unplugged-system/external/cronet/net/data/ssl/scripts/generate-keychain.sh

#!/bin/sh

# Copyright 2016 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.


set -e -x

SECURITY=/usr/bin/security

KEYCHAIN="$1"
shift
# security create-keychain will interpret a non-absolute path relative to the
# keychain directory rather than the current directory, and OSX doesn't have a
# realpath command. Be lazy and make the user pass in an absolute path.
if [ `echo "$KEYCHAIN" | cut -c1` != '/' ]; then
  echo keychain path must be absolute
  exit 1
fi

PASSWORD=aoeu


# create-keychain modifes the global keychain search list, save it first.
# (or does it?)
SAVED_KEYCHAIN_LIST=`$SECURITY list -d user`
echo "Saved user keychain list:"
echo "$SAVED_KEYCHAIN_LIST"
echo


$SECURITY create-keychain -p "$PASSWORD" "$KEYCHAIN"

trusted=0

for cert in "$@"; do
  if [ "$cert" = "--trusted" ]; then
    trusted=1
    continue
  fi
  if [ "$cert" = "--untrusted" ]; then
    trusted=0
    continue
  fi

  # security tool only accepts DER. If input is a PEM, convert it.
  if grep -- "-----BEGIN CERTIFICATE-----" "$cert" ; then
    tmpcert="${cert}.der.tmp"
    openssl x509 -inform PEM -in "$cert" -outform DER -out "$tmpcert"
    cert="$tmpcert"
  fi

  if [ $trusted = 1 ]; then
    $SECURITY add-trusted-cert -r trustAsRoot -k "$KEYCHAIN" "$cert"
  else
    $SECURITY add-certificates -k "$KEYCHAIN" "$cert"
  fi
done


#TODO: Would be good to restore the keychain search list on failure too.

echo "pre-restore user keychain list:"
$SECURITY list -d user

# restore the original keychain search list
/bin/echo -n "${SAVED_KEYCHAIN_LIST}" | xargs $SECURITY list -d user -s

echo "Restored user keychain list:"
$SECURITY list -d user
echo
Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00			`#!/bin/sh`

			`# Copyright 2016 The Chromium Authors`
			`# Use of this source code is governed by a BSD-style license that can be`
			`# found in the LICENSE file.`


			`set -e -x`

			`SECURITY=/usr/bin/security`

			`KEYCHAIN="$1"`
			`shift`
			`# security create-keychain will interpret a non-absolute path relative to the`
			`# keychain directory rather than the current directory, and OSX doesn't have a`
			`# realpath command. Be lazy and make the user pass in an absolute path.`
			if [ `echo "$KEYCHAIN" \| cut -c1` != '/' ]; then
			`echo keychain path must be absolute`
			`exit 1`
			`fi`

			`PASSWORD=aoeu`


			`# create-keychain modifes the global keychain search list, save it first.`
			`# (or does it?)`
			SAVED_KEYCHAIN_LIST=`$SECURITY list -d user`
			`echo "Saved user keychain list:"`
			`echo "$SAVED_KEYCHAIN_LIST"`
			`echo`


			`$SECURITY create-keychain -p "$PASSWORD" "$KEYCHAIN"`

			`trusted=0`

			`for cert in "$@"; do`
			`if [ "$cert" = "--trusted" ]; then`
			`trusted=1`
			`continue`
			`fi`
			`if [ "$cert" = "--untrusted" ]; then`
			`trusted=0`
			`continue`
			`fi`

			`# security tool only accepts DER. If input is a PEM, convert it.`
			`if grep -- "-----BEGIN CERTIFICATE-----" "$cert" ; then`
			`tmpcert="${cert}.der.tmp"`
			`openssl x509 -inform PEM -in "$cert" -outform DER -out "$tmpcert"`
			`cert="$tmpcert"`
			`fi`

			`if [ $trusted = 1 ]; then`
			`$SECURITY add-trusted-cert -r trustAsRoot -k "$KEYCHAIN" "$cert"`
			`else`
			`$SECURITY add-certificates -k "$KEYCHAIN" "$cert"`
			`fi`
			`done`



			`#TODO: Would be good to restore the keychain search list on failure too.`

			`echo "pre-restore user keychain list:"`
			`$SECURITY list -d user`

			`# restore the original keychain search list`
			`/bin/echo -n "${SAVED_KEYCHAIN_LIST}" \| xargs $SECURITY list -d user -s`

			`echo "Restored user keychain list:"`
			`$SECURITY list -d user`
			`echo`