S/MIME: check if private and public key match

pull/215/head
M66B 6 months ago
parent a0fa0b487c
commit 1989631d1e

@ -4553,6 +4553,8 @@ public class FragmentCompose extends FragmentBase {
if (acertificates != null) if (acertificates != null)
for (EntityCertificate acertificate : acertificates) { for (EntityCertificate acertificate : acertificates) {
X509Certificate cert = acertificate.getCertificate(); X509Certificate cert = acertificate.getCertificate();
if (!SmimeHelper.match(privkey, cert))
continue;
try { try {
cert.checkValidity(); cert.checkValidity();
certs.add(cert); certs.add(cert);
@ -4575,7 +4577,7 @@ public class FragmentCompose extends FragmentBase {
} }
// Allow sender to decrypt own message // Allow sender to decrypt own message
if (own) if (own && SmimeHelper.match(privkey, chain[0]))
certs.add(chain[0]); certs.add(chain[0]);
// Build signature // Build signature

@ -21,7 +21,11 @@ package eu.faircode.email;
import android.content.Context; import android.content.Context;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.List; import java.util.List;
import java.util.Objects;
import javax.mail.Address; import javax.mail.Address;
import javax.mail.internet.InternetAddress; import javax.mail.internet.InternetAddress;
@ -42,4 +46,13 @@ public class SmimeHelper {
return (all ? count == recipients.size() : count > 0); return (all ? count == recipients.size() : count > 0);
} }
static boolean match(PrivateKey privkey, X509Certificate cert) {
if (privkey == null || cert == null)
return false;
PublicKey pubkey = cert.getPublicKey();
if (pubkey == null)
return false;
return Objects.equals(privkey.getAlgorithm(), pubkey.getAlgorithm());
}
} }

Loading…
Cancel
Save