From 2c88703588a6192cbf3ffd7ccb8d01b65c693ed3 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Tue, 8 Sep 2015 16:38:19 +0200
Subject: [PATCH] use NetCipher to get improved TLS and cipher support on HTTPS
 connections

The NetCipher library creates instances of HttpURLConnection that are
configured to have solid TLS protocol and cipher settings, especially on
older versions of Android.

fixes #370 https://gitlab.com/fdroid/fdroidclient/issues/370
---
 F-Droid/build.gradle                                  |  1 +
 F-Droid/proguard-rules.pro                            |  4 ++++
 F-Droid/src/org/fdroid/fdroid/net/HttpDownloader.java | 10 +++++++---
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/F-Droid/build.gradle b/F-Droid/build.gradle
index 3c18c8a5b..1be738406 100644
--- a/F-Droid/build.gradle
+++ b/F-Droid/build.gradle
@@ -24,6 +24,7 @@ if (!hasProperty('sourceDeps')) {
         compile 'com.google.zxing:core:3.2.1'
         compile 'eu.chainfire:libsuperuser:1.0.0.201504231659'
         compile 'cc.mvdan.accesspoint:library:0.1.1'
+        compile 'info.guardianproject.netcipher:netcipher:1.2'
 
         // We use a slightly modified spongycastle, see
         // openkeychain/spongycastle with some changes on top of 1.51.0.0
diff --git a/F-Droid/proguard-rules.pro b/F-Droid/proguard-rules.pro
index cd71ce863..ffd1aa552 100644
--- a/F-Droid/proguard-rules.pro
+++ b/F-Droid/proguard-rules.pro
@@ -10,6 +10,10 @@
 -dontnote android.support.**
 -dontnote **ILicensingService
 
+# StrongHttpsClient and its support classes are totally unused, so the
+# ch.boye.httpclientandroidlib.** classes are also unneeded
+-dontwarn info.guardianproject.netcipher.client.**
+
 # These libraries are known to break if minification is enabled on them. They
 # use reflection to instantiate classes, for example. If the keep flags are
 # removed, proguard will strip classes which are required, which may result in
diff --git a/F-Droid/src/org/fdroid/fdroid/net/HttpDownloader.java b/F-Droid/src/org/fdroid/fdroid/net/HttpDownloader.java
index 02ad333bd..dcdf7c683 100644
--- a/F-Droid/src/org/fdroid/fdroid/net/HttpDownloader.java
+++ b/F-Droid/src/org/fdroid/fdroid/net/HttpDownloader.java
@@ -8,7 +8,6 @@ import com.nostra13.universalimageloader.core.download.BaseImageDownloader;
 import org.fdroid.fdroid.Preferences;
 import org.fdroid.fdroid.Utils;
 
-import javax.net.ssl.SSLHandshakeException;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
@@ -20,6 +19,10 @@ import java.net.Proxy;
 import java.net.SocketAddress;
 import java.net.URL;
 
+import javax.net.ssl.SSLHandshakeException;
+
+import info.guardianproject.netcipher.NetCipher;
+
 public class HttpDownloader extends Downloader {
     private static final String TAG = "HttpDownloader";
 
@@ -88,10 +91,11 @@ public class HttpDownloader extends Downloader {
         if (prefs.isProxyEnabled()) {
             SocketAddress sa = new InetSocketAddress(prefs.getProxyHost(), prefs.getProxyPort());
             Proxy proxy = new Proxy(Proxy.Type.HTTP, sa);
-            connection = (HttpURLConnection) sourceUrl.openConnection(proxy);
+            NetCipher.setProxy(proxy);
         } else {
-            connection = (HttpURLConnection) sourceUrl.openConnection();
+            NetCipher.setProxy(null);
         }
+        connection = NetCipher.getHttpURLConnection(sourceUrl);
     }
 
     protected void doDownload() throws IOException, InterruptedException {