From 43758b0fd316cfc7761814537cbc4abed8cb169a Mon Sep 17 00:00:00 2001 From: Daniil Subbotin Date: Sat, 27 Nov 2021 17:13:17 +0300 Subject: [PATCH 1/4] Add scripts to generate certificate and add it to the macOS Keychain and iOS Keychain --- Scripts/add-certificate-to-ios-keychain.sh | 31 +++++++++++++++++++ Scripts/add-certificate-to-system-keychain.sh | 17 ++++++++++ Scripts/cert.config | 19 ++++++++++++ Scripts/extract-certificate-from-keychain.sh | 5 +++ Scripts/generate-self-signed-certificate.sh | 24 ++++++++++++++ 5 files changed, 96 insertions(+) create mode 100755 Scripts/add-certificate-to-ios-keychain.sh create mode 100755 Scripts/add-certificate-to-system-keychain.sh create mode 100644 Scripts/cert.config create mode 100755 Scripts/extract-certificate-from-keychain.sh create mode 100755 Scripts/generate-self-signed-certificate.sh diff --git a/Scripts/add-certificate-to-ios-keychain.sh b/Scripts/add-certificate-to-ios-keychain.sh new file mode 100755 index 0000000..798fc03 --- /dev/null +++ b/Scripts/add-certificate-to-ios-keychain.sh @@ -0,0 +1,31 @@ +#!/bin/sh +set -e + +CERT_FILE=root-ca.pem +if ! test -f "$CERT_FILE"; then + echo "$CERT_FILE file doesn't exists. Generate it using generate-self-signed-certificate.sh" + exit 1 +fi + +# Find booted iOS Simulator +while true; do + export UDID=$(xcrun simctl list devices | grep "(Booted)" | grep -E -o -i "([0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})") + if [ -z "$UDID" ] + then + echo "Please launch an iOS Simulator in which you would like to install certificate and press any key" + read input + else + break + fi +done + +# Add certificate to iOS Simulator +echo "Adding certificate to iOS Sumulator..." +xcrun simctl keychain booted add-root-cert root-ca.pem + +# Restart booted iOS Simulator +echo "Restarning iOS Sumulator..." +xcrun simctl shutdown $UDID +xcrun simctl boot $UDID + +echo "Certificate has been successfully added to the iOS Simulator Keychain" diff --git a/Scripts/add-certificate-to-system-keychain.sh b/Scripts/add-certificate-to-system-keychain.sh new file mode 100755 index 0000000..6f48d6b --- /dev/null +++ b/Scripts/add-certificate-to-system-keychain.sh @@ -0,0 +1,17 @@ +#!/bin/sh +set -e + +CERT_FILE=root-ca.pem +if ! test -f "$CERT_FILE"; then + echo "$CERT_FILE file doesn't exists. Generate it using generate-certificate.sh." + exit 1 +fi + +# Add certificate to macOS Keychain +echo "You will be promted to authenticate to mark certificate as trusted" + +# Get path to the local keychain and trim whitespaces and quotation marks symbol +LOGIN_KEYCHAIN="$(security login-keychain | sed 's/[[:space:]]*"//g')" +security add-trusted-cert -k $LOGIN_KEYCHAIN root-ca.pem + +echo "Certificate has been successfully added to the macOS Keychain" diff --git a/Scripts/cert.config b/Scripts/cert.config new file mode 100644 index 0000000..3555775 --- /dev/null +++ b/Scripts/cert.config @@ -0,0 +1,19 @@ +[ ca ] +default_ca = CA_default +[ CA_default ] +default_md = sha256 +[ v3_ca ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer +basicConstraints = critical,CA:true +keyUsage=critical,keyCertSign +extendedKeyUsage = serverAuth,clientAuth +[ req ] +prompt = no +distinguished_name = req_distinguished_name +[ req_distinguished_name ] +C=RU +L=RU +O=Catbird +CN=Catbird +OU=Catbird \ No newline at end of file diff --git a/Scripts/extract-certificate-from-keychain.sh b/Scripts/extract-certificate-from-keychain.sh new file mode 100755 index 0000000..cc76a64 --- /dev/null +++ b/Scripts/extract-certificate-from-keychain.sh @@ -0,0 +1,5 @@ +#!