mirror/FairEmail
1
0
Fork 0
mirror of https://github.com/M66B/FairEmail.git synced 2025-02-25 15:32:52 +00:00
Code Issues Releases Wiki Activity

Fixed client cert auth

Browse source
This commit is contained in:
M66B 2020-02-20 15:35:10 +01:00
parent ceb2518924
commit b76460b567
1 changed files with 13 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
app/src/main/java/eu/faircode/email/EmailService.java
View file

@ -40,6 +40,7 @@ import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
@ -268,17 +269,19 @@ public class EmailService implements AutoCloseable {
String certificate, String fingerprint) throws MessagingException {
SSLSocketFactoryService factory = null;
try {
X509Certificate[] certs = null;
PrivateKey key = null;
X509Certificate[] chain = null;
if (certificate != null) {
Log.i("Get client certificate alias=" + certificate);
try {
certs = KeyChain.getCertificateChain(context, certificate);
key = KeyChain.getPrivateKey(context, certificate);
chain = KeyChain.getCertificateChain(context, certificate);
} catch (Throwable ex) {
Log.w(ex);
}
}
factory = new SSLSocketFactoryService(host, insecure, harden, certs, fingerprint);
factory = new SSLSocketFactoryService(host, insecure, harden, key, chain, fingerprint);
properties.put("mail." + protocol + ".ssl.socketFactory", factory);
properties.put("mail." + protocol + ".socketFactory.fallback", "false");
properties.put("mail." + protocol + ".ssl.checkserveridentity", "false");
@ -599,7 +602,7 @@ public class EmailService implements AutoCloseable {
private SSLSocketFactory factory;
private X509Certificate certificate;
SSLSocketFactoryService(String host, boolean insecure, boolean harden, X509Certificate[] certs, String fingerprint) throws GeneralSecurityException {
SSLSocketFactoryService(String host, boolean insecure, boolean harden, PrivateKey key, X509Certificate[] chain, String fingerprint) throws GeneralSecurityException {
this.server = host;
this.secure = !insecure;
this.harden = harden;
@ -669,18 +672,16 @@ public class EmailService implements AutoCloseable {
};
KeyManager[] km = null;
if (certs != null)
if (key != null && chain != null)
try {
Log.i("Client certificate init certs=" + certs.length);
Log.i("Client certificate init");
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, null);
for (int i = 0; i < certs.length; i++)
ks.setCertificateEntry(server + ":" + i, certs[i]);
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(null, new char[0]);
ks.setKeyEntry(server, key, new char[0], chain);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, null);
kmf.init(ks, new char[0]);
km = kmf.getKeyManagers();
Log.i("Client certificate initialized");