Class: MotionProvisioning::Certificate

Inherits:
Object
  • Object
show all
Defined in:
lib/motion-provisioning/certificate.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#output_pathObject

Returns the value of attribute output_path.



3
4
5
 
# File 'lib/motion-provisioning/certificate.rb', line 3

def output_path
  @output_path
end

#platformObject

Returns the value of attribute platform.



3
4
5
 
# File 'lib/motion-provisioning/certificate.rb', line 3

def platform
  @platform
end

#typeObject

Returns the value of attribute type.



3
4
5
 
# File 'lib/motion-provisioning/certificate.rb', line 3

def type
  @type
end

Instance Method Details

#available_identitiesObject 



209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
 
# File 'lib/motion-provisioning/certificate.rb', line 209

def available_identities
  ids = []
  keychain = $keychain || "#{Dir.home}/Library/Keychains/login.keychain"
  available = `security find-identity -v -p codesigning #{keychain}`
  available.split("\n").each do |current|
    next if current.include? "REVOKED"
    begin
      id = current.match(/.*\) (.*) \"(.*)\"/)
      ids << {
        fingerprint: id[1],
        name: id[2]
      }
    rescue
      # the last line does not match
    end
  end
  ids
end

#certificate_name(type, platform) ⇒ Object 



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/motion-provisioning/certificate.rb', line 13

def certificate_name(type, platform)
  self.type = type
  self.platform = platform
  self.output_path = MotionProvisioning.output_path
  certificate_path = File.join(output_path, "#{platform}_#{type}_certificate.cer")
  private_key_path = File.join(output_path, "#{platform}_#{type}_private_key.p12")

  # First check if there is a certificate and key file, and if it is installed
  identities = available_identities
  if File.exist?(certificate_path) && File.exist?(private_key_path) && ENV['recreate_certificate'].nil?
    fingerprint = sha1_fingerprint(certificate_path)
    installed_cert = identities.detect { |e| e[:fingerprint] == fingerprint }
    if installed_cert
      Utils.log("Info", "Using certificate '#{installed_cert[:name]}'.")
      return installed_cert[:name]
    else
      # The certificate is not installed, so we install the cert and the key
      import_file(private_key_path)
      import_file(certificate_path)
      name = common_name(certificate_path)
      Utils.log("Info", "Using certificate '#{name}'.")
      return name
    end
  end

  # Make sure a client is created and logged in
  client

  # Lets see if any of the user certificates is in the keychain
  installed_certificate = nil
  if !certificates.empty?
    installed_certs_sha1 = identities.map { |e| e[:fingerprint] }
    installed_certificate = certificates.detect do |certificate|
      sha1 = OpenSSL::Digest::SHA1.new(certificate.motionprovisioning_certContent || certificate.download_raw)
      installed_certs_sha1.include?(sha1.to_s.upcase)
    end
  end

  # There are no certificates in the server so we create a new one
  if certificates.empty?
    Utils.log("Warning", "Couldn't find any existing certificates... creating a new one.")
    if certificate = create_certificate
      return common_name(certificate)
    else
      Utils.log("Error", "Something went wrong when trying to create a new certificate.")
      abort
    end
  # There are certificates in the server, but none is installed locally. Revoke all and create a new one.
  elsif installed_certificate.nil?
    Utils.log("Error", "None of the available certificates (#{certificates.count}) is installed on the local machine. Revoking...")

