mirror of https://github.com/M66B/FairEmail.git
Scan and check certificate
This commit is contained in:
M66B
parent
f5575d1899
commit
338e9c7f17
|
|
@ -37,7 +37,6 @@ import java.io.InputStreamReader;
|
||||||
import java.net.HttpURLConnection;
|
import java.net.HttpURLConnection;
|
||||||
import java.net.InetAddress;
|
import java.net.InetAddress;
|
||||||
import java.net.InetSocketAddress;
|
import java.net.InetSocketAddress;
|
||||||
import java.net.Socket;
|
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.net.UnknownHostException;
|
import java.net.UnknownHostException;
|
||||||
import java.security.cert.Certificate;
|
import java.security.cert.Certificate;
|
||||||
|
|
@ -786,53 +785,57 @@ public class EmailProvider implements Parcelable {
|
||||||
|
|
||||||
Log.i("Scanning " + host + ":" + port);
|
Log.i("Scanning " + host + ":" + port);
|
||||||
this.reachable = executor.submit(new Callable<Boolean>() {
|
this.reachable = executor.submit(new Callable<Boolean>() {
|
||||||
|
// Returns:
|
||||||
|
// false: closed
|
||||||
|
// true: listening
|
||||||
|
// null: untrusted
|
||||||
@Override
|
@Override
|
||||||
public Boolean call() {
|
public Boolean call() {
|
||||||
try {
|
try {
|
||||||
for (InetAddress iaddr : InetAddress.getAllByName(host)) {
|
for (InetAddress iaddr : InetAddress.getAllByName(host)) {
|
||||||
InetSocketAddress address = new InetSocketAddress(iaddr, Server.this.port);
|
InetSocketAddress address = new InetSocketAddress(iaddr, Server.this.port);
|
||||||
|
|
||||||
if (BuildConfig.DEBUG) {
|
|
||||||
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
|
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
|
||||||
try (SSLSocket socket = (SSLSocket) factory.createSocket()) {
|
try (SSLSocket socket = (SSLSocket) factory.createSocket()) {
|
||||||
Log.i("SSL connecting to " + address);
|
EntityLog.log(context, "Connecting to " + address);
|
||||||
socket.setSoTimeout(SCAN_TIMEOUT);
|
socket.connect(address, SCAN_TIMEOUT);
|
||||||
socket.connect(address);
|
|
||||||
try {
|
try {
|
||||||
|
EntityLog.log(context, "Connected " + address);
|
||||||
|
socket.setSoTimeout(SCAN_TIMEOUT);
|
||||||
socket.startHandshake();
|
socket.startHandshake();
|
||||||
Log.i("SSL connected " + address);
|
|
||||||
Certificate[] certs = socket.getSession().getPeerCertificates();
|
Certificate[] certs = socket.getSession().getPeerCertificates();
|
||||||
for (Certificate cert : certs)
|
for (Certificate cert : certs)
|
||||||
if (cert instanceof X509Certificate) {
|
if (cert instanceof X509Certificate) {
|
||||||
List<String> names = ConnectionHelper.getDnsNames((X509Certificate) cert);
|
List<String> names = ConnectionHelper.getDnsNames((X509Certificate) cert);
|
||||||
if (ConnectionHelper.matches(host, names))
|
if (ConnectionHelper.matches(host, names)) {
|
||||||
|
EntityLog.log(context, "Trusted " + address);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
Log.i("SSL untrusted " + address);
|
}
|
||||||
|
EntityLog.log(context, "Untrusted " + address);
|
||||||
return null;
|
return null;
|
||||||
} catch (Throwable ex) {
|
} catch (Throwable ex) {
|
||||||
// Port 143
|
// Typical:
|
||||||
// javax.net.ssl.SSLException: Unable to parse TLS packet header
|
// javax.net.ssl.SSLException: Unable to parse TLS packet header
|
||||||
Log.i("SSL handshake " + address + ": " + Log.formatThrowable(ex));
|
EntityLog.log(context, "Handshake " + address + ": " + Log.formatThrowable(ex));
|
||||||
return true;
|
|
||||||
}
|
|
||||||
} catch (Throwable ex) {
|
|
||||||
Log.i("SSL unreachable " + address + ": " + Log.formatThrowable(ex));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
try (Socket socket = new Socket()) {
|
|
||||||
Log.i("Connecting to " + address);
|
|
||||||
socket.connect(address, SCAN_TIMEOUT);
|
|
||||||
EntityLog.log(context, "Reachable " + address);
|
EntityLog.log(context, "Reachable " + address);
|
||||||
return true;
|
return true;
|
||||||
} catch (Throwable ex) {
|
} catch (Throwable ex) {
|
||||||
Log.i("Unreachable " + address + ": " + Log.formatThrowable(ex));
|
// Typical:
|
||||||
|
// java.net.ConnectException: failed to connect to ...
|
||||||
|
// android.system.ErrnoException: isConnected failed: ECONNREFUSED (Connection refused)
|
||||||
|
EntityLog.log(context, "Unreachable " + address + ": " + Log.formatThrowable(ex));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
} catch (Throwable ex) {
|
} catch (Throwable ex) {
|
||||||
Log.w(ex);
|
// Typical:
|
||||||
|
// java.net.UnknownHostException: Unable to resolve host
|
||||||
|
// android.system.GaiException: android_getaddrinfo failed: EAI_NODATA (No address associated with hostname)
|
||||||
|
EntityLog.log(context, "Error " + host + ": " + Log.formatThrowable(ex));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue