Class: Pindo::CertHelper

Inherits:
Object
  • Object
show all
Defined in:
lib/pindo/module/cert/cert_helper.rb

Constant Summary collapse

@@password_cache =

密码缓存,避免重复获取相同URL的密码

{}

Class Method Summary collapse

Class Method Details

.clear_password_cacheObject

清除密码缓存



30
31
32
 
# File 'lib/pindo/module/cert/cert_helper.rb', line 30

def clear_password_cache
  @@password_cache.clear
end

.clear_password_cache_for_url(cert_url) ⇒ Object

清除特定URL的密码缓存



35
36
37
 
# File 'lib/pindo/module/cert/cert_helper.rb', line 35

def clear_password_cache_for_url(cert_url)
  @@password_cache.delete(cert_url)
end

.get_cached_password(cert_url) ⇒ Object

获取密码的辅助方法,使用缓存避免重复获取



18
19
20
21
22
23
24
25
26
27
 
# File 'lib/pindo/module/cert/cert_helper.rb', line 18

def get_cached_password(cert_url)
  unless @@password_cache[cert_url]
    puts "\e[33m[DEBUG] 密码缓存中未找到,从Keychain获取: #{cert_url}\e[0m" if ENV['PINDO_DEBUG']
    @@password_cache[cert_url] = AESHelper.fetch_password(keychain_name: cert_url)
    puts "\e[32m[DEBUG] 密码已缓存: #{cert_url}\e[0m" if ENV['PINDO_DEBUG']
  else
    puts "\e[32m[DEBUG] 从密码缓存获取: #{cert_url}\e[0m" if ENV['PINDO_DEBUG']
  end
  @@password_cache[cert_url]
end

.get_cert_info(cer_certificate) ⇒ Object 



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'lib/pindo/module/cert/cert_helper.rb', line 39

def get_cert_info(cer_certificate)
  # can receive a certificate path or the file data
  begin
    if File.exist?(cer_certificate)
      cer_certificate = File.binread(cer_certificate)
    end
  rescue ArgumentError
    # cert strings have null bytes; suppressing output
  end

  cert = OpenSSL::X509::Certificate.new(cer_certificate)

  # openssl output:
  # subject= /UID={User ID}/CN={Certificate Name}/OU={Certificate User}/O={Organisation}/C={Country}
  cert_info = cert.subject.to_s.gsub(/\s*subject=\s*/, "").tr("/", "\n")
  out_array = cert_info.split("\n")
  openssl_keys_to_readable_keys = {
    'UID' => 'User ID',
    'CN' => 'Common Name',
    'OU' => 'Organisation Unit',
    'O' => 'Organisation',
    'C' => 'Country',
    'notBefore' => 'Start Datetime',
    'notAfter' => 'End Datetime'
  }

  return out_array.map { |x| x.split(/=+/) if x.include?("=") }
                    .compact
                    .map { |k, v| [openssl_keys_to_readable_keys.fetch(k, k), v] }
                    .push([openssl_keys_to_readable_keys.fetch("notBefore"), cert.not_before])
                    .push([openssl_keys_to_readable_keys.fetch("notAfter"), cert.not_after])
rescue => ex
  raise Informative, "get_cert_info: #{ex}"
  return {}
end

.install_certs(cert_url: nil, certs_dir: nil, cert_type: nil, platform_type: nil) ⇒ Object 



90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
 
# File 'lib/pindo/module/cert/cert_helper.rb', line 90

def install_certs(cert_url:nil, certs_dir:nil, cert_type:nil, platform_type:nil)

  cert_git_dir = cert_type.downcase
  if platform_type.downcase.eql?("macos")
    if cert_type.downcase.include?("development")
      cert_git_dir = "development"
    elsif cert_type.downcase.eql?("appstore")
      cert_git_dir = "distribution"
    else
      cert_git_dir = "developer_id_application"
    end
  else
    if !cert_type.downcase.include?("development")
      cert_git_dir = "distribution"
    end
  end

  certs = Dir[File.join(certs_dir, "certs", cert_git_dir.to_s, "*.cer")]
  keys = Dir[File.join(certs_dir, "certs", cert_git_dir.to_s, "*.p12")]

  if certs.count == 0 || keys.count == 0
    raise Informative, "No certificates found in #{certs_dir}"
  else
    output_dir = Dir.mktmpdir

    decrypt_password = CertHelper.get_cached_password(cert_url)
    Funlog.instance.fancyinfo_start("正在安装证书...")

    cert_path = AESHelper.decrypt_specific_file(src_file: certs.first, password:decrypt_password, output_dir: output_dir)
    if cert_path.nil? || cert_path.empty? || !File.exist?(cert_path)
      AESHelper.delete_password(keychain_name:cert_url)
      # 清除内存中的密码缓存,避免重复使用错误密码
      @@password_cache.delete(cert_url)
      raise Informative, "证书解析失败,密码错误!"
    end

    key_path = AESHelper.decrypt_specific_file(src_file: keys.first, password:decrypt_password, output_dir: output_dir)
    if key_path.nil? || key_path.empty? || !File.exist?(key_path)
      AESHelper.delete_password(keychain_name:cert_url)
      # 清除内存中的密码缓存,避免重复使用错误密码
      @@password_cache.delete(cert_url)
      raise Informative, "证书解析失败,密码错误!"
    end

    unless is_cert_valid?(cert_path)
      raise Informative, "证书已经过期,请重新生产新证书!"
    end


    if isMac?

