*WIP* Mac Unittest for client cert selection with intermediate certs

net/data/ssl/scripts/generate-keychain.sh

Index: net/data/ssl/scripts/generate-keychain.sh
diff --git a/net/data/ssl/scripts/generate-keychain.sh b/net/data/ssl/scripts/generate-keychain.sh
index 4256cd9c81db227ea627b055cd42dbe334a03d81..c46c8a56b3cdd0d109c33c83f2666e825acab1fa 100755
--- a/net/data/ssl/scripts/generate-keychain.sh
+++ b/net/data/ssl/scripts/generate-keychain.sh
@@ -32,26 +32,36 @@ echo
 
 $SECURITY create-keychain -p "$PASSWORD" "$KEYCHAIN"
 
-trusted=0
+mode=addcert
 
 for cert in "$@"; do
+  if [ "$cert" = "--import" ]; then
+    mode=import
+    continue
+  fi
   if [ "$cert" = "--trusted" ]; then
-    trusted=1
+    mode=addtrustedcert
     continue
   fi
   if [ "$cert" = "--untrusted" ]; then
-    trusted=0
+    mode=addcert
+    continue
+  fi
+
+  if [ $mode = import ]; then
+    $SECURITY import "$cert" -A -k "$KEYCHAIN"
     continue
   fi
 
-  # security tool only accepts DER. If input is a PEM, convert it.
+  # security tool add-trusted-cert and add-certificates only accepts DER. If
+  # input is a PEM, convert it.
   if grep -- "-----BEGIN CERTIFICATE-----" "$cert" ; then
     tmpcert="${cert}.der.tmp"
     openssl x509 -inform PEM -in "$cert" -outform DER -out "$tmpcert"
     cert="$tmpcert"
   fi
 
-  if [ $trusted = 1 ]; then
+  if [ $mode = addtrustedcert ]; then
     $SECURITY add-trusted-cert -r trustAsRoot -k "$KEYCHAIN" "$cert"
   else
     $SECURITY add-certificates -k "$KEYCHAIN" "$cert"