From 07e4eb9042e6ae7b6b4961d3afc0c96d4b833a6e Mon Sep 17 00:00:00 2001 From: cketti Date: Fri, 29 Nov 2013 11:39:04 +0100 Subject: [PATCH] Add test to make sure we don't check the wrong certificates Right now we happily accept every certificate in our local key store as long as the hostname matches the certificate DN. So this test fails. It's not a huge deal since the user accepted the certificate at one point. But we want to do this right. --- .../k9/mail/store/TrustManagerFactoryTest.java | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/src/com/fsck/k9/mail/store/TrustManagerFactoryTest.java b/tests/src/com/fsck/k9/mail/store/TrustManagerFactoryTest.java index b68c33328..ba2511bc2 100644 --- a/tests/src/com/fsck/k9/mail/store/TrustManagerFactoryTest.java +++ b/tests/src/com/fsck/k9/mail/store/TrustManagerFactoryTest.java @@ -115,6 +115,21 @@ public class TrustManagerFactoryTest extends AndroidTestCase { assertFalse("The certificate should have been rejected but wasn't", certificateValid); } + public void testCertificateOfOtherHost() throws Exception { + TrustManagerFactory.addCertificate(MATCHING_HOST, PORT1, mCert1); + TrustManagerFactory.addCertificate(MATCHING_HOST, PORT2, mCert2); + + X509TrustManager trustManager = TrustManagerFactory.get(MATCHING_HOST, PORT1, true); + boolean certificateValid; + try { + trustManager.checkServerTrusted(new X509Certificate[] { mCert2 }, "authType"); + certificateValid = true; + } catch (CertificateException e) { + certificateValid = false; + } + assertFalse("The certificate should have been rejected but wasn't", certificateValid); + } + private static class DummyApplication extends Application { private final Context mContext;