From 338e9c7f170eacd2b723c1ae8270ed78279a4855 Mon Sep 17 00:00:00 2001 From: M66B Date: Tue, 6 Jul 2021 18:25:50 +0200 Subject: [PATCH] Scan and check certificate --- .../java/eu/faircode/email/EmailProvider.java | 71 ++++++++++--------- 1 file changed, 37 insertions(+), 34 deletions(-) diff --git a/app/src/main/java/eu/faircode/email/EmailProvider.java b/app/src/main/java/eu/faircode/email/EmailProvider.java index 5307511f35..8ab2fee131 100644 --- a/app/src/main/java/eu/faircode/email/EmailProvider.java +++ b/app/src/main/java/eu/faircode/email/EmailProvider.java @@ -37,7 +37,6 @@ import java.io.InputStreamReader; import java.net.HttpURLConnection; import java.net.InetAddress; import java.net.InetSocketAddress; -import java.net.Socket; import java.net.URL; import java.net.UnknownHostException; import java.security.cert.Certificate; @@ -786,53 +785,57 @@ public class EmailProvider implements Parcelable { Log.i("Scanning " + host + ":" + port); this.reachable = executor.submit(new Callable() { + // Returns: + // false: closed + // true: listening + // null: untrusted @Override public Boolean call() { try { for (InetAddress iaddr : InetAddress.getAllByName(host)) { InetSocketAddress address = new InetSocketAddress(iaddr, Server.this.port); - if (BuildConfig.DEBUG) { - SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); - try (SSLSocket socket = (SSLSocket) factory.createSocket()) { - Log.i("SSL connecting to " + address); - socket.setSoTimeout(SCAN_TIMEOUT); - socket.connect(address); - try { - socket.startHandshake(); - Log.i("SSL connected " + address); - Certificate[] certs = socket.getSession().getPeerCertificates(); - for (Certificate cert : certs) - if (cert instanceof X509Certificate) { - List names = ConnectionHelper.getDnsNames((X509Certificate) cert); - if (ConnectionHelper.matches(host, names)) - return true; - } - Log.i("SSL untrusted " + address); - return null; - } catch (Throwable ex) { - // Port 143 - // javax.net.ssl.SSLException: Unable to parse TLS packet header - Log.i("SSL handshake " + address + ": " + Log.formatThrowable(ex)); - return true; - } - } catch (Throwable ex) { - Log.i("SSL unreachable " + address + ": " + Log.formatThrowable(ex)); - } - } - - try (Socket socket = new Socket()) { - Log.i("Connecting to " + address); + SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); + try (SSLSocket socket = (SSLSocket) factory.createSocket()) { + EntityLog.log(context, "Connecting to " + address); socket.connect(address, SCAN_TIMEOUT); + + try { + EntityLog.log(context, "Connected " + address); + socket.setSoTimeout(SCAN_TIMEOUT); + socket.startHandshake(); + Certificate[] certs = socket.getSession().getPeerCertificates(); + for (Certificate cert : certs) + if (cert instanceof X509Certificate) { + List names = ConnectionHelper.getDnsNames((X509Certificate) cert); + if (ConnectionHelper.matches(host, names)) { + EntityLog.log(context, "Trusted " + address); + return true; + } + } + EntityLog.log(context, "Untrusted " + address); + return null; + } catch (Throwable ex) { + // Typical: + // javax.net.ssl.SSLException: Unable to parse TLS packet header + EntityLog.log(context, "Handshake " + address + ": " + Log.formatThrowable(ex)); + } + EntityLog.log(context, "Reachable " + address); return true; } catch (Throwable ex) { - Log.i("Unreachable " + address + ": " + Log.formatThrowable(ex)); + // Typical: + // java.net.ConnectException: failed to connect to ... + // android.system.ErrnoException: isConnected failed: ECONNREFUSED (Connection refused) + EntityLog.log(context, "Unreachable " + address + ": " + Log.formatThrowable(ex)); } } return false; } catch (Throwable ex) { - Log.w(ex); + // Typical: + // java.net.UnknownHostException: Unable to resolve host + // android.system.GaiException: android_getaddrinfo failed: EAI_NODATA (No address associated with hostname) + EntityLog.log(context, "Error " + host + ": " + Log.formatThrowable(ex)); return false; } }