mirror
/
FairEmail
mirror of https://github.com/M66B/FairEmail.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Check for self signed certificates

This commit is contained in:
M66B 2020-02-01 10:55:13 +01:00
parent ab4febd489
commit 16b42b98b0
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/src/main/java/eu/faircode/email/FragmentMessages.java
View File

@ -4880,7 +4880,8 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences.
for (X509Certificate c : certs) { for (X509Certificate c : certs) {
boolean[] usage = c.getKeyUsage(); boolean[] usage = c.getKeyUsage();
boolean root = (usage != null && usage[5]); boolean root = (usage != null && usage[5]);
if (root && ks.getCertificateAlias(c) == null) { boolean selfSigned = c.getIssuerX500Principal().equals(c.getSubjectX500Principal());
if (root && !selfSigned && ks.getCertificateAlias(c) == null) {
boolean found = false; boolean found = false;
String issuer = (c.getIssuerDN() == null ? "" : c.getIssuerDN().getName()); String issuer = (c.getIssuerDN() == null ? "" : c.getIssuerDN().getName());
EntityCertificate record = EntityCertificate.from(c, true, issuer); EntityCertificate record = EntityCertificate.from(c, true, issuer);
@ -4928,10 +4929,12 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences.
for (Certificate pcert : pcerts) for (Certificate pcert : pcerts)
if (pcert instanceof X509Certificate) { if (pcert instanceof X509Certificate) {
// https://tools.ietf.org/html/rfc5280#section-4.2.1.3 // https://tools.ietf.org/html/rfc5280#section-4.2.1.3
boolean[] usage = ((X509Certificate) pcert).getKeyUsage(); X509Certificate c = (X509Certificate) pcert;
boolean[] usage = c.getKeyUsage();
boolean root = (usage != null && usage[5]); boolean root = (usage != null && usage[5]);
EntityCertificate record = EntityCertificate.from((X509Certificate) pcert, null); boolean selfSigned = c.getIssuerX500Principal().equals(c.getSubjectX500Principal());
trace.add((root ? "* " : "") + record.subject); EntityCertificate record = EntityCertificate.from(c, null);
trace.add((root ? "* " : "") + (selfSigned ? "# " : "") + record.subject);
} }
args.putStringArrayList("trace", trace); args.putStringArrayList("trace", trace);
@ -4954,8 +4957,9 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences.
for (X509Certificate c : certs) { for (X509Certificate c : certs) {
boolean[] usage = c.getKeyUsage(); boolean[] usage = c.getKeyUsage();
boolean root = (usage != null && usage[5]); boolean root = (usage != null && usage[5]);
boolean selfSigned = c.getIssuerX500Principal().equals(c.getSubjectX500Principal());
EntityCertificate record = EntityCertificate.from(c, null); EntityCertificate record = EntityCertificate.from(c, null);
trace.add(record.subject + (root ? " *" : "")); trace.add((root ? "* " : "") + (selfSigned ? "# " : "") + record.subject);
} }
args.putStringArrayList("trace", trace); args.putStringArrayList("trace", trace);
} }