From 3cb43058be809bd2d45fdb52bc8049800e982c24 Mon Sep 17 00:00:00 2001
From: "Hoa V. DINH" <dinh.viet.hoa@gmail.com>
Date: Fri, 26 Jul 2013 00:32:06 -0700
Subject: Check certificate is implemented for Mac/iOS (Fixed #152)

---
 src/core/imap/MCIMAPSession.cc          |  5 +--
 src/core/pop/MCPOPSession.cc            |  4 +-
 src/core/security/MCCertificateUtils.cc | 66 +++++++++++++++++++++++++++++++++
 src/core/security/MCCertificateUtils.h  | 21 +++++++++++
 src/core/smtp/MCSMTPSession.cc          |  4 +-
 5 files changed, 93 insertions(+), 7 deletions(-)
 create mode 100644 src/core/security/MCCertificateUtils.cc
 create mode 100644 src/core/security/MCCertificateUtils.h

(limited to 'src')

diff --git a/src/core/imap/MCIMAPSession.cc b/src/core/imap/MCIMAPSession.cc
index 35c5e7bd..e2fb4e1d 100644
--- a/src/core/imap/MCIMAPSession.cc
+++ b/src/core/imap/MCIMAPSession.cc
@@ -21,6 +21,7 @@
 #include "MCUtils.h"
 #include "MCHTMLRendererIMAPDataCallback.h"
 #include "MCHTMLBodyRendererTemplateCallback.h"
+#include "MCCertificateUtils.h"
 
 using namespace mailcore;
 
@@ -468,7 +469,6 @@ bool IMAPSession::isVoIPEnabled()
     return mVoIPEnabled;
 }
 
-
 void IMAPSession::setDelimiter(char delimiter)
 {
     mDelimiter = delimiter;
@@ -487,8 +487,7 @@ static bool hasError(int errorCode)
 
 bool IMAPSession::checkCertificate()
 {
-    //TODO check certificate
-    return true;
+    return mailcore::checkCertificate(mImap->imap_stream, hostname());
 }
 
 void IMAPSession::body_progress(size_t current, size_t maximum, void * context)
diff --git a/src/core/pop/MCPOPSession.cc b/src/core/pop/MCPOPSession.cc
index 42a8d585..393ec516 100644
--- a/src/core/pop/MCPOPSession.cc
+++ b/src/core/pop/MCPOPSession.cc
@@ -7,6 +7,7 @@
 #include "MCPOPProgressCallback.h"
 #include "MCMessageHeader.h"
 #include "MCConnectionLoggerUtils.h"
+#include "MCCertificateUtils.h"
 
 using namespace mailcore;
 
@@ -129,8 +130,7 @@ bool POPSession::isCheckCertificateEnabled()
 
 bool POPSession::checkCertificate()
 {
-    //TODO check certificate
-    return true;
+    return mailcore::checkCertificate(mPop->pop3_stream, hostname());
 }
 
 void POPSession::bodyProgress(unsigned int current, unsigned int maximum)
diff --git a/src/core/security/MCCertificateUtils.cc b/src/core/security/MCCertificateUtils.cc
new file mode 100644
index 00000000..f8f25f70
--- /dev/null
+++ b/src/core/security/MCCertificateUtils.cc
@@ -0,0 +1,66 @@
+//
+//  MCCertificateUtils.cc
+//  mailcore2
+//
+//  Created by DINH Viêt Hoà on 7/25/13.
+//  Copyright (c) 2013 MailCore. All rights reserved.
+//
+
+#include "MCCertificateUtils.h"
+
+#if __APPLE__
+#include <CoreFoundation/CoreFoundation.h>
+#include <Security/Security.h>
+#endif
+
+#include "MCLog.h"
+
+bool mailcore::checkCertificate(mailstream * stream, String * hostname)
+{
+#if __APPLE__
+    bool result = false;
+    CFStringRef hostnameCFString = CFStringCreateWithCharacters(NULL, (const UniChar *) hostname->unicodeCharacters(),
+                                                                hostname->length());
+    SecPolicyRef policy = SecPolicyCreateSSL(true, hostnameCFString);
+    
+    CFMutableArrayRef certificates;
+    SecTrustRef trust;
+    certificates = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+    
+    carray * cCerts = mailstream_get_certificate_chain(stream);
+    for(unsigned int i = 0 ; i < carray_count(cCerts) ; i ++) {
+        MMAPString * str;
+        str = (MMAPString *) carray_get(cCerts, i);
+        CFDataRef data = CFDataCreate(NULL, (const UInt8 *) str->str, (CFIndex) str->len);
+        SecCertificateRef cert = SecCertificateCreateWithData(NULL, data);
+        CFArrayAppendValue(certificates, cert);
+        CFRelease(data);
+        
+        OSStatus status = SecTrustCreateWithCertificates(certificates, policy, &trust);
+        SecTrustResultType trustResult;
+        status = SecTrustEvaluate(trust, &trustResult);
+        switch (trustResult) {
+            case kSecTrustResultUnspecified:
+            case kSecTrustResultProceed:
+                // certificate chain is ok
+                result = true;
+                break;
+                
+            default:
+                // certificate chain is invalid
+                break;
+        }
+    }
+    
+    CFRelease(trust);
+    CFRelease(certificates);
+    CFRelease(policy);
+    CFRelease(hostnameCFString);
+    
+    return result;
+#else
+    //TODO check certificate
+    // for other platforms too.
+    return true;
+#endif
+}
diff --git a/src/core/security/MCCertificateUtils.h b/src/core/security/MCCertificateUtils.h
new file mode 100644
index 00000000..0fcd9749
--- /dev/null
+++ b/src/core/security/MCCertificateUtils.h
@@ -0,0 +1,21 @@
+//
+//  MCCertificateUtils.h
+//  mailcore2
+//
+//  Created by DINH Viêt Hoà on 7/25/13.
+//  Copyright (c) 2013 MailCore. All rights reserved.
+//
+
+#ifndef __MAILCORE_MCCERTIFICATEUTILS_H_
+#define __MAILCORE_MCCERTIFICATEUTILS_H_
+
+#include <libetpan/libetpan.h>
+#include <MailCore/MCString.h>
+
+namespace mailcore {
+
+    bool checkCertificate(mailstream * stream, String * hostname);
+
+}
+
+#endif
diff --git a/src/core/smtp/MCSMTPSession.cc b/src/core/smtp/MCSMTPSession.cc
index cc2555f4..4677e2d6 100644
--- a/src/core/smtp/MCSMTPSession.cc
+++ b/src/core/smtp/MCSMTPSession.cc
@@ -9,6 +9,7 @@
 #include "MCMessageHeader.h"
 #include "MCSMTPProgressCallback.h"
 #include "MCConnectionLoggerUtils.h"
+#include "MCCertificateUtils.h"
 
 using namespace mailcore;
 
@@ -146,8 +147,7 @@ bool SMTPSession::isCheckCertificateEnabled()
 
 bool SMTPSession::checkCertificate()
 {
-    //TODO check certificate
-    return true;
+    return mailcore::checkCertificate(mSmtp->stream, hostname());
 }
 
 void SMTPSession::setUseHeloIPEnabled(bool enabled)
-- 
cgit v1.2.3