I have been attempting to create an automated method for setting wireless connections to both a WEP and WPA/WPA2 Enterprise network to work on MacOSX 10.5.
I have a couple of methods that work with the WEP network, but keep hitting the same brick wall with the WPA network. I have an Automator method and an Applescript method and have the pieces for a fully command-line shell script method, but all three can’t get me past setting the trust on the certificate on the local computer. Automator bombs out, Applescript won’t allow me to address the ‘Trust dialog box’ and the command-line security add-trusted-certificate will add the certificate, but gives me an error. I’m guessing most of this is built-in security to keep people (with bad intentions) from doing what I am.
I can get the certificate added to the keychain by using:
sudo certtool i /path/to/certificate.pem k=/Users/username/Library/Keychain/login.keychain
but it doesn’t have flags to change trust settings. I’ve even tried putting it in the system.keychain.
Here’s what I have up to the point of getting the certificate trust set (special thanks to all the people that I’ve gotten bits of code from to get this far). I’ve toyed with just having a dialog to walk the user through the trust steps, but there are several steps and since this will be used by over 1000 people annually, I’d like to limit user-error by fully automating it.
I also get a weird 5 second pause at the ‘Enter Name of Network’ dialog both times that I can’t explain.
set WPANameString to "SSID of WPA network"
set WEPNameString to "SSID of WEP network"
set WEPPassString to "WEP password"
set ClearClipboardString to "random text to clear out clipboard, great place for an Easter Egg"
try
tell current application
activate
set acctBox to display dialog "Please enter your USERID to setup your wireless connection:" default answer "" buttons {"Cancel", "OK"} default button 2
set myAcct to the text returned of acctBox
set myButton to the button returned of acctBox
if myButton is "OK" then
if myAcct is not "" then
set myPass to display dialog "Please enter your password:" default answer "" buttons {"Cancel", "OK"} default button 2 with hidden answer
if myPass is "" then
RestartRoutine()
end if
else
RestartRoutine()
end if
else
RestartRoutine()
end if
set acctBox to display dialog "Please DO NOT TOUCH the keyboard or mouse/trackpad until wireless setup is complete!" buttons {"Cancel", "OK"} default button 2
set myButton to the button returned of acctBox
if myButton is "Cancel" then
quit
end if
end tell
tell application "System Preferences"
activate
set the current pane to pane id "com.apple.preference.network"
get the name of every anchor of pane id "com.apple.preference.network"
reveal anchor "Advanced Airport" of pane id "com.apple.preference.network"
tell application "System Events"
tell application process "System Preferences"
-- Setup WPA2 network
click button 1 of group 1 of tab group 1 of sheet 1 of window "Network"
set the clipboard to WPANameString
click text field 1 of group 1 of window 1
keystroke "v" using {command down}
click pop up button 1 of window 1
click menu item "WPA2 Enterprise" of menu 1 of pop up button 1 of window 1
delay 1
click pop up button 2 of window 1
click menu item "Automatic" of menu 1 of pop up button 2 of window 1
delay 1
set the clipboard to myAcct
click text field 1 of window 1
keystroke "v" using {command down}
delay 1
set the clipboard to myPass
keystroke tab
keystroke "v" using {command down}
click button "Add" of window 1
-- Setup WEP network
click button 1 of group 1 of tab group 1 of sheet 1 of window "Network"
set the clipboard to WEPNameString
click text field 1 of group 1 of window 1
keystroke "v" using {command down}
click pop up button 1 of window 1
click menu item "WEP Password" of menu 1 of pop up button 1 of window 1
set the clipboard to WEPPassString
keystroke "v" using {command down}
delay 1
set the clipboard to ClearClipboardString
click button "Add" of window 1
click button "OK" of sheet 1 of window "Network"
click button "Apply" of window "Network"
end tell
delay 3
display dialog "Please click the 'Show Cerificate' button, check the 'Always Trust tigernet.clemson.edu' box, click the 'Continue' button and then click 'OK' in this box."
do shell script "networksetup -setairportpower off"
do shell script "networksetup -setairportpower on"
tell application "System Preferences" to quit
display dialog "Wireless Setup Is Complete!" buttons {"OK"} default button 1
end tell
end tell
on error
display dialog "Wireless setup failed! Please call 555-1212 for more help."
end try
Any help is appreciated!
Hi,
I don’t know how to add the certificate, but
you can simplify the routine to enter UserID and password including a reliable error handling this way
set myAcct to getUserData("Please enter your USERID to setup your wireless connection:", true)
set myPass to getUserData("Please enter your password:", true)
getUserData("Please DO NOT TOUCH the keyboard or mouse/trackpad until wireless setup is complete!", false)
tell application "System Preferences"
activate
reveal anchor "Advanced Airport" of pane id "com.apple.preference.network"
tell application "System Events"
tell application process "System Preferences"
.
