Class: Cert::Runner

Inherits:
Object
  • Object
show all
Defined in:
cert/lib/cert/runner.rb

Instance Method Summary collapse

Instance Method Details

#certificate_typeObject

The kind of certificate we're interested in


136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# File 'cert/lib/cert/runner.rb', line 136

def certificate_type
  if Cert.config[:type]
    case Cert.config[:type].to_sym
    when :mac_installer_distribution
      return Spaceship.certificate.mac_installer_distribution
    when :developer_id_application
      return Spaceship.certificate.developer_id_application
    when :developer_id_installer
      return Spaceship.certificate.developer_id_installer
    else
      UI.user_error("Unaccepted value for :type - #{Cert.config[:type]}")
    end
  end

  # Check if apple certs (Xcode 11 and later) should be used
  if Cert.config[:generate_apple_certs]
    cert_type = Spaceship.certificate.apple_distribution
    cert_type = Spaceship.certificate.in_house if Spaceship.client.in_house? # Enterprise doesn't use Apple Distribution
    cert_type = Spaceship.certificate.apple_development if Cert.config[:development]
  else
    case Cert.config[:platform].to_s
    when 'ios', 'tvos'
      cert_type = Spaceship.certificate.production
      cert_type = Spaceship.certificate.in_house if Spaceship.client.in_house?
      cert_type = Spaceship.certificate.development if Cert.config[:development]

    when 'macos'
      cert_type = Spaceship.certificate.mac_app_distribution
      cert_type = Spaceship.certificate.mac_development if Cert.config[:development]
    end
  end

  return cert_type
end

#certificatesObject

All certificates of this type


131
132
133
# File 'cert/lib/cert/runner.rb', line 131

def certificates
  certificate_type.all
end

#create_certificateObject


171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
# File 'cert/lib/cert/runner.rb', line 171

def create_certificate
  # Create a new certificate signing request
  csr, pkey = Spaceship.certificate.create_certificate_signing_request

  # Use the signing request to create a new (development|distribution) certificate
  begin
    certificate = certificate_type.create!(csr: csr)
  rescue => ex
    type_name = (Cert.config[:development] ? "Development" : "Distribution")
    if ex.to_s.include?("You already have a current")
      UI.user_error!("Could not create another #{type_name} certificate, reached the maximum number of available #{type_name} certificates.", show_github_issues: true)
    elsif ex.to_s.include?("You are not allowed to perform this operation.") && type_name == "Distribution"
      UI.user_error!("You do not have permission to create this certificate. Only Team Admins can create Distribution certificates\n 🔍 See https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/ManagingYourTeam/ManagingYourTeam.html for more information.")
    end
    raise ex
  end

  # Store all that onto the filesystem

  request_path = File.expand_path(File.join(Cert.config[:output_path], "#{certificate.id}.certSigningRequest"))
  File.write(request_path, csr.to_pem)

  private_key_path = File.expand_path(File.join(Cert.config[:output_path], "#{certificate.id}.p12"))
  File.write(private_key_path, pkey)

  cert_path = store_certificate(certificate, Cert.config[:filename])

  # Import all the things into the Keychain
  keychain = File.expand_path(Cert.config[:keychain_path])
  password = Cert.config[:keychain_password]
  FastlaneCore::KeychainImporter.import_file(private_key_path, keychain, keychain_password: password)
  FastlaneCore::KeychainImporter.import_file(cert_path, keychain, keychain_password: password)

  # Environment variables for the fastlane action
  ENV["CER_CERTIFICATE_ID"] = certificate.id
  ENV["CER_FILE_PATH"] = cert_path

  UI.success("Successfully generated #{certificate.id} which was imported to the local machine.")

  return cert_path
end

#expired_certsObject


80
81
82
83
84
# File 'cert/lib/cert/runner.rb', line 80

def expired_certs
  certificates.select do |certificate|
    certificate.expires < Time.now.utc
  end
end

#find_existing_certObject


86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# File 'cert/lib/cert/runner.rb', line 86

def find_existing_cert
  certificates.each do |certificate|
    unless certificate.can_download
      next
    end

    path = store_certificate(certificate, Cert.config[:filename])
    private_key_path = File.expand_path(File.join(Cert.config[:output_path], "#{certificate.id}.p12"))

