From 16b42b98b0783a9fe0c8d1850566be64b304191f Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Sat, 1 Feb 2020 10:55:13 +0100
Subject: [PATCH] Check for self signed certificates

---
 .../java/eu/faircode/email/FragmentMessages.java   | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/app/src/main/java/eu/faircode/email/FragmentMessages.java b/app/src/main/java/eu/faircode/email/FragmentMessages.java
index 594471a188..cbbc72fe97 100644
--- a/app/src/main/java/eu/faircode/email/FragmentMessages.java
+++ b/app/src/main/java/eu/faircode/email/FragmentMessages.java
@@ -4880,7 +4880,8 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences.
                                             for (X509Certificate c : certs) {
                                                 boolean[] usage = c.getKeyUsage();
                                                 boolean root = (usage != null && usage[5]);
-                                                if (root && ks.getCertificateAlias(c) == null) {
+                                                boolean selfSigned = c.getIssuerX500Principal().equals(c.getSubjectX500Principal());
+                                                if (root && !selfSigned && ks.getCertificateAlias(c) == null) {
                                                     boolean found = false;
                                                     String issuer = (c.getIssuerDN() == null ? "" : c.getIssuerDN().getName());
                                                     EntityCertificate record = EntityCertificate.from(c, true, issuer);
@@ -4928,10 +4929,12 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences.
                                         for (Certificate pcert : pcerts)
                                             if (pcert instanceof X509Certificate) {
                                                 // https://tools.ietf.org/html/rfc5280#section-4.2.1.3
-                                                boolean[] usage = ((X509Certificate) pcert).getKeyUsage();
+                                                X509Certificate c = (X509Certificate) pcert;
+                                                boolean[] usage = c.getKeyUsage();
                                                 boolean root = (usage != null && usage[5]);
-                                                EntityCertificate record = EntityCertificate.from((X509Certificate) pcert, null);
-                                                trace.add((root ? "* " : "") + record.subject);
+                                                boolean selfSigned = c.getIssuerX500Principal().equals(c.getSubjectX500Principal());
+                                                EntityCertificate record = EntityCertificate.from(c, null);
+                                                trace.add((root ? "* " : "") + (selfSigned ? "# " : "") + record.subject);
                                             }
 
                                         args.putStringArrayList("trace", trace);
@@ -4954,8 +4957,9 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences.
                                         for (X509Certificate c : certs) {
                                             boolean[] usage = c.getKeyUsage();
                                             boolean root = (usage != null && usage[5]);
+                                            boolean selfSigned = c.getIssuerX500Principal().equals(c.getSubjectX500Principal());
                                             EntityCertificate record = EntityCertificate.from(c, null);
-                                            trace.add(record.subject + (root ? " *" : ""));
+                                            trace.add((root ? "* " : "") + (selfSigned ? "# " : "") + record.subject);
                                         }
                                         args.putStringArrayList("trace", trace);
                                     }