mirror of
https://github.com/moparisthebest/k-9
synced 2025-01-11 21:58:35 -05:00
Issue 3259: Show SubjectAltNames in acceptKeyDialog
This commit is contained in:
Marcus Wolschon
parent
59399506df
commit
6f4bef3530
@ -5,6 +5,7 @@ import android.app.Activity;
|
|||||||
import android.app.AlertDialog;
|
import android.app.AlertDialog;
|
||||||
import android.content.DialogInterface;
|
import android.content.DialogInterface;
|
||||||
import android.content.Intent;
|
import android.content.Intent;
|
||||||
|
import android.net.Uri;
|
||||||
import android.os.Bundle;
|
import android.os.Bundle;
|
||||||
import android.os.Handler;
|
import android.os.Handler;
|
||||||
import android.os.Process;
|
import android.os.Process;
|
||||||
@ -27,9 +28,12 @@ import com.fsck.k9.mail.filter.Hex;
|
|||||||
|
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
import java.security.cert.CertificateEncodingException;
|
import java.security.cert.CertificateEncodingException;
|
||||||
|
import java.security.cert.CertificateParsingException;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.MessageDigest;
|
import java.security.MessageDigest;
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Checks the given settings to make sure that they can be used to send and
|
* Checks the given settings to make sure that they can be used to send and
|
||||||
@ -249,8 +253,78 @@ public class AccountSetupCheckSettings extends K9Activity implements OnClickList
|
|||||||
}
|
}
|
||||||
for (int i = 0; i < chain.length; i++) {
|
for (int i = 0; i < chain.length; i++) {
|
||||||
// display certificate chain information
|
// display certificate chain information
|
||||||
|
//TODO: localize this strings
|
||||||
chainInfo.append("Certificate chain[" + i + "]:\n");
|
chainInfo.append("Certificate chain[" + i + "]:\n");
|
||||||
chainInfo.append("Subject: " + chain[i].getSubjectDN().toString() + "\n");
|
chainInfo.append("Subject: " + chain[i].getSubjectDN().toString() + "\n");
|
||||||
|
|
||||||
|
// display SubjectAltNames too
|
||||||
|
// (the user may be mislead into mistrusting a certificate
|
||||||
|
// by a subjectDN not matching the server even though a
|
||||||
|
// SubjectAltName matches)
|
||||||
|
try {
|
||||||
|
final Collection<List<?>> subjectAlternativeNames = chain[i].getSubjectAlternativeNames();
|
||||||
|
if (subjectAlternativeNames != null) {
|
||||||
|
// The list of SubjectAltNames may be very long
|
||||||
|
//TODO: localize this string
|
||||||
|
StringBuffer altNamesText = new StringBuffer("Subject has " + subjectAlternativeNames.size() + " alternative names\n");
|
||||||
|
|
||||||
|
// we need these for matching
|
||||||
|
String storeURIHost = (Uri.parse(mAccount.getStoreUri())).getHost();
|
||||||
|
String transportURIHost = (Uri.parse(mAccount.getTransportUri())).getHost();
|
||||||
|
|
||||||
|
for (List<?> subjectAlternativeName : subjectAlternativeNames) {
|
||||||
|
Integer type = (Integer)subjectAlternativeName.get(0);
|
||||||
|
Object value = subjectAlternativeName.get(1);
|
||||||
|
String name = "";
|
||||||
|
switch (type.intValue()) {
|
||||||
|
case 0:
|
||||||
|
Log.w(K9.LOG_TAG, "SubjectAltName of type OtherName not supported.");
|
||||||
|
continue;
|
||||||
|
case 1: // RFC822Name
|
||||||
|
name = (String)value;
|
||||||
|
break;
|
||||||
|
case 2: // DNSName
|
||||||
|
name = (String)value;
|
||||||
|
break;
|
||||||
|
case 3:
|
||||||
|
Log.w(K9.LOG_TAG, "unsupported SubjectAltName of type x400Address");
|
||||||
|
continue;
|
||||||
|
case 4:
|
||||||
|
Log.w(K9.LOG_TAG, "unsupported SubjectAltName of type directoryName");
|
||||||
|
continue;
|
||||||
|
case 5:
|
||||||
|
Log.w(K9.LOG_TAG, "unsupported SubjectAltName of type ediPartyName");
|
||||||
|
continue;
|
||||||
|
case 6: // Uri
|
||||||
|
name = (String)value;
|
||||||
|
break;
|
||||||
|
case 7: // ip-address
|
||||||
|
name = (String)value;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
Log.w(K9.LOG_TAG, "unsupported SubjectAltName of unknown type");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
// if some of the SubjectAltNames match the store or transport -host,
|
||||||
|
// display them
|
||||||
|
if (name.equalsIgnoreCase(storeURIHost) || name.equalsIgnoreCase(transportURIHost)) {
|
||||||
|
//TODO: localize this string
|
||||||
|
altNamesText.append("Subject(alt): " + name + ",...\n");
|
||||||
|
} else if (name.startsWith("*.")) {
|
||||||
|
if (storeURIHost.endsWith(name.substring(2)) || transportURIHost.endsWith(name.substring(2))) {
|
||||||
|
//TODO: localize this string
|
||||||
|
altNamesText.append("Subject(alt): " + name + ",...\n");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
chainInfo.append(altNamesText);
|
||||||
|
}
|
||||||
|
} catch (Exception e1) {
|
||||||
|
// don't fail just because of subjectAltNames
|
||||||
|
Log.w(K9.LOG_TAG, "cannot display SubjectAltNames in dialog", e1);
|
||||||
|
}
|
||||||
|
|
||||||
chainInfo.append("Issuer: " + chain[i].getIssuerDN().toString() + "\n");
|
chainInfo.append("Issuer: " + chain[i].getIssuerDN().toString() + "\n");
|
||||||
if (sha1 != null) {
|
if (sha1 != null) {
|
||||||
sha1.reset();
|
sha1.reset();
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user