Mirrors/FairEmail
1
0
Fork 0
mirror of https://github.com/M66B/FairEmail.git synced 2026-03-30 05:44:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Connection check: check server trusted

Browse Source
This commit is contained in:
M66B
2023-11-11 11:52:16 +01:00
parent 48c0192483
commit c2a0f205df
1 changed files with 25 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
app/src/main/java/eu/faircode/email/FragmentOptionsConnection.java
View File

@@ -62,13 +62,19 @@ import androidx.preference.PreferenceManager;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.SocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
public class FragmentOptionsConnection extends FragmentBase implements SharedPreferences.OnSharedPreferenceChangeListener {
private View view;
@@ -474,15 +480,31 @@ public class FragmentOptionsConnection extends FragmentBase implements SharedPre
sb.append("Protocol: ").append(session.getProtocol()).append('\n');
sb.append("Cipher: ").append(session.getCipherSuite()).append('\n');
Certificate[] certificates = session.getPeerCertificates();
List<X509Certificate> x509certs = new ArrayList<>();
if (certificates != null)
for (Certificate certificate : certificates) {
if (certificate instanceof X509Certificate) {
X509Certificate x = (X509Certificate) certificate;
sb.append("Subject: ").append(x.getSubjectDN()).append('\n');
for (String dns : EntityCertificate.getDnsNames(x))
X509Certificate x509 = (X509Certificate) certificate;
x509certs.add(x509);
sb.append("Subject: ").append(x509.getSubjectDN()).append('\n');
for (String dns : EntityCertificate.getDnsNames(x509))
sb.append("DNS name: ").append(dns).append('\n');
}
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init((KeyStore) null);
TrustManager[] tms = tmf.getTrustManagers();
if (tms != null && tms.length > 0 && tms[0] instanceof X509TrustManager) {
X509TrustManager tm = (X509TrustManager) tms[0];
try {
tm.checkServerTrusted(x509certs.toArray(new X509Certificate[0]), "UNKNOWN");
sb.append("Peer certificate trusted\n");
} catch (Throwable ex) {
sb.append(ex.toString()).append('\n');
}
}
} finally {
try {
if (sslSocket != null) {