Identify certificates by fingerprint

5 years ago · a2bb26e086
parent d92777b692
commit a2bb26e086
5 changed files with 2021 additions and 18 deletions
--- a/app/schemas/eu.faircode.email.DB/118.json
+++ b/app/schemas/eu.faircode.email.DB/118.json
--- a/app/src/main/java/eu/faircode/email/DB.java
+++ b/app/src/main/java/eu/faircode/email/DB.java
@ -56,7 +56,7 @@ import io.requery.android.database.sqlite.RequerySQLiteOpenHelperFactory;
 // https://developer.android.com/topic/libraries/architecture/room.html

@Database(
-        version = 117,
+        version = 118,
        entities = {
                EntityIdentity.class,
                EntityAccount.class,
@ -1140,6 +1140,21 @@ public abstract class DB extends RoomDatabase {
                        db.execSQL("CREATE INDEX IF NOT EXISTS `index_certificate_email` ON `certificate` (`email`)");
                    }
                })
+                .addMigrations(new Migration(117, 118) {
+                    @Override
+                    public void migrate(@NonNull SupportSQLiteDatabase db) {
+                        Log.i("DB migration from version " + startVersion + " to " + endVersion);
+                        db.execSQL("DROP TABLE IF EXISTS `certificate`");
+                        db.execSQL("CREATE TABLE IF NOT EXISTS `certificate`" +
+                                " (`id` INTEGER PRIMARY KEY AUTOINCREMENT" +
+                                ", `fingerprint` TEXT NOT NULL" +
+                                ", `email` TEXT NOT NULL" +
+                                ", `subject` TEXT" +
+                                ", `data` TEXT NOT NULL)");
+                        db.execSQL("CREATE UNIQUE INDEX IF NOT EXISTS `index_certificate_fingerprint_email` ON `certificate` (`fingerprint`, `email`)");
+                        db.execSQL("CREATE INDEX IF NOT EXISTS `index_certificate_email` ON `certificate` (`email`)");
+                    }
+                })
                .build();
    }

--- a/app/src/main/java/eu/faircode/email/DaoCertificate.java
+++ b/app/src/main/java/eu/faircode/email/DaoCertificate.java
@ -29,12 +29,13 @@ import java.util.List;
@Dao
 public interface DaoCertificate {
    @Query("SELECT * FROM certificate" +
-            " ORDER BY subject DESC")
+            " ORDER BY email DESC")
    LiveData<List<EntityCertificate>> liveCertificates();

    @Query("SELECT * FROM certificate" +
-            " WHERE subject = :subject")
-    EntityCertificate getCertificateBySubject(String subject);
+            " WHERE fingerprint = :fingerprint" +
+            " AND email = :email")
+    EntityCertificate getCertificate(String fingerprint, String email);

    @Query("SELECT * FROM certificate" +
            " WHERE email = :email")
--- a/app/src/main/java/eu/faircode/email/EntityCertificate.java
+++ b/app/src/main/java/eu/faircode/email/EntityCertificate.java
@ -31,7 +31,7 @@ import java.util.Objects;
        foreignKeys = {
        },
        indices = {
-                @Index(value = {"subject"}, unique = true),
+                @Index(value = {"fingerprint", "email"}, unique = true),
                @Index(value = {"email"}),
        }
 )
@ -41,8 +41,10 @@ public class EntityCertificate {
    @PrimaryKey(autoGenerate = true)
    public Long id;
    @NonNull
-    public String subject;
+    public String fingerprint;
+    @NonNull
    public String email;
+    public String subject;
    @NonNull
    public String data;

@ -50,8 +52,9 @@ public class EntityCertificate {
    public boolean equals(Object obj) {
        if (obj instanceof EntityCertificate) {
            EntityCertificate other = (EntityCertificate) obj;
-            return (this.subject.equals(other.subject) &&
+            return (this.fingerprint.equals(other.fingerprint) &&
                    Objects.equals(this.email, other.email) &&
+                    Objects.equals(this.subject, other.subject) &&
                    this.data.equals(other.data));
        } else
            return false;
--- a/app/src/main/java/eu/faircode/email/FragmentMessages.java
+++ b/app/src/main/java/eu/faircode/email/FragmentMessages.java
@ -165,6 +165,7 @@ import javax.mail.FolderClosedException;
 import javax.mail.Session;
 import javax.mail.internet.InternetAddress;
 import javax.mail.internet.MimeMessage;
+import javax.security.auth.x500.X500Principal;

 import static android.app.Activity.RESULT_OK;
 import static android.os.Process.THREAD_PRIORITY_BACKGROUND;
@ -4388,20 +4389,21 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences.
                                    .getCertificate(certHolder);
                            try {
                                if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert))) {
-                                    String subject = cert.getSubjectDN().getName();
-                                    if (!TextUtils.isEmpty(subject) &&
-                                            message.from != null && message.from.length == 1) {
-                                        EntityCertificate c = db.certificate().getCertificateBySubject(subject);
-                                        if (c == null) {
-                                            c = new EntityCertificate();
-                                            c.subject = subject;
-                                            c.email = ((InternetAddress) message.from[0]).getAddress();
-                                            c.data = Base64.encodeToString(cert.getEncoded(), Base64.NO_WRAP);
-                                            c.id = db.certificate().insertCertificate(c);
+                                    if (message.from != null && message.from.length == 1) {
+                                        String fingerprint = Helper.sha256(cert.getEncoded());
+                                        String email = ((InternetAddress) message.from[0]).getAddress();
+                                        EntityCertificate record = db.certificate().getCertificate(fingerprint, email);
+                                        if (record == null) {
+                                            record = new EntityCertificate();
+                                            record.fingerprint = fingerprint;
+                                            record.email = email;
+                                            record.subject = cert.getSubjectX500Principal().getName(X500Principal.RFC2253);
+                                            record.data = Base64.encodeToString(cert.getEncoded(), Base64.NO_WRAP);
+                                            record.id = db.certificate().insertCertificate(record);
                                        }
                                    }

-                                    return subject;
+                                    return cert.getSubjectX500Principal().getName(X500Principal.RFC2253);
                                }
                            } catch (CMSVerifierCertificateNotValidException ex) {
                                Log.w(ex);