Factoring out VerifyOrConfirmHttpCertificate

Source commit: ca328bed694998bd51fd74c95e8c08350d9a1394

source/core/S3FileSystem.cpp

@@ -378,52 +378,15 @@ int TS3FileSystem::LibS3SslCallback(int Failures, const ne_ssl_certificate_s * C
   return FileSystem->VerifyCertificate(Data) ? NE_OK : NE_ERROR;
 }
 //---------------------------------------------------------------------------
-// Similar to TWebDAVFileSystem::VerifyCertificate
 bool TS3FileSystem::VerifyCertificate(TNeonCertificateData Data)
 {
-  FSessionInfo.CertificateFingerprintSHA1 = Data.FingerprintSHA1;
-  FSessionInfo.CertificateFingerprintSHA256 = Data.FingerprintSHA256;
+  bool Result =
+    FTerminal->VerifyOrConfirmHttpCertificate(
+      FTerminal->SessionData->HostNameExpanded, FTerminal->SessionData->PortNumber, Data, true, FSessionInfo);
 
-  bool Result;
-  if (FTerminal->SessionData->FingerprintScan)
-  {
-    Result = false;
-  }
-  else
+  if (Result)
   {
-    FTerminal->LogEvent(0, CertificateVerificationMessage(Data));
-
-    UnicodeString SiteKey = TSessionData::FormatSiteKey(FTerminal->SessionData->HostNameExpanded, FTerminal->SessionData->PortNumber);
-    Result =
-      FTerminal->VerifyCertificate(
-        HttpsCertificateStorageKey, SiteKey, Data.FingerprintSHA1, Data.FingerprintSHA256, Data.Subject, Data.Failures);
-
-    if (Result)
-    {
-      FSessionInfo.CertificateVerifiedManually = true;
-    }
-    else
-    {
-      UnicodeString Message;
-      Result = NeonWindowsValidateCertificateWithMessage(Data, Message);
-      FTerminal->LogEvent(0, Message);
-    }
-
-    FSessionInfo.Certificate = CertificateSummary(Data, FTerminal->SessionData->HostNameExpanded);
-
-    if (!Result)
-    {
-      if (FTerminal->ConfirmCertificate(FSessionInfo, Data.Failures, HttpsCertificateStorageKey, true))
-      {
-        Result = true;
-        FSessionInfo.CertificateVerifiedManually = true;
-      }
-    }
-
-    if (Result)
-    {
-      CollectTLSSessionInfo();
-    }
+    CollectTLSSessionInfo();
   }
 
   return Result;

source/core/Terminal.cpp

@@ -25,6 +25,7 @@
 #include "CoreMain.h"
 #include "Queue.h"
 #include "Cryptography.h"
+#include "NeonIntf.h"
 #include <openssl/pkcs12.h>
 #include <openssl/err.h>
 
@@ -8182,6 +8183,55 @@ void __fastcall TTerminal::CacheCertificate(
   }
 }
 //---------------------------------------------------------------------------
+// Shared implementation for WebDAV and S3
+bool TTerminal::VerifyOrConfirmHttpCertificate(
+  const UnicodeString & AHostName, int APortNumber, const TNeonCertificateData & AData, bool CanRemember,
+  TSessionInfo & SessionInfo)
+{
+  TNeonCertificateData Data = AData;
+  SessionInfo.CertificateFingerprintSHA1 = Data.FingerprintSHA1;
+  SessionInfo.CertificateFingerprintSHA256 = Data.FingerprintSHA256;
+
+  bool Result;
+  if (SessionData->FingerprintScan)
+  {
+    Result = false;
+  }
+  else
+  {
+    LogEvent(0, CertificateVerificationMessage(Data));
+
+    UnicodeString SiteKey = TSessionData::FormatSiteKey(AHostName, APortNumber);
+    Result =
+      VerifyCertificate(
+        HttpsCertificateStorageKey, SiteKey, Data.FingerprintSHA1, Data.FingerprintSHA256, Data.Subject, Data.Failures);
+
+    if (Result)
+    {
+      SessionInfo.CertificateVerifiedManually = true;
+    }
+    else
+    {
+      UnicodeString Message;
+      Result = NeonWindowsValidateCertificateWithMessage(Data, Message);
+      LogEvent(0, Message);
+    }
+
+    SessionInfo.Certificate = CertificateSummary(Data, AHostName);
+
+    if (!Result)
+    {
+      if (ConfirmCertificate(SessionInfo, Data.Failures, HttpsCertificateStorageKey, CanRemember))
+      {
+        Result = true;
+        SessionInfo.CertificateVerifiedManually = true;
+      }
+    }
+  }
+
+  return Result;
+}
+//---------------------------------------------------------------------------
 void __fastcall TTerminal::CollectTlsUsage(const UnicodeString & TlsVersionStr)
 {
   // see SSL_get_version() in OpenSSL ssl_lib.c

