diff options
author | 2013-07-26 00:32:06 -0700 | |
---|---|---|
committer | 2013-07-26 00:32:31 -0700 | |
commit | 3cb43058be809bd2d45fdb52bc8049800e982c24 (patch) | |
tree | d8b9b6dfb188e677d75523b6baf1514d6d7df28a /src | |
parent | c559c8834773c4d6d78cb0cccc968d2a3477f67a (diff) |
Check certificate is implemented for Mac/iOS (Fixed #152)
Diffstat (limited to 'src')
-rw-r--r-- | src/core/imap/MCIMAPSession.cc | 5 | ||||
-rw-r--r-- | src/core/pop/MCPOPSession.cc | 4 | ||||
-rw-r--r-- | src/core/security/MCCertificateUtils.cc | 66 | ||||
-rw-r--r-- | src/core/security/MCCertificateUtils.h | 21 | ||||
-rw-r--r-- | src/core/smtp/MCSMTPSession.cc | 4 |
5 files changed, 93 insertions, 7 deletions
diff --git a/src/core/imap/MCIMAPSession.cc b/src/core/imap/MCIMAPSession.cc index 35c5e7bd..e2fb4e1d 100644 --- a/src/core/imap/MCIMAPSession.cc +++ b/src/core/imap/MCIMAPSession.cc @@ -21,6 +21,7 @@ #include "MCUtils.h" #include "MCHTMLRendererIMAPDataCallback.h" #include "MCHTMLBodyRendererTemplateCallback.h" +#include "MCCertificateUtils.h" using namespace mailcore; @@ -468,7 +469,6 @@ bool IMAPSession::isVoIPEnabled() return mVoIPEnabled; } - void IMAPSession::setDelimiter(char delimiter) { mDelimiter = delimiter; @@ -487,8 +487,7 @@ static bool hasError(int errorCode) bool IMAPSession::checkCertificate() { - //TODO check certificate - return true; + return mailcore::checkCertificate(mImap->imap_stream, hostname()); } void IMAPSession::body_progress(size_t current, size_t maximum, void * context) diff --git a/src/core/pop/MCPOPSession.cc b/src/core/pop/MCPOPSession.cc index 42a8d585..393ec516 100644 --- a/src/core/pop/MCPOPSession.cc +++ b/src/core/pop/MCPOPSession.cc @@ -7,6 +7,7 @@ #include "MCPOPProgressCallback.h" #include "MCMessageHeader.h" #include "MCConnectionLoggerUtils.h" +#include "MCCertificateUtils.h" using namespace mailcore; @@ -129,8 +130,7 @@ bool POPSession::isCheckCertificateEnabled() bool POPSession::checkCertificate() { - //TODO check certificate - return true; + return mailcore::checkCertificate(mPop->pop3_stream, hostname()); } void POPSession::bodyProgress(unsigned int current, unsigned int maximum) diff --git a/src/core/security/MCCertificateUtils.cc b/src/core/security/MCCertificateUtils.cc new file mode 100644 index 00000000..f8f25f70 --- /dev/null +++ b/src/core/security/MCCertificateUtils.cc @@ -0,0 +1,66 @@ +// +// MCCertificateUtils.cc +// mailcore2 +// +// Created by DINH Viêt Hoà on 7/25/13. +// Copyright (c) 2013 MailCore. All rights reserved. +// + +#include "MCCertificateUtils.h" + +#if __APPLE__ +#include <CoreFoundation/CoreFoundation.h> +#include <Security/Security.h> +#endif + +#include "MCLog.h" + +bool mailcore::checkCertificate(mailstream * stream, String * hostname) +{ +#if __APPLE__ + bool result = false; + CFStringRef hostnameCFString = CFStringCreateWithCharacters(NULL, (const UniChar *) hostname->unicodeCharacters(), + hostname->length()); + SecPolicyRef policy = SecPolicyCreateSSL(true, hostnameCFString); + + CFMutableArrayRef certificates; + SecTrustRef trust; + certificates = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + + carray * cCerts = mailstream_get_certificate_chain(stream); + for(unsigned int i = 0 ; i < carray_count(cCerts) ; i ++) { + MMAPString * str; + str = (MMAPString *) carray_get(cCerts, i); + CFDataRef data = CFDataCreate(NULL, (const UInt8 *) str->str, (CFIndex) str->len); + SecCertificateRef cert = SecCertificateCreateWithData(NULL, data); + CFArrayAppendValue(certificates, cert); + CFRelease(data); + + OSStatus status = SecTrustCreateWithCertificates(certificates, policy, &trust); + SecTrustResultType trustResult; + status = SecTrustEvaluate(trust, &trustResult); + switch (trustResult) { + case kSecTrustResultUnspecified: + case kSecTrustResultProceed: + // certificate chain is ok + result = true; + break; + + default: + // certificate chain is invalid + break; + } + } + + CFRelease(trust); + CFRelease(certificates); + CFRelease(policy); + CFRelease(hostnameCFString); + + return result; +#else + //TODO check certificate + // for other platforms too. + return true; +#endif +} diff --git a/src/core/security/MCCertificateUtils.h b/src/core/security/MCCertificateUtils.h new file mode 100644 index 00000000..0fcd9749 --- /dev/null +++ b/src/core/security/MCCertificateUtils.h @@ -0,0 +1,21 @@ +// +// MCCertificateUtils.h +// mailcore2 +// +// Created by DINH Viêt Hoà on 7/25/13. +// Copyright (c) 2013 MailCore. All rights reserved. +// + +#ifndef __MAILCORE_MCCERTIFICATEUTILS_H_ +#define __MAILCORE_MCCERTIFICATEUTILS_H_ + +#include <libetpan/libetpan.h> +#include <MailCore/MCString.h> + +namespace mailcore { + + bool checkCertificate(mailstream * stream, String * hostname); + +} + +#endif diff --git a/src/core/smtp/MCSMTPSession.cc b/src/core/smtp/MCSMTPSession.cc index cc2555f4..4677e2d6 100644 --- a/src/core/smtp/MCSMTPSession.cc +++ b/src/core/smtp/MCSMTPSession.cc @@ -9,6 +9,7 @@ #include "MCMessageHeader.h" #include "MCSMTPProgressCallback.h" #include "MCConnectionLoggerUtils.h" +#include "MCCertificateUtils.h" using namespace mailcore; @@ -146,8 +147,7 @@ bool SMTPSession::isCheckCertificateEnabled() bool SMTPSession::checkCertificate() { - //TODO check certificate - return true; + return mailcore::checkCertificate(mSmtp->stream, hostname()); } void SMTPSession::setUseHeloIPEnabled(bool enabled) |