From 82363adfb5e4342aac5b731310e8a989ae0e5c7b Mon Sep 17 00:00:00 2001
From: Jeff Hellman <jeff.hellman@coupa.com>
Date: Thu, 22 Jun 2017 10:57:12 -0600
Subject: [PATCH] Add support for TLS 1.2 when running Android 4

---
 .../java/com/RNFetchBlob/RNFetchBlobReq.java  | 34 ++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/android/src/main/java/com/RNFetchBlob/RNFetchBlobReq.java b/android/src/main/java/com/RNFetchBlob/RNFetchBlobReq.java
index db213c1e8..c3dd56041 100644
--- a/android/src/main/java/com/RNFetchBlob/RNFetchBlobReq.java
+++ b/android/src/main/java/com/RNFetchBlob/RNFetchBlobReq.java
@@ -7,10 +7,12 @@
 import android.content.IntentFilter;
 import android.database.Cursor;
 import android.net.Uri;
+import android.os.Build;
 import android.util.Base64;
 
 import com.RNFetchBlob.Response.RNFetchBlobDefaultResp;
 import com.RNFetchBlob.Response.RNFetchBlobFileResp;
+import com.facebook.common.logging.FLog;
 import com.facebook.react.bridge.Arguments;
 import com.facebook.react.bridge.Callback;
 import com.facebook.react.bridge.ReactApplicationContext;
@@ -21,6 +23,7 @@
 import com.facebook.react.bridge.WritableMap;
 import com.facebook.react.modules.core.DeviceEventManagerModule;
 import com.facebook.react.modules.network.OkHttpClientProvider;
+import com.facebook.react.modules.network.TLSSocketFactory;
 
 import java.io.File;
 import java.io.FileOutputStream;
@@ -35,11 +38,14 @@
 import java.nio.charset.Charset;
 import java.nio.charset.CharsetEncoder;
 import java.util.ArrayList;
+import java.util.List;
 import java.util.HashMap;
+
 import java.util.concurrent.TimeUnit;
 
 import okhttp3.Call;
 import okhttp3.ConnectionPool;
+import okhttp3.ConnectionSpec;
 import okhttp3.Headers;
 import okhttp3.Interceptor;
 import okhttp3.MediaType;
@@ -48,6 +54,8 @@
 import okhttp3.RequestBody;
 import okhttp3.Response;
 import okhttp3.ResponseBody;
+import okhttp3.TlsVersion;
+
 
 public class RNFetchBlobReq extends BroadcastReceiver implements Runnable {
 
@@ -359,9 +367,10 @@ public Response intercept(Chain chain) throws IOException {
             clientBuilder.retryOnConnectionFailure(false);
             clientBuilder.followRedirects(options.followRedirect);
             clientBuilder.followSslRedirects(options.followRedirect);
+            clientBuilder.retryOnConnectionFailure(true);
 
+            OkHttpClient client = enableTls12OnPreLollipop(clientBuilder).build();
 
-            OkHttpClient client = clientBuilder.retryOnConnectionFailure(true).build();
             Call call =  client.newCall(req);
             taskTable.put(taskId, call);
             call.enqueue(new okhttp3.Callback() {
@@ -672,5 +681,28 @@ public void onReceive(Context context, Intent intent) {
         }
     }
 
+    public static OkHttpClient.Builder enableTls12OnPreLollipop(OkHttpClient.Builder client) {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN && Build.VERSION.SDK_INT <= Build.VERSION_CODES.KITKAT) {
+            try {
+                client.sslSocketFactory(new TLSSocketFactory());
+
+                ConnectionSpec cs = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
+                        .tlsVersions(TlsVersion.TLS_1_2)
+                        .build();
+
+                List< ConnectionSpec > specs = new ArrayList < > ();
+                specs.add(cs);
+                specs.add(ConnectionSpec.COMPATIBLE_TLS);
+                specs.add(ConnectionSpec.CLEARTEXT);
+
+                client.connectionSpecs(specs);
+            } catch (Exception exc) {
+                FLog.e("OkHttpClientProvider", "Error while enabling TLS 1.2", exc);
+            }
+        }
+
+        return client;
+    }
+
 
 }