msb-public
/
FairEmail
mirror of https://github.com/M66B/FairEmail.git
1
0
Code Issues Projects Releases Wiki Activity

Fixed client cert auth

Browse Source
pull/174/head
M66B 5 years ago
parent ceb2518924
commit b76460b567
1 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File

25
app/src/main/java/eu/faircode/email/EmailService.java
Unescape View File

@ -40,6 +40,7 @@ import java.security.GeneralSecurityException;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.Principal; import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException; import java.security.cert.CertificateParsingException;
@ -268,17 +269,19 @@ public class EmailService implements AutoCloseable {
String certificate, String fingerprint) throws MessagingException { String certificate, String fingerprint) throws MessagingException {
SSLSocketFactoryService factory = null; SSLSocketFactoryService factory = null;
try { try {
X509Certificate[] certs = null; PrivateKey key = null;
X509Certificate[] chain = null;
if (certificate != null) { if (certificate != null) {
Log.i("Get client certificate alias=" + certificate); Log.i("Get client certificate alias=" + certificate);
try { try {
certs = KeyChain.getCertificateChain(context, certificate); key = KeyChain.getPrivateKey(context, certificate);
chain = KeyChain.getCertificateChain(context, certificate);
} catch (Throwable ex) { } catch (Throwable ex) {
Log.w(ex); Log.w(ex);
} }
} }
factory = new SSLSocketFactoryService(host, insecure, harden, certs, fingerprint); factory = new SSLSocketFactoryService(host, insecure, harden, key, chain, fingerprint);
properties.put("mail." + protocol + ".ssl.socketFactory", factory); properties.put("mail." + protocol + ".ssl.socketFactory", factory);
properties.put("mail." + protocol + ".socketFactory.fallback", "false"); properties.put("mail." + protocol + ".socketFactory.fallback", "false");
properties.put("mail." + protocol + ".ssl.checkserveridentity", "false"); properties.put("mail." + protocol + ".ssl.checkserveridentity", "false");
@ -599,7 +602,7 @@ public class EmailService implements AutoCloseable {
private SSLSocketFactory factory; private SSLSocketFactory factory;
private X509Certificate certificate; private X509Certificate certificate;
SSLSocketFactoryService(String host, boolean insecure, boolean harden, X509Certificate[] certs, String fingerprint) throws GeneralSecurityException { SSLSocketFactoryService(String host, boolean insecure, boolean harden, PrivateKey key, X509Certificate[] chain, String fingerprint) throws GeneralSecurityException {
this.server = host; this.server = host;
this.secure = !insecure; this.secure = !insecure;
this.harden = harden; this.harden = harden;
@ -669,18 +672,16 @@ public class EmailService implements AutoCloseable {
}; };
KeyManager[] km = null; KeyManager[] km = null;
if (certs != null) if (key != null && chain != null)
try { try {
Log.i("Client certificate init certs=" + certs.length); Log.i("Client certificate init");
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(null, null); ks.load(null, new char[0]);
ks.setKeyEntry(server, key, new char[0], chain);
for (int i = 0; i < certs.length; i++)
ks.setCertificateEntry(server + ":" + i, certs[i]);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, null); kmf.init(ks, new char[0]);
km = kmf.getKeyManagers(); km = kmf.getKeyManagers();
Log.i("Client certificate initialized"); Log.i("Client certificate initialized");

Write Preview
Loading…
Cancel
Save