Check certificate is implemented for Mac/iOS (Fixed #152)

6 files changed, 109 insertions, 7 deletions

diff --git a/build-mac/mailcore2.xcodeproj/project.pbxproj b/build-mac/mailcore2.xcodeproj/project.pbxproj
index 4ddf4bcc..e127f4f2 100644
--- a/build-mac/mailcore2.xcodeproj/project.pbxproj
+++ b/build-mac/mailcore2.xcodeproj/project.pbxproj
@@ -684,6 +684,8 @@
 		C6F61FB21702886B0073032E /* MCORFC822.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = C64BB26B16FD4C3B000DB34C /* MCORFC822.h */; };
 		C6F61FB51702AB340073032E /* MCOIMAPBaseOperation.mm in Sources */ = {isa = PBXBuildFile; fileRef = C6F61FB41702AB2F0073032E /* MCOIMAPBaseOperation.mm */; };
 		C6F61FB61702B5290073032E /* MCOIMAPBaseOperation.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = C6F61FB31702AB2A0073032E /* MCOIMAPBaseOperation.h */; };
+		C6F7B19F17A1C15200BE78BB /* MCCertificateUtils.cc in Sources */ = {isa = PBXBuildFile; fileRef = C6F7B19D17A1C15200BE78BB /* MCCertificateUtils.cc */; };
+		C6F7B1A017A1C15200BE78BB /* MCCertificateUtils.cc in Sources */ = {isa = PBXBuildFile; fileRef = C6F7B19D17A1C15200BE78BB /* MCCertificateUtils.cc */; };
 		DA0F1C7B177C07B300F0D3B4 /* MCIMAPMessageRenderingOperation.cc in Sources */ = {isa = PBXBuildFile; fileRef = DA0F1C79177C07B300F0D3B4 /* MCIMAPMessageRenderingOperation.cc */; };
 		DA0F1C7C177C07B300F0D3B4 /* MCIMAPMessageRenderingOperation.cc in Sources */ = {isa = PBXBuildFile; fileRef = DA0F1C79177C07B300F0D3B4 /* MCIMAPMessageRenderingOperation.cc */; };
 		DA89896D178A47D200F6D90A /* MCOIMAPMessageRenderingOperation.mm in Sources */ = {isa = PBXBuildFile; fileRef = DA89896C178A47D200F6D90A /* MCOIMAPMessageRenderingOperation.mm */; };
@@ -1484,6 +1486,8 @@
 		C6F61F9E17016EA00073032E /* MCOIMAPFolderInfo.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MCOIMAPFolderInfo.m; sourceTree = "<group>"; };
 		C6F61FB31702AB2A0073032E /* MCOIMAPBaseOperation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MCOIMAPBaseOperation.h; sourceTree = "<group>"; };
 		C6F61FB41702AB2F0073032E /* MCOIMAPBaseOperation.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = MCOIMAPBaseOperation.mm; sourceTree = "<group>"; };
+		C6F7B19D17A1C15200BE78BB /* MCCertificateUtils.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MCCertificateUtils.cc; sourceTree = "<group>"; };
+		C6F7B19E17A1C15200BE78BB /* MCCertificateUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MCCertificateUtils.h; sourceTree = "<group>"; };
