mirror
/
FairEmail
mirror of https://github.com/M66B/FairEmail.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Improved certificate debugging

This commit is contained in:
M66B 2020-05-24 11:30:17 +02:00
parent 8dca87ade2
commit d26d79ca68
1 changed files with 29 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
app/src/main/java/eu/faircode/email/FragmentMessages.java
View File

@ -5556,9 +5556,10 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences.
Log.w(ex);
}
KeyStore ks = null;
try {
// https://tools.ietf.org/html/rfc3852#section-10.2.3
KeyStore ks = KeyStore.getInstance("AndroidCAStore");
ks = KeyStore.getInstance("AndroidCAStore");
ks.load(null, null);
// https://docs.oracle.com/javase/7/docs/technotes/guides/security/certpath/CertPathProgGuide.html
@ -5611,27 +5612,18 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences.
CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
cpv.validate(path.getCertPath(), params);
List<Certificate> pcerts = new ArrayList<>();
pcerts.addAll(path.getCertPath().getCertificates());
List<X509Certificate> pcerts = new ArrayList<>();
pcerts.add(cert);
for (Certificate c : pcerts)
if (c instanceof X509Certificate)
pcerts.add((X509Certificate) c);
if (path instanceof PKIXCertPathValidatorResult) {
X509Certificate root = ((PKIXCertPathValidatorResult) path).getTrustAnchor().getTrustedCert();
if (root != null)
pcerts.add(root);
}
ArrayList<String> trace = new ArrayList<>();
for (Certificate pcert : pcerts)
if (pcert instanceof X509Certificate) {
// https://tools.ietf.org/html/rfc5280#section-4.2.1.3
X509Certificate c = (X509Certificate) pcert;
boolean[] usage = c.getKeyUsage();
boolean root = (usage != null && usage[5]);
boolean selfSigned = c.getIssuerX500Principal().equals(c.getSubjectX500Principal());
EntityCertificate record = EntityCertificate.from(c, null);
trace.add((root ? "* " : "") + (selfSigned ? "# " : "") + record.subject);
}
args.putStringArrayList("trace", trace);
args.putStringArrayList("trace", getTrace(pcerts, ks));
boolean valid = true;
for (Certificate pcert : pcerts)
@ -5647,16 +5639,7 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences.
} catch (Throwable ex) {
Log.w(ex);
args.putString("reason", ex.getMessage());
ArrayList<String> trace = new ArrayList<>();
for (X509Certificate c : certs) {
boolean[] usage = c.getKeyUsage();
boolean root = (usage != null && usage[5]);
boolean selfSigned = c.getIssuerX500Principal().equals(c.getSubjectX500Principal());
EntityCertificate record = EntityCertificate.from(c, null);
trace.add((root ? "* " : "") + (selfSigned ? "# " : "") + record.subject);
}
args.putStringArrayList("trace", trace);
args.putStringArrayList("trace", getTrace(certs, ks));
}
result = cert;
@ -5963,6 +5946,26 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences.
WorkerFts.init(context, false);
}
private ArrayList<String> getTrace(List<X509Certificate> certs, KeyStore ks) {
ArrayList<String> trace = new ArrayList<>();
for (Certificate c : certs)
try {
X509Certificate cert = (X509Certificate) c;
boolean[] usage = cert.getKeyUsage();
boolean keyCertSign = (usage != null && usage[5]);
boolean selfSigned = cert.getIssuerX500Principal().equals(cert.getSubjectX500Principal());
EntityCertificate record = EntityCertificate.from(cert, null);
trace.add(record.subject +
" (" + cert.getIssuerX500Principal() + ")" +
(keyCertSign ? " (keyCertSign)" : "") +
(selfSigned ? " (selfSigned)" : "") +
(ks != null && ks.getCertificateAlias(cert) != null ? " (Android)" : ""));
} catch (Throwable ex) {
Log.e(ex);
trace.add(ex.toString());
}
return trace;
}
}.execute(this, args, "decrypt:s/mime");
}