From 762edcd74014a1565797aa8c86079deb10abd9ee Mon Sep 17 00:00:00 2001 From: M66B Date: Sat, 14 Aug 2021 12:49:05 +0200 Subject: [PATCH] Quick setup: use similar host name from certificate --- .../eu/faircode/email/EntityCertificate.java | 26 +++++++++++++++++++ .../eu/faircode/email/FragmentQuickSetup.java | 12 +++++++-- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/app/src/main/java/eu/faircode/email/EntityCertificate.java b/app/src/main/java/eu/faircode/email/EntityCertificate.java index a684b230f7..820a8985ce 100644 --- a/app/src/main/java/eu/faircode/email/EntityCertificate.java +++ b/app/src/main/java/eu/faircode/email/EntityCertificate.java @@ -41,6 +41,7 @@ import org.json.JSONException; import org.json.JSONObject; import java.io.ByteArrayInputStream; +import java.net.InetAddress; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; @@ -216,6 +217,31 @@ public class EntityCertificate { return result; } + static String getSimilarDnsName(X509Certificate certificate, @NonNull String host) { + if (certificate == null) + return null; + + try { + InetAddress haddr = InetAddress.getByName(host); + List names = getDnsNames(certificate); + for (String _name : names) + try { + String name = (_name.startsWith("*.") ? _name.substring(2) : _name); + InetAddress naddr = InetAddress.getByName(name); + Log.i("host=" + host + " name=" + _name + "" + + " haddr=" + haddr + " naddr=" + naddr); + if (haddr.equals(naddr)) + return name; + } catch (Throwable ex) { + Log.w(ex); + } + } catch (Throwable ex) { + Log.w(ex); + } + + return null; + } + static boolean matches(String server, List names) { for (String name : names) if (matches(server, name)) { diff --git a/app/src/main/java/eu/faircode/email/FragmentQuickSetup.java b/app/src/main/java/eu/faircode/email/FragmentQuickSetup.java index e69b146889..bbd4ccc47b 100644 --- a/app/src/main/java/eu/faircode/email/FragmentQuickSetup.java +++ b/app/src/main/java/eu/faircode/email/FragmentQuickSetup.java @@ -309,7 +309,11 @@ public class FragmentQuickSetup extends FragmentBase { null, null); } catch (EmailService.UntrustedException ex) { imap_certificate = ex.getCertificate(); - imap_fingerprint = EntityCertificate.getKeyFingerprint(imap_certificate); + String similar = EntityCertificate.getSimilarDnsName(imap_certificate, provider.imap.host); + if (similar == null) + imap_fingerprint = EntityCertificate.getKeyFingerprint(imap_certificate); + else + provider.imap.host = similar; iservice.connect( provider.imap.host, provider.imap.port, AUTH_TYPE_PASSWORD, null, @@ -373,7 +377,11 @@ public class FragmentQuickSetup extends FragmentBase { null, null); } catch (EmailService.UntrustedException ex) { smtp_certificate = ex.getCertificate(); - smtp_fingerprint = EntityCertificate.getKeyFingerprint(smtp_certificate); + String similar = EntityCertificate.getSimilarDnsName(smtp_certificate, provider.smtp.host); + if (similar == null) + smtp_fingerprint = EntityCertificate.getKeyFingerprint(smtp_certificate); + else + provider.smtp.host = similar; iservice.connect( provider.smtp.host, provider.smtp.port, AUTH_TYPE_PASSWORD, null,