| William Kurkian | ea86948 | 2019-04-09 15:16:11 -0400 | [diff] [blame] | 1 | package rootcerts |
| 2 | |
| 3 | import ( |
| 4 | "crypto/x509" |
| 5 | "os/exec" |
| 6 | "path" |
| 7 | |
| 8 | "github.com/mitchellh/go-homedir" |
| 9 | ) |
| 10 | |
| 11 | // LoadSystemCAs has special behavior on Darwin systems to work around |
| 12 | func LoadSystemCAs() (*x509.CertPool, error) { |
| 13 | pool := x509.NewCertPool() |
| 14 | |
| 15 | for _, keychain := range certKeychains() { |
| 16 | err := addCertsFromKeychain(pool, keychain) |
| 17 | if err != nil { |
| 18 | return nil, err |
| 19 | } |
| 20 | } |
| 21 | |
| 22 | return pool, nil |
| 23 | } |
| 24 | |
| 25 | func addCertsFromKeychain(pool *x509.CertPool, keychain string) error { |
| 26 | cmd := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", keychain) |
| 27 | data, err := cmd.Output() |
| 28 | if err != nil { |
| 29 | return err |
| 30 | } |
| 31 | |
| 32 | pool.AppendCertsFromPEM(data) |
| 33 | |
| 34 | return nil |
| 35 | } |
| 36 | |
| 37 | func certKeychains() []string { |
| 38 | keychains := []string{ |
| 39 | "/System/Library/Keychains/SystemRootCertificates.keychain", |
| 40 | "/Library/Keychains/System.keychain", |
| 41 | } |
| 42 | home, err := homedir.Dir() |
| 43 | if err == nil { |
| 44 | loginKeychain := path.Join(home, "Library", "Keychains", "login.keychain") |
| 45 | keychains = append(keychains, loginKeychain) |
| 46 | } |
| 47 | return keychains |
| 48 | } |