diff options
author | Hoa V. DINH <dinh.viet.hoa@gmail.com> | 2013-07-26 00:32:06 -0700 |
---|---|---|
committer | Hoa V. DINH <dinh.viet.hoa@gmail.com> | 2013-07-26 00:32:31 -0700 |
commit | 3cb43058be809bd2d45fdb52bc8049800e982c24 (patch) | |
tree | d8b9b6dfb188e677d75523b6baf1514d6d7df28a | |
parent | c559c8834773c4d6d78cb0cccc968d2a3477f67a (diff) |
Check certificate is implemented for Mac/iOS (Fixed #152)
-rw-r--r-- | build-mac/mailcore2.xcodeproj/project.pbxproj | 16 | ||||
-rw-r--r-- | src/core/imap/MCIMAPSession.cc | 5 | ||||
-rw-r--r-- | src/core/pop/MCPOPSession.cc | 4 | ||||
-rw-r--r-- | src/core/security/MCCertificateUtils.cc | 66 | ||||
-rw-r--r-- | src/core/security/MCCertificateUtils.h | 21 | ||||
-rw-r--r-- | src/core/smtp/MCSMTPSession.cc | 4 |
6 files changed, 109 insertions, 7 deletions
diff --git a/build-mac/mailcore2.xcodeproj/project.pbxproj b/build-mac/mailcore2.xcodeproj/project.pbxproj index 4ddf4bcc..e127f4f2 100644 --- a/build-mac/mailcore2.xcodeproj/project.pbxproj +++ b/build-mac/mailcore2.xcodeproj/project.pbxproj @@ -684,6 +684,8 @@ C6F61FB21702886B0073032E /* MCORFC822.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = C64BB26B16FD4C3B000DB34C /* MCORFC822.h */; }; C6F61FB51702AB340073032E /* MCOIMAPBaseOperation.mm in Sources */ = {isa = PBXBuildFile; fileRef = C6F61FB41702AB2F0073032E /* MCOIMAPBaseOperation.mm */; }; C6F61FB61702B5290073032E /* MCOIMAPBaseOperation.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = C6F61FB31702AB2A0073032E /* MCOIMAPBaseOperation.h */; }; + C6F7B19F17A1C15200BE78BB /* MCCertificateUtils.cc in Sources */ = {isa = PBXBuildFile; fileRef = C6F7B19D17A1C15200BE78BB /* MCCertificateUtils.cc */; }; + C6F7B1A017A1C15200BE78BB /* MCCertificateUtils.cc in Sources */ = {isa = PBXBuildFile; fileRef = C6F7B19D17A1C15200BE78BB /* MCCertificateUtils.cc */; }; DA0F1C7B177C07B300F0D3B4 /* MCIMAPMessageRenderingOperation.cc in Sources */ = {isa = PBXBuildFile; fileRef = DA0F1C79177C07B300F0D3B4 /* MCIMAPMessageRenderingOperation.cc */; }; DA0F1C7C177C07B300F0D3B4 /* MCIMAPMessageRenderingOperation.cc in Sources */ = {isa = PBXBuildFile; fileRef = DA0F1C79177C07B300F0D3B4 /* MCIMAPMessageRenderingOperation.cc */; }; DA89896D178A47D200F6D90A /* MCOIMAPMessageRenderingOperation.mm in Sources */ = {isa = PBXBuildFile; fileRef = DA89896C178A47D200F6D90A /* MCOIMAPMessageRenderingOperation.mm */; }; @@ -1484,6 +1486,8 @@ C6F61F9E17016EA00073032E /* MCOIMAPFolderInfo.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MCOIMAPFolderInfo.m; sourceTree = "<group>"; }; C6F61FB31702AB2A0073032E /* MCOIMAPBaseOperation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MCOIMAPBaseOperation.h; sourceTree = "<group>"; }; C6F61FB41702AB2F0073032E /* MCOIMAPBaseOperation.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = MCOIMAPBaseOperation.mm; sourceTree = "<group>"; }; + C6F7B19D17A1C15200BE78BB /* MCCertificateUtils.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MCCertificateUtils.cc; sourceTree = "<group>"; }; + C6F7B19E17A1C15200BE78BB /* MCCertificateUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MCCertificateUtils.h; sourceTree = "<group>"; }; DA0F1C79177C07B300F0D3B4 /* MCIMAPMessageRenderingOperation.