From 5f41c30502bbf5e2bf14cfee0fa0784026c97919 Mon Sep 17 00:00:00 2001 From: M66B Date: Sat, 30 Dec 2023 18:02:03 +0100 Subject: [PATCH] Enabled Certificate transparency cache --- app/src/main/java/eu/faircode/email/EmailService.java | 9 ++++++--- app/src/main/java/eu/faircode/email/SSLHelper.java | 9 +++++++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/app/src/main/java/eu/faircode/email/EmailService.java b/app/src/main/java/eu/faircode/email/EmailService.java index 0fcc419514..924238ff0d 100644 --- a/app/src/main/java/eu/faircode/email/EmailService.java +++ b/app/src/main/java/eu/faircode/email/EmailService.java @@ -454,7 +454,9 @@ public class EmailService implements AutoCloseable { boolean bc = prefs.getBoolean("bouncy_castle", false); boolean fips = prefs.getBoolean("bc_fips", false); factory = new SSLSocketFactoryService( - host, insecure, ssl_harden, strict, cert_strict, cert_transparency, check_names, bc, fips, key, chain, fingerprint); + context, host, insecure, + ssl_harden, strict, cert_strict, cert_transparency, check_names, + bc, fips, key, chain, fingerprint); properties.put("mail." + protocol + ".ssl.socketFactory", factory); properties.put("mail." + protocol + ".socketFactory.fallback", "false"); properties.put("mail." + protocol + ".ssl.checkserveridentity", "false"); @@ -1040,7 +1042,7 @@ public class EmailService implements AutoCloseable { private SSLSocketFactory factory; private X509Certificate certificate; - SSLSocketFactoryService(String host, boolean insecure, + SSLSocketFactoryService(Context context, String host, boolean insecure, boolean ssl_harden, boolean ssl_harden_strict, boolean cert_strict, boolean cert_transparency, boolean check_names, boolean bc, boolean fips, PrivateKey key, X509Certificate[] chain, String fingerprint) throws GeneralSecurityException { @@ -1050,7 +1052,8 @@ public class EmailService implements AutoCloseable { this.ssl_harden_strict = ssl_harden_strict; this.trustedFingerprint = fingerprint; - TrustManager[] tms = SSLHelper.getTrustManagers(server, secure, cert_strict, cert_transparency, check_names, trustedFingerprint, + TrustManager[] tms = SSLHelper.getTrustManagers( + context, server, secure, cert_strict, cert_transparency, check_names, trustedFingerprint, new SSLHelper.ITrust() { @Override public void checkServerTrusted(X509Certificate[] chain) { diff --git a/app/src/main/java/eu/faircode/email/SSLHelper.java b/app/src/main/java/eu/faircode/email/SSLHelper.java index 78b483b29d..4bfd7e80bd 100644 --- a/app/src/main/java/eu/faircode/email/SSLHelper.java +++ b/app/src/main/java/eu/faircode/email/SSLHelper.java @@ -1,5 +1,6 @@ package eu.faircode.email; +import android.content.Context; import android.text.TextUtils; import androidx.annotation.NonNull; @@ -7,6 +8,7 @@ import androidx.annotation.NonNull; import com.appmattus.certificatetransparency.CTLogger; import com.appmattus.certificatetransparency.CTTrustManagerBuilder; import com.appmattus.certificatetransparency.VerificationResult; +import com.appmattus.certificatetransparency.cache.AndroidDiskCache; import java.net.InetAddress; import java.net.UnknownHostException; @@ -25,7 +27,7 @@ import javax.net.ssl.X509TrustManager; public class SSLHelper { static TrustManager[] getTrustManagers( - String server, boolean secure, boolean cert_strict, boolean transparency, boolean check_names, String trustedFingerprint, ITrust intf) { + Context context, String server, boolean secure, boolean cert_strict, boolean transparency, boolean check_names, String trustedFingerprint, ITrust intf) { TrustManagerFactory tmf; try { tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); @@ -55,7 +57,10 @@ public class SSLHelper { }; final X509TrustManager rtm = (transparency - ? new CTTrustManagerBuilder((X509TrustManager) tms[0]).setLogger(logger).build() + ? new CTTrustManagerBuilder((X509TrustManager) tms[0]) + .setDiskCache(new AndroidDiskCache(context)) + .setLogger(logger) + .build() : (X509TrustManager) tms[0]); return new TrustManager[]{new X509TrustManager() {