applescriptautomatorkeychainmacos
I would like to know, if there is a way to make an Automator service or an Applescript that automatically trusts a root certificate. If possible without a prompt for password or Admin privileges. Could it be possible to do that maybe with tell application "Keychain Access"
or
do shell script "sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <certificate>"
If possible without the sudo.
AppleScript should let you do this by using with administrator privileges:
osascript -e 'do shell script "sudo -s launchctl load -w /System/Library/LaunchDaemons/ftp.plist" with administrator privileges'
This doesn't pass the password, but prompts for it with a standard OS X prompt:
You can use this in your Automator workflow in one of the two following ways:
Buscar's comment made me check the process hierarchy and it turns out, a service is a sub-sub-sub process of the application that launched it.
So, even though in many cases, a query for the frontmost application may be ok, I think looking at the process tree is better.
Here is some sample code from a test Service Workflow that for me appears to work every time...
on run {input, parameters}
set arpid to (do shell script "echo $PPID")
display dialog "Automator Runner PID is: " & arpid
set srpid to (do shell script "ps -o ppid -p " & arpid & " | tail -1")
display dialog "Service Runner PID is: " & srpid
set appid to (do shell script "ps -o ppid -p " & srpid & " | tail -1")
display dialog "Application PID is: '" & first word of appid & "'"
tell application "System Events"
set activeApp to (name of first process whose unix id is (appid as integer))
end tell
display dialog activeApp
return input
end run
Best Answer
Undesirable Behaviour
There is no intended way to add trusted root certificates without requiring authorisation from the user or an administrator.
Any method that manages to add a trusted root certificate without confirming, at some stage, the credentials of the user would be considered a serious security bug.
What is the Risk?
Once a root certificate is trusted, it provides an automatic degree of trust for other certificates, applications, and content.
If a script, process, or tool could add trusted root certificates without authorisation, then it opens the possibly to perform malicious actions on a Mac – without the user knowing.