net/data/ssl/scripts/generate-keychain.sh - Issue 2101303005: CertVerifyProcMac: Add Keychain re-ordering hack, check CRLsets in path pruning loop.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/data/ssl/scripts/generate-keychain.sh

Issue 2101303005: CertVerifyProcMac: Add Keychain re-ordering hack, check CRLsets in path pruning loop. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: rebase Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « net/data/ssl/certificates/verisign_class3_g5_crosssigned-trusted.keychain ('k') | net/data/ssl/scripts/generate-multi-root-BFE-keychain.sh » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 #!/bin/sh

	2

	3 # Copyright 2016 The Chromium Authors. All rights reserved.

	4 # Use of this source code is governed by a BSD-style license that can be

	5 # found in the LICENSE file.

	6

	7

	8 set -e -x

	9

	10 SECURITY=/usr/bin/security

	11

	12 KEYCHAIN="$1"

	13 shift

	14 # security create-keychain will interpret a non-absolute path relative to the

	15 # keychain directory rather than the current directory, and OSX doesn't have a

	16 # realpath command. Be lazy and make the user pass in an absolute path.

	17 if [ `echo "$KEYCHAIN" \| cut -c1` != '/' ]; then

	18 echo keychain path must be absolute

	19 exit 1

	20 fi

	21

	22 PASSWORD=aoeu

	23

	24

	25 # create-keychain modifes the global keychain search list, save it first.

	26 # (or does it?)

	27 SAVED_KEYCHAIN_LIST=`$SECURITY list -d user`

	28 echo "Saved user keychain list:"

	29 echo "$SAVED_KEYCHAIN_LIST"

	30 echo

	31

	32

	33 $SECURITY create-keychain -p "$PASSWORD" "$KEYCHAIN"

	34

	35 trusted=0

	36

	37 for cert in "$@"; do

	38 if [ "$cert" = "--trusted" ]; then

	39 trusted=1

	40 continue

	41 fi

	42 if [ "$cert" = "--untrusted" ]; then

	43 trusted=0

	44 continue

	45 fi

	46

	47 # security tool only accepts DER. If input is a PEM, convert it.

	48 if grep -- "-----BEGIN CERTIFICATE-----" "$cert" ; then

	49 tmpcert="${cert}.der.tmp"

	50 openssl x509 -inform PEM -in "$cert" -outform DER -out "$tmpcert"

	51 cert="$tmpcert"

	52 fi

	53

	54 if [ $trusted = 1 ]; then

	55 $SECURITY add-trusted-cert -r trustAsRoot -k "$KEYCHAIN" "$cert"

	56 else

	57 $SECURITY add-certificates -k "$KEYCHAIN" "$cert"

	58 fi

	59 done

	60

	61

	62

	63 #TODO: Would be good to restore the keychain search list on failure too.

	64

	65 echo "pre-restore user keychain list:"

	66 $SECURITY list -d user

	67

	68 # restore the original keychain search list

	69 /bin/echo -n "${SAVED_KEYCHAIN_LIST}" \| xargs $SECURITY list -d user -s

	70

	71 echo "Restored user keychain list:"

	72 $SECURITY list -d user

	73 echo

OLD	NEW