From 317221939e2ca686c7d8b8c69f556970c9fcceec Mon Sep 17 00:00:00 2001 From: M66B Date: Sun, 12 Apr 2020 11:33:39 +0200 Subject: [PATCH] Always parse certificate subject to extract email addresses --- .../java/eu/faircode/email/ActivitySetup.java | 25 +-------------- .../eu/faircode/email/EntityCertificate.java | 32 +++++++++++++++++-- .../eu/faircode/email/FragmentMessages.java | 6 ++-- 3 files changed, 34 insertions(+), 29 deletions(-) diff --git a/app/src/main/java/eu/faircode/email/ActivitySetup.java b/app/src/main/java/eu/faircode/email/ActivitySetup.java index 6e12018beb..342df582f3 100644 --- a/app/src/main/java/eu/faircode/email/ActivitySetup.java +++ b/app/src/main/java/eu/faircode/email/ActivitySetup.java @@ -84,7 +84,6 @@ import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.OutputStream; -import java.security.Principal; import java.security.SecureRandom; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; @@ -1101,29 +1100,7 @@ public class ActivitySetup extends ActivityBase implements FragmentManager.OnBac } String fingerprint = EntityCertificate.getFingerprint(cert); - List emails = EntityCertificate.getAltSubjectName(cert); - if (emails.size() == 0) { - Principal principal = cert.getSubjectDN(); - if (principal != null) { - String subject = principal.getName(); - if (subject != null) { - Log.i("Parsing subject=" + subject); - for (String p : subject.split(",")) { - String[] kv = p.split("="); - if (kv.length == 2) { - String key = kv[0].trim(); - String value = kv[1].trim().toLowerCase(); - if (Helper.EMAIL_ADDRESS.matcher(value).matches() && - ("CN".equalsIgnoreCase(key) || - "emailAddress".equalsIgnoreCase(key))) { - if (!emails.contains(value)) - emails.add(value); - } - } - } - } - } - } + List emails = EntityCertificate.getEmailAddresses(cert); if (emails.size() == 0) throw new IllegalArgumentException("No email address found in key"); diff --git a/app/src/main/java/eu/faircode/email/EntityCertificate.java b/app/src/main/java/eu/faircode/email/EntityCertificate.java index 9f4b15b116..be0af9633f 100644 --- a/app/src/main/java/eu/faircode/email/EntityCertificate.java +++ b/app/src/main/java/eu/faircode/email/EntityCertificate.java @@ -32,6 +32,7 @@ import org.json.JSONObject; import java.io.ByteArrayInputStream; import java.security.NoSuchAlgorithmException; +import java.security.Principal; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; @@ -118,8 +119,9 @@ public class EntityCertificate { return certificate.getSubjectX500Principal().getName(X500Principal.RFC2253); } - static List getAltSubjectName(X509Certificate certificate) { + static List getEmailAddresses(X509Certificate certificate) { List result = new ArrayList<>(); + try { Collection> altNames = certificate.getSubjectAlternativeNames(); if (altNames != null) @@ -129,9 +131,35 @@ public class EntityCertificate { else Log.i("Alt type=" + altName.get(0) + " data=" + altName.get(1)); } catch (CertificateParsingException ex) { - Log.w(ex); + Log.e(ex); } + if (result.size() == 0) + try { + Principal principal = certificate.getSubjectDN(); + if (principal != null) { + String subject = principal.getName(); + if (subject != null) { + Log.i("Parsing subject=" + subject); + for (String p : subject.split(",")) { + String[] kv = p.split("="); + if (kv.length == 2) { + String key = kv[0].trim(); + String value = kv[1].trim().toLowerCase(); + if (Helper.EMAIL_ADDRESS.matcher(value).matches() && + ("CN".equalsIgnoreCase(key) || + "emailAddress".equalsIgnoreCase(key))) { + if (!result.contains(value)) + result.add(value); + } + } + } + } + } + } catch (Throwable ex) { + Log.e(ex); + } + return result; } diff --git a/app/src/main/java/eu/faircode/email/FragmentMessages.java b/app/src/main/java/eu/faircode/email/FragmentMessages.java index 667ed94fea..98484940d2 100644 --- a/app/src/main/java/eu/faircode/email/FragmentMessages.java +++ b/app/src/main/java/eu/faircode/email/FragmentMessages.java @@ -5434,7 +5434,7 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences. if (s.verify(verifier)) { boolean known = true; String fingerprint = EntityCertificate.getFingerprint(cert); - List emails = EntityCertificate.getAltSubjectName(cert); + List emails = EntityCertificate.getEmailAddresses(cert); for (String email : emails) { EntityCertificate record = db.certificate().getCertificate(fingerprint, email); if (record == null) @@ -5719,7 +5719,7 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences. time = new Date(); boolean match = false; - List emails = EntityCertificate.getAltSubjectName(cert); + List emails = EntityCertificate.getEmailAddresses(cert); for (String email : emails) if (email.equalsIgnoreCase(sender)) { match = true; @@ -5803,7 +5803,7 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences. return null; String fingerprint = EntityCertificate.getFingerprint(cert); - List emails = EntityCertificate.getAltSubjectName(cert); + List emails = EntityCertificate.getEmailAddresses(cert); for (String email : emails) { EntityCertificate record = db.certificate().getCertificate(fingerprint, email); if (record == null) {