source/core/Terminal.h

@@ -30,6 +30,7 @@ class TCallbackGuard;
 class TParallelOperation;
 class TCollectedFileList;
 struct TLocalFileHandle;
+struct TNeonCertificateData;
 typedef std::vector<__int64> TCalculatedSizes;
 //---------------------------------------------------------------------------
 typedef void __fastcall (__closure *TQueryUserEvent)
@@ -444,6 +445,9 @@ protected:
     int Failures);
   bool __fastcall ConfirmCertificate(
     TSessionInfo & SessionInfo, int Failures, const UnicodeString & CertificateStorageKey, bool CanRemember);
+  bool VerifyOrConfirmHttpCertificate(
+    const UnicodeString & AHostName, int APortNumber, const TNeonCertificateData & Data, bool CanRemember,
+    TSessionInfo & SessionInfo);
   void __fastcall CollectTlsUsage(const UnicodeString & TlsVersionStr);
   bool __fastcall LoadTlsCertificate(X509 *& Certificate, EVP_PKEY *& PrivateKey);
   bool __fastcall TryStartOperationWithFile(

source/core/WebDAVFileSystem.cpp

@@ -1827,52 +1827,15 @@ void __fastcall TWebDAVFileSystem::Sink(
   FTerminal->UpdateTargetAttrs(DestFullName, File, CopyParam, Attrs);
 }
 //---------------------------------------------------------------------------
-// Similar to TS3FileSystem::VerifyCertificate
 bool TWebDAVFileSystem::VerifyCertificate(TSessionContext * SessionContext, TNeonCertificateData Data, bool Aux)
 {
-  FSessionInfo.CertificateFingerprintSHA1 = Data.FingerprintSHA1;
-  FSessionInfo.CertificateFingerprintSHA256 = Data.FingerprintSHA256;
+  bool Result =
+    FTerminal->VerifyOrConfirmHttpCertificate(
+      SessionContext->HostName, SessionContext->PortNumber, Data, !Aux, FSessionInfo);
 
-  bool Result;
-  if (FTerminal->SessionData->FingerprintScan)
+  if (Result && !Aux && (SessionContext == FSessionContext))
   {
-    Result = false;
-  }
-  else
-  {
-    FTerminal->LogEvent(0, CertificateVerificationMessage(Data));
-
-    UnicodeString SiteKey = TSessionData::FormatSiteKey(SessionContext->HostName, SessionContext->PortNumber);
-    Result =
-      FTerminal->VerifyCertificate(
-        HttpsCertificateStorageKey, SiteKey, Data.FingerprintSHA1, Data.FingerprintSHA256, Data.Subject, Data.Failures);
-
-    if (Result)
-    {
-      FSessionInfo.CertificateVerifiedManually = true;
-    }
-    else
-    {
-      UnicodeString Message;
-      Result = NeonWindowsValidateCertificateWithMessage(Data, Message);
-      FTerminal->LogEvent(0, Message);
-    }
-
-    FSessionInfo.Certificate = CertificateSummary(Data, SessionContext->HostName);
-
-    if (!Result)
-    {
-      if (FTerminal->ConfirmCertificate(FSessionInfo, Data.Failures, HttpsCertificateStorageKey, !Aux))
-      {
-        Result = true;
-        FSessionInfo.CertificateVerifiedManually = true;
-      }
-    }
-
-    if (Result && !Aux && (SessionContext == FSessionContext))
-    {
-      CollectTLSSessionInfo();
-    }
+    CollectTLSSessionInfo();
   }
 
   return Result;