From a36c6b36849f93d3b3e0b563de62bdb4bd5ef8b5 Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Wed, 29 Jan 2020 16:20:51 +0100
Subject: [PATCH] Added trust anchor cert to cert path

---
 .../eu/faircode/email/FragmentMessages.java   | 20 ++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/app/src/main/java/eu/faircode/email/FragmentMessages.java b/app/src/main/java/eu/faircode/email/FragmentMessages.java
index 5326f81fce..7de0735650 100644
--- a/app/src/main/java/eu/faircode/email/FragmentMessages.java
+++ b/app/src/main/java/eu/faircode/email/FragmentMessages.java
@@ -162,6 +162,7 @@ import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.cert.CollectionCertStoreParameters;
 import java.security.cert.PKIXBuilderParameters;
+import java.security.cert.PKIXCertPathValidatorResult;
 import java.security.cert.X509CertSelector;
 import java.security.cert.X509Certificate;
 import java.text.Collator;
@@ -4822,22 +4823,31 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences.
 
                                         args.putBoolean("valid", true);
 
+                                        List<Certificate> pcerts = new ArrayList<>();
+                                        pcerts.addAll(path.getCertPath().getCertificates());
+                                        if (path instanceof PKIXCertPathValidatorResult) {
+                                            X509Certificate root = ((PKIXCertPathValidatorResult) path).getTrustAnchor().getTrustedCert();
+                                            if (root != null)
+                                                pcerts.add(root);
+                                        }
+
                                         ArrayList<String> trace = new ArrayList<>();
-                                        for (Certificate c : path.getCertPath().getCertificates())
-                                            if (c instanceof X509Certificate) {
+                                        for (Certificate pcert : pcerts)
+                                            if (pcert instanceof X509Certificate) {
                                                 // https://tools.ietf.org/html/rfc5280#section-4.2.1.3
-                                                boolean[] usage = ((X509Certificate) c).getKeyUsage();
+                                                boolean[] usage = ((X509Certificate) pcert).getKeyUsage();
                                                 boolean root = (usage != null && usage[5]);
-                                                EntityCertificate record = EntityCertificate.from((X509Certificate) c, null);
+                                                EntityCertificate record = EntityCertificate.from((X509Certificate) pcert, null);
                                                 trace.add(record.subject + (root ? " *" : ""));
                                             }
+
                                         args.putStringArrayList("trace", trace);
                                     } catch (Throwable ex) {
                                         Log.w(ex);
 
                                         ArrayList<String> trace = new ArrayList<>();
                                         for (X509Certificate c : certs) {
-                                            boolean[] usage = ((X509Certificate) c).getKeyUsage();
+                                            boolean[] usage = c.getKeyUsage();
                                             boolean root = (usage != null && usage[5]);
                                             EntityCertificate record = EntityCertificate.from(c, null);
                                             trace.add(record.subject + (root ? " *" : ""));