Add function to evaluate certificates validity

MatteoPologruto · MatteoPologruto · commit ee833420e777 · 2024-04-22T16:33:05.000+02:00
diff --git a/certificates/install_darwin.go b/certificates/install_darwin.go
@@ -89,6 +89,56 @@ const char *uninstallCert() {
     }
     return "";
 }
+
+const char *evaluateCert(){
+    // Each line is a key-value of the dictionary. Note: the the inverted order, value first then key.
+    NSDictionary* dict = [NSDictionary dictionaryWithObjectsAndKeys:
+        (id)kSecClassCertificate, kSecClass,
+        CFSTR("Arduino"), kSecAttrLabel,
+        kSecMatchLimitOne, kSecMatchLimit,
+        kCFBooleanFalse, kSecReturnAttributes,
+        kCFBooleanTrue, kSecReturnData,
+        nil];
+
+    OSStatus err = noErr;
+    CFTypeRef cert;
+    // Use this function to check for errors
+    err = SecItemCopyMatching((CFDictionaryRef)dict, &cert);
+    if (err == noErr) {
+        SecPolicyRef policy = SecPolicyCreateBasicX509();
+        SecTrustRef trust;
+        err = SecTrustCreateWithCertificates(cert, policy, &trust);
+        CFRelease(policy);
+        if (err != noErr) {
+            NSString *errString = [@"Could not create a trust item from the certificates. Error: " stringByAppendingFormat:@"%d", err];
+            NSLog(@"%@", errString);
+            return [errString cStringUsingEncoding:[NSString defaultCStringEncoding]];;
+        }
+        SecTrustEvaluateAsyncWithError(trust, dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0),
+            ^(SecTrustRef evaluatedTrust, bool trustResult, CFErrorRef error) {
+                if (trustResult == YES) {
+                    // Evaluation succeeded!
+                } else {
+                    // Evaluation failed: Check the error
+                    SecTrustResultType trustResult;
+                    SecTrustGetTrustResult(trust, &trustResult);
+                    if (trustResult == kSecTrustResultRecoverableTrustFailure) {
+                        // Make changes and try again.
+                    }
+                }
+
+                // Finally, release the trust and error.
+                if (evaluatedTrust) { CFRelease(evaluatedTrust); }
+                if (error)          { CFRelease(error); }
+            }
+        );
+    } else if (err != errSecItemNotFound){
+        NSString *errString = [@"Error: " stringByAppendingFormat:@"%d", err];
+        NSLog(@"%@", errString);
+        return [errString cStringUsingEncoding:[NSString defaultCStringEncoding]];;
+    }
+    return "";
+}
 */
 import "C"
 import (
@@ -131,3 +181,17 @@ func UninstallCertificates() error {
 	}
 	return nil
 }
+
+// EvaluateCertificates will evaluate the certificates validity and eventually uninstall and re-install them,
+// if something goes wrong will show a dialog with the error and return an error
+func EvaluateCertificates() error {
+	log.Infof("Evaluating certificates")
+	p := C.evaluateCert()
+	s := C.GoString(p)
+	if len(s) != 0 {
+		oscmd := exec.Command("osascript", "-e", "display dialog \""+s+"\" buttons \"OK\" with title \"Arduino Agent: Error evaluating certificates\"")
+		_ = oscmd.Run()
+		return errors.New(s)
+	}
+	return nil
+}
