 1.2 and 1.1. + * Created for usage on Android 4.1-4.4 devices, which haven't enabled those by default. + */ +public class TLSSocketFactoryCompat extends SSLSocketFactory { + + + private static TLSSocketFactoryCompat instance = null; + + private SSLSocketFactory internalSSLSocketFactory; + + public static TLSSocketFactoryCompat getInstance() throws NoSuchAlgorithmException, KeyManagementException { + if (instance != null) { + return instance; + } + return instance = new TLSSocketFactoryCompat(); + } + + + public TLSSocketFactoryCompat() throws KeyManagementException, NoSuchAlgorithmException { + SSLContext context = SSLContext.getInstance("TLS"); + context.init(null, null, null); + internalSSLSocketFactory = context.getSocketFactory(); + } + + public TLSSocketFactoryCompat(TrustManager[] tm) throws KeyManagementException, NoSuchAlgorithmException { + SSLContext context = SSLContext.getInstance("TLS"); + context.init(null, tm, new java.security.SecureRandom()); + internalSSLSocketFactory = context.getSocketFactory(); + } + + public static void setAsDefault() { + try { + HttpsURLConnection.setDefaultSSLSocketFactory(getInstance()); + } catch (NoSuchAlgorithmException | KeyManagementException e) { + if (DEBUG) e.printStackTrace(); + } + } + + @Override + public String[] getDefaultCipherSuites() { + return internalSSLSocketFactory.getDefaultCipherSuites(); + } + + @Override + public String[] getSupportedCipherSuites() { + return internalSSLSocketFactory.getSupportedCipherSuites(); + } + + @Override + public Socket createSocket() throws IOException { + return enableTLSOnSocket(internalSSLSocketFactory.createSocket()); + } + + @Override + public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { + return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, port, autoClose)); + } + + @Override + public Socket createSocket(String host, int port) throws IOException, UnknownHostException { + return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port)); + } + + @Override + public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { + return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port, localHost, localPort)); + } + + @Override + public Socket createSocket(InetAddress host, int port) throws IOException { + return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port)); + } + + @Override + public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { + return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort)); + } + + private Socket enableTLSOnSocket(Socket socket) { + if (socket != null && (socket instanceof SSLSocket)) { + ((SSLSocket) socket).setEnabledProtocols(new String[]{"TLSv1.1", "TLSv1.2"}); + } + return socket; + } +} \ No newline at end of file diff --git a/app/src/main/res/values-pl/strings.xml b/app/src/main/res/values-pl/strings.xml index 82fef9483..b36e2a390 100644 --- a/app/src/main/res/values-pl/strings.xml +++ b/app/src/main/res/values-pl/strings.xml @@ -1,7 +1,7 @@ Naciśnij Szukaj, aby zacząć - Instaluj + Zainstaluj Anuluj Otwórz w przeglądarce Udostępnij @@ -479,18 +479,18 @@ Nie można załadować komentarzy Zamknij Wznów odtwarzanie - Przywróć pozycję odtwarzania - Pozycje na liście + Przywróć ostatnią odtwarzaną pozycję + Pozycje na listach Pokaż wskaźniki pozycji odtwarzania na listach Wyczyść dane - Usunięto pozycję odtwarzania. - Plik przeniesiony lub usunięty - Plik o takiej nazwie już istnieje - Nie można nadpisać tego pliku + Pozycja odtwarzania usunięta. + Plik usunięty lub przeniesiony + Plik z tą nazwą już istnieje + nie można nadpisać pliku Pobieranie pliku z tą nazwą jest już w kolejce - NewPipe został zamknięty w czasie pracy nad plikiem - Brak wystarczającej ilości miejsca na urządzeniu - Utracono postęp ponieważ plik został usunięty + NewPipe został zamknięty podczas pracy nad plikiem + Brak miejsca na urządzeniu + Postęp został utracony ze wzgledu na usunięcie pliku Czy jesteś pewien\? Ogranicz kolejkę pobierania Tylko jedno pobieranie będzie realizowane w danej chwili @@ -502,8 +502,8 @@ Zostaniesz zapytany, gdzie zapisać każde pobranie. \nWybierz SAF, jeśli chcesz pobrać na zewnętrzną kartę SD Użyj SAF - Struktura dostępu do pamięci masowej umożliwia pobieranie danych na zewnętrzną kartę SD. -\nUwaga: niektóre urządzenia nie są kompatybilne + Biblioteka dostępu do pamięci pozwala na pobieranie danych na zewnętrzną kartę. +\nUwagi: Niektóre urządzenia nie są kompatybilne Usuń pozycje odtwarzania Usuwa wszystkie pozycje odtwarzania Usunąć wszystkie pozycje odtwarzania\?