    # As keychain is specific to macOS, this will likely fail on non macOS systems.
    # See also: https://github.com/fastlane/fastlane/pull/14462
    keychain = File.expand_path(Cert.config[:keychain_path]) unless Cert.config[:keychain_path].nil?
    if FastlaneCore::CertChecker.installed?(path, in_keychain: keychain)
      # This certificate is installed on the local machine
      ENV["CER_CERTIFICATE_ID"] = certificate.id
      ENV["CER_FILE_PATH"] = path
      ENV["CER_KEYCHAIN_PATH"] = keychain

      UI.success("Found the certificate #{certificate.id} (#{certificate.name}) which is installed on the local machine. Using this one.")

      return path
    elsif File.exist?(private_key_path)
      password = Cert.config[:keychain_password]
      FastlaneCore::KeychainImporter.import_file(private_key_path, keychain, keychain_password: password)
      FastlaneCore::KeychainImporter.import_file(path, keychain, keychain_password: password)

      ENV["CER_CERTIFICATE_ID"] = certificate.id
      ENV["CER_FILE_PATH"] = path
      ENV["CER_KEYCHAIN_PATH"] = keychain

      UI.success("Found the cached certificate #{certificate.id} (#{certificate.name}). Using this one.")

      return path
    else
      UI.error("Certificate #{certificate.id} (#{certificate.name}) can't be found on your local computer")
    end

    File.delete(path) # as apparently this certificate is pretty useless without a private key
  end

  UI.important("Couldn't find an existing certificate... creating a new one")
  return nil
end

#launchObject


12
13
14
15
16
17
18
19
20
# File 'cert/lib/cert/runner.rb', line 12

def launch
  run

  installed = FastlaneCore::CertChecker.installed?(ENV["CER_FILE_PATH"], in_keychain: ENV["CER_KEYCHAIN_PATH"])
  UI.message("Verifying the certificate is properly installed locally...")
  UI.user_error!("Could not find the newly generated certificate installed", show_github_issues: true) unless installed
  UI.success("Successfully installed certificate #{ENV['CER_CERTIFICATE_ID']}")
  return ENV["CER_FILE_PATH"]
end

#loginObject


22
23
24
25
26
27
# File 'cert/lib/cert/runner.rb', line 22

def 
  UI.message("Starting login with user '#{Cert.config[:username]}'")
  Spaceship.(Cert.config[:username], nil)
  Spaceship.select_team
  UI.message("Successfully logged in")
end

#revoke_expired_certs!Object

Command method for the :revoke_expired sub-command


52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# File 'cert/lib/cert/runner.rb', line 52

def revoke_expired_certs!
  FastlaneCore::PrintTable.print_values(config: Cert.config, hide_keys: [:output_path], title: "Summary for cert #{Fastlane::VERSION}")

  

  to_revoke = expired_certs

  if to_revoke.empty?
    UI.success("No expired certificates were found to revoke! 👍")
    return
  end

  revoke_count = 0

  to_revoke.each do |certificate|
    begin
      UI.message("#{certificate.id} #{certificate.name} has expired, revoking...")
      certificate.revoke!
      revoke_count += 1
    rescue => e
      UI.error("An error occurred while revoking #{certificate.id} #{certificate.name}")
      UI.error("#{e.message}\n#{e.backtrace.join("\n")}") if FastlaneCore::Globals.verbose?
    end
  end

  UI.success("#{revoke_count} expired certificate#{'s' if revoke_count != 1} #{revoke_count == 1 ? 'has' : 'have'} been revoked! 👍")
end

#runObject


29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# File 'cert/lib/cert/runner.rb', line 29

def run
  FileUtils.mkdir_p(Cert.config[:output_path])

  FastlaneCore::PrintTable.print_values(config: Cert.config, hide_keys: [:output_path], title: "Summary for cert #{Fastlane::VERSION}")

  

  should_create = Cert.config[:force]
  unless should_create
    cert_path = find_existing_cert
    should_create = cert_path.nil?
  end

  return unless should_create

  if create_certificate # no certificate here, creating a new one
    return # success
  else
    UI.user_error!("Something went wrong when trying to create a new certificate...")
  end
end

#store_certificate(certificate, filename = nil) ⇒ Object


213
214
215
216
217
218
219
220
# File 'cert/lib/cert/runner.rb', line 213

def store_certificate(certificate, filename = nil)
  cert_name = filename ? filename : certificate.id
  cert_name = "#{cert_name}.cer" unless File.extname(cert_name) == ".cer"
  path = File.expand_path(File.join(Cert.config[:output_path], cert_name))
  raw_data = certificate.download_raw
  File.write(path, raw_data)
  return path
end