diff --git a/app/build.gradle b/app/build.gradle index 61305a5a5a..7ec27da30e 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -465,7 +465,7 @@ tasks.register('downloadBrave') { tasks.register('downloadSmime', Download) { // https://wiki.mozilla.org/CA/Included_Certificates src "https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Email" - dest new File(new File("${rootDir}", "app/src/main/assets"), "IncludedRootsPEM.txt") + dest new File(new File("${rootDir}", "app/src/main/assets/smime"), "MozillaCA.pem") overwrite true } diff --git a/app/src/main/assets/IncludedRootsPEM.txt b/app/src/main/assets/smime/MozillaCA.pem similarity index 100% rename from app/src/main/assets/IncludedRootsPEM.txt rename to app/src/main/assets/smime/MozillaCA.pem diff --git a/app/src/main/assets/smime/VV-Root-G02-CA.pem b/app/src/main/assets/smime/VV-Root-G02-CA.pem new file mode 100644 index 0000000000..a37fc773cc --- /dev/null +++ b/app/src/main/assets/smime/VV-Root-G02-CA.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFiTCCA3GgAwIBAgIIe9lHbBKMQ9UwDQYJKoZIhvcNAQELBQAwUjELMAkGA1UE +BhMCREUxFzAVBgNVBAoMDkZyYXVuaG9mZXIgU0lUMSowKAYDVQQDDCFWb2xrc3Zl +cnNjaGx1ZXNzZWx1bmcgUm9vdCBDQSBHMDIwHhcNMjAwNTI2MTMyMDU2WhcNMzYw +NTI1MTMyMDU2WjBSMQswCQYDVQQGEwJERTEXMBUGA1UECgwORnJhdW5ob2ZlciBT +SVQxKjAoBgNVBAMMIVZvbGtzdmVyc2NobHVlc3NlbHVuZyBSb290IENBIEcwMjCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKt0mEXaYLqSs+r7K/4kFJ8d +yxd8Y1gfPgCnYpbd0lJ2pJ/nw1fF2ggiG3cQowZIjFo0MaHEyHqYTBd5dU070cCy +6+4w6FDKHqT1fsqrZNc8McE3NZ3vl8U6sSsSEGXDLnFw4Pof1pTk3n8EKEbuQIcO +g4NMLTwxiWKavyt4OucN0nTnjP4Narn1+e0lFzOYnYI7ZsBG2v3doz2hid+EukhO +DeAxv4ni17FwnLcfPkmfC5RiRmgWd3DjjyhVnC292NE88vtCA1lxDL7CcN43gwJo +ZJFAwirouY0fXnzGoeAdSakwHlWvaIPrzB5Jwa4kfMhbf+zW86ohec7FCngS/fzv +xImII5SexmEyYfDdhY6a6dWZ4b30ePa+M/D2fBWFYYPMnqfgcrUiFhjUZz9YfNR2 +J8qT4HVX3cS6RtrVLS76MgctRGyHrIdwfTJPVhpf2unG8t8KW1fdTgM9dItgZ9Kt +b/bWyxYE9ZNSnUuT2SGGvZ5sHYULtEHOEtivp2Mjs9exoc5zYPj7B3gdYdk18RBP +zHeRxnmN4ltnhZI3IV8Oszvagv3tP8XrKQWqSKHlpHVPD7ezRtcYtHav1AxXHfJo +2pyE38go6fUQY4bvXNDQzn+ArXC+UgHoP6BI6sQgqbzymsrWXf/WnIVDSia6596f +6LsNFMYKM0XrhbxgM82lAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j +BBgwFoAUPnwBB805qJCxODW0j7v1rBeEocAwHQYDVR0OBBYEFD58AQfNOaiQsTg1 +tI+79awXhKHAMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAMDbg +rGvveGGoj2kaVxXVs2UP1Q6XOHSHIDwrjHWLRBP21n4gpUatWCBejQN5azsZivny +cajEBGHTiN4zmmyfF+zHZZVYaokkVPUPDt2/2ArEFd2ZdvI5NMQ7Ib9m+dv6sgEY +6ik8F8QnXWLtcd7vaMJenq40CQPF/Gms4YkBBA0SNF8Hh7VMNPkLaO6Vg9bwKs1b +8NL70iJgho02tgVYV0j3UnS4ZtvYzGM7MCoPHmOouibxgPdP1H6MzHpFJef2nK5c +11spaPBB9ru1dXBHrcioV08Bn900hFQ8znXYMTW0zGsBINxnVdaVotO2m8zo0Y8o +yiLRLMDfLpRosOAmIF+7s7Ou+Xmfo/p45EqCd4IE5la9dc1V9i2jKZjFWJgQjbaw +u/uH7p7/wrYyM16hHzXlOyCUXabH2x5uyRTNK7IPCdFHaZGIxlp7oaEDZi+MHVCH +nxFVRF9wU0Cz4yzcfvLGrL0VZrDa2Px73Q5g9Llt5igCEW+/zOFh8i/6H8zukZEP +NAeP2mbDKPnQeT5uR5uBspBYnYFSNdVYwlIpsOtouN4PINKMODEa1yKH9UFDLXs3 +kkIeCNtethq77GA/TrzxeCa8q9qLZzQ3ezmRn9iZ5zOCqUzn5kg0MPt6YovFFucd +hmC13xdtiLP4hfG0tBQnT8O0GFGaRXwEwF6qe9w= +-----END CERTIFICATE----- diff --git a/app/src/main/java/eu/faircode/email/SmimeHelper.java b/app/src/main/java/eu/faircode/email/SmimeHelper.java index 8b993a6afe..5d1eca91e9 100644 --- a/app/src/main/java/eu/faircode/email/SmimeHelper.java +++ b/app/src/main/java/eu/faircode/email/SmimeHelper.java @@ -45,8 +45,6 @@ import javax.mail.Address; import javax.mail.internet.InternetAddress; public class SmimeHelper { - private static final String CA_LIST_NAME = "IncludedRootsPEM.txt"; - static boolean hasSmimeKey(Context context, List
recipients, boolean all) { if (recipients == null || recipients.size() == 0) return false; @@ -74,21 +72,29 @@ public class SmimeHelper { private static List readCACertificates(Context context) throws CertificateException, IOException { List result = new ArrayList<>(); - Log.i("Reading " + CA_LIST_NAME); + CertificateFactory fact = CertificateFactory.getInstance("X.509"); - try (InputStream is = context.getAssets().open(CA_LIST_NAME)) { - try (PemReader reader = new PemReader(new InputStreamReader(is))) { - PemObject pem = reader.readPemObject(); - while (pem != null) { - ByteArrayInputStream bis = new ByteArrayInputStream(pem.getContent()); - X509Certificate cert = (X509Certificate) fact.generateCertificate(bis); - Log.i("S/MIME cert=" + cert.getSubjectDN().getName()); - result.add(cert); - pem = reader.readPemObject(); + for (String name : context.getAssets().list("smime")) + if (name.endsWith(".pem")) { + Log.i("S/MIME reading=" + name); + int count = 0; + try (InputStream is = context.getAssets().open("smime/" + name)) { + try (PemReader reader = new PemReader(new InputStreamReader(is))) { + PemObject pem = reader.readPemObject(); + while (pem != null) { + count++; + ByteArrayInputStream bis = new ByteArrayInputStream(pem.getContent()); + X509Certificate cert = (X509Certificate) fact.generateCertificate(bis); + //Log.i("S/MIME cert=" + cert.getSubjectDN().getName()); + result.add(cert); + pem = reader.readPemObject(); + } + } } + Log.i("S/MIME certs=" + count); } - } - Log.i("S/MIME root certs=" + result.size()); + + Log.i("S/MIME total certs=" + result.size()); return result; } @@ -108,7 +114,7 @@ public class SmimeHelper { int idx = 1; for (X509Certificate ca : SmimeHelper.readCACertificates(context)) { - String alias = "Mozilla:" + idx++ + ":" + ca.getSubjectDN().getName(); + String alias = "asset:" + idx++ + ":" + ca.getSubjectDN().getName(); ks.setCertificateEntry(alias, ca); }