diff --git a/app/src/main/java/eu/faircode/email/Bimi.java b/app/src/main/java/eu/faircode/email/Bimi.java index 23e7df5d65..4bfe0f929b 100644 --- a/app/src/main/java/eu/faircode/email/Bimi.java +++ b/app/src/main/java/eu/faircode/email/Bimi.java @@ -208,9 +208,16 @@ public class Bimi { throw new IllegalArgumentException("Invalid certificate type"); // Check subject + boolean found = false; List names = EntityCertificate.getDnsNames(cert); - if (!names.contains(domain)) - throw new IllegalArgumentException("Invalid certificate domain" + + for (String name : names) + if (domain.endsWith(name.toLowerCase(Locale.ROOT))) { + found = true; + break; + } + if (!found) + throw new IllegalArgumentException("Invalid certificate" + + " domain=" + domain + " names=" + TextUtils.join(", ", names)); // https://datatracker.ietf.org/doc/html/rfc3709#page-6 @@ -306,6 +313,13 @@ public class Bimi { String txt = "_dmarc." + domain; Log.i("BIMI fetch TXT " + txt); DnsHelper.DnsRecord[] records = DnsHelper.lookup(context, txt, "txt"); + if (records.length == 0) { + String parent = UriHelper.getParentDomain(context, domain); + if (!domain.equals(parent)) { + txt = "_dmarc." + parent; + records = DnsHelper.lookup(context, txt, "txt"); + } + } if (records.length == 0) throw new IllegalArgumentException("DMARC missing"); Log.i("BIMI got TXT " + records[0].name);