Handle Android 11 restrictions (3.14.x) (square#5820)

Minimal backport of Android SocketAdaptor style fixes from master.

See also similar change on 3.12.x square#5822

.circleci/config.yml

@@ -2,7 +2,7 @@ version: 2
 jobs:
   build:
     docker:
-      - image: circleci/openjdk:8u171-jdk
+      - image: circleci/openjdk:11.0.6-jdk-stretch
     steps:
       - checkout
       - run:

okhttp/pom.xml

@@ -23,8 +23,8 @@
       <scope>provided</scope>
     </dependency>
     <dependency>
-      <groupId>com.google.android</groupId>
-      <artifactId>android</artifactId>
+      <groupId>org.robolectric</groupId>
+      <artifactId>android-all</artifactId>
       <scope>provided</scope>
     </dependency>
     <dependency>

okhttp/src/main/java/okhttp3/internal/platform/Android10Platform.java

@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2020 Square, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package okhttp3.internal.platform;
+
+import android.annotation.SuppressLint;
+import android.net.ssl.SSLSockets;
+import java.util.List;
+import javax.annotation.Nullable;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLSocket;
+import okhttp3.Protocol;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
+
+/** Android 10+. */
+@SuppressLint("NewApi")
+class Android10Platform extends AndroidPlatform {
+  Android10Platform(Class<?> sslParametersClass) {
+    super(sslParametersClass, null, null, null, null, null);
+  }
+
+  @SuppressLint("NewApi")
+  @IgnoreJRERequirement
+  @Override public void configureTlsExtensions(
+      SSLSocket sslSocket, String hostname, List<Protocol> protocols) {
+    enableSessionTickets(sslSocket);
+
+    SSLParameters sslParameters = sslSocket.getSSLParameters();
+
+    // Enable ALPN.
+    String[] protocolsArray = Platform.alpnProtocolNames(protocols).toArray(new String[0]);
+    sslParameters.setApplicationProtocols(protocolsArray);
+
+    sslSocket.setSSLParameters(sslParameters);
+  }
+
+  private void enableSessionTickets(SSLSocket sslSocket) {
+    if (SSLSockets.isSupportedSocket(sslSocket)) {
+      SSLSockets.setUseSessionTickets(sslSocket, true);
+    }
+  }
+
+  @IgnoreJRERequirement
+  @Override public @Nullable String getSelectedProtocol(SSLSocket socket) {
+    String alpnResult = socket.getApplicationProtocol();
+
+    if (alpnResult == null || alpnResult.isEmpty()) {
+      return null;
+    }
+
+    return alpnResult;
+  }
+
+  public static @Nullable Platform buildIfSupported() {
+    try {
+      if (getSdkInt() >= 29) {
+        Class<?> sslParametersClass =
+            Class.forName("com.android.org.conscrypt.SSLParametersImpl");
+
+        return new Android10Platform(sslParametersClass);
+      }
+    } catch (ReflectiveOperationException ignored) {
+    }
+
+    return null; // Not an Android 10+ runtime.
+  }
+}

okhttp/src/main/java/okhttp3/internal/platform/AndroidPlatform.java

@@ -214,9 +214,14 @@ public CertificateChainCleaner buildCertificateChainCleaner(X509TrustManager tru
   }
 
   public static @Nullable Platform buildIfSupported() {
+    if (getSdkInt() == 0) {
+      return null;
+    }
+
     // Attempt to find Android 5+ APIs.
     Class<?> sslParametersClass;
     Class<?> sslSocketClass;
+
     try {
       sslParametersClass = Class.forName("com.android.org.conscrypt.SSLParametersImpl");
       sslSocketClass = Class.forName("com.android.org.conscrypt.OpenSSLSocketImpl");
@@ -421,4 +426,13 @@ static final class CustomTrustRootIndex implements TrustRootIndex {
       throw new IllegalStateException("No TLS provider", e);
     }
   }
+
+  static int getSdkInt() {
+    try {
+      return Build.VERSION.SDK_INT;
+    } catch (NoClassDefFoundError ignored) {
+      // fails fatally against robolectric classes
+      return 0;
+    }
+  }
 }

okhttp/src/main/java/okhttp3/internal/platform/Platform.java

@@ -199,6 +199,12 @@ public static boolean isConscryptPreferred() {
 
   /** Attempt to match the host runtime to a capable Platform implementation. */
   private static Platform findPlatform() {
+    Platform android10 = Android10Platform.buildIfSupported();
+
+    if (android10 != null) {
+      return android10;
+    }
+
     Platform android = AndroidPlatform.buildIfSupported();
 
     if (android != null) {

pom.xml

@@ -41,7 +41,7 @@
 
     <!-- Compilation -->
     <airlift.version>0.8</airlift.version>
-    <android.version>4.1.1.4</android.version>
+    <robolectric.version>10-robolectric-5803371</robolectric.version>
     <animal.sniffer.version>1.17</animal.sniffer.version>
     <bouncycastle.version>1.60</bouncycastle.version>
     <guava.version>27.0.1-jre</guava.version>
@@ -112,9 +112,9 @@
         <version>${guava.version}</version>
       </dependency>
       <dependency>
-        <groupId>com.google.android</groupId>
-        <artifactId>android</artifactId>
-        <version>${android.version}</version>
+        <groupId>org.robolectric</groupId>
+        <artifactId>android-all</artifactId>
+        <version>${robolectric.version}</version>
       </dependency>
       <dependency>
         <groupId>com.squareup.moshi</groupId>