Examples with SecPolicyRef ch.cyberduck.core.keychain.SecPolicyRef used on opensource projects

Example 1 with SecPolicyRef

use of ch.cyberduck.core.keychain.SecPolicyRef in project cyberduck by iterate-ch.

the class PromptCertificateIdentityCallback method prompt.

@Override
public X509Certificate prompt(final String hostname, final List<X509Certificate> certificates) throws ConnectionCanceledException {
    final AtomicReference<SFChooseIdentityPanel> ref = new AtomicReference<>();
    controller.invoke(new DefaultMainAction() {

        @Override
        public void run() {
            ref.set(SFChooseIdentityPanel.sharedChooseIdentityPanel());
        }
    }, true);
    final SFChooseIdentityPanel panel = ref.get();
    panel.setDomain(hostname);
    final SecPolicyRef policyRef = SecurityFunctions.library.SecPolicyCreateSSL(true, hostname);
    panel.setPolicies(policyRef);
    FoundationKitFunctions.library.CFRelease(policyRef);
    panel.setShowsHelp(false);
    panel.setAlternateButtonTitle(LocaleFactory.localizedString("Disconnect"));
    panel.setInformativeText(MessageFormat.format(LocaleFactory.localizedString("The server requires a certificate to validate your identity. Select the certificate to authenticate yourself to {0}."), hostname));
    final NSArray identities = KeychainCertificateStore.toDEREncodedCertificates(certificates);
    final int option = this.prompt(panel, identities);
    switch(option) {
        case SheetCallback.DEFAULT_OPTION:
            // Use the identity method to obtain the identity chosen by the user.
            final SecIdentityRef identityRef = panel.identity();
            if (null == identityRef) {
                log.warn(String.format("No identity selected for %s", hostname));
                throw new ConnectionCanceledException();
            }
            return KeychainCertificateStore.toX509Certificate(identityRef);
        default:
            throw new ConnectionCanceledException();
    }
}

Example 2 with SecPolicyRef

use of ch.cyberduck.core.keychain.SecPolicyRef in project cyberduck by iterate-ch.

the class PromptCertificateTrustCallback method prompt.

@Override
public void prompt(final String hostname, final List<X509Certificate> certificates) throws ConnectionCanceledException {
    final SecPolicyRef policyRef = SecurityFunctions.library.SecPolicyCreateSSL(true, hostname);
    final PointerByReference reference = new PointerByReference();
    SecurityFunctions.library.SecTrustCreateWithCertificates(KeychainCertificateStore.toDEREncodedCertificates(certificates), policyRef, reference);
    final SecTrustRef trustRef = new SecTrustRef(reference.getValue());
    final AtomicReference<SFCertificateTrustPanel> ref = new AtomicReference<>();
    controller.invoke(new DefaultMainAction() {

        @Override
        public void run() {
            ref.set(SFCertificateTrustPanel.sharedCertificateTrustPanel());
        }
    }, true);
    final SFCertificateTrustPanel panel = ref.get();
    panel.setInformativeText(null);
    panel.setAlternateButtonTitle(LocaleFactory.localizedString("Disconnect"));
    panel.setPolicies(policyRef);
    panel.setShowsHelp(true);
    if (log.isDebugEnabled()) {
        log.debug(String.format("Display trust panel for controller %s", controller));
    }
    final int option = this.prompt(panel, trustRef);
    FoundationKitFunctions.library.CFRelease(trustRef);
    FoundationKitFunctions.library.CFRelease(policyRef);
    switch(option) {
        case SheetCallback.DEFAULT_OPTION:
            return;
        default:
            throw new ConnectionCanceledException();
    }
}

Example 3 with SecPolicyRef

use of ch.cyberduck.core.keychain.SecPolicyRef in project cyberduck by iterate-ch.

the class KeychainCertificateStore method verify.

/**
 * @param certificates Chain of certificates
 * @return True if chain is trusted
 */
@Override
public boolean verify(final CertificateTrustCallback prompt, final String hostname, final List<X509Certificate> certificates) throws CertificateException {
    if (certificates.isEmpty()) {
        return false;
    }
    int err;
    // Specify true on the client side to return a policy for SSL server certificates
    final SecPolicyRef policyRef = SecurityFunctions.library.SecPolicyCreateSSL(true, hostname);
    final PointerByReference reference = new PointerByReference();
    err = SecurityFunctions.library.SecTrustCreateWithCertificates(toDEREncodedCertificates(certificates), policyRef, reference);
    if (0 != err) {
        log.error(String.format("SecTrustCreateWithCertificates returning error %d", err));
        return false;
    }
    final SecTrustRef trustRef = new SecTrustRef(reference.getValue());
    final SecTrustResultType trustResultType = new SecTrustResultType();
    err = SecurityFunctions.library.SecTrustEvaluate(trustRef, trustResultType);
    if (0 != err) {
        log.error(String.format("SecTrustEvaluate returning error %d", err));
        return false;
    }
    FoundationKitFunctions.library.CFRelease(trustRef);
    FoundationKitFunctions.library.CFRelease(policyRef);
    switch(trustResultType.getValue()) {
        // Implicitly trusted
        case SecTrustResultType.kSecTrustResultUnspecified:
        case // Accepted by user keychain setting explicitly
        SecTrustResultType.kSecTrustResultProceed:
            return true;
        default:
            if (log.isDebugEnabled()) {
                log.debug("Evaluated recoverable trust result failure " + trustResultType.getValue());
            }
            try {
                prompt.prompt(hostname, certificates);
                return true;
            } catch (ConnectionCanceledException e) {
                return false;
            }
    }
}