ipa_utilities 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: dd225108fd52aee28d1e055391c0d5f0ddca5706
+  data.tar.gz: 9be62f69f6eef418085b630d5eaf017ece66fb65
+SHA512:
+  metadata.gz: 01811aa704bac5d8c1f4a7d59aa6c9e4447795eace874e5ad657a0af17d8a4cd724ad28eaba94bd7c1508b9b0e650dcf2e1fcaa4302f03ca0d514f071a2fe757
+  data.tar.gz: 8460af87b77f427a1a58d88d6aca7446badfc760629d5b9426c14f80ea25b3b65cb117e190a40bded7732e313e461b59e62148cbe6e0f33a357ba3443889cd2f

data/Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,24 @@
+PATH
+  remote: .
+  specs:
+    ipa_utilities (0.0.1)
+      CFPropertyList (~> 2.2)
+      colorize (~> 0.7)
+      commander (~> 4.1)
+      json (~> 1.8)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    CFPropertyList (2.2.8)
+    colorize (0.7.3)
+    commander (4.2.0)
+      highline (~> 1.6.11)
+    highline (1.6.21)
+    json (1.8.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  ipa_utilities!

data/README.md

@@ -0,0 +1,95 @@
+# ipa_utilities
+
+Simple ruby gem to execute common ipa utilities, such as verify integrity, convert certificate formats, re-signs an ipa using a new provision profile and more.
+
+## Installation
+
+    $ gem install ipa_utilities
+    
+## Command Line Tool
+`ipa_utilities` is available as a command line tool. the main functionalities are described bellow:
+
+For help use
+
+	ipa_utilities -h
+	# works for any of the verbs bellow
+	ipa_utilities verify -h
+	
+#### verify
+ipa_utilities verify verb is used to verify the integrity and signature of an ipa file
+
+	ipa_utilities verify ipa_path	
+	ipa_utilities verify ipa_path -c apns_certificate_path
+	ipa_utilities verify ipa_path -c apns_certificate_path -d device_UDID
+	
+By using the `-c apns_certificate_path` you can cross reference the ipa APNS environment with the APNS_Certificate passed
+
+By passing a device UDID using `-d UDID` option, you can verify if the UDID is included in the embedded provision profile
+
+#### certificate
+
+	ipa_utilities certificate ipa_path
+This command will return the name of the APNS certificate that will be used with for the current ipa, it will also search the keychain for the existence of the certificate returned
+
+#### convert
+
+	ipa_utilities convert p12_path
+Convert verb helps in converting a P12 formatted identity file to a PEM file to be used with your APNS server implementation
+
+Use `-o out_path` to select the save location
+
+#### resign
+	
+	ipa_utilities resign ipa_path -p new_provision_path
+Re-Signs the ipa using the new `new_provision_path`
+
+Use `-o out_path` to select the save location
+
+## Ruby Classes
+
+#### `IpaUtilities`
+`IpaUtilities` contains high level ipa bound operations:
+
+	ipa = IpaUtilities.new ipa_path
+
+- `ipa.unzip` to unzip the ipa
+- `ipa.zip path` zip the ipa to a specific location
+- `ipa.verifyCodeSign` verifies the code sign for the unzipped ipa
+- `ipa.parse` create and return a `ProvisionParser` object that is used to query the embedded provision profile
+
+#### `ProvisionParser`
+`ProvisionParser` used to query a provision profile
+
+	parser = ProvisionParser.new provision_profile_path
+
+- `parser.uuid` returns the UUID of the provision profile
+- `parser.signingIdentities` returns the signing identities from the certificate object within the the provision profile
+- `parser.certificates` returns the array of the certificates
+- `parser.provisionedDevices` returns array of devices included in the provision profile
+- `parser.isAPNSProduction` reads the entitlements and checks for APNS environment
+- `parser.isBuildRelease`, `isBuildStoreDistribution` reads `get-task-allow` fro the - entitlements
+- `parser.appBundleID` returns the 
+- `parser.teamName` returns the team name
+- `parser.teamIdentifier` returns the team identifier
+
+#### `PemParser`
+`PemParser` reads a PEM formatted certificate files
+	
+	pem = PemParser.new pem_path
+	
+- `name` the common name of the certificate
+- `isAPNS` checks if the pem is APNS
+- `isProduction` check if the certificate is for production
+- `bundleID` return the bundle id from the certificate
+
+## Contact
+
+Omar Abdelhafith
+
+- http://nsomar.com
+- http://twitter.com/ifnottrue
+- o.arrabi@me.com
+
+## License
+
+ipa_utilities is available under the MIT license.

