| OLD | NEW |
|---|
| 1 #!/bin/sh | 1 #!/bin/sh |
| 2 | 2 |
| 3 # Copyright 2016 The Chromium Authors. All rights reserved. | 3 # Copyright 2016 The Chromium Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 | 7 |
| 8 set -e -x | 8 set -e -x |
| 9 | 9 |
| 10 SECURITY=/usr/bin/security | 10 SECURITY=/usr/bin/security |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 # create-keychain modifes the global keychain search list, save it first. | 25 # create-keychain modifes the global keychain search list, save it first. |
| 26 # (or does it?) | 26 # (or does it?) |
| 27 SAVED_KEYCHAIN_LIST=`$SECURITY list -d user` | 27 SAVED_KEYCHAIN_LIST=`$SECURITY list -d user` |
| 28 echo "Saved user keychain list:" | 28 echo "Saved user keychain list:" |
| 29 echo "$SAVED_KEYCHAIN_LIST" | 29 echo "$SAVED_KEYCHAIN_LIST" |
| 30 echo | 30 echo |
| 31 | 31 |
| 32 | 32 |
| 33 $SECURITY create-keychain -p "$PASSWORD" "$KEYCHAIN" | 33 $SECURITY create-keychain -p "$PASSWORD" "$KEYCHAIN" |
| 34 | 34 |
| 35 trusted=0 | 35 mode=addcert |
| 36 | 36 |
| 37 for cert in "$@"; do | 37 for cert in "$@"; do |
| 38 if [ "$cert" = "--import" ]; then |
| 39 mode=import |
| 40 continue |
| 41 fi |
| 38 if [ "$cert" = "--trusted" ]; then | 42 if [ "$cert" = "--trusted" ]; then |
| 39 trusted=1 | 43 mode=addtrustedcert |
| 40 continue | 44 continue |
| 41 fi | 45 fi |
| 42 if [ "$cert" = "--untrusted" ]; then | 46 if [ "$cert" = "--untrusted" ]; then |
| 43 trusted=0 | 47 mode=addcert |
| 44 continue | 48 continue |
| 45 fi | 49 fi |
| 46 | 50 |
| 47 # security tool only accepts DER. If input is a PEM, convert it. | 51 if [ $mode = import ]; then |
| 52 $SECURITY import "$cert" -A -k "$KEYCHAIN" |
| 53 continue |
| 54 fi |
| 55 |
| 56 # security tool add-trusted-cert and add-certificates only accepts DER. If |
| 57 # input is a PEM, convert it. |
| 48 if grep -- "-----BEGIN CERTIFICATE-----" "$cert" ; then | 58 if grep -- "-----BEGIN CERTIFICATE-----" "$cert" ; then |
| 49 tmpcert="${cert}.der.tmp" | 59 tmpcert="${cert}.der.tmp" |
| 50 openssl x509 -inform PEM -in "$cert" -outform DER -out "$tmpcert" | 60 openssl x509 -inform PEM -in "$cert" -outform DER -out "$tmpcert" |
| 51 cert="$tmpcert" | 61 cert="$tmpcert" |
| 52 fi | 62 fi |
| 53 | 63 |
| 54 if [ $trusted = 1 ]; then | 64 if [ $mode = addtrustedcert ]; then |
| 55 $SECURITY add-trusted-cert -r trustAsRoot -k "$KEYCHAIN" "$cert" | 65 $SECURITY add-trusted-cert -r trustAsRoot -k "$KEYCHAIN" "$cert" |
| 56 else | 66 else |
| 57 $SECURITY add-certificates -k "$KEYCHAIN" "$cert" | 67 $SECURITY add-certificates -k "$KEYCHAIN" "$cert" |
| 58 fi | 68 fi |
| 59 done | 69 done |
| 60 | 70 |
| 61 | 71 |
| 62 | 72 |
| 63 #TODO: Would be good to restore the keychain search list on failure too. | 73 #TODO: Would be good to restore the keychain search list on failure too. |
| 64 | 74 |
| 65 echo "pre-restore user keychain list:" | 75 echo "pre-restore user keychain list:" |
| 66 $SECURITY list -d user | 76 $SECURITY list -d user |
| 67 | 77 |
| 68 # restore the original keychain search list | 78 # restore the original keychain search list |
| 69 /bin/echo -n "${SAVED_KEYCHAIN_LIST}" | xargs $SECURITY list -d user -s | 79 /bin/echo -n "${SAVED_KEYCHAIN_LIST}" | xargs $SECURITY list -d user -s |
| 70 | 80 |
| 71 echo "Restored user keychain list:" | 81 echo "Restored user keychain list:" |
| 72 $SECURITY list -d user | 82 $SECURITY list -d user |
| 73 echo | 83 echo |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2411023002:
*WIP* Mac Unittest for client cert selection with intermediate certs
