Enabled Certificate transparency cache

pull/214/head
M66B 1 year ago
parent e570e8fb2d
commit 5f41c30502

@ -454,7 +454,9 @@ public class EmailService implements AutoCloseable {
boolean bc = prefs.getBoolean("bouncy_castle", false); boolean bc = prefs.getBoolean("bouncy_castle", false);
boolean fips = prefs.getBoolean("bc_fips", false); boolean fips = prefs.getBoolean("bc_fips", false);
factory = new SSLSocketFactoryService( factory = new SSLSocketFactoryService(
host, insecure, ssl_harden, strict, cert_strict, cert_transparency, check_names, bc, fips, key, chain, fingerprint); context, host, insecure,
ssl_harden, strict, cert_strict, cert_transparency, check_names,
bc, fips, key, chain, fingerprint);
properties.put("mail." + protocol + ".ssl.socketFactory", factory); properties.put("mail." + protocol + ".ssl.socketFactory", factory);
properties.put("mail." + protocol + ".socketFactory.fallback", "false"); properties.put("mail." + protocol + ".socketFactory.fallback", "false");
properties.put("mail." + protocol + ".ssl.checkserveridentity", "false"); properties.put("mail." + protocol + ".ssl.checkserveridentity", "false");
@ -1040,7 +1042,7 @@ public class EmailService implements AutoCloseable {
private SSLSocketFactory factory; private SSLSocketFactory factory;
private X509Certificate certificate; private X509Certificate certificate;
SSLSocketFactoryService(String host, boolean insecure, SSLSocketFactoryService(Context context, String host, boolean insecure,
boolean ssl_harden, boolean ssl_harden_strict, boolean cert_strict, boolean cert_transparency, boolean check_names, boolean ssl_harden, boolean ssl_harden_strict, boolean cert_strict, boolean cert_transparency, boolean check_names,
boolean bc, boolean fips, boolean bc, boolean fips,
PrivateKey key, X509Certificate[] chain, String fingerprint) throws GeneralSecurityException { PrivateKey key, X509Certificate[] chain, String fingerprint) throws GeneralSecurityException {
@ -1050,7 +1052,8 @@ public class EmailService implements AutoCloseable {
this.ssl_harden_strict = ssl_harden_strict; this.ssl_harden_strict = ssl_harden_strict;
this.trustedFingerprint = fingerprint; this.trustedFingerprint = fingerprint;
TrustManager[] tms = SSLHelper.getTrustManagers(server, secure, cert_strict, cert_transparency, check_names, trustedFingerprint, TrustManager[] tms = SSLHelper.getTrustManagers(
context, server, secure, cert_strict, cert_transparency, check_names, trustedFingerprint,
new SSLHelper.ITrust() { new SSLHelper.ITrust() {
@Override @Override
public void checkServerTrusted(X509Certificate[] chain) { public void checkServerTrusted(X509Certificate[] chain) {

@ -1,5 +1,6 @@
package eu.faircode.email; package eu.faircode.email;
import android.content.Context;
import android.text.TextUtils; import android.text.TextUtils;
import androidx.annotation.NonNull; import androidx.annotation.NonNull;
@ -7,6 +8,7 @@ import androidx.annotation.NonNull;
import com.appmattus.certificatetransparency.CTLogger; import com.appmattus.certificatetransparency.CTLogger;
import com.appmattus.certificatetransparency.CTTrustManagerBuilder; import com.appmattus.certificatetransparency.CTTrustManagerBuilder;
import com.appmattus.certificatetransparency.VerificationResult; import com.appmattus.certificatetransparency.VerificationResult;
import com.appmattus.certificatetransparency.cache.AndroidDiskCache;
import java.net.InetAddress; import java.net.InetAddress;
import java.net.UnknownHostException; import java.net.UnknownHostException;
@ -25,7 +27,7 @@ import javax.net.ssl.X509TrustManager;
public class SSLHelper { public class SSLHelper {
static TrustManager[] getTrustManagers( static TrustManager[] getTrustManagers(
String server, boolean secure, boolean cert_strict, boolean transparency, boolean check_names, String trustedFingerprint, ITrust intf) { Context context, String server, boolean secure, boolean cert_strict, boolean transparency, boolean check_names, String trustedFingerprint, ITrust intf) {
TrustManagerFactory tmf; TrustManagerFactory tmf;
try { try {
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
@ -55,7 +57,10 @@ public class SSLHelper {
}; };
final X509TrustManager rtm = (transparency final X509TrustManager rtm = (transparency
? new CTTrustManagerBuilder((X509TrustManager) tms[0]).setLogger(logger).build() ? new CTTrustManagerBuilder((X509TrustManager) tms[0])
.setDiskCache(new AndroidDiskCache(context))
.setLogger(logger)
.build()
: (X509TrustManager) tms[0]); : (X509TrustManager) tms[0]);
return new TrustManager[]{new X509TrustManager() { return new TrustManager[]{new X509TrustManager() {

Loading…
Cancel
Save