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MCIMAPMessageRenderingOperation.cc; sourceTree = "<group>"; }; DA0F1C7A177C07B300F0D3B4 /* MCIMAPMessageRenderingOperation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MCIMAPMessageRenderingOperation.h; sourceTree = "<group>"; }; DA89896B178A47D200F6D90A /* MCOIMAPMessageRenderingOperation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MCOIMAPMessageRenderingOperation.h; sourceTree = "<group>"; }; @@ -1797,6 +1801,7 @@ C64EA691169E847800778456 /* core */ = { isa = PBXGroup; children = ( + C6F7B19C17A1C11F00BE78BB /* security */, C6E665A91796500B0063F2CF /* zip */, C64EA692169E847800778456 /* abstract */, C64EA6A1169E847800778456 /* basetypes */, @@ -2137,6 +2142,15 @@ path = smtp; sourceTree = "<group>"; }; + C6F7B19C17A1C11F00BE78BB /* security */ = { + isa = PBXGroup; + children = ( + C6F7B19D17A1C15200BE78BB /* MCCertificateUtils.cc */, + C6F7B19E17A1C15200BE78BB /* MCCertificateUtils.h */, + ); + path = security; + sourceTree = "<group>"; + }; F8EA941316BAED500011AC6F /* imap */ = { isa = PBXGroup; children = ( @@ -2445,6 +2459,7 @@ C64EA744169E847800778456 /* MCMultipart.cc in Sources */, C64EA781169E89F600778456 /* MCSMTPSession.cc in Sources */, C64EA784169F24E400778456 /* MCSMTPAsyncSession.cc in Sources */, + C6F7B19F17A1C15200BE78BB /* MCCertificateUtils.cc in Sources */, C64EA79E169F29A700778456 /* MCSMTPSendWithDataOperation.cc in Sources */, C64EA7DA16A1386600778456 /* MCSMTPOperation.cc in Sources */, C64EA7EA16A154B300778456 /* MCSMTPCheckAccountOperation.cc in Sources */, @@ -2634,6 +2649,7 @@ C6BA2BBD1705F4E6003F0E9E /* MCMultipart.cc in Sources */, C6BA2BBE1705F4E6003F0E9E /* MCSMTPSession.cc in Sources */, C6BA2BBF1705F4E6003F0E9E /* MCSMTPAsyncSession.cc in Sources */, + C6F7B1A017A1C15200BE78BB /* MCCertificateUtils.cc in Sources */, C6BA2BC01705F4E6003F0E9E /* MCSMTPSendWithDataOperation.cc in Sources */, C6BA2BC11705F4E6003F0E9E /* MCSMTPOperation.cc in Sources */, C6BA2BC21705F4E6003F0E9E /* MCSMTPCheckAccountOperation.cc in Sources */, diff --git a/src/core/imap/MCIMAPSession.cc b/src/core/imap/MCIMAPSession.cc index 35c5e7bd..e2fb4e1d 100644 --- a/src/core/imap/MCIMAPSession.cc +++ b/src/core/imap/MCIMAPSession.cc @@ -21,6 +21,7 @@ #include "MCUtils.h" #include "MCHTMLRendererIMAPDataCallback.h" #include "MCHTMLBodyRendererTemplateCallback.h" +#include "MCCertificateUtils.h" using namespace mailcore; @@ -468,7 +469,6 @@ bool IMAPSession::isVoIPEnabled() return mVoIPEnabled; } - void IMAPSession::setDelimiter(char delimiter) { mDelimiter = delimiter; @@ -487,8 +487,7 @@ static bool hasError(int errorCode) bool IMAPSession::checkCertificate() { - //TODO check certificate - return true; + return mailcore::checkCertificate(mImap->imap_stream, hostname()); } void IMAPSession::body_progress(size_t current, size_t maximum, void * context) diff --git a/src/core/pop/MCPOPSession.cc b/src/core/pop/MCPOPSession.cc index 42a8d585..393ec516 100644 --- a/src/core/pop/MCPOPSession.cc +++ b/src/core/pop/MCPOPSession.cc @@ -7,6 +7,7 @@ #include "MCPOPProgressCallback.h" #include "MCMessageHeader.h" #include "MCConnectionLoggerUtils.h" +#include "MCCertificateUtils.h" using namespace mailcore; @@ -129,8 +130,7 @@ bool POPSession::isCheckCertificateEnabled() bool POPSession::checkCertificate() { - //TODO check certificate - return true; + return