.
on getUserData(thePrompt, withAnswer)
tell current application
-- activate <-- not needed: the current application is always frontmost
repeat
if withAnswer then
set t to text returned of (display dialog thePrompt default answer "" buttons {"Cancel", "OK"} default button 2)
if t is "" then
display dialog "Please enter something!" buttons {"Try again"} default button 1
else
return t
end if
else
display dialog thePrompt buttons {"Cancel", "OK"} default button 2
return
end if
end repeat
end tell
end getUserData
Some additional notes for GUI scripting:
¢ setting the current pane in System Preferences is not necessary, revealing the anchor of the requested pane is sufficient.
¢ the “detour” using the clipboard and clicking the text filed is also not necessary, you can set the attribute “AXfocused” of the text field to true and then “keystroke” the value
¢ handling several windows is always time critical. Instead of setting an vague delay it’s better to wait explicitly for unique UI elements like
tell window 1
click button "button"
repeat until exists sheet 1
delay 0.5
end repeat
-- go on
end tell
Stefan,
Thanks for the tips. I will definitely test out some of them.
The main problem that I’m having is not adding a certificate into the Keychain, but setting the allowed trust for the certificate. For instance, I need EAP and X509 to be set to ‘Always Allow’. Normally I wouldn’t like something that automatically sets a trust value (which is probably why this is so difficult), but the best part is that I’d know I’m putting in the correct certificate which would be even MORE secure.
I had a different method for inputting text direct by just calling the keystrokes of the variable, but on something like our WEP key, which is so long, it took a second or two to type in one character at a time. Using the clipboard made it ‘seem’ faster. 
Still I like the idea of the password not hitting the clipboard though.
As for calling the current application to activate, I had an issue at one point with a dialog box appearing behind windows, and that seemed to fix it. I’m also considering adding a call to activate before entering the input just to make sure it gets entered into the appropriate area. Our WEP is supposed to be private (even though a skilled user could pull it up in the keychain, put out a sniffer or ask the student next to them), so I don’t like the fact that I could click in a separate document while the script is running and it will type out the WEP key.
I think the preference pane call was just leftover clutter from previous steps. Will weed that out.
The pause I’m experiencing isn’t due to a delay that I’ve set in the script. I can’t put my finger on it. Every time the script clicks the button to open a new network configuration, it stalls for 5-6 seconds. I’ve removed parts of the script and even had it do nothing more than open that window, then cancel and it still stalls before cancelling. Just puzzles me and sort of makes a fairly fast process take 3 times longer due to the delay.
Again, thanks for the ‘clean up’ info.
I have the same delay when the window “Enter the name of the network”.
even with this version of your script with controlled delays and without using the clipboard
set WPANameString to "SSID of WPA network"
set WEPNameString to "SSID of WEP network"
set WEPPassString to "WEP password"
set ClearClipboardString to "random text to clear out clipboard, great place for an Easter Egg"
set myAcct to getUserData("Please enter your USERID to setup your wireless connection:", true)
set myPass to getUserData("Please enter your password:", true)
getUserData("Please DO NOT TOUCH the keyboard or mouse/trackpad until wireless setup is complete!", false)
tell application "System Preferences"
activate
reveal anchor "Advanced Airport" of pane id "com.apple.preference.network"
end tell
tell application "System Events"
tell process "System Preferences"
click button 1 of group 1 of tab group 1 of sheet 1 of window "Network"
repeat until exists window 2
delay 0.5
end repeat
tell window 1
set value of text field 1 of group 1 to WPANameString
tell pop up button 1
click
delay 0.2
pick menu item "WPA2 Enterprise" of menu 1
end tell
repeat until exists text field 2
delay 0.2
end repeat
set value of text field 2 to myAcct
set value of text field 1 to myPass
-- click button "Add"
end tell
end tell
end tell
on getUserData(thePrompt, withAnswer)
tell current application
activate
repeat
if withAnswer then
set t to text returned of (display dialog thePrompt default answer "" buttons {"Cancel", "OK"} default button 2)
if t is "" then
display dialog "Please enter something!" buttons {"Try again"} default button 1
else
return t
end if
else
display dialog thePrompt buttons {"Cancel", "OK"} default button 2
return
end if
end repeat
end tell
end getUserData
Strange, isn’t it? Can’t think of what is going on behind the scenes to cause that.
Thanks for the alternate version script. I should have had you build it originally. 
Found an oddity:
I was testing using some of your recommendations on my WEP setup (since I still don’t have a resolution on the certificate problem) and noticed that when I use the “set value of text field” option, the ‘Add’ button doesn’t activate. I tried adding a keystroke tab to see if that would trigger it, but it didn’t. I can make it work if I left off the last character of the WEP string and then added it in a following step (like keystroke “f”) and then it activates.
Thought it was odd that WEP does this, but WPA2 doesn’t.
I do like this method better because you couldn’t just click on another open window to get it to type out the WEP key for you, however doing that would kill the script and then all you have to do is click ‘show password’. I’ve been looking for a method to disable the keyboard/mouse/trackpad while it runs (to stop user intervention), but have come up dry on that also. Only idea I had was unloading and reloading kext files, but I don’t want to go there.
This is no problem, try this
.
repeat until exists text field 1
delay 0.2
end repeat
set value of attribute "AXFocused" of text field 1 to true
keystroke myPass
click button "Add"
.