Class: MotionProvisioning::Certificate
- Inherits:
-
Object
- Object
- MotionProvisioning::Certificate
- Defined in:
- lib/motion-provisioning/certificate.rb
Instance Attribute Summary collapse
-
#output_path ⇒ Object
Returns the value of attribute output_path.
-
#platform ⇒ Object
Returns the value of attribute platform.
-
#type ⇒ Object
Returns the value of attribute type.
Instance Method Summary collapse
- #available_identities ⇒ Object
- #certificate_name(type, platform) ⇒ Object
-
#certificate_type ⇒ Object
The kind of certificate we’re interested in.
-
#certificates ⇒ Object
All certificates of this type.
- #client ⇒ Object
- #common_name(path) ⇒ Object
- #create_certificate ⇒ Object
- #create_certificate_signing_request ⇒ Object
- #import_file(path) ⇒ Object
- #mac? ⇒ Boolean
- #private_key(name, fingerprint, password) ⇒ Object
- #sha1_fingerprint(path) ⇒ Object
- #store_certificate_raw(raw_data) ⇒ Object
Instance Attribute Details
#output_path ⇒ Object
Returns the value of attribute output_path.
3 4 5 |
# File 'lib/motion-provisioning/certificate.rb', line 3 def output_path @output_path end |
#platform ⇒ Object
Returns the value of attribute platform.
3 4 5 |
# File 'lib/motion-provisioning/certificate.rb', line 3 def platform @platform end |
#type ⇒ Object
Returns the value of attribute type.
3 4 5 |
# File 'lib/motion-provisioning/certificate.rb', line 3 def type @type end |
Instance Method Details
#available_identities ⇒ Object
238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 |
# File 'lib/motion-provisioning/certificate.rb', line 238 def available_identities ids = [] keychain = $keychain || "#{Dir.home}/Library/Keychains/login.keychain" available = `security find-identity -v -p codesigning #{keychain}` available.split("\n").each do |current| next if current.include? "REVOKED" begin id = current.match(/.*\) (.*) \"(.*)\"/) ids << { fingerprint: id[1], name: id[2] } rescue # the last line does not match end end ids end |
#certificate_name(type, platform) ⇒ Object
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
# File 'lib/motion-provisioning/certificate.rb', line 13 def certificate_name(type, platform) self.type = type self.platform = platform self.output_path = MotionProvisioning.output_path certificate_path = File.join(output_path, "#{platform}_#{type}_certificate.cer") private_key_path = File.join(output_path, "#{platform}_#{type}_private_key.p12") # First check if there is a certificate and key file, and if it is installed identities = available_identities if File.exist?(certificate_path) && File.exist?(private_key_path) && ENV['recreate_certificate'].nil? fingerprint = sha1_fingerprint(certificate_path) installed_cert = identities.detect { |e| e[:fingerprint] == fingerprint } if installed_cert Utils.log("Info", "Using certificate '#{installed_cert[:name]}'.") return installed_cert[:fingerprint] else # The certificate is not installed, so we install the cert and the key import_file(private_key_path) import_file(certificate_path) Utils.log("Info", "Using certificate '#{common_name(certificate_path)}'.") return sha1_fingerprint(certificate_path) end end # Make sure a client is created and logged in client # Lets see if any of the user certificates is in the keychain installed_certificate = nil if !certificates.empty? installed_certs_sha1 = identities.map { |e| e[:fingerprint] } installed_certificate = certificates.detect do |certificate| sha1 = OpenSSL::Digest::SHA1.new(certificate.motionprovisioning_certContent || certificate.download_raw) installed_certs_sha1.include?(sha1.to_s.upcase) end end if certificates.empty? # There are no certificates in the server so we create a new one Utils.log("Warning", "Couldn't find any existing certificates. Creating a new certificate...") if certificate = create_certificate return sha1_fingerprint(certificate) else Utils.log("Error", "Something went wrong when trying to create a new certificate.") abort end elsif installed_certificate.nil? # There are certificates in the server, but none are installed locally. Revoke all and create a new one. Utils.log("Error", "None of the available certificates (#{certificates.count}) are installed locally. Revoking...") # For distribution, ask before revoking if self.type == :distribution answer = Utils.ask("Info", "There #{certificates.count == 1 ? 'is 1' : "are #{certificates.count}"} distribution certificate(s) in your account, but none installed locally.