Skip to content

Remove existing certificates from the keychain #933

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Apr 15, 2024
Merged

Remove existing certificates from the keychain #933

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8fc4e4a
Add function to uninstall certificate from the system keychain
MatteoPologruto Apr 4, 2024
6d48a90
Remove certificates from the keychain using the systray icon
MatteoPologruto Apr 4, 2024
0a97918
Improve error messages when installing and uninstalling certificates
MatteoPologruto Apr 10, 2024
8daa25f
Remove certificate from the keychain if an error occurs during install
MatteoPologruto Apr 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 44 additions & 1 deletion certificates/install_darwin.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,9 @@ package certificates
//inspired by https://stackoverflow.com/questions/12798950/ios-install-ssl-certificate-programmatically

/*
// Explicitly tell the GCC compiler that the language is Objective-C.
#cgo CFLAGS: -x objective-c
// Pass the list of macOS frameworks needed by this piece of Objective-C code.
#cgo LDFLAGS: -framework Cocoa
#import <Cocoa/Cocoa.h>

Expand Down Expand Up @@ -61,6 +63,32 @@ const char *installCert(const char *path) {
return "";
}

const char *uninstallCert() {
// Each line is a key-value of the dictionary. Note: the the inverted order, value first then key.
NSDictionary* dict = [NSDictionary dictionaryWithObjectsAndKeys:
(id)kSecClassCertificate, kSecClass,
CFSTR("Arduino"), kSecAttrLabel,
kSecMatchLimitOne, kSecMatchLimit,
kCFBooleanTrue, kSecReturnAttributes,
nil];

OSStatus err = noErr;
// Use this function to check for errors
err = SecItemCopyMatching((CFDictionaryRef)dict, nil);
if (err == noErr) {
err = SecItemDelete((CFDictionaryRef)dict);
if (err != noErr) {
NSString *errString = [@"Could not delete the certificates. Error: " stringByAppendingFormat:@"%d", err];
NSLog(@"%@", errString);
return [errString cStringUsingEncoding:[NSString defaultCStringEncoding]];;
}
} else if (err != errSecItemNotFound){
NSString *errString = [@"Error: " stringByAppendingFormat:@"%d", err];
NSLog(@"%@", errString);
return [errString cStringUsingEncoding:[NSString defaultCStringEncoding]];;
}
return "";
}
*/
import "C"
import (
Expand All @@ -82,7 +110,22 @@ func InstallCertificate(cert *paths.Path) error {
p := C.installCert(ccert)
s := C.GoString(p)
if len(s) != 0 {
oscmd := exec.Command("osascript", "-e", "display dialog \""+s+"\" buttons \"OK\" with title \"Error installing certificates\"")
oscmd := exec.Command("osascript", "-e", "display dialog \""+s+"\" buttons \"OK\" with title \"Arduino Agent: Error installing certificates\"")
_ = oscmd.Run()
_ = UninstallCertificates()
return errors.New(s)
}
return nil
}

// UninstallCertificates will uninstall the certificates from the system keychain on macos,
// if something goes wrong will show a dialog with the error and return an error
func UninstallCertificates() error {
log.Infof("Uninstalling certificates")
p := C.uninstallCert()
s := C.GoString(p)
if len(s) != 0 {
oscmd := exec.Command("osascript", "-e", "display dialog \""+s+"\" buttons \"OK\" with title \"Arduino Agent: Error uninstalling certificates\"")
_ = oscmd.Run()
return errors.New(s)
}
Expand Down
6 changes: 6 additions & 0 deletions certificates/install_default.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,9 @@ func InstallCertificate(cert *paths.Path) error {
log.Warn("platform not supported for the certificate install")
return errors.New("platform not supported for the certificate install")
}

// UninstallCertificates won't do anything on unsupported Operative Systems
func UninstallCertificates() error {
log.Warn("platform not supported for the certificates uninstall")
return errors.New("platform not supported for the certificates uninstall")
}
12 changes: 12 additions & 0 deletions systray/systray_real.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,12 +64,15 @@ func (s *Systray) start() {
s.updateMenuItem(mRmCrashes, config.LogsIsEmpty())

mGenCerts := systray.AddMenuItem("Generate and Install HTTPS certificates", "HTTPS Certs")
mRemoveCerts := systray.AddMenuItem("Remove HTTPS certificates", "")
// On linux/windows chrome/firefox/edge(chromium) the agent works without problems on plain HTTP,
// so we disable the menuItem to generate/install the certificates
if runtime.GOOS != "darwin" {
s.updateMenuItem(mGenCerts, true)
s.updateMenuItem(mRemoveCerts, true)
} else {
s.updateMenuItem(mGenCerts, config.CertsExist())
s.updateMenuItem(mRemoveCerts, !config.CertsExist())
}

// Add pause/quit
Expand Down Expand Up @@ -103,6 +106,15 @@ func (s *Systray) start() {
cert.DeleteCertificates(certDir)
}
s.Restart()
case <-mRemoveCerts.ClickedCh:
err := cert.UninstallCertificates()
if err != nil {
log.Errorf("cannot uninstall certificates something went wrong: %s", err)
} else {
certDir := config.GetCertificatesDir()
cert.DeleteCertificates(certDir)
}
s.Restart()
case <-mPause.ClickedCh:
s.Pause()
case <-mQuit.ClickedCh:
Expand Down
Loading