Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a StrictMode noteSlowCall for SSL init #8339

Merged
merged 9 commits into from
Jan 5, 2025
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add strict mode checks on slow calls
yschimke committed Apr 6, 2024
commit 467aa8213e77e5301ba76a39ddbf3a8e952ba59d
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
package okhttp.android.test

import android.os.StrictMode
import android.os.StrictMode.ThreadPolicy
import assertk.assertThat
import assertk.assertions.hasMessage
import okhttp3.HttpUrl.Companion.toHttpUrl
import okhttp3.OkHttpClient
import okhttp3.Request
import okhttp3.internal.platform.Platform
import org.junit.jupiter.api.AfterEach
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.assertThrows
import org.junit.jupiter.api.fail
import org.junit.jupiter.api.parallel.Isolated
import org.opentest4j.AssertionFailedError

@Isolated
class StrictModeTest {
@AfterEach
fun cleanup() {
StrictMode.setThreadPolicy(
ThreadPolicy.Builder()
.permitAll()
.build(),
)
}

@Test
fun testInit() {
Platform.resetForTests()

applyStrictMode()

val e =
assertThrows<AssertionFailedError> {
// Not currently safe
// See https://github.com/square/okhttp/pull/8248
OkHttpClient()
}
assertThat(e).hasMessage("Slow call on main")
}

@Test
fun testNewCall() {
Platform.resetForTests()

val client = OkHttpClient()

applyStrictMode()

// Safe on main
client.newCall(Request("https://google.com/robots.txt".toHttpUrl()))
}

private fun applyStrictMode() {
StrictMode.setThreadPolicy(
ThreadPolicy.Builder()
.detectCustomSlowCalls()
.penaltyListener({ it.run() }) {
fail("Slow call on main")
}
.build(),
)
}
}
Original file line number Diff line number Diff line change
@@ -17,8 +17,10 @@ package okhttp3.internal.platform

import android.annotation.SuppressLint
import android.os.Build
import android.os.StrictMode
import android.security.NetworkSecurityPolicy
import android.util.CloseGuard
import javax.net.ssl.SSLContext
import javax.net.ssl.SSLSocket
import javax.net.ssl.SSLSocketFactory
import javax.net.ssl.X509TrustManager
@@ -31,6 +33,7 @@ import okhttp3.internal.platform.android.BouncyCastleSocketAdapter
import okhttp3.internal.platform.android.ConscryptSocketAdapter
import okhttp3.internal.platform.android.DeferredSocketAdapter
import okhttp3.internal.tls.CertificateChainCleaner
import okhttp3.internal.tls.TrustRootIndex

/** Android 10+ (API 29+). */
@SuppressSignatureCheck
@@ -48,6 +51,18 @@ class Android10Platform : Platform() {
socketAdapters.find { it.matchesSocketFactory(sslSocketFactory) }
?.trustManager(sslSocketFactory)

override fun newSSLContext(): SSLContext {
StrictMode.noteSlowCall("newSSLContext")

return super.newSSLContext()
}

override fun buildTrustRootIndex(trustManager: X509TrustManager): TrustRootIndex {
StrictMode.noteSlowCall("buildTrustRootIndex")

return super.buildTrustRootIndex(trustManager)
}

override fun configureTlsExtensions(
sslSocket: SSLSocket,
hostname: String?,