\n" \ "Before revoking and creating a new certificate, ask other team members who might have them installed to share them with you.\n" \ "Do you want to continue revoking the certificates? (Y/n):") abort if answer.no? end # Revoke all and create new one if MotionProvisioning.free certificates.each do |certificate| client.revoke_development_certificate(certificate.motionprovisioning_serialNumber) end else certificates.each(&:revoke!) end if certificate = create_certificate return sha1_fingerprint(certificate) else Utils.log("Error", "Something went wrong when trying to create a new certificate...") abort end elsif ENV['recreate_certificate'] != nil # Force recreate certificate, even though a valid certificate is already installed locally if self.type == :distribution answer = Utils.ask("Info", "There are #{certificates.count} distribution certificates in your account.\n" \ "Before revoking and creating a new one, ask other team members who might have them installed to share them with you.\n" \ "Do you want to revoke the existing certificates? (Y/n):") if answer.yes? certificates.each(&:revoke!) end else answer = Utils.ask("Info", "You have #{certificates.count} development certificates in your account.\n" \ "Do you want to revoke your existing certificates? (Y/n):") if answer.yes? if MotionProvisioning.free certificates.each do |certificate| client.revoke_development_certificate(certificate.motionprovisioning_serialNumber) end else certificates.each(&:revoke!) end end end if certificate = create_certificate return sha1_fingerprint(certificate) else Utils.log("Error", "Something went wrong when trying to create a new certificate.") abort end else # There are certificates on the server, and one of them is installed locally. Utils.log("Info", "Found certificate '#{installed_certificate.name}' which is installed in the local machine.") path = store_certificate_raw(installed_certificate.motionprovisioning_certContent || installed_certificate.download_raw) password = Utils.ask_password("Info", "Exporting private key from Keychain for certificate '#{installed_certificate.name}'. Choose a password (you will be asked for this password when importing this key into the Keychain in another machine):") private_key_contents = private_key(common_name(path), sha1_fingerprint(path), password) File.write(private_key_path, private_key_contents) # This certificate is installed on the local machine Utils.log("Info", "Using certificate '#{installed_certificate.name}'.") sha1_fingerprint(path) end end |
#certificate_type ⇒ Object
The kind of certificate we’re interested in
156 157 158 159 160 161 162 163 164 165 166 167 168 169 |
# File 'lib/motion-provisioning/certificate.rb', line 156 def certificate_type cert_type = nil case platform when :ios, :tvos cert_type = Spaceship.certificate.production cert_type = Spaceship.certificate.in_house if Spaceship.client.in_house? cert_type = Spaceship.certificate.development if self.type == :development when :mac cert_type = Spaceship.certificate.mac_development cert_type = Spaceship.certificate.mac_app_distribution if self.type == :distribution cert_type = Spaceship.certificate.developer_id_application if self.type == :developer_id end cert_type end |
#certificates ⇒ Object
All certificates of this type
134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 |
# File 'lib/motion-provisioning/certificate.rb', line 134 def certificates @certificates ||= begin if MotionProvisioning.free client.development_certificates(mac: mac?).map do |cert| certificate = Spaceship::Portal::Certificate.factory(cert) certificate.motionprovisioning_certContent = cert['certContent'].read certificate.motionprovisioning_serialNumber = cert['serialNumber'] certificate end else certificates = certificate_type.all # Filter out development certificates belonging to other team members if self.type == :development user_id = MotionProvisioning.team['currentTeamMember']['teamMemberId'] certificates.select! { |c| c.owner_id == user_id } end certificates end end end |
#client ⇒ Object
5 6 7 |
# File 'lib/motion-provisioning/certificate.rb', line 5 def client MotionProvisioning.client end |
#common_name(path) ⇒ Object
268 269 270 271 272 273 274 275 |
# File 'lib/motion-provisioning/certificate.rb', line 268 def common_name(path) result = `openssl x509 -in "#{path}" -inform der -noout -sha1 -subject` begin return result.match(/\/CN=(.*?)\//)[1] rescue Utils.log("Error", "Error parsing certificate '#{path}'") end end |
#create_certificate ⇒ Object
