Merge branch 'venilnoronha-issue-2513-fix'

swankjesse · swankjesse · commit 48ff30b4289e · 2016-04-26T23:42:09.000-04:00
* venilnoronha-issue-2513-fix: Fixes square#2513 - NetworkSecurityPolicy based ConnectionSpec setup.
diff --git a/okhttp/src/main/java/okhttp3/OkHttpClient.java b/okhttp/src/main/java/okhttp3/OkHttpClient.java
@@ -65,10 +65,16 @@ public class OkHttpClient implements Cloneable, Call.Factory {
   private static final List<Protocol> DEFAULT_PROTOCOLS = Util.immutableList(
       Protocol.HTTP_2, Protocol.SPDY_3, Protocol.HTTP_1_1);
 
-  private static final List<ConnectionSpec> DEFAULT_CONNECTION_SPECS = Util.immutableList(
-      ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS, ConnectionSpec.CLEARTEXT);
+  private static final List<ConnectionSpec> DEFAULT_CONNECTION_SPECS;
 
   static {
+    List<ConnectionSpec> connSpecs = new ArrayList<>(Arrays.asList(ConnectionSpec.MODERN_TLS,
+        ConnectionSpec.COMPATIBLE_TLS));
+    if (Platform.get().isCleartextTrafficPermitted()) {
+      connSpecs.add(ConnectionSpec.CLEARTEXT);
+    }
+    DEFAULT_CONNECTION_SPECS = Util.immutableList(connSpecs);
+
     Internal.instance = new Internal() {
       @Override public void addLenient(Headers.Builder builder, String line) {
         builder.addLenient(line);
diff --git a/okhttp/src/main/java/okhttp3/internal/Platform.java b/okhttp/src/main/java/okhttp3/internal/Platform.java
@@ -67,6 +67,10 @@
  *
  * <p>Supported on Android 2.3+ and OpenJDK 7+. There are no public APIs to recover the trust
  * manager that was used to create an {@link SSLSocketFactory}.
+ *
+ * <h3>Android Cleartext Permit Detection</h3>
+ *
+ * <p>Supported on Android 6.0+ via {@code NetworkSecurityPolicy}.
  */
 public class Platform {
   private static final Platform PLATFORM = findPlatform();
@@ -128,6 +132,10 @@ public void log(String message) {
     System.out.println(message);
   }
 
+  public boolean isCleartextTrafficPermitted() {
+    return true;
+  }
+
   public static List<String> alpnProtocolNames(List<Protocol> protocols) {
     List<String> names = new ArrayList<>(protocols.size());
     for (int i = 0, size = protocols.size(); i < size; i++) {
@@ -298,6 +306,25 @@ public Android(Class<?> sslParametersClass, OptionalMethod<Socket> setUseSession
         } while (i < newline);
       }
     }
+
+    @Override public boolean isCleartextTrafficPermitted() {
+      try {
+        Class<?> networkPolicyClass = Class.forName("android.security.NetworkSecurityPolicy");
+        Method getInstanceMethod = networkPolicyClass.getMethod("getInstance");
+        Object networkSecurityPolicy = getInstanceMethod.invoke(null);
+        Method isCleartextTrafficPermittedMethod = networkPolicyClass
+            .getMethod("isCleartextTrafficPermitted");
+        boolean cleartextPermitted = (boolean) isCleartextTrafficPermittedMethod
+            .invoke(networkSecurityPolicy);
+        return cleartextPermitted;
+      } catch (ClassNotFoundException e) {
+        return super.isCleartextTrafficPermitted();
+      } catch (NoSuchMethodException | IllegalAccessException | IllegalArgumentException
+          | InvocationTargetException e) {
+        throw new AssertionError();
+      }
+    }
+
   }
 
   /**
