Added certificate selection

2026-04-01 22:56:33 +02:00 · 2020-02-10 16:35:14 +01:00
parent 8d3ec9aa43
commit 94a9e05da5
15 changed files with 2310 additions and 69 deletions
--- a/app/src/main/java/eu/faircode/email/EmailService.java
+++ b/app/src/main/java/eu/faircode/email/EmailService.java
@@ -5,6 +5,7 @@ import android.accounts.AccountManager;
 import android.accounts.AuthenticatorException;
 import android.content.Context;
 import android.content.SharedPreferences;
+import android.security.KeyChain;
 import android.text.TextUtils;

 import androidx.annotation.NonNull;
@@ -35,10 +36,8 @@ import java.net.Socket;
 import java.net.UnknownHostException;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
-import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
-import java.security.cert.Certificate;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateParsingException;
@@ -240,7 +239,7 @@ public class EmailService implements AutoCloseable {
                account.host, account.port,
                account.auth_type, account.provider,
                account.user, account.password,
-                account.certificate, account.fingerprint);
+                account.certificate_alias, account.fingerprint);
        if (password != null) {
            DB db = DB.getInstance(context);
            int count = db.account().setAccountPassword(account.id, account.password);
@@ -253,7 +252,7 @@ public class EmailService implements AutoCloseable {
                identity.host, identity.port,
                identity.auth_type, identity.provider,
                identity.user, identity.password,
-                identity.certificate, identity.fingerprint);
+                identity.certificate_alias, identity.fingerprint);
        if (password != null) {
            DB db = DB.getInstance(context);
            int count = db.identity().setIdentityPassword(identity.id, identity.password);
@@ -264,10 +263,20 @@ public class EmailService implements AutoCloseable {
    public String connect(
            String host, int port,
            int auth, String provider, String user, String password,
-            boolean certificate, String fingerprint) throws MessagingException {
+            String certificate, String fingerprint) throws MessagingException {
        SSLSocketFactoryService factory = null;
        try {
-            factory = new SSLSocketFactoryService(host, insecure, harden, certificate, fingerprint);
+            X509Certificate[] certs = null;
+            if (certificate != null) {
+                Log.i("Get client certificate alias=" + certificate);
+                try {
+                    certs = KeyChain.getCertificateChain(context, certificate);
+                } catch (Throwable ex) {
+                    Log.w(ex);
+                }
+            }
+
+            factory = new SSLSocketFactoryService(host, insecure, harden, certs, fingerprint);
            properties.put("mail." + protocol + ".ssl.socketFactory", factory);
            properties.put("mail." + protocol + ".socketFactory.fallback", "false");
            properties.put("mail." + protocol + ".ssl.checkserveridentity", "false");
@@ -576,7 +585,7 @@ public class EmailService implements AutoCloseable {
        private SSLSocketFactory factory;
        private X509Certificate certificate;

-        SSLSocketFactoryService(String host, boolean insecure, boolean harden, boolean use_certificate, String fingerprint) throws GeneralSecurityException {
+        SSLSocketFactoryService(String host, boolean insecure, boolean harden, X509Certificate[] certs, String fingerprint) throws GeneralSecurityException {
            this.server = host;
            this.secure = !insecure;
            this.harden = harden;
@@ -646,19 +655,15 @@ public class EmailService implements AutoCloseable {
                };

                KeyManager[] km = null;
-                if (use_certificate)
+                if (certs != null)
                    try {
-                        Log.i("Client certificate init");
-                        KeyStore ca = KeyStore.getInstance("AndroidCAStore");
-                        ca.load(null, null);
-
-                        Certificate cert = ca.getCertificate(server);
-                        if (cert == null)
-                            throw new KeyStoreException("Certificate not found host=" + server);
+                        Log.i("Client certificate init certs=" + certs.length);

                        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
                        ks.load(null, null);
-                        ks.setCertificateEntry(server, cert);
+
+                        for (int i = 0; i < certs.length; i++)
+                            ks.setCertificateEntry(server + ":" + i, certs[i]);

                        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        kmf.init(ks, null);