| /* Copyright 2013 Justin Erenkrantz and Greg Stein |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #import <AppKit/AppKit.h> |
| #import <Foundation/Foundation.h> |
| #import <SecurityInterface/SFCertificateTrustPanel.h> |
| #import <SecurityInterface/SFChooseIdentityPanel.h> |
| |
| #import "serf.h" |
| |
| @interface MacOSXSSL_Buckets : NSObject |
| { |
| } |
| + (OSStatus) evaluate:(SecTrustRef)trust |
| trustResult:(SecTrustResultType *)trustResult; |
| |
| + (apr_status_t) showTrustCertificateDialog:(SecTrustRef)trust |
| message:(const char *)message |
| ok_button:(const char *)ok_button |
| cancel_button:(const char *)cancel_button; |
| @end |
| |
| @implementation MacOSXSSL_Buckets |
| |
| /* Evaluate the trust object asynchronously. When the results are received, |
| store them in the provided resultPtr address. */ |
| + (OSStatus) evaluate:(SecTrustRef)trust |
| trustResult:(SecTrustResultType *)resultPtr |
| { |
| dispatch_queue_t queue; |
| OSStatus osstatus; |
| |
| SecTrustCallback block = ^(SecTrustRef trust, SecTrustResultType trustResult) |
| { |
| *resultPtr = trustResult; |
| }; |
| |
| queue = dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0l); |
| osstatus = SecTrustEvaluateAsync(trust, queue, block); |
| |
| return osstatus; |
| } |
| |
| + (apr_status_t) showTrustCertificateDialog:(SecTrustRef)trust |
| message:(const char *)message |
| ok_button:(const char *)ok_button |
| cancel_button:(const char *)cancel_button |
| { |
| NSString *MessageLbl = [[NSString alloc] initWithUTF8String:message]; |
| NSString *OkButtonLbl = [[NSString alloc] initWithUTF8String:ok_button]; |
| NSString *CancelButtonLbl; |
| NSApplication *app; |
| SFCertificateTrustPanel *panel; |
| NSInteger result; |
| |
| if (cancel_button) |
| CancelButtonLbl = [[NSString alloc] initWithUTF8String:cancel_button]; |
| |
| app = [NSApplication sharedApplication]; |
| panel = [SFCertificateTrustPanel sharedCertificateTrustPanel]; |
| |
| /* Put the dialog in front of the application, and give it the focus. */ |
| [app setActivationPolicy:NSApplicationActivationPolicyRegular]; |
| [app activateIgnoringOtherApps:YES]; |
| |
| [panel setShowsHelp:YES]; |
| [panel setDefaultButtonTitle:OkButtonLbl]; |
| if (cancel_button) |
| [panel setAlternateButtonTitle:CancelButtonLbl]; |
| |
| result = [panel runModalForTrust:trust |
| message:MessageLbl]; |
| |
| [panel release]; |
| [MessageLbl release]; |
| [OkButtonLbl release]; |
| if (cancel_button) |
| [CancelButtonLbl release]; |
| |
| if (result) |
| return APR_SUCCESS; |
| else |
| return SERF_ERROR_SSL_USER_DENIED_CERT; |
| } |
| |
| + (OSStatus) showSelectIdentityDialog:(SecIdentityRef *)identity |
| message:(const char *)message |
| ok_button:(const char *)ok_button |
| cancel_button:(const char *)cancel_button |
| { |
| NSString *MessageLbl = [[NSString alloc] initWithUTF8String:message]; |
| NSString *OkButtonLbl = [[NSString alloc] initWithUTF8String:ok_button]; |
| NSString *CancelButtonLbl; |
| NSApplication *app; |
| SFChooseIdentityPanel *panel; |
| NSArray *identities; |
| NSDictionary *query; |
| NSInteger result; |
| OSStatus osstatus; |
| |
| if (cancel_button) |
| CancelButtonLbl = [[NSString alloc] initWithUTF8String:cancel_button]; |
| |
| /* Find all matching identities in the keychains. |
| Note: SecIdentityRef items are not stored on the keychain but |
| generated when needed if both a certificate and matching private |
| key are available on the keychain. */ |
| query = [NSDictionary dictionaryWithObjectsAndKeys: |
| (id)kSecClassIdentity, (id)kSecClass, |
| (id)kCFBooleanTrue, (id)kSecAttrCanSign, |
| (id)kSecMatchLimitAll, (id)kSecMatchLimit, |
| (id)kCFBooleanTrue, (id)kSecReturnRef, |
| nil]; |
| |
| osstatus = SecItemCopyMatching((CFDictionaryRef)query, |
| (CFTypeRef *)&identities); |
| [query release]; |
| |
| if (osstatus != noErr) |
| return osstatus; |
| |
| /* TODO: filter on matching certificates. How?? Distinguished names? */ |
| |
| /* Found the identities, now let the user choose. */ |
| app = [NSApplication sharedApplication]; |
| |
| panel = [SFChooseIdentityPanel sharedChooseIdentityPanel]; |
| |
| /* Put the dialog in front of the application, and give it the focus. */ |
| [app setActivationPolicy:NSApplicationActivationPolicyRegular]; |
| [app activateIgnoringOtherApps:YES]; |
| |
| [panel setShowsHelp:YES]; |
| [panel setDefaultButtonTitle:OkButtonLbl]; |
| if (cancel_button) |
| [panel setAlternateButtonTitle:CancelButtonLbl]; |
| |
| result = [panel runModalForIdentities:identities |
| message:MessageLbl]; |
| |
| if (result) { |
| *identity = [panel identity]; |
| } |
| else { |
| *identity = nil; |
| } |
| |
| [identities autorelease]; |
| [MessageLbl release]; |
| [OkButtonLbl release]; |
| if (cancel_button) |
| [CancelButtonLbl release]; |
| [panel release]; |
| |
| return noErr; |
| } |
| |
| @end |
