1*6777b538SAndroid Build Coastguard Worker#!/bin/sh 2*6777b538SAndroid Build Coastguard Worker 3*6777b538SAndroid Build Coastguard Worker# Copyright 2016 The Chromium Authors 4*6777b538SAndroid Build Coastguard Worker# Use of this source code is governed by a BSD-style license that can be 5*6777b538SAndroid Build Coastguard Worker# found in the LICENSE file. 6*6777b538SAndroid Build Coastguard Worker 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Workerset -e -x 9*6777b538SAndroid Build Coastguard Worker 10*6777b538SAndroid Build Coastguard WorkerSECURITY=/usr/bin/security 11*6777b538SAndroid Build Coastguard Worker 12*6777b538SAndroid Build Coastguard WorkerKEYCHAIN="$1" 13*6777b538SAndroid Build Coastguard Workershift 14*6777b538SAndroid Build Coastguard Worker# security create-keychain will interpret a non-absolute path relative to the 15*6777b538SAndroid Build Coastguard Worker# keychain directory rather than the current directory, and OSX doesn't have a 16*6777b538SAndroid Build Coastguard Worker# realpath command. Be lazy and make the user pass in an absolute path. 17*6777b538SAndroid Build Coastguard Workerif [ `echo "$KEYCHAIN" | cut -c1` != '/' ]; then 18*6777b538SAndroid Build Coastguard Worker echo keychain path must be absolute 19*6777b538SAndroid Build Coastguard Worker exit 1 20*6777b538SAndroid Build Coastguard Workerfi 21*6777b538SAndroid Build Coastguard Worker 22*6777b538SAndroid Build Coastguard WorkerPASSWORD=aoeu 23*6777b538SAndroid Build Coastguard Worker 24*6777b538SAndroid Build Coastguard Worker 25*6777b538SAndroid Build Coastguard Worker# create-keychain modifes the global keychain search list, save it first. 26*6777b538SAndroid Build Coastguard Worker# (or does it?) 27*6777b538SAndroid Build Coastguard WorkerSAVED_KEYCHAIN_LIST=`$SECURITY list -d user` 28*6777b538SAndroid Build Coastguard Workerecho "Saved user keychain list:" 29*6777b538SAndroid Build Coastguard Workerecho "$SAVED_KEYCHAIN_LIST" 30*6777b538SAndroid Build Coastguard Workerecho 31*6777b538SAndroid Build Coastguard Worker 32*6777b538SAndroid Build Coastguard Worker 33*6777b538SAndroid Build Coastguard Worker$SECURITY create-keychain -p "$PASSWORD" "$KEYCHAIN" 34*6777b538SAndroid Build Coastguard Worker 35*6777b538SAndroid Build Coastguard Workertrusted=0 36*6777b538SAndroid Build Coastguard Worker 37*6777b538SAndroid Build Coastguard Workerfor cert in "$@"; do 38*6777b538SAndroid Build Coastguard Worker if [ "$cert" = "--trusted" ]; then 39*6777b538SAndroid Build Coastguard Worker trusted=1 40*6777b538SAndroid Build Coastguard Worker continue 41*6777b538SAndroid Build Coastguard Worker fi 42*6777b538SAndroid Build Coastguard Worker if [ "$cert" = "--untrusted" ]; then 43*6777b538SAndroid Build Coastguard Worker trusted=0 44*6777b538SAndroid Build Coastguard Worker continue 45*6777b538SAndroid Build Coastguard Worker fi 46*6777b538SAndroid Build Coastguard Worker 47*6777b538SAndroid Build Coastguard Worker # security tool only accepts DER. If input is a PEM, convert it. 48*6777b538SAndroid Build Coastguard Worker if grep -- "-----BEGIN CERTIFICATE-----" "$cert" ; then 49*6777b538SAndroid Build Coastguard Worker tmpcert="${cert}.der.tmp" 50*6777b538SAndroid Build Coastguard Worker openssl x509 -inform PEM -in "$cert" -outform DER -out "$tmpcert" 51*6777b538SAndroid Build Coastguard Worker cert="$tmpcert" 52*6777b538SAndroid Build Coastguard Worker fi 53*6777b538SAndroid Build Coastguard Worker 54*6777b538SAndroid Build Coastguard Worker if [ $trusted = 1 ]; then 55*6777b538SAndroid Build Coastguard Worker $SECURITY add-trusted-cert -r trustAsRoot -k "$KEYCHAIN" "$cert" 56*6777b538SAndroid Build Coastguard Worker else 57*6777b538SAndroid Build Coastguard Worker $SECURITY add-certificates -k "$KEYCHAIN" "$cert" 58*6777b538SAndroid Build Coastguard Worker fi 59*6777b538SAndroid Build Coastguard Workerdone 60*6777b538SAndroid Build Coastguard Worker 61*6777b538SAndroid Build Coastguard Worker 62*6777b538SAndroid Build Coastguard Worker 63*6777b538SAndroid Build Coastguard Worker#TODO: Would be good to restore the keychain search list on failure too. 64*6777b538SAndroid Build Coastguard Worker 65*6777b538SAndroid Build Coastguard Workerecho "pre-restore user keychain list:" 66*6777b538SAndroid Build Coastguard Worker$SECURITY list -d user 67*6777b538SAndroid Build Coastguard Worker 68*6777b538SAndroid Build Coastguard Worker# restore the original keychain search list 69*6777b538SAndroid Build Coastguard Worker/bin/echo -n "${SAVED_KEYCHAIN_LIST}" | xargs $SECURITY list -d user -s 70*6777b538SAndroid Build Coastguard Worker 71*6777b538SAndroid Build Coastguard Workerecho "Restored user keychain list:" 72*6777b538SAndroid Build Coastguard Worker$SECURITY list -d user 73*6777b538SAndroid Build Coastguard Workerecho 74