Identify certificates by fingerprint

pull/168/head
M66B 5 years ago
parent d92777b692
commit a2bb26e086

File diff suppressed because it is too large Load Diff

@ -56,7 +56,7 @@ import io.requery.android.database.sqlite.RequerySQLiteOpenHelperFactory;
// https://developer.android.com/topic/libraries/architecture/room.html
@Database(
version = 117,
version = 118,
entities = {
EntityIdentity.class,
EntityAccount.class,
@ -1140,6 +1140,21 @@ public abstract class DB extends RoomDatabase {
db.execSQL("CREATE INDEX IF NOT EXISTS `index_certificate_email` ON `certificate` (`email`)");
}
})
.addMigrations(new Migration(117, 118) {
@Override
public void migrate(@NonNull SupportSQLiteDatabase db) {
Log.i("DB migration from version " + startVersion + " to " + endVersion);
db.execSQL("DROP TABLE IF EXISTS `certificate`");
db.execSQL("CREATE TABLE IF NOT EXISTS `certificate`" +
" (`id` INTEGER PRIMARY KEY AUTOINCREMENT" +
", `fingerprint` TEXT NOT NULL" +
", `email` TEXT NOT NULL" +
", `subject` TEXT" +
", `data` TEXT NOT NULL)");
db.execSQL("CREATE UNIQUE INDEX IF NOT EXISTS `index_certificate_fingerprint_email` ON `certificate` (`fingerprint`, `email`)");
db.execSQL("CREATE INDEX IF NOT EXISTS `index_certificate_email` ON `certificate` (`email`)");
}
})
.build();
}

@ -29,12 +29,13 @@ import java.util.List;
@Dao
public interface DaoCertificate {
@Query("SELECT * FROM certificate" +
" ORDER BY subject DESC")
" ORDER BY email DESC")
LiveData<List<EntityCertificate>> liveCertificates();
@Query("SELECT * FROM certificate" +
" WHERE subject = :subject")
EntityCertificate getCertificateBySubject(String subject);
" WHERE fingerprint = :fingerprint" +
" AND email = :email")
EntityCertificate getCertificate(String fingerprint, String email);
@Query("SELECT * FROM certificate" +
" WHERE email = :email")

@ -31,7 +31,7 @@ import java.util.Objects;
foreignKeys = {
},
indices = {
@Index(value = {"subject"}, unique = true),
@Index(value = {"fingerprint", "email"}, unique = true),
@Index(value = {"email"}),
}
)
@ -41,8 +41,10 @@ public class EntityCertificate {
@PrimaryKey(autoGenerate = true)
public Long id;
@NonNull
public String subject;
public String fingerprint;
@NonNull
public String email;
public String subject;
@NonNull
public String data;
@ -50,8 +52,9 @@ public class EntityCertificate {
public boolean equals(Object obj) {
if (obj instanceof EntityCertificate) {
EntityCertificate other = (EntityCertificate) obj;
return (this.subject.equals(other.subject) &&
return (this.fingerprint.equals(other.fingerprint) &&
Objects.equals(this.email, other.email) &&
Objects.equals(this.subject, other.subject) &&
this.data.equals(other.data));
} else
return false;

@ -165,6 +165,7 @@ import javax.mail.FolderClosedException;
import javax.mail.Session;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
import javax.security.auth.x500.X500Principal;
import static android.app.Activity.RESULT_OK;
import static android.os.Process.THREAD_PRIORITY_BACKGROUND;
@ -4388,20 +4389,21 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences.
.getCertificate(certHolder);
try {
if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert))) {
String subject = cert.getSubjectDN().getName();
if (!TextUtils.isEmpty(subject) &&
message.from != null && message.from.length == 1) {
EntityCertificate c = db.certificate().getCertificateBySubject(subject);
if (c == null) {
c = new EntityCertificate();
c.subject = subject;
c.email = ((InternetAddress) message.from[0]).getAddress();
c.data = Base64.encodeToString(cert.getEncoded(), Base64.NO_WRAP);
c.id = db.certificate().insertCertificate(c);
if (message.from != null && message.from.length == 1) {
String fingerprint = Helper.sha256(cert.getEncoded());
String email = ((InternetAddress) message.from[0]).getAddress();
EntityCertificate record = db.certificate().getCertificate(fingerprint, email);
if (record == null) {
record = new EntityCertificate();
record.fingerprint = fingerprint;
record.email = email;
record.subject = cert.getSubjectX500Principal().getName(X500Principal.RFC2253);
record.data = Base64.encodeToString(cert.getEncoded(), Base64.NO_WRAP);
record.id = db.certificate().insertCertificate(record);
}
}
return subject;
return cert.getSubjectX500Principal().getName(X500Principal.RFC2253);
}
} catch (CMSVerifierCertificateNotValidException ex) {
Log.w(ex);

Loading…
Cancel
Save