    # For distribution, ask before revoking
    if self.type == :distribution
      answer = Utils.ask("Info", "There are #{certificates.count} distribution certificates in your account, but none installed locally.\n" \
                "Before revoking and creating a new one, ask other team members who might have them installed to share them with you.\n" \
                "Do you want to continue revoking the certificates? (Y/n):")
      abort if answer.no?
    end

    # Revoke all and create new one
    if MotionProvisioning.free
      certificates.each do |certificate|
        client.revoke_development_certificate(certificate.motionprovisioning_serialNumber)
      end
    else
      certificates.each(&:revoke!)
    end

    if certificate = create_certificate
      return common_name(certificate)
    else
      Utils.log("Error", "Something went wrong when trying to create a new certificate...")
      abort
    end
  # There are certificates on the server, and one of them is installed locally.
  else
    Utils.log("Info", "Found certificate '#{installed_certificate.name}' which is installed in the local machine.")

    path = store_certificate_raw(installed_certificate.motionprovisioning_certContent || installed_certificate.download_raw)

    password = Utils.ask_password("Info", "Exporting private key from Keychain for certificate '#{installed_certificate.name}'. Choose a password (you will be asked for this password when importing this key into the Keychain in another machine):")
    private_key_contents = private_key(common_name(path), sha1_fingerprint(path), password)
    File.write(private_key_path, private_key_contents)

    # This certificate is installed on the local machine
    Utils.log("Info", "Using certificate '#{installed_certificate.name}'.")

    common_name(path)
  end
end

#certificate_typeObject

The kind of certificate we’re interested in



127
128
129
130
131
132
133
134
135
136
137
138
139
140
 
# File 'lib/motion-provisioning/certificate.rb', line 127

def certificate_type
  cert_type = nil
  case platform
  when :ios, :tvos
    cert_type = Spaceship.certificate.production
    cert_type = Spaceship.certificate.in_house if Spaceship.client.in_house?
    cert_type = Spaceship.certificate.development if self.type == :development
  when :mac
    cert_type = Spaceship.certificate.mac_development
    cert_type = Spaceship.certificate.mac_app_distribution if self.type == :distribution
    cert_type = Spaceship.certificate.developer_i_d_application if self.type == :developer_id
  end
  cert_type
end

#certificatesObject

All certificates of this type



105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
 
# File 'lib/motion-provisioning/certificate.rb', line 105

def certificates
  @certificates ||= begin
    if MotionProvisioning.free
      client.development_certificates(mac: mac?).map do |cert|
        certificate = Spaceship::Portal::Certificate.factory(cert)
        certificate.motionprovisioning_certContent = cert['certContent'].read
        certificate.motionprovisioning_serialNumber = cert['serialNumber']
        certificate
      end
    else
      certificates = certificate_type.all
      # Filter out development certificates belonging to other team members
      if self.type == :development
        user_id = MotionProvisioning.team['currentTeamMember']['teamMemberId']
        certificates.select! { |c| c.owner_id == user_id }
      end
      certificates
    end
  end
end

#clientObject 



5
6
7
 
# File 'lib/motion-provisioning/certificate.rb', line 5

def client
  MotionProvisioning.client
end

#common_name(path) ⇒ Object 



239
240
241
242
243
244
245
246
 
# File 'lib/motion-provisioning/certificate.rb', line 239

def common_name(path)
  result = `openssl x509 -in "#{path}" -inform der -noout -sha1 -subject`
  begin
    return result.match(/\/CN=(.*?)\//)[1]
  rescue
    Utils.log("Error", "Error parsing certificate '#{path}'")
  end
end

#create_certificateObject 



146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
 
# File 'lib/motion-provisioning/certificate.rb', line 146

def create_certificate
  # Create a new certificate signing request
  csr, pkey = create_certificate_signing_request

  # Store all that onto the filesystem
  request_path = File.expand_path(File.join(self.output_path, "#{platform}_#{type}.certSigningRequest"))
  File.write(request_path, csr.to_pem)

  private_key_path = File.expand_path(File.join(self.output_path, "#{platform}_#{type}_private_key.p12"))
  File.write(private_key_path, pkey.export)

