@@ -13,6 +13,8 @@ namespace Microsoft.AspNetCore.Certificates.Generation;
1313
1414internal sealed class MacOSCertificateManager : CertificateManager
1515{
16+ // User keychain. Guard with quotes when using in command lines since users may have set
17+ // their user profile (HOME) directory to a non-standard path that includes whitespace.
1618 private static readonly string MacOSUserKeychain = Environment . GetFolderPath ( Environment . SpecialFolder . UserProfile ) + "/Library/Keychains/login.keychain-db" ;
1719
1820 // System keychain. We no longer store certificates or create trust rules in the system
@@ -25,34 +27,34 @@ internal sealed class MacOSCertificateManager : CertificateManager
2527
2628 // Verify the certificate {0} for the SSL and X.509 Basic Policy.
2729 private const string MacOSVerifyCertificateCommandLine = "security" ;
28- private const string MacOSVerifyCertificateCommandLineArgumentsFormat = $ "verify-cert -c {{0}} -p basic -p ssl";
30+ private const string MacOSVerifyCertificateCommandLineArgumentsFormat = "verify-cert -c \" {0} \" -p basic -p ssl" ;
2931
3032 // Delete a certificate with the specified SHA-256 (or SHA-1) hash {0} from keychain {1}.
3133 private const string MacOSDeleteCertificateCommandLine = "sudo" ;
32- private const string MacOSDeleteCertificateCommandLineArgumentsFormat = "security delete-certificate -Z {0} {1}" ;
34+ private const string MacOSDeleteCertificateCommandLineArgumentsFormat = "security delete-certificate -Z {0} \" {1}\" " ;
3335
3436 // Add a certificate to the per-user trust settings in the user keychain. The trust policy
3537 // for the certificate will be set to be always trusted for SSL and X.509 Basic Policy.
3638 // Note: This operation will require user authentication.
3739 private const string MacOSTrustCertificateCommandLine = "security" ;
38- private static readonly string MacOSTrustCertificateCommandLineArguments = $ "add-trusted-cert -p basic -p ssl -k { MacOSUserKeychain } ";
40+ private static readonly string MacOSTrustCertificateCommandLineArguments = $ "add-trusted-cert -p basic -p ssl -k \" { MacOSUserKeychain } \" ";
3941
4042 // Import a pkcs12 certificate into the user keychain using the unwrapping passphrase {1}, and
4143 // allow any application to access the imported key without warning.
4244 private const string MacOSAddCertificateToKeyChainCommandLine = "security" ;
43- private static readonly string MacOSAddCertificateToKeyChainCommandLineArgumentsFormat = "import {0} -k " + MacOSUserKeychain + " -t cert -f pkcs12 -P {1} -A" ;
45+ private static readonly string MacOSAddCertificateToKeyChainCommandLineArgumentsFormat = "import \" {0}\" -k \" " + MacOSUserKeychain + " \ ";
4446
4547 // Remove a certificate from the admin trust settings. We no longer add certificates to the
4648 // admin trust settings, but need this for cleaning up certs generated by pre-.NET 7 versions
4749 // of this tool that used to create trust settings in the system keychain.
4850 // Note: This operation will require user authentication.
4951 private const string MacOSUntrustLegacyCertificateCommandLine = "sudo" ;
50- private const string MacOSUntrustLegacyCertificateCommandLineArguments = "security remove-trusted-cert -d {0}" ;
52+ private const string MacOSUntrustLegacyCertificateCommandLineArguments = "security remove-trusted-cert -d \" {0}\" " ;
5153
5254 // Find all matching certificates on the keychain {1} that have the name {0} and print
5355 // print their SHA-256 and SHA-1 hashes.
5456 private const string MacOSFindCertificateOnKeychainCommandLine = "security" ;
55- private const string MacOSFindCertificateOnKeychainCommandLineArgumentsFormat = "find-certificate -c {0} -a -Z -p {1}" ;
57+ private const string MacOSFindCertificateOnKeychainCommandLineArgumentsFormat = "find-certificate -c {0} -a -Z -p \" {1}\" " ;
5658
5759 // Format used by the tool when printing SHA-1 hashes.
5860 private const string MacOSFindCertificateOutputRegex = "SHA-1 hash: ([0-9A-Z]+)" ;
0 commit comments