data/bin/ipa_utilities

@@ -0,0 +1,256 @@
+#!/usr/bin/env ruby
+
+require 'commander/import'
+require 'colorize'
+require 'ipa_utilities'
+
+HighLine.track_eof = false
+Signal.trap("INT") {}
+
+program :version, IpaVersion::VERSION
+program :description, 'A command-line interface for dealing with ipas'
+
+program :help, 'Author', 'Omar Abdelhafith <o.arrabi@me.com>'
+program :help, 'Website', 'http://nsomar.com'
+program :help_formatter, :compact
+
+global_option('--verbose') { $verbose = true }
+$verbose = true
+
+default_command :help
+
+command :verify do |c|
+  c.syntax = 'ipa_utils verify ipa_path [...]'
+  c.summary = 'Verifies the ipa provision and signature information'
+
+  c.example 'description', 'ipa_utils verify ipa_path'
+  c.option '-c', '--certificate certificate', 'Path of the push notification PEM certificate'
+  c.option '-d', '--device udid', 'UDID of device to check if its included in embedded provision profile'
+
+  c.action do |args, options|
+
+    path = checkArgs args, "ipa"
+    exit unless path
+
+    certificate = options.certificate
+    device = options.device
+
+    begin
+      errors = 0
+      puts
+
+      ipa = IpaUtilities.new path
+      ipa.unzipAndParse
+
+      parser = ipa.provisionParser
+
+      puts "Reading general information"
+      puts "Application Bundle ID " + parser.appBundleID.green
+      puts "APNS Enviroment: " + parser.apnsEnviroment.green
+      puts "App Enviroment: " + parser.buildEnviroment.green
+      puts
+
+      puts "Verifying bundle signature " + ipa.verifyCodeSign
+
+      status = parser.isAPNSandAppSameEnviroment ? "Yes".green : "No".red
+      puts "Checking embedde provision profile APNS Entitlement vs App enviroments"
+      puts "Is App and APNS on same enviroment: " + status
+
+      if parser.isAPNSandAppSameEnviroment
+        gateway = parser.isAPNSProduction ? "gateway.push.apple.com:2195".green : "gateway.sandbox.push.apple.com:2195".green
+        puts "APNS connection gateway: " + gateway
+      else
+        appStatus = parser.isBuildRelease ? "false (Release)" : "true (debug)"
+        apnStatus = parser.apnsEnviroment
+        puts "The application was build with get-task-allow set to #{appStatus} while the aps-environment is set to #{apnStatus}, To fix this issue regenerated the provision profile from apple developer then rebuild the app using it".red
+        errors += 1
+      end
+
+      if certificate
+        puts
+        puts "Checking certificates"
+        # puts parser.signingIdentities
+        pem = PemParser.new certificate
+
+        if pem.isAPNS
+          puts "Certificate Name " + pem.name.green
+          puts "Certificate Enviroment: " + "#{pem.enviroment}".green
+          puts "Certificate Bundle ID: " + "#{pem.bundleID}".green
+
+          status = parser.appBundleID == pem.bundleID ? "Yes".green : "No".red
+          errors += 1 if parser.appBundleID != pem.bundleID
+
+          puts "Certificate bundleId identical to app #{status}"
+
+          status = pem.isProduction == parser.isAPNSProduction ? "Yes".green : "No".red
+          puts "Is provided certificate correct for passed ipa: " + status
+
+          if pem.isProduction != parser.isAPNSProduction
+            puts "The application was build with a provision profile containing aps-environment in #{apnStatus} enviroment while the passed certificate environment is set to #{pem.enviroment}\nTo fix this issue either export the correct iOS Push #{pem.enviroment} certificate from keychain or rebuild your app with the correct provision profile".red
+            errors += 1
+          end
+        else
+          apnStatus = parser.apnsEnviroment
+          puts "The passed certificate is not an APNS certificate".red
+          errors += 1
+        end
+
+      end
+
+      if device
+        puts
+        puts "Checking provisioned devices"
+
+        if parser.isBuildDistro
+          puts "Distribution build do not contain provisioned devices".red
+          errors += 1
+        else
+          puts "Embedded profile contains " + "#{parser.provisionedDevices.count