From 531aad4504d82ba0c46eaebad4538c399a5e9984 Mon Sep 17 00:00:00 2001 From: M66B Date: Mon, 10 Feb 2020 09:16:19 +0100 Subject: [PATCH] Load client certificate by host name --- .../main/java/eu/faircode/email/EmailService.java | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/app/src/main/java/eu/faircode/email/EmailService.java b/app/src/main/java/eu/faircode/email/EmailService.java index 9747ed3efd..95b0d8ed2e 100644 --- a/app/src/main/java/eu/faircode/email/EmailService.java +++ b/app/src/main/java/eu/faircode/email/EmailService.java @@ -35,8 +35,10 @@ import java.net.Socket; import java.net.UnknownHostException; import java.security.GeneralSecurityException; import java.security.KeyStore; +import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.Principal; +import java.security.cert.Certificate; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateParsingException; @@ -646,12 +648,23 @@ public class EmailService implements AutoCloseable { KeyManager[] km = null; if (use_certificate) try { - KeyStore ks = KeyStore.getInstance("AndroidCAStore"); + Log.i("Client certificate init"); + KeyStore ca = KeyStore.getInstance("AndroidCAStore"); + ca.load(null, null); + + Certificate cert = ca.getCertificate(server); + if (cert == null) + throw new KeyStoreException("Certificate not found host=" + server); + + KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); + ks.setCertificateEntry(server, cert); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, null); km = kmf.getKeyManagers(); + + Log.i("Client certificate initialized"); } catch (Throwable ex) { Log.e(ex); }