  # Use the signing request to create a new distribution certificate
  begin
    certificate = nil
    certificate_attrs = nil
    if MotionProvisioning.free
      certificate_attrs = client.create_development_certificate(csr.to_pem)
      # Fetch the certificate again because the response does not contain
      # the certContent key
      certificate_attrs = client.development_certificates(mac: mac?).detect do |cert|
        cert['certificateId'] == certificate_attrs['certificateId']
      end
      certificate_attrs['certificateTypeDisplayId'] = certificate_attrs['certificateType']['certificateTypeDisplayId']
      certificate = Spaceship::Portal::Certificate.factory(certificate_attrs)
      certificate.motionprovisioning_certContent = certificate_attrs['certContent'].read
      certificate
    else
      certificate = certificate_type.create!(csr: csr)
    end
  rescue => ex
    if ex.to_s.include?("You already have a current")
      FileUtils.rm(private_key_path)
      FileUtils.rm(request_path)
      Utils.log("Error", "Could not create another certificate, reached the maximum number of available certificates. Manually revoke certificates in the Developer Portal.")
      abort
    end
    raise ex
  end
  Utils.log("Info", "Successfully created certificate.")

  cert_path = store_certificate_raw(certificate.motionprovisioning_certContent || certificate.download_raw)

  # Import all the things into the Keychain
  import_file(private_key_path)
  import_file(cert_path)
  Utils.log("Info", "Successfully installed certificate.")

  if self.type == :distribution
    Utils.log("Warning", "You have just created a distribution certificate. These certificates must be shared with other team members by sending them the private key (.p12) and certificate (.cer) files in your output folder and install them in the keychain.")
  else
    Utils.log("Warning", "You have just created a development certificate. If you want to use this certificate on another machine, transfer the private key (.p12) and certificate (.cer) files in your output folder and install them in the keychain.")
  end
  Utils.ask("Info", "Press any key to continue...")

  cert_path
end

#create_certificate_signing_requestObject 



142
143
144
 
# File 'lib/motion-provisioning/certificate.rb', line 142

def create_certificate_signing_request
  $motion_provisioninig_csr || Spaceship.certificate.create_certificate_signing_request
end

#import_file(path) ⇒ Object 



248
249
250
251
252
253
254
255
256
257
258
259
260
261
 
# File 'lib/motion-provisioning/certificate.rb', line 248

def import_file(path)
  unless File.exist?(path)
    Utils.log("Error", "Could not find file '#{path}'")
    abort
  end

  keychain = $keychain || "#{Dir.home}/Library/Keychains/login.keychain"

  command = "security import #{path.shellescape} -k '#{keychain}' -P ''"
  command << " -T /usr/bin/codesign"
  command << " -T /usr/bin/security"

  `#{command} 2>&1`
end

#mac?Boolean

Returns:

  • (Boolean) 


9
10
11
 
# File 'lib/motion-provisioning/certificate.rb', line 9

def mac?
  self.platform == :mac
end

#private_key(name, fingerprint, password) ⇒ Object 



263
264
265
266
 
# File 'lib/motion-provisioning/certificate.rb', line 263

def private_key(name, fingerprint, password)
  export_private_key = File.join(File.expand_path(__dir__), '../../bin/export_private_key')
  `#{export_private_key} "#{name}" "#{fingerprint}" "#{password}"`.strip
end

#sha1_fingerprint(path) ⇒ Object 



228
229
230
231
232
233
234
235
236
237
 
# File 'lib/motion-provisioning/certificate.rb', line 228

def sha1_fingerprint(path)
  result = `openssl x509 -in "#{path}" -inform der -noout -sha1 -fingerprint`
  begin
    result = result.match(/SHA1 Fingerprint=(.*)/)[1]
    result.delete!(':')
    return result
  rescue
    Utils.log("Error", "Error parsing certificate '#{path}'")
  end
end

#store_certificate_raw(raw_data) ⇒ Object 



203
204
205
206
207
 
# File 'lib/motion-provisioning/certificate.rb', line 203

def store_certificate_raw(raw_data)
  path = File.expand_path(File.join(self.output_path, "#{platform}_#{type}_certificate.cer"))
  File.write(path, raw_data)
  path
end