diff --git a/app/src/main/java/org/schabi/newpipe/DownloaderImpl.java b/app/src/main/java/org/schabi/newpipe/DownloaderImpl.java
index 5dd9d1b74..7e4ac304e 100644
--- a/app/src/main/java/org/schabi/newpipe/DownloaderImpl.java
+++ b/app/src/main/java/org/schabi/newpipe/DownloaderImpl.java
@@ -1,26 +1,42 @@
package org.schabi.newpipe;
+import android.os.Build;
import android.text.TextUtils;
import org.schabi.newpipe.extractor.downloader.Downloader;
import org.schabi.newpipe.extractor.downloader.Request;
import org.schabi.newpipe.extractor.downloader.Response;
import org.schabi.newpipe.extractor.exceptions.ReCaptchaException;
+import org.schabi.newpipe.util.TLSSocketFactoryCompat;
import java.io.IOException;
import java.io.InputStream;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
-import androidx.annotation.NonNull;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
+import okhttp3.CipherSuite;
+import okhttp3.ConnectionSpec;
import okhttp3.OkHttpClient;
import okhttp3.RequestBody;
import okhttp3.ResponseBody;
+import static org.schabi.newpipe.MainActivity.DEBUG;
+
public class DownloaderImpl extends Downloader {
public static final String USER_AGENT = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0";
@@ -29,6 +45,9 @@ public class DownloaderImpl extends Downloader {
private OkHttpClient client;
private DownloaderImpl(OkHttpClient.Builder builder) {
+ if (Build.VERSION.SDK_INT == Build.VERSION_CODES.KITKAT) {
+ enableModernTLS(builder);
+ }
this.client = builder
.readTimeout(30, TimeUnit.SECONDS)
//.cache(new Cache(new File(context.getExternalCacheDir(), "okhttp"), 16 * 1024 * 1024))
@@ -154,4 +173,47 @@ public class DownloaderImpl extends Downloader {
return new Response(response.code(), response.message(), response.headers().toMultimap(), responseBodyToReturn);
}
+
+ /**
+ * Enable TLS 1.2 and 1.1 on Android Kitkat. This function is mostly taken from the documentation of
+ * OkHttpClient.Builder.sslSocketFactory(_,_)
+ *
+ * If there is an error, the function will safely fall back to doing nothing and printing the error to the console.
+ *
+ * @param builder The HTTPClient Builder on which TLS is enabled on (will be modified in-place)
+ */
+ private static void enableModernTLS(OkHttpClient.Builder builder) {
+ try {
+ // get the default TrustManager
+ TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
+ TrustManagerFactory.getDefaultAlgorithm());
+ trustManagerFactory.init((KeyStore) null);
+ TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
+ if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
+ throw new IllegalStateException("Unexpected default trust managers:"
+ + Arrays.toString(trustManagers));
+ }
+ X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
+
+ // insert our own TLSSocketFactory
+ SSLSocketFactory sslSocketFactory = TLSSocketFactoryCompat.getInstance();
+
+ builder.sslSocketFactory(sslSocketFactory, trustManager);
+
+ // This will try to enable all modern CipherSuites(+2 more) that are supported on the device.
+ // Necessary because some servers (e.g. Framatube.org) don't support the old cipher suites.