      keychain_name = "login.keychain"
      if FastlaneCore::CertChecker.installed?(cert_path, in_keychain: nil)
        Funlog.instance.fancyinfo_success("证书#{File.basename(cert_path)}已安装,无需重复安装!")
      else

        cert_password = Pindoconfig.instance.cert_key_password
        keychain = 'login.keychain'
        keychain_path = FastlaneCore::Helper.keychain_path(keychain)

        KeychainHelper.import_file(cert_path, keychain_path, keychain_password: cert_password, certificate_password:'' )
        KeychainHelper.import_file(key_path, keychain_path, keychain_password: cert_password, certificate_password: '')

        Funlog.instance.fancyinfo_success("证书'#{File.basename(cert_path)}'安装完成!")

      end
    else
      Funlog.instance.fancyinfo_error("非Mac电脑不支持安装证书!")
    end

  end
end

.install_provisionfiles(cert_url: nil, certs_dir: nil, bundle_id_map: nil, cert_type: nil, platform_type: nil) ⇒ Object 



163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
 
# File 'lib/pindo/module/cert/cert_helper.rb', line 163

def install_provisionfiles(cert_url:nil, certs_dir:nil, bundle_id_map:nil, cert_type:nil, platform_type:nil)

  cert_sub_dir = cert_type.downcase
  provision_start_name = "Development"
  provision_extension_name = ".mobileprovision"

  if platform_type.downcase.include?("macos")
    provision_extension_name = ".provisionprofile"

    if cert_type.downcase.include?("development")
      provision_start_name = "Development"
      cert_sub_dir = cert_type.downcase
    elsif cert_type.downcase.eql?("appstore")
      provision_start_name = "AppStore"
      cert_sub_dir = "appstore"
    else
      provision_start_name = "Direct"
      cert_sub_dir = "developer_id"
    end
  else
    provision_extension_name = ".mobileprovision"
    if cert_type.downcase.include?("development")
      provision_start_name = "Development"
      cert_sub_dir = cert_type.downcase
    elsif cert_type.downcase.include?("adhoc")
      provision_start_name = "Adhoc"
      cert_sub_dir = "adhoc"
    else
      provision_start_name = "AppStore"
      cert_sub_dir = "appstore"
    end
  end

  Funlog.instance.fancyinfo_start("正在安装#{provision_start_name}  #{platform_type} Provisioning Profiles...")

  un_exist_files = []
  provisioning_info_array = []

  # 在循环外获取密码,避免重复添加到Keychain
  decrypt_password = CertHelper.get_cached_password(cert_url)

  bundle_id_map.each do |type, bundle_id_temp|
    profile_filename = File.join(certs_dir, "profiles", cert_sub_dir, [provision_start_name.to_s, bundle_id_temp].join('_') + provision_extension_name)
    unless File.exist?(profile_filename)
      un_exist_files << profile_filename
      next
    end
    # puts "正在安装 #{bundle_id_temp}..."
    output_dir = Dir.mktmpdir
    file_decrypt = AESHelper.decrypt_specific_file(src_file: profile_filename, password:decrypt_password, output_dir: output_dir)
    destpath = Provisioninghelper.install(file_decrypt)
    parsed_data = Provisioninghelper.parse(destpath)

    provisioning_info = {}
    provisioning_info['type'] = type
    provisioning_info['bundle_id'] = bundle_id_temp
    provisioning_info['profile_name'] = parsed_data['Name']
    provisioning_info['profile_path'] = destpath

    cert_info = get_cert_info(parsed_data["DeveloperCertificates"].first.string).to_h
    provisioning_info['signing_identity'] = cert_info["Common Name"]
    provisioning_info['team_id'] = parsed_data["TeamIdentifier"].first

    # puts JSON.pretty_generate(provisioning_info)
    provisioning_info_array << provisioning_info
  end

  Funlog.instance.fancyinfo_success("#{provision_start_name} #{platform_type} Provisioning Profiles文件安装完成!")

  if un_exist_files.size > 0
    Funlog.instance.fancyinfo_error("证书 #{provision_start_name}  #{platform_type} Provisioning Profiles文件不存在!")
    raise Informative, "The following profiles do not exist: #{un_exist_files.join(', ')}"
  end

  return provisioning_info_array
end

.is_cert_valid?(cer_certificate_path) ⇒ Boolean

Returns:

  • (Boolean) 


80
81
82
83
84
 
# File 'lib/pindo/module/cert/cert_helper.rb', line 80

def is_cert_valid?(cer_certificate_path)
  cert = OpenSSL::X509::Certificate.new(File.binread(cer_certificate_path))
  now = Time.now.utc
  return (now <=> cert.not_after) == -1
end

.isMac?Boolean

Returns:

  • (Boolean) 


86
87
88
 
# File 'lib/pindo/module/cert/cert_helper.rb', line 86

def isMac?
  (/darwin/ =~ RUBY_PLATFORM) != nil
end

.select_cert_or_key(paths:) ⇒ Object 



75
76
77
78
 
# File 'lib/pindo/module/cert/cert_helper.rb', line 75

def select_cert_or_key(paths:)
  cert_id_path = ENV['MATCH_CERTIFICATE_ID'] ? paths.find { |path| path.include?(ENV['MATCH_CERTIFICATE_ID']) } : nil
  cert_id_path || paths.last
end