diff --git a/app/src/main/java/eu/faircode/email/FragmentMessages.java b/app/src/main/java/eu/faircode/email/FragmentMessages.java index 693f9193b9..ceaf2e9604 100644 --- a/app/src/main/java/eu/faircode/email/FragmentMessages.java +++ b/app/src/main/java/eu/faircode/email/FragmentMessages.java @@ -5556,9 +5556,10 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences. Log.w(ex); } + KeyStore ks = null; try { // https://tools.ietf.org/html/rfc3852#section-10.2.3 - KeyStore ks = KeyStore.getInstance("AndroidCAStore"); + ks = KeyStore.getInstance("AndroidCAStore"); ks.load(null, null); // https://docs.oracle.com/javase/7/docs/technotes/guides/security/certpath/CertPathProgGuide.html @@ -5611,27 +5612,18 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences. CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); cpv.validate(path.getCertPath(), params); - List pcerts = new ArrayList<>(); - pcerts.addAll(path.getCertPath().getCertificates()); + List pcerts = new ArrayList<>(); + pcerts.add(cert); + for (Certificate c : pcerts) + if (c instanceof X509Certificate) + pcerts.add((X509Certificate) c); if (path instanceof PKIXCertPathValidatorResult) { X509Certificate root = ((PKIXCertPathValidatorResult) path).getTrustAnchor().getTrustedCert(); if (root != null) pcerts.add(root); } - ArrayList trace = new ArrayList<>(); - for (Certificate pcert : pcerts) - if (pcert instanceof X509Certificate) { - // https://tools.ietf.org/html/rfc5280#section-4.2.1.3 - X509Certificate c = (X509Certificate) pcert; - boolean[] usage = c.getKeyUsage(); - boolean root = (usage != null && usage[5]); - boolean selfSigned = c.getIssuerX500Principal().equals(c.getSubjectX500Principal()); - EntityCertificate record = EntityCertificate.from(c, null); - trace.add((root ? "* " : "") + (selfSigned ? "# " : "") + record.subject); - } - - args.putStringArrayList("trace", trace); + args.putStringArrayList("trace", getTrace(pcerts, ks)); boolean valid = true; for (Certificate pcert : pcerts) @@ -5647,16 +5639,7 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences. } catch (Throwable ex) { Log.w(ex); args.putString("reason", ex.getMessage()); - - ArrayList trace = new ArrayList<>(); - for (X509Certificate c : certs) { - boolean[] usage = c.getKeyUsage(); - boolean root = (usage != null && usage[5]); - boolean selfSigned = c.getIssuerX500Principal().equals(c.getSubjectX500Principal()); - EntityCertificate record = EntityCertificate.from(c, null); - trace.add((root ? "* " : "") + (selfSigned ? "# " : "") + record.subject); - } - args.putStringArrayList("trace", trace); + args.putStringArrayList("trace", getTrace(certs, ks)); } result = cert; @@ -5963,6 +5946,26 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences. WorkerFts.init(context, false); } + private ArrayList getTrace(List certs, KeyStore ks) { + ArrayList trace = new ArrayList<>(); + for (Certificate c : certs) + try { + X509Certificate cert = (X509Certificate) c; + boolean[] usage = cert.getKeyUsage(); + boolean keyCertSign = (usage != null && usage[5]); + boolean selfSigned = cert.getIssuerX500Principal().equals(cert.getSubjectX500Principal()); + EntityCertificate record = EntityCertificate.from(cert, null); + trace.add(record.subject + + " (" + cert.getIssuerX500Principal() + ")" + + (keyCertSign ? " (keyCertSign)" : "") + + (selfSigned ? " (selfSigned)" : "") + + (ks != null && ks.getCertificateAlias(cert) != null ? " (Android)" : "")); + } catch (Throwable ex) { + Log.e(ex); + trace.add(ex.toString()); + } + return trace; + } }.execute(this, args, "decrypt:s/mime"); }