+ // https://github.com/square/okhttp/issues/4053#issuecomment-402579554
+ List cipherSuites = new ArrayList<>();
+ cipherSuites.addAll(ConnectionSpec.MODERN_TLS.cipherSuites());
+ cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
+ cipherSuites.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
+ ConnectionSpec legacyTLS = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
+ .cipherSuites(cipherSuites.toArray(new CipherSuite[0]))
+ .build();
+
+ builder.connectionSpecs(Arrays.asList(legacyTLS, ConnectionSpec.CLEARTEXT));
+ } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) {
+ if (DEBUG) e.printStackTrace();
+ }
+ }
}
diff --git a/app/src/main/java/org/schabi/newpipe/MainActivity.java b/app/src/main/java/org/schabi/newpipe/MainActivity.java
index 927fc1589..90d299c7f 100644
--- a/app/src/main/java/org/schabi/newpipe/MainActivity.java
+++ b/app/src/main/java/org/schabi/newpipe/MainActivity.java
@@ -72,6 +72,7 @@ import org.schabi.newpipe.util.PeertubeHelper;
import org.schabi.newpipe.util.PermissionHelper;
import org.schabi.newpipe.util.ServiceHelper;
import org.schabi.newpipe.util.StateSaver;
+import org.schabi.newpipe.util.TLSSocketFactoryCompat;
import org.schabi.newpipe.util.ThemeHelper;
import java.util.ArrayList;
@@ -108,6 +109,11 @@ public class MainActivity extends AppCompatActivity {
protected void onCreate(Bundle savedInstanceState) {
if (DEBUG) Log.d(TAG, "onCreate() called with: savedInstanceState = [" + savedInstanceState + "]");
+ // enable TLS1.1/1.2 for kitkat devices, to fix download and play for mediaCCC sources
+ if (Build.VERSION.SDK_INT == Build.VERSION_CODES.KITKAT) {
+ TLSSocketFactoryCompat.setAsDefault();
+ }
+
ThemeHelper.setTheme(this, ServiceHelper.getSelectedServiceId(this));
super.onCreate(savedInstanceState);
diff --git a/app/src/main/java/org/schabi/newpipe/settings/PeertubeInstanceListFragment.java b/app/src/main/java/org/schabi/newpipe/settings/PeertubeInstanceListFragment.java
index d8c36e5cb..1f8d552d0 100644
--- a/app/src/main/java/org/schabi/newpipe/settings/PeertubeInstanceListFragment.java
+++ b/app/src/main/java/org/schabi/newpipe/settings/PeertubeInstanceListFragment.java
@@ -5,6 +5,7 @@ import android.content.Context;
import android.content.SharedPreferences;
import android.os.Bundle;
import android.preference.PreferenceManager;
+import android.text.InputType;
import android.view.LayoutInflater;
import android.view.Menu;
import android.view.MenuInflater;
@@ -203,17 +204,18 @@ public class PeertubeInstanceListFragment extends Fragment {
private void showAddItemDialog(Context c) {
final EditText urlET = new EditText(c);
+ urlET.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_URI);
urlET.setHint(R.string.peertube_instance_add_help);
AlertDialog dialog = new AlertDialog.Builder(c)
.setTitle(R.string.peertube_instance_add_title)
.setIcon(R.drawable.place_holder_peertube)
- .setView(urlET)
.setNegativeButton(R.string.cancel, null)
.setPositiveButton(R.string.finish, (dialog1, which) -> {
String url = urlET.getText().toString();
addInstance(url);
})
.create();
+ dialog.setView(urlET, 50, 0, 50, 0);
dialog.show();
}
@@ -237,6 +239,7 @@ public class PeertubeInstanceListFragment extends Fragment {
@Nullable
private String cleanUrl(String url){
+ url = url.trim();
// if protocol not present, add https
if(!url.startsWith("http")){
url = "https://" + url;
diff --git a/app/src/main/java/org/schabi/newpipe/util/TLSSocketFactoryCompat.java b/app/src/main/java/org/schabi/newpipe/util/TLSSocketFactoryCompat.java
new file mode 100644
index 000000000..d8b6f78f5
--- /dev/null
+++ b/app/src/main/java/org/schabi/newpipe/util/TLSSocketFactoryCompat.java
@@ -0,0 +1,104 @@
+package org.schabi.newpipe.util;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+
+import static org.schabi.newpipe.MainActivity.DEBUG;
+
+
+/**
+ * This is an extension of the SSLSocketFactory which enables TLS 1.2 and 1.1.
+ * Created for usage on Android 4.1-4.4 devices, which haven't enabled those by default.
