Mirrors/FairEmail
1
0
Fork 0
mirror of https://github.com/M66B/FairEmail.git synced 2026-03-30 13:47:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactoring

Browse Source
This commit is contained in:
M66B
2023-12-08 08:01:25 +01:00
parent c88556204f
commit 555abf50c7
3 changed files with 228 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
app/src/main/java/eu/faircode/email/EmailService.java
View File

@@ -61,9 +61,7 @@ import java.net.SocketException;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@@ -1078,75 +1076,13 @@ public class EmailService implements AutoCloseable {
for (TrustManager tm : tms)
Log.e("Trust manager " + tm.getClass());
X509TrustManager tm = new X509TrustManager() {
// openssl s_client -connect <host>
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
if (secure)
rtm.checkClientTrusted(chain, authType);
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
certificate = chain[0];
if (secure) {
// Check if selected fingerprint
if (trustedFingerprint != null && matches(certificate, trustedFingerprint)) {
Log.i("Trusted selected fingerprint");
return;
X509TrustManager tm = SSLHelper.getTrustManager(rtm, secure, cert_strict, trustedFingerprint,
new SSLHelper.ITrust() {
@Override
public void checkServerTrusted(X509Certificate[] chain) {
certificate = chain[0];
}
// Check certificates
try {
Log.i("Auth type=" + authType);
rtm.checkServerTrusted(chain, authType);
} catch (CertificateException ex) {
Principal principal = certificate.getSubjectDN();
if (principal == null)
throw ex;
else if (cert_strict)
throw new CertificateException(principal.getName(), ex);
else if (noAnchor(ex) || isExpired(ex)) {
if (BuildConfig.PLAY_STORE_RELEASE)
Log.i(ex);
else
Log.w(ex);
} else
throw new CertificateException(principal.getName(), ex);
}
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return rtm.getAcceptedIssuers();
}
private boolean noAnchor(Throwable ex) {
while (ex != null) {
if (ex instanceof CertPathValidatorException &&
"Trust anchor for certification path not found."
.equals(ex.getMessage()))
return true;
ex = ex.getCause();
}
return false;
}
private boolean isExpired(Throwable ex) {
while (ex != null) {
if (ex instanceof CertPathValidatorException &&
"timestamp check failed"
.equals(ex.getMessage()))
return true;
ex = ex.getCause();
}
return false;
}
};
});
KeyManager[] km = null;
if (key != null && chain != null)
@@ -1345,25 +1281,6 @@ public class EmailService implements AutoCloseable {
public String[] getSupportedCipherSuites() {
return factory.getSupportedCipherSuites();
}
private static boolean matches(X509Certificate certificate, @NonNull String trustedFingerprint) {
// Get certificate fingerprint
try {
String fingerprint = EntityCertificate.getFingerprintSha1(certificate);
int slash = trustedFingerprint.indexOf('/');
if (slash < 0)
return trustedFingerprint.equals(fingerprint);
else {
String keyId = EntityCertificate.getKeyId(certificate);
if (trustedFingerprint.substring(slash + 1).equals(keyId))
return true;
return trustedFingerprint.substring(0, slash).equals(fingerprint);
}
} catch (Throwable ex) {
Log.w(ex);
return false;
}
}
}
private static void configureSocketOptions(Socket socket) throws SocketException {