Adding logging to debug certificate chain failure
Bug: https://github.com/flutter/flutter/issues/168342
Change-Id: I2884d2b5b7153f87d98b591b8287cd7537ce3b79
Reviewed-on: https://flutter-review.googlesource.com/c/recipes/+/65620
Reviewed-by: John McDole <codefu@google.com>
Commit-Queue: Victoria Ashworth <vashworth@google.com>
diff --git a/recipe_modules/signing/resources/setup_keychain.dart b/recipe_modules/signing/resources/setup_keychain.dart
index a42a6a0..7f34bac 100755
--- a/recipe_modules/signing/resources/setup_keychain.dart
+++ b/recipe_modules/signing/resources/setup_keychain.dart
@@ -158,6 +158,32 @@
log(
'successfully found a Flutter identity in the $keychainName keychain',
);
+ if (identities.contains('CSSMERR_TP_NOT_TRUSTED')) {
+ // Find the FLUTTER.IO LLC certificate and convert it to a .pem file.
+ final String certContents = _security(const <String>[
+ 'find-certificate',
+ '-c',
+ 'FLUTTER.IO LLC',
+ '-p',
+ ]);
+ final io.Directory tempCertDirectory =
+ io.Directory.systemTemp.createTempSync();
+ final io.File tempCertFile = io.File(
+ '${tempCertDirectory.path}/temp_cert.pem',
+ );
+ tempCertFile.createSync();
+ tempCertFile.writeAsStringSync(certContents, flush: true);
+
+ // Verify the cert. This will log the certificate chain and trust
+ // evaluation results.
+ _security(<String>[
+ 'verify-cert',
+ '-c',
+ tempCertFile.absolute.path,
+ '-vvv',
+ ]);
+ tempCertFile.deleteSync();
+ }
return 0;
}
log(