+ */
+public class TLSSocketFactoryCompat extends SSLSocketFactory {
+
+
+ private static TLSSocketFactoryCompat instance = null;
+
+ private SSLSocketFactory internalSSLSocketFactory;
+
+ public static TLSSocketFactoryCompat getInstance() throws NoSuchAlgorithmException, KeyManagementException {
+ if (instance != null) {
+ return instance;
+ }
+ return instance = new TLSSocketFactoryCompat();
+ }
+
+
+ public TLSSocketFactoryCompat() throws KeyManagementException, NoSuchAlgorithmException {
+ SSLContext context = SSLContext.getInstance("TLS");
+ context.init(null, null, null);
+ internalSSLSocketFactory = context.getSocketFactory();
+ }
+
+ public TLSSocketFactoryCompat(TrustManager[] tm) throws KeyManagementException, NoSuchAlgorithmException {
+ SSLContext context = SSLContext.getInstance("TLS");
+ context.init(null, tm, new java.security.SecureRandom());
+ internalSSLSocketFactory = context.getSocketFactory();
+ }
+
+ public static void setAsDefault() {
+ try {
+ HttpsURLConnection.setDefaultSSLSocketFactory(getInstance());
+ } catch (NoSuchAlgorithmException | KeyManagementException e) {
+ if (DEBUG) e.printStackTrace();
+ }
+ }
+
+ @Override
+ public String[] getDefaultCipherSuites() {
+ return internalSSLSocketFactory.getDefaultCipherSuites();
+ }
+
+ @Override
+ public String[] getSupportedCipherSuites() {
+ return internalSSLSocketFactory.getSupportedCipherSuites();
+ }
+
+ @Override
+ public Socket createSocket() throws IOException {
+ return enableTLSOnSocket(internalSSLSocketFactory.createSocket());
+ }
+
+ @Override
+ public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
+ return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, port, autoClose));
+ }
+
+ @Override
+ public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
+ return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
+ }
+
+ @Override
+ public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
+ return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port, localHost, localPort));
+ }
+
+ @Override
+ public Socket createSocket(InetAddress host, int port) throws IOException {
+ return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
+ }
+
+ @Override
+ public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
+ return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort));
+ }
+
+ private Socket enableTLSOnSocket(Socket socket) {
+ if (socket != null && (socket instanceof SSLSocket)) {
+ ((SSLSocket) socket).setEnabledProtocols(new String[]{"TLSv1.1", "TLSv1.2"});
+ }
+ return socket;
+ }
+}
\ No newline at end of file
diff --git a/app/src/main/res/values-pl/strings.xml b/app/src/main/res/values-pl/strings.xml
index 82fef9483..b36e2a390 100644
--- a/app/src/main/res/values-pl/strings.xml
+++ b/app/src/main/res/values-pl/strings.xml
@@ -1,7 +1,7 @@
Naciśnij Szukaj, aby zacząć
- Instaluj
+ Zainstaluj
Anuluj
Otwórz w przeglądarce
Udostępnij
@@ -479,18 +479,18 @@
Nie można załadować komentarzy
Zamknij
Wznów odtwarzanie
- Przywróć pozycję odtwarzania
- Pozycje na liście
+ Przywróć ostatnią odtwarzaną pozycję
+ Pozycje na listach
Pokaż wskaźniki pozycji odtwarzania na listach
Wyczyść dane
- Usunięto pozycję odtwarzania.
- Plik przeniesiony lub usunięty
- Plik o takiej nazwie już istnieje
- Nie można nadpisać tego pliku
+ Pozycja odtwarzania usunięta.
+ Plik usunięty lub przeniesiony
+ Plik z tą nazwą już istnieje
+ nie można nadpisać pliku
Pobieranie pliku z tą nazwą jest już w kolejce
- NewPipe został zamknięty w czasie pracy nad plikiem
- Brak wystarczającej ilości miejsca na urządzeniu
- Utracono postęp ponieważ plik został usunięty
+ NewPipe został zamknięty podczas pracy nad plikiem
+ Brak miejsca na urządzeniu
+ Postęp został utracony ze wzgledu na usunięcie pliku
Czy jesteś pewien\?
Ogranicz kolejkę pobierania
Tylko jedno pobieranie będzie realizowane w danej chwili
@@ -502,8 +502,8 @@
Zostaniesz zapytany, gdzie zapisać każde pobranie.
\nWybierz SAF, jeśli chcesz pobrać na zewnętrzną kartę SD
Użyj SAF
- Struktura dostępu do pamięci masowej umożliwia pobieranie danych na zewnętrzną kartę SD.
-\nUwaga: niektóre urządzenia nie są kompatybilne
+ Biblioteka dostępu do pamięci pozwala na pobieranie danych na zewnętrzną kartę.
+\nUwagi: Niektóre urządzenia nie są kompatybilne
Usuń pozycje odtwarzania
Usuwa wszystkie pozycje odtwarzania
Usunąć wszystkie pozycje odtwarzania\?