From 5f6f7a1e07e7ae00bb14560cea5fbb008b721091 Mon Sep 17 00:00:00 2001
From: sunchipnacho <22717474+sunflsks@users.noreply.github.com>
Date: Wed, 6 Oct 2021 21:48:56 -0500
Subject: [PATCH 1/3] use password protected certificates

---
 ldid.cpp | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/ldid.cpp b/ldid.cpp
index b017ebe..06dffe8 100644
--- a/ldid.cpp
+++ b/ldid.cpp
@@ -47,6 +47,7 @@
 #include <openssl/pem.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pkcs12.h>
+#include <openssl/ui.h>
 #endif
 
 #ifdef __APPLE__
@@ -141,6 +142,10 @@
 #define _packed \
     __attribute__((packed))
 
+#ifndef LDID_NOSMIME
+std::string password = "";
+#endif
+
 template <typename Type_>
 struct Iterator_ {
     typedef typename Type_::const_iterator Result;
@@ -1784,8 +1789,14 @@ class Stuff {
         ca_(NULL)
     {
         _assert(value_ != NULL);
-        _assert(PKCS12_parse(value_, "", &key_, &cert_, &ca_) != 0);
 
+        if (!PKCS12_verify_mac(value_, NULL, 0) && password == "") {
+            char passbuf[2048];
+            UI_UTIL_read_pw_string(passbuf, 2048, "Enter password: ", 0);
+            password = passbuf;
+        }
+
+        _assert(PKCS12_parse(value_, password.c_str(), &key_, &cert_, &ca_) != 0);
         _assert(key_ != NULL);
         _assert(cert_ != NULL);
 
@@ -3097,6 +3108,7 @@ static void usage(const char *argv0) {
     fprintf(stderr, "\n");
     fprintf(stderr, "Other Options\n");
     fprintf(stderr, "   -Kkey.p12     Sign using private key in key.p12\n");
+    fprintf(stderr, "   -Upassword    Use password to unlock key.p12\n");
     fprintf(stderr, "   -M            Merge entitlements with any existing\n");
     fprintf(stderr, "   -h            Print CDHash of file\n");
 }
@@ -3286,6 +3298,10 @@ int main(int argc, char *argv[]) {
                 flag_M = true;
             break;
 
+            case 'U':
+                password = argv[argi] + 2;
+            break;
+
             case 'K':
                 if (argv[argi][2] != '\0')
                     key.open(argv[argi] + 2, O_RDONLY, PROT_READ, MAP_PRIVATE);

From e0f9a7241917316088badac87a9ebe1681f55f7b Mon Sep 17 00:00:00 2001
From: sunchipnacho <22717474+sunflsks@users.noreply.github.com>
Date: Wed, 6 Oct 2021 22:34:40 -0500
Subject: [PATCH 2/3] remove redundant assignments and make password check
 better

---
 ldid.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ldid.cpp b/ldid.cpp
index 06dffe8..d614240 100644
--- a/ldid.cpp
+++ b/ldid.cpp
@@ -143,7 +143,7 @@
     __attribute__((packed))
 
 #ifndef LDID_NOSMIME
-std::string password = "";
+std::string password;
 #endif
 
 template <typename Type_>
@@ -1790,7 +1790,7 @@ class Stuff {
     {
         _assert(value_ != NULL);
 
-        if (!PKCS12_verify_mac(value_, NULL, 0) && password == "") {
+        if (!PKCS12_verify_mac(value_, NULL, 0) && password.empty()) {
             char passbuf[2048];
             UI_UTIL_read_pw_string(passbuf, 2048, "Enter password: ", 0);
             password = passbuf;

From f609df2cb415e7933d50cce809598dfb65aee921 Mon Sep 17 00:00:00 2001
From: sunchipnacho <22717474+sunflsks@users.noreply.github.com>
Date: Fri, 8 Oct 2021 11:12:41 -0500
Subject: [PATCH 3/3] fix p12 password

---
 ldid.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ldid.cpp b/ldid.cpp
index d614240..3d01ff4 100644
--- a/ldid.cpp
+++ b/ldid.cpp
@@ -1790,7 +1790,7 @@ class Stuff {
     {
         _assert(value_ != NULL);
 
-        if (!PKCS12_verify_mac(value_, NULL, 0) && password.empty()) {
+        if (!PKCS12_verify_mac(value_, "", 0) && password.empty()) {
             char passbuf[2048];
             UI_UTIL_read_pw_string(passbuf, 2048, "Enter password: ", 0);
             password = passbuf;