1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
//
// MCCertificateUtils.cc
// mailcore2
//
// Created by DINH Viêt Hoà on 7/25/13.
// Copyright (c) 2013 MailCore. All rights reserved.
//
#include "MCCertificateUtils.h"
#if __APPLE__
#include <CoreFoundation/CoreFoundation.h>
#include <Security/Security.h>
#endif
#include "MCLog.h"
bool mailcore::checkCertificate(mailstream * stream, String * hostname)
{
#if __APPLE__
bool result = false;
CFStringRef hostnameCFString;
SecPolicyRef policy;
CFMutableArrayRef certificates;
SecTrustRef trust = NULL;
SecTrustResultType trustResult;
OSStatus status;
carray * cCerts = mailstream_get_certificate_chain(stream);
if (cCerts == NULL) {
fprintf(stderr, "warning: No certificate chain retrieved");
goto err;
}
hostnameCFString = CFStringCreateWithCharacters(NULL, (const UniChar *) hostname->unicodeCharacters(),
hostname->length());
policy = SecPolicyCreateSSL(true, hostnameCFString);
certificates = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
for(unsigned int i = 0 ; i < carray_count(cCerts) ; i ++) {
MMAPString * str;
str = (MMAPString *) carray_get(cCerts, i);
CFDataRef data = CFDataCreate(NULL, (const UInt8 *) str->str, (CFIndex) str->len);
SecCertificateRef cert = SecCertificateCreateWithData(NULL, data);
CFArrayAppendValue(certificates, cert);
CFRelease(data);
CFRelease(cert);
}
status = SecTrustCreateWithCertificates(certificates, policy, &trust);
if (status != noErr) {
goto free_certs;
}
status = SecTrustEvaluate(trust, &trustResult);
if (status != noErr) {
goto free_certs;
}
switch (trustResult) {
case kSecTrustResultUnspecified:
case kSecTrustResultProceed:
// certificate chain is ok
result = true;
break;
default:
// certificate chain is invalid
break;
}
CFRelease(trust);
free_certs:
CFRelease(certificates);
mailstream_certificate_chain_free(cCerts);
CFRelease(policy);
CFRelease(hostnameCFString);
err:
return result;
#else
//TODO check certificate
// for other platforms too.
return true;
#endif
}
|