175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 |
# File 'lib/motion-provisioning/certificate.rb', line 175 def create_certificate # Create a new certificate signing request csr, pkey = create_certificate_signing_request # Store all that onto the filesystem request_path = File.(File.join(self.output_path, "#{platform}_#{type}.certSigningRequest")) File.write(request_path, csr.to_pem) private_key_path = File.(File.join(self.output_path, "#{platform}_#{type}_private_key.p12")) File.write(private_key_path, pkey.export) # Use the signing request to create a new distribution certificate begin certificate = nil certificate_attrs = nil if MotionProvisioning.free certificate_attrs = client.create_development_certificate(csr.to_pem) # Fetch the certificate again because the response does not contain # the certContent key certificate_attrs = client.development_certificates(mac: mac?).detect do |cert| cert['certificateId'] == certificate_attrs['certificateId'] end certificate_attrs['certificateTypeDisplayId'] = certificate_attrs['certificateType']['certificateTypeDisplayId'] certificate = Spaceship::Portal::Certificate.factory(certificate_attrs) certificate.motionprovisioning_certContent = certificate_attrs['certContent'].read certificate else certificate = certificate_type.create!(csr: csr) end rescue => ex if ex.to_s.include?("You already have a current") FileUtils.rm(private_key_path) FileUtils.rm(request_path) Utils.log("Error", "Could not create another certificate, reached the maximum number of available certificates. Manually revoke certificates in the Developer Portal.") abort end raise ex end Utils.log("Info", "Successfully created certificate.") cert_path = store_certificate_raw(certificate.motionprovisioning_certContent || certificate.download_raw) # Import all the things into the Keychain import_file(private_key_path) import_file(cert_path) Utils.log("Info", "Successfully installed certificate.") if self.type == :distribution Utils.log("Warning", "You have just created a distribution certificate. These certificates must be shared with other team members by sending them the private key (.p12) and certificate (.cer) files in your 'provisioning' folder and install them in the keychain.") else Utils.log("Warning", "You have just created a development certificate. If you want to use this certificate on another machine, transfer the private key (.p12) and certificate (.cer) files in your 'provisioning' folder and install them in the keychain.") end Utils.ask("Info", "Press any key to continue...") cert_path end |
#create_certificate_signing_request ⇒ Object
171 172 173 |
# File 'lib/motion-provisioning/certificate.rb', line 171 def create_certificate_signing_request $motion_provisioninig_csr || Spaceship.certificate.create_certificate_signing_request end |
#import_file(path) ⇒ Object
277 278 279 280 281 282 283 284 285 286 287 288 289 290 |
# File 'lib/motion-provisioning/certificate.rb', line 277 def import_file(path) unless File.exist?(path) Utils.log("Error", "Could not find file '#{path}'") abort end keychain = $keychain || "#{Dir.home}/Library/Keychains/login.keychain" command = "security import #{path.shellescape} -k '#{keychain}' -P ''" command << " -T /usr/bin/codesign" command << " -T /usr/bin/security" `#{command} 2>&1` end |
#mac? ⇒ Boolean
9 10 11 |
# File 'lib/motion-provisioning/certificate.rb', line 9 def mac? self.platform == :mac end |
#private_key(name, fingerprint, password) ⇒ Object
292 293 294 295 |
# File 'lib/motion-provisioning/certificate.rb', line 292 def private_key(name, fingerprint, password) export_private_key = File.join(File.(__dir__), '../../bin/export_private_key') `#{export_private_key} "#{name}" "#{fingerprint}" "#{password}"`.strip end |
#sha1_fingerprint(path) ⇒ Object
257 258 259 260 261 262 263 264 265 266 |
# File 'lib/motion-provisioning/certificate.rb', line 257 def sha1_fingerprint(path) result = `openssl x509 -in "#{path}" -inform der -noout -sha1 -fingerprint` begin result = result.match(/SHA1 Fingerprint=(.*)/)[1] result.delete!(':') return result rescue Utils.log("Error", "Error parsing certificate '#{path}'") end end |
#store_certificate_raw(raw_data) ⇒ Object
232 233 234 235 236 |
# File 'lib/motion-provisioning/certificate.rb', line 232 def store_certificate_raw(raw_data) path = File.(File.join(self.output_path, "#{platform}_#{type}_certificate.cer")) File.write(path, raw_data) path end |