Check for the presence of the certificate in the keychain to determine if it is installed

MatteoPologruto · MatteoPologruto · commit 7f4cdf62bf10 · 2024-05-09T14:01:55.000+02:00
diff --git a/certificates/install_darwin.go b/certificates/install_darwin.go
@@ -150,6 +150,25 @@ const char *getDefaultBrowserName() {
 
     return "";
 }
+
+const char *certInKeychain() {
+    // Each line is a key-value of the dictionary. Note: the the inverted order, value first then key.
+    NSDictionary* dict = [NSDictionary dictionaryWithObjectsAndKeys:
+        (id)kSecClassCertificate, kSecClass,
+        CFSTR("Arduino"), kSecAttrLabel,
+        kSecMatchLimitOne, kSecMatchLimit,
+        kCFBooleanTrue, kSecReturnAttributes,
+        nil];
+
+    OSStatus err = noErr;
+    // Use this function to check for errors
+    err = SecItemCopyMatching((CFDictionaryRef)dict, nil);
+    NSString *exists = @"false";
+    if (err == noErr) {
+        exists = @"true";
+    }
+    return [exists cStringUsingEncoding:[NSString defaultCStringEncoding]];;
+}
 */
 import "C"
 import (
@@ -213,3 +232,14 @@ func GetDefaultBrowserName() string {
 	p := C.getDefaultBrowserName()
 	return C.GoString(p)
 }
+
+// CertInKeychain checks if the certificate is stored inside the keychain
+func CertInKeychain() bool {
+	log.Infof("Checking if the Arduino certificate is in the keychain")
+	p := C.certInKeychain()
+	s := C.GoString(p)
+	if s == "true" {
+		return true
+	}
+	return false
+}
diff --git a/certificates/install_default.go b/certificates/install_default.go
@@ -48,3 +48,9 @@ func GetDefaultBrowserName() string {
 	log.Warn("platform not supported for retrieving default browser name")
 	return ""
 }
+
+// CertInKeychain won't do anything on unsupported Operative Systems
+func CertInKeychain() bool {
+	log.Warn("platform not supported for verifying the certificate existence")
+	return false
+}
diff --git a/main.go b/main.go
@@ -227,7 +227,7 @@ func loop() {
 		if exist, err := installCertsKeyExists(configPath.String()); err != nil {
 			log.Panicf("config.ini cannot be parsed: %s", err)
 		} else if !exist {
-			if config.CertsExist() {
+			if cert.CertInKeychain() || config.CertsExist() {
 				err = config.SetInstallCertsIni(configPath.String(), "true")
 				if err != nil {
 					log.Panicf("config.ini cannot be parsed: %s", err)
@@ -373,7 +373,7 @@ func loop() {
 
 	// check if the HTTPS certificates are expired or expiring and prompt the user to update them on macOS
 	if runtime.GOOS == "darwin" && *installCerts {
-		if config.CertsExist() {
+		if cert.CertInKeychain() || config.CertsExist() {
 			certDir := config.GetCertificatesDir()
 			if expired, err := cert.IsExpired(); err != nil {
 				log.Errorf("cannot check if certificates are expired something went wrong: %s", err)
diff --git a/systray/systray_real.go b/systray/systray_real.go
@@ -97,7 +97,7 @@ func (s *Systray) start() {
 				buttons := "{\"OK\", \"Install the certificate for Safari\"}"
 				defaultButton := "Install the certificate for Safari"
 				certDir := config.GetCertificatesDir()
-				if config.CertsExist() {
+				if cert.CertInKeychain() || config.CertsExist() {
 					expDate, err := cert.GetExpirationDate()
 					if err != nil {
 						log.Errorf("cannot get certificates expiration date, something went wrong: %s", err)
