moparisthebest
/
k-9
mirror of https://github.com/moparisthebest/k-9
1
0
Fork 0
Code Issues Releases Wiki Activity

Issue 3259: Show SubjectAltNames in acceptKeyDialog

This commit is contained in:
Marcus Wolschon 2011-04-19 10:46:17 +02:00
parent 59399506df
commit 6f4bef3530
1 changed files with 74 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
src/com/fsck/k9/activity/setup/AccountSetupCheckSettings.java
View File

@ -5,6 +5,7 @@ import android.app.Activity;
import android.app.AlertDialog;
import android.content.DialogInterface;
import android.content.Intent;
import android.net.Uri;
import android.os.Bundle;
import android.os.Handler;
import android.os.Process;
@ -27,9 +28,12 @@ import com.fsck.k9.mail.filter.Hex;
import java.security.cert.CertificateException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.NoSuchAlgorithmException;
import java.security.MessageDigest;
import java.util.Collection;
import java.util.List;
/**
* Checks the given settings to make sure that they can be used to send and
@ -249,8 +253,78 @@ public class AccountSetupCheckSettings extends K9Activity implements OnClickList
}
for (int i = 0; i < chain.length; i++) {
// display certificate chain information
//TODO: localize this strings
chainInfo.append("Certificate chain[" + i + "]:\n");
chainInfo.append("Subject: " + chain[i].getSubjectDN().toString() + "\n");
// display SubjectAltNames too
// (the user may be mislead into mistrusting a certificate
// by a subjectDN not matching the server even though a
// SubjectAltName matches)
try {
final Collection<List<?>> subjectAlternativeNames = chain[i].getSubjectAlternativeNames();
if (subjectAlternativeNames != null) {
// The list of SubjectAltNames may be very long
//TODO: localize this string
StringBuffer altNamesText = new StringBuffer("Subject has " + subjectAlternativeNames.size() + " alternative names\n");
// we need these for matching
String storeURIHost = (Uri.parse(mAccount.getStoreUri())).getHost();
String transportURIHost = (Uri.parse(mAccount.getTransportUri())).getHost();
for (List<?> subjectAlternativeName : subjectAlternativeNames) {
Integer type = (Integer)subjectAlternativeName.get(0);
Object value = subjectAlternativeName.get(1);
String name = "";
switch (type.intValue()) {
case 0:
Log.w(K9.LOG_TAG, "SubjectAltName of type OtherName not supported.");
continue;
case 1: // RFC822Name
name = (String)value;
break;
case 2: // DNSName
name = (String)value;
break;
case 3:
Log.w(K9.LOG_TAG, "unsupported SubjectAltName of type x400Address");
continue;
case 4:
Log.w(K9.LOG_TAG, "unsupported SubjectAltName of type directoryName");
continue;
case 5:
Log.w(K9.LOG_TAG, "unsupported SubjectAltName of type ediPartyName");
continue;
case 6: // Uri
name = (String)value;
break;
case 7: // ip-address
name = (String)value;
break;
default:
Log.w(K9.LOG_TAG, "unsupported SubjectAltName of unknown type");
continue;
}
// if some of the SubjectAltNames match the store or transport -host,
// display them
if (name.equalsIgnoreCase(storeURIHost) || name.equalsIgnoreCase(transportURIHost)) {
//TODO: localize this string
altNamesText.append("Subject(alt): " + name + ",...\n");
} else if (name.startsWith("*.")) {
if (storeURIHost.endsWith(name.substring(2)) || transportURIHost.endsWith(name.substring(2))) {
//TODO: localize this string
altNamesText.append("Subject(alt): " + name + ",...\n");
}
}
}
chainInfo.append(altNamesText);
}
} catch (Exception e1) {
// don't fail just because of subjectAltNames
Log.w(K9.LOG_TAG, "cannot display SubjectAltNames in dialog", e1);
}
chainInfo.append("Issuer: " + chain[i].getIssuerDN().toString() + "\n");
if (sha1 != null) {
sha1.reset();