Permalink
Cannot retrieve contributors at this time
// Copyright 2018 The mkcert Authors. All rights reserved. | |
// Use of this source code is governed by a BSD-style | |
// license that can be found in the LICENSE file. | |
package main | |
import ( | |
"bytes" | |
"encoding/asn1" | |
"io/ioutil" | |
"log" | |
"os" | |
"path/filepath" | |
"howett.net/plist" | |
) | |
var ( | |
FirefoxProfile = os.Getenv("HOME") + "/Library/Application Support/Firefox/Profiles/*" | |
CertutilInstallHelp = "brew install nss" | |
NSSBrowsers = "Firefox" | |
) | |
// https://github.com/golang/go/issues/24652#issuecomment-399826583 | |
var trustSettings []interface{} | |
var _, _ = plist.Unmarshal(trustSettingsData, &trustSettings) | |
var trustSettingsData = []byte(` | |
<array> | |
<dict> | |
<key>kSecTrustSettingsPolicy</key> | |
<data> | |
KoZIhvdjZAED | |
</data> | |
<key>kSecTrustSettingsPolicyName</key> | |
<string>sslServer</string> | |
<key>kSecTrustSettingsResult</key> | |
<integer>1</integer> | |
</dict> | |
<dict> | |
<key>kSecTrustSettingsPolicy</key> | |
<data> | |
KoZIhvdjZAEC | |
</data> | |
<key>kSecTrustSettingsPolicyName</key> | |
<string>basicX509</string> | |
<key>kSecTrustSettingsResult</key> | |
<integer>1</integer> | |
</dict> | |
</array> | |
`) | |
func (m *mkcert) installPlatform() bool { | |
cmd := commandWithSudo("security", "add-trusted-cert", "-d", "-k", "/Library/Keychains/System.keychain", filepath.Join(m.CAROOT, rootName)) | |
out, err := cmd.CombinedOutput() | |
fatalIfCmdErr(err, "security add-trusted-cert", out) | |
// Make trustSettings explicit, as older Go does not know the defaults. | |
// https://github.com/golang/go/issues/24652 | |
plistFile, err := ioutil.TempFile("", "trust-settings") | |
fatalIfErr(err, "failed to create temp file") | |
defer os.Remove(plistFile.Name()) | |
cmd = commandWithSudo("security", "trust-settings-export", "-d", plistFile.Name()) | |
out, err = cmd.CombinedOutput() | |
fatalIfCmdErr(err, "security trust-settings-export", out) | |
plistData, err := ioutil.ReadFile(plistFile.Name()) | |
fatalIfErr(err, "failed to read trust settings") | |
var plistRoot map[string]interface{} | |
_, err = plist.Unmarshal(plistData, &plistRoot) | |
fatalIfErr(err, "failed to parse trust settings") | |
rootSubjectASN1, _ := asn1.Marshal(m.caCert.Subject.ToRDNSequence()) | |
if plistRoot["trustVersion"].(uint64) != 1 { | |
log.Fatalln("ERROR: unsupported trust settings version:", plistRoot["trustVersion"]) | |
} | |
trustList := plistRoot["trustList"].(map[string]interface{}) | |
for key := range trustList { | |
entry := trustList[key].(map[string]interface{}) | |
if _, ok := entry["issuerName"]; !ok { | |
continue | |
} | |
issuerName := entry["issuerName"].([]byte) | |
if !bytes.Equal(rootSubjectASN1, issuerName) { | |
continue | |
} | |
entry["trustSettings"] = trustSettings | |
break | |
} | |
plistData, err = plist.MarshalIndent(plistRoot, plist.XMLFormat, "\t") | |
fatalIfErr(err, "failed to serialize trust settings") | |
err = ioutil.WriteFile(plistFile.Name(), plistData, 0600) | |
fatalIfErr(err, "failed to write trust settings") | |
cmd = commandWithSudo("security", "trust-settings-import", "-d", plistFile.Name()) | |
out, err = cmd.CombinedOutput() | |
fatalIfCmdErr(err, "security trust-settings-import", out) | |
return true | |
} | |
func (m *mkcert) uninstallPlatform() bool { | |
cmd := commandWithSudo("security", "remove-trusted-cert", "-d", filepath.Join(m.CAROOT, rootName)) | |
out, err := cmd.CombinedOutput() | |
fatalIfCmdErr(err, "security remove-trusted-cert", out) | |
return true | |
} |