mailcore::checkCertificate(mPop->pop3_stream, hostname()); } void POPSession::bodyProgress(unsigned int current, unsigned int maximum) diff --git a/src/core/security/MCCertificateUtils.cc b/src/core/security/MCCertificateUtils.cc new file mode 100644 index 00000000..f8f25f70 --- /dev/null +++ b/src/core/security/MCCertificateUtils.cc @@ -0,0 +1,66 @@ +// +// MCCertificateUtils.cc +// mailcore2 +// +// Created by DINH Viêt Hoà on 7/25/13. +// Copyright (c) 2013 MailCore. All rights reserved. +// + +#include "MCCertificateUtils.h" + +#if __APPLE__ +#include <CoreFoundation/CoreFoundation.h> +#include <Security/Security.h> +#endif + +#include "MCLog.h" + +bool mailcore::checkCertificate(mailstream * stream, String * hostname) +{ +#if __APPLE__ + bool result = false; + CFStringRef hostnameCFString = CFStringCreateWithCharacters(NULL, (const UniChar *) hostname->unicodeCharacters(), + hostname->length()); + SecPolicyRef policy = SecPolicyCreateSSL(true, hostnameCFString); + + CFMutableArrayRef certificates; + SecTrustRef trust; + certificates = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + + carray * cCerts = mailstream_get_certificate_chain(stream); + for(unsigned int i = 0 ; i < carray_count(cCerts) ; i ++) { + MMAPString * str; + str = (MMAPString *) carray_get(cCerts, i); + CFDataRef data = CFDataCreate(NULL, (const UInt8 *) str->str, (CFIndex) str->len); + SecCertificateRef cert = SecCertificateCreateWithData(NULL, data); + CFArrayAppendValue(certificates, cert); + CFRelease(data); + + OSStatus status = SecTrustCreateWithCertificates(certificates, policy, &trust); + SecTrustResultType trustResult; + status = SecTrustEvaluate(trust, &trustResult); + switch (trustResult) { + case kSecTrustResultUnspecified: + case kSecTrustResultProceed: + // certificate chain is ok + result = true; + break; + + default: + // certificate chain is invalid + break; + } + } + + CFRelease(trust); + CFRelease(certificates); + CFRelease(policy); + CFRelease(hostnameCFString); + + return result; +#else + //TODO check certificate + // for other platforms too. + return true; +#endif +} diff --git a/src/core/security/MCCertificateUtils.h b/src/core/security/MCCertificateUtils.h new file mode 100644 index 00000000..0fcd9749 --- /dev/null +++ b/src/core/security/MCCertificateUtils.h @@ -0,0 +1,21 @@ +// +// MCCertificateUtils.h +// mailcore2 +// +// Created by DINH Viêt Hoà on 7/25/13. +// Copyright (c) 2013 MailCore. All rights reserved. +// + +#ifndef __MAILCORE_MCCERTIFICATEUTILS_H_ +#define __MAILCORE_MCCERTIFICATEUTILS_H_ + +#include <libetpan/libetpan.h> +#include <MailCore/MCString.h> + +namespace mailcore { + + bool checkCertificate(mailstream * stream, String * hostname); + +} + +#endif diff --git a/src/core/smtp/MCSMTPSession.cc b/src/core/smtp/MCSMTPSession.cc index cc2555f4..4677e2d6 100644 --- a/src/core/smtp/MCSMTPSession.cc +++ b/src/core/smtp/MCSMTPSession.cc @@ -9,6 +9,7 @@ #include "MCMessageHeader.h" #include "MCSMTPProgressCallback.h" #include "MCConnectionLoggerUtils.h" +#include "MCCertificateUtils.h" using namespace mailcore; @@ -146,8 +147,7 @@ bool SMTPSession::isCheckCertificateEnabled() bool SMTPSession::checkCertificate() { - //TODO check certificate - return true; + return mailcore::checkCertificate(mSmtp->stream, hostname()); } void SMTPSession::setUseHeloIPEnabled(bool enabled) |