Check certificate is implemented for Mac/iOS (Fixed #152)

author: Hoa V. DINH <dinh.viet.hoa@gmail.com> 2013-07-26 00:32:06 -0700
committer: Hoa V. DINH <dinh.viet.hoa@gmail.com> 2013-07-26 00:32:31 -0700
commit: 3cb43058be809bd2d45fdb52bc8049800e982c24 (patch)
tree: d8b9b6dfb188e677d75523b6baf1514d6d7df28a /src
parent: c559c8834773c4d6d78cb0cccc968d2a3477f67a (diff)
5 files changed, 93 insertions, 7 deletions
diff --git a/src/core/imap/MCIMAPSession.cc b/src/core/imap/MCIMAPSession.cc
index 35c5e7bd..e2fb4e1d 100644
--- a/src/core/imap/MCIMAPSession.cc
+++ b/src/core/imap/MCIMAPSession.cc
@@ -21,6 +21,7 @@
 #include "MCUtils.h"
 #include "MCHTMLRendererIMAPDataCallback.h"
 #include "MCHTMLBodyRendererTemplateCallback.h"
+#include "MCCertificateUtils.h"
 
 using namespace mailcore;
 
@@ -468,7 +469,6 @@ bool IMAPSession::isVoIPEnabled()
     return mVoIPEnabled;
 }
 
-
 void IMAPSession::setDelimiter(char delimiter)
 {
     mDelimiter = delimiter;
@@ -487,8 +487,7 @@ static bool hasError(int errorCode)
 
 bool IMAPSession::checkCertificate()
 {
-    //TODO check certificate
-    return true;
+    return mailcore::checkCertificate(mImap->imap_stream, hostname());
 }
 
 void IMAPSession::body_progress(size_t current, size_t maximum, void * context)
diff --git a/src/core/pop/MCPOPSession.cc b/src/core/pop/MCPOPSession.cc
index 42a8d585..393ec516 100644
--- a/src/core/pop/MCPOPSession.cc
+++ b/src/core/pop/MCPOPSession.cc
@@ -7,6 +7,7 @@
 #include "MCPOPProgressCallback.h"
 #include "MCMessageHeader.h"
 #include "MCConnectionLoggerUtils.h"
+#include "MCCertificateUtils.h"
 
 using namespace mailcore;
 
@@ -129,8 +130,7 @@ bool POPSession::isCheckCertificateEnabled()
 
 bool POPSession::checkCertificate()
 {
-    //TODO check certificate
-    return true;
+    return mailcore::checkCertificate(mPop->pop3_stream, hostname());
 }
 
 void POPSession::bodyProgress(unsigned int current, unsigned int maximum)
diff --git a/src/core/security/MCCertificateUtils.cc b/src/core/security/MCCertificateUtils.cc
new file mode 100644
index 00000000..f8f25f70
--- /dev/null
+++ b/src/core/security/MCCertificateUtils.cc
@@ -0,0 +1,66 @@
+//
+//  MCCertificateUtils.cc
+//  mailcore2
+//
+//  Created by DINH Viêt Hoà on 7/25/13.
+//  Copyright (c) 2013 MailCore. All rights reserved.
+//
+
+#include "MCCertificateUtils.h"
+
+#if __APPLE__
+#include <CoreFoundation/CoreFoundation.h>
+#include <Security/Security.h>
+#endif
+
+#include "MCLog.h"
+
+bool mailcore::checkCertificate(mailstream * stream, String * hostname)
+{
+#if __APPLE__
+    bool result = false;
+    CFStringRef hostnameCFString = CFStringCreateWithCharacters(NULL, (const UniChar *) hostname->unicodeCharacters(),
+                                                                hostname->length());
+    SecPolicyRef policy = SecPolicyCreateSSL(true, hostnameCFString);
+    
+    CFMutableArrayRef certificates;
+    SecTrustRef trust;
+    certificates = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+    
+    carray * cCerts = mailstream_get_certificate_chain(stream);
+    for(unsigned int i = 0 ; i < carray_count(cCerts) ; i ++) {
+        MMAPString * str;
+        str = (MMAPString *) carray_get(cCerts, i);
+        CFDataRef data = CFDataCreate(NULL, (const UInt8 *) str->str, (CFIndex) str->len);
+        SecCertificateRef cert = SecCertificateCreateWithData(NULL, data);
+        CFArrayAppendValue(certificates, cert);
+        CFRelease(data);
+        
+        OSStatus status = SecTrustCreateWithCertificates(certificates, policy, &trust);
+        SecTrustResultType trustResult;
+        status = SecTrustEvaluate(trust, &trustResult);
+        switch (trustResult) {
+            case kSecTrustResultUnspecified:
+            case kSecTrustResultProceed:
+                // certificate chain is ok
+                result = true;
+                break;
+                
+            default:
+                // certificate chain is invalid
+                break;
+        }
+    }
+    
+    CFRelease(trust);
+    CFRelease(certificates);
+    CFRelease(policy);
+    CFRelease(hostnameCFString);
+    
+    return result;
+#else
+    //TODO check certificate
+    // for other platforms too.
+    return true;
+#endif
+}
diff --git a/src/core/security/MCCertificateUtils.h b/src/core/security/MCCertificateUtils.h
new file mode 100644
index 00000000..0fcd9749
--- /dev/null
+++ b/src/core/security/MCCertificateUtils.h
@@ -0,0 +1,21 @@
+//
+//  MCCertificateUtils.h
+//  mailcore2
+//
+//  Created by DINH Viêt Hoà on 7/25/13.
+//  Copyright (c) 2013 MailCore. All rights reserved.
+//
+
+#ifndef __MAILCORE_MCCERTIFICATEUTILS_H_
+#define __MAILCORE_MCCERTIFICATEUTILS_H_
+
+#include <libetpan/libetpan.h>
+#include <MailCore/MCString.h>
+
+namespace mailcore {
+
+    bool checkCertificate(mailstream * stream, String * hostname);
+
+}
+
+#endif
diff --git a/src/core/smtp/MCSMTPSession.cc b/src/core/smtp/MCSMTPSession.cc
index cc2555f4..4677e2d6 100644
--- a/src/core/smtp/MCSMTPSession.cc
+++ b/src/core/smtp/MCSMTPSession.cc
@@ -9,6 +9,7 @@
 #include "MCMessageHeader.h"
 #include "MCSMTPProgressCallback.h"
 #include "MCConnectionLoggerUtils.h"
+#include "MCCertificateUtils.h"
 
 using namespace mailcore;
 
@@ -146,8 +147,7 @@ bool SMTPSession::isCheckCertificateEnabled()
 
 bool SMTPSession::checkCertificate()
 {
-    //TODO check certificate
-    return true;
+    return mailcore::checkCertificate(mSmtp->stream, hostname());
 }
 
 void SMTPSession::setUseHeloIPEnabled(bool enabled)
author	Hoa V. DINH <dinh.viet.hoa@gmail.com>	2013-07-26 00:32:06 -0700
committer	Hoa V. DINH <dinh.viet.hoa@gmail.com>	2013-07-26 00:32:31 -0700
commit	3cb43058be809bd2d45fdb52bc8049800e982c24 (patch)
tree	d8b9b6dfb188e677d75523b6baf1514d6d7df28a /src
parent	c559c8834773c4d6d78cb0cccc968d2a3477f67a (diff)