Keychain searching

Jaide · April 24, 2006, 3:47pm

I’m trying to search the keychain for a certain certificate to see if it is there. I will handle whether it exists or not after I search the entire list, but I can’t seem to get the search down. I’m using the code below but I can’t seem to get the keychain set to X509Anchors where the certificate I am searching for will/should be located.

tell application "Keychain Scripting"
	set theKeyList to name of every key of "X509Anchors"
	repeat with x from 1 to (length of theKeyList)
		if item x of theKeyList is "some certificate" then
			set isThere to true
			exit repeat
		end if
	end repeat
end tell

Bruce_Phillips · April 24, 2006, 4:01pm

First, I think this line.

set theKeyList to name of every key of "X509Anchors"

should be changed to this:

set theKeyList to name of every key of keychain "X509Anchors"

[keychain “Whatever”] is a keychain object, but [“Whatever”] is just a string.

However, after looking at my own keychains, it seems X509Anchors may not be accesible this way.

tell application "Keychain Scripting"
	return keychains
end tell

Adam_Bell · April 24, 2006, 4:27pm

The problem seems to be that there is no “noun” to describe the contents of that keychain either. “Certificate” is not a Keychain Scripting word.

Jaide · April 24, 2006, 5:03pm

I tried making the line keychain “X509Anchors” and pretty much got the same error so I posted what code I had at the time. If I can’t use keychain scripting anyone got any ideas of how I would go about searching the certificates? I found command line password searching tool that uses the keychain in these forums and I’m trying to adapt that, but I’m not sure if that will do what I want.

I also thought about using UI scripting on the application Keychain Access, but I have not been able to get that to search. I can do that to select a certain certificate but the script will toss an error if it does not exist. I have not figured out how to test if it exists within the interface.

Jaide · April 24, 2006, 5:11pm

I was just going to use the keyword ‘item’. I tested it using ‘current keychain’ and it seems to return everything on the keychain. Should work for my purposes if I can test the right item name.

Jaide · April 25, 2006, 7:03pm

So I decided it might be easier to just handle the error message I get about the certificate already being installed. Only trouble is I can’t get the UI scripting to work. I use UIElementInspector to find what should go into the applescrpt for the error message but I think I’m missing something in the syntax. I want the script to check for the message, and if there click the OK button.

Image here

I think the pop-up is a sheet of the window “Keychain Access” so I’ve made my script try to click that. Seems I am missing something. I think this should be enough of the code to get the idea of what is going on. I can provide more if needed.

tell application "System Events"
		tell process "Keychain Access"
			set frontmost to true
			-- try to install the certificate here. This code works fine.
				
				-- Wait while authentication happens. 
		-- This is the part I think I am missing something		
                               if exists sheet 1 then
					tell sheet 1
						try
							click button "Ok"
						end try
						tell application "Keychain Access"
							quit
						end tell
					end tell
				else
					tell application "Keychain Access"
						quit
					end tell
				end if