 		DA0F1C79177C07B300F0D3B4 /* MCIMAPMessageRenderingOperation.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MCIMAPMessageRenderingOperation.cc; sourceTree = "<group>"; };
 		DA0F1C7A177C07B300F0D3B4 /* MCIMAPMessageRenderingOperation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MCIMAPMessageRenderingOperation.h; sourceTree = "<group>"; };
 		DA89896B178A47D200F6D90A /* MCOIMAPMessageRenderingOperation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MCOIMAPMessageRenderingOperation.h; sourceTree = "<group>"; };
@@ -1797,6 +1801,7 @@
 		C64EA691169E847800778456 /* core */ = {
 			isa = PBXGroup;
 			children = (
+				C6F7B19C17A1C11F00BE78BB /* security */,
 				C6E665A91796500B0063F2CF /* zip */,
 				C64EA692169E847800778456 /* abstract */,
 				C64EA6A1169E847800778456 /* basetypes */,
@@ -2137,6 +2142,15 @@
 			path = smtp;
 			sourceTree = "<group>";
 		};
+		C6F7B19C17A1C11F00BE78BB /* security */ = {
+			isa = PBXGroup;
+			children = (
+				C6F7B19D17A1C15200BE78BB /* MCCertificateUtils.cc */,
+				C6F7B19E17A1C15200BE78BB /* MCCertificateUtils.h */,
+			);
+			path = security;
+			sourceTree = "<group>";
+		};
 		F8EA941316BAED500011AC6F /* imap */ = {
 			isa = PBXGroup;
 			children = (
@@ -2445,6 +2459,7 @@
 				C64EA744169E847800778456 /* MCMultipart.cc in Sources */,
 				C64EA781169E89F600778456 /* MCSMTPSession.cc in Sources */,
 				C64EA784169F24E400778456 /* MCSMTPAsyncSession.cc in Sources */,
+				C6F7B19F17A1C15200BE78BB /* MCCertificateUtils.cc in Sources */,
 				C64EA79E169F29A700778456 /* MCSMTPSendWithDataOperation.cc in Sources */,
 				C64EA7DA16A1386600778456 /* MCSMTPOperation.cc in Sources */,
 				C64EA7EA16A154B300778456 /* MCSMTPCheckAccountOperation.cc in Sources */,
@@ -2634,6 +2649,7 @@
 				C6BA2BBD1705F4E6003F0E9E /* MCMultipart.cc in Sources */,
 				C6BA2BBE1705F4E6003F0E9E /* MCSMTPSession.cc in Sources */,
 				C6BA2BBF1705F4E6003F0E9E /* MCSMTPAsyncSession.cc in Sources */,
+				C6F7B1A017A1C15200BE78BB /* MCCertificateUtils.cc in Sources */,
 				C6BA2BC01705F4E6003F0E9E /* MCSMTPSendWithDataOperation.cc in Sources */,
 				C6BA2BC11705F4E6003F0E9E /* MCSMTPOperation.cc in Sources */,
 				C6BA2BC21705F4E6003F0E9E /* MCSMTPCheckAccountOperation.cc in Sources */,
diff --git a/src/core/imap/MCIMAPSession.cc b/src/core/imap/MCIMAPSession.cc
index 35c5e7bd..e2fb4e1d 100644
--- a/src/core/imap/MCIMAPSession.cc
+++ b/src/core/imap/MCIMAPSession.cc
@@ -21,6 +21,7 @@
 #include "MCUtils.h"
 #include "MCHTMLRendererIMAPDataCallback.h"
 #include "MCHTMLBodyRendererTemplateCallback.h"
+#include "MCCertificateUtils.h"
 
 using namespace mailcore;
 
@@ -468,7 +469,6 @@ bool IMAPSession::isVoIPEnabled()
     return mVoIPEnabled;
 }
 
-
 void IMAPSession::setDelimiter(char delimiter)
 {
     mDelimiter = delimiter;
@@ -487,8 +487,7 @@ static bool hasError(int errorCode)
 
 bool IMAPSession::checkCertificate()
 {
-    //TODO check certificate
-    return true;
+    return mailcore::checkCertificate(mImap->imap_stream, hostname());
 }
 
 void IMAPSession::body_progress(size_t current, size_t maximum, void * context)
diff --git a/src/core/pop/MCPOPSession.cc b/src/core/pop/MCPOPSession.cc
index 42a8d585..393ec516 100644
--- a/src/core/pop/MCPOPSession.cc
+++ b/src/core/pop/MCPOPSession.cc
@@ -7,6 +7,7 @@
 #include "MCPOPProgressCallback.h"
 #include "MCMessageHeader.h"
 #include "MCConnectionLoggerUtils.h"
+#include "MCCertificateUtils.h"
 
 using namespace mailcore;
 
@@ -129,8 +130,7 @@ bool POPSession::isCheckCertificateEnabled()
 
 bool POPSession::checkCertificate()
 {
-    //TODO check certificate
-    return true;
+    return mailcore::checkCertificate(mPop->pop3_stream, hostname());
 }
 
 void POPSession::bodyProgress(unsigned int current, unsigned int maximum)
diff --git a/src/core/security/MCCertificateUtils.cc b/src/core/security/MCCertificateUtils.cc
new file mode 100644
index 00000000..f8f25f70
--- /dev/null
+++ b/src/core/security/MCCertificateUtils.cc
@@ -0,0 +1,66 @@
+//
+//  MCCertificateUtils.cc
+//  mailcore2
+//
+//  Created by DINH Viêt Hoà on 7/25/13.
+//  Copyright (c) 2013 MailCore. All rights reserved.
+//
+
+#include "MCCertificateUtils.h"
+
+#if __APPLE__
+#include <CoreFoundation/CoreFoundation.h>
+#include <Security/Security.h>
+#endif
+
+#include "MCLog.h"
+
+bool mailcore::checkCertificate(mailstream * stream, String * hostname)
+{
+#if __APPLE__
+    bool result = false;
+    CFStringRef hostnameCFString = CFStringCreateWithCharacters(NULL, (const UniChar *) hostname->unicodeCharacters(),
+                                                                hostname->length());
+    SecPolicyRef policy = SecPolicyCreateSSL(true, hostnameCFString);
+    
+    CFMutableArrayRef certificates;
+    SecTrustRef trust;
+    certificates = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+    
+    carray * cCerts = mailstream_get_certificate_chain(stream);
+    for(unsigned int i = 0 ; i < carray_count(cCerts) ; i ++) {
+        MMAPString * str;
+        str = (MMAPString *) carray_get(cCerts, i);
+        CFDataRef data = CFDataCreate(NULL, (const UInt8 *) str->str, (CFIndex) str->len);
+        SecCertificateRef cert = SecCertificateCreateWithData(NULL, data);
+        CFArrayAppendValue(certificates, cert);
+        CFRelease(data);
+        
+        OSStatus status = SecTrustCreateWithCertificates(certificates, policy, &trust);
+        SecTrustResultType trustResult;
+        status = SecTrustEvaluate(trust, &trustResult);
+        switch (trustResult) {
+            case kSecTrustResultUnspecified:
+            case kSecTrustResultProceed:
+                // certificate chain is ok
+                result = true;
+                break;
+                
+            default:
+                // certificate chain is invalid
+                break;
+        }
+    }
+    
+    CFRelease(trust);
+    CFRelease(certificates);
+    CFRelease(policy);
+    CFRelease(hostnameCFString);
+    
+    return result;
+#else
+    //TODO check certificate
+    // for other platforms too.
+    return true;
+#endif
+}
diff --git a/src/core/security/MCCertificateUtils.h b/src/core/security/MCCertificateUtils.h
new file mode 100644
index 00000000..0fcd9749
--- /dev/null
+++ b/src/core/security/MCCertificateUtils.h
@@ -0,0 +1,21 @@
+//
+//  MCCertificateUtils.h
+//  mailcore2
+//
+//  Created by DINH Viêt Hoà on 7/25/13.
+//  Copyright (c) 2013 MailCore. All rights reserved.
+//
+
+#ifndef __MAILCORE_MCCERTIFICATEUTILS_H_
+#define __MAILCORE_MCCERTIFICATEUTILS_H_
+
+#include <libetpan/libetpan.h>
+#include <MailCore/MCString.h>
+
+namespace mailcore {
+
+    bool checkCertificate(mailstream * stream, String * hostname);
+
+}
+
+#endif
diff --git a/src/core/smtp/MCSMTPSession.cc b/src/core/smtp/MCSMTPSession.cc
index cc2555f4..4677e2d6 100644
--- a/src/core/smtp/MCSMTPSession.cc
+++ b/src/core/smtp/MCSMTPSession.cc
@@ -9,6 +9,7 @@
 #include "MCMessageHeader.h"
 #include "MCSMTPProgressCallback.h"
 #include "MCConnectionLoggerUtils.h"
+#include "MCCertificateUtils.h"
 
 using namespace mailcore;
 
@@ -146,8 +147,7 @@ bool SMTPSession::isCheckCertificateEnabled()
 
 bool SMTPSession::checkCertificate()
 {
-    //TODO check certificate
-    return true;
+    return mailcore::checkCertificate(mSmtp->stream, hostname());
 }
 
 void SMTPSession::setUseHeloIPEnabled(bool enabled)