/bin/sh +set -e + +# Get an existing Catbird certificate +security find-certificate -c Catbird -p > root-ca.pem diff --git a/Scripts/generate-self-signed-certificate.sh b/Scripts/generate-self-signed-certificate.sh new file mode 100755 index 0000000..06c3484 --- /dev/null +++ b/Scripts/generate-self-signed-certificate.sh @@ -0,0 +1,24 @@ +#!/bin/sh +set -e + +CONFIG_FILE=cert.config +if ! test -f "$CONFIG_FILE"; then + echo "$CONFIG_FILE file doesn't exists. Add cert.config file with certificate configuration." + exit 1 +fi + +echo "Creating new certificate from cert.config" + +echo "Enter password for new certificate." +read -s -p "Password: " password + +# Generate RSA Key +openssl genrsa -aes256 -passout pass:"$password" -out key.pem 2048 + +# Generate the self-signed certificate and private key +openssl req -x509 -new -nodes -passin pass:"$password" -config cert.config -key key.pem -sha256 -extensions v3_ca -days 365 -out root-ca.pem + +# Cleanup +rm key.pem + +echo "Certificate created: root_ca.pem" From cb31c70410ab59b7c4fd00b8d622f09a2fbcbd87 Mon Sep 17 00:00:00 2001 From: Daniil Subbotin Date: Sun, 5 Dec 2021 14:48:15 +0300 Subject: [PATCH 2/4] Update CN from Catbird to localhost --- Scripts/cert.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Scripts/cert.config b/Scripts/cert.config index 3555775..393c98f 100644 --- a/Scripts/cert.config +++ b/Scripts/cert.config @@ -15,5 +15,5 @@ distinguished_name = req_distinguished_name C=RU L=RU O=Catbird -CN=Catbird +CN=http://localhost OU=Catbird \ No newline at end of file From 635c5546ce59f54e8026a8f5efc33cb9a6b1820d Mon Sep 17 00:00:00 2001 From: Daniil Subbotin Date: Sun, 5 Dec 2021 14:48:29 +0300 Subject: [PATCH 3/4] Fix using $CONFIG_FILE --- Scripts/generate-self-signed-certificate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Scripts/generate-self-signed-certificate.sh b/Scripts/generate-self-signed-certificate.sh index 06c3484..75747c9 100755 --- a/Scripts/generate-self-signed-certificate.sh +++ b/Scripts/generate-self-signed-certificate.sh @@ -16,7 +16,7 @@ read -s -p "Password: " password openssl genrsa -aes256 -passout pass:"$password" -out key.pem 2048 # Generate the self-signed certificate and private key -openssl req -x509 -new -nodes -passin pass:"$password" -config cert.config -key key.pem -sha256 -extensions v3_ca -days 365 -out root-ca.pem +openssl req -x509 -new -nodes -passin pass:"$password" -config "$CONFIG_FILE" -key key.pem -sha256 -extensions v3_ca -days 365 -out root-ca.pem # Cleanup rm key.pem From 106fea1b19227d77719154d4c29300daacc692af Mon Sep 17 00:00:00 2001 From: Daniil Subbotin Date: Sun, 5 Dec 2021 14:48:39 +0300 Subject: [PATCH 4/4] Convert RSA Key from .pem to .key format --- Scripts/generate-self-signed-certificate.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Scripts/generate-self-signed-certificate.sh b/Scripts/generate-self-signed-certificate.sh index 75747c9..756c2a8 100755 --- a/Scripts/generate-self-signed-certificate.sh +++ b/Scripts/generate-self-signed-certificate.sh @@ -15,6 +15,11 @@ read -s -p "Password: " password # Generate RSA Key openssl genrsa -aes256 -passout pass:"$password" -out key.pem 2048 +# Convert RSA Key from .pem to .key format +openssl rsa -outform der -in key.pem -out cert.key -passin pass:"$password" + +echo "Key created: cert.key" + # Generate the self-signed certificate and private key openssl req -x509 -new -nodes -passin pass:"$password" -config "$CONFIG_FILE" -key key.pem -sha256 -extensions v3_ca -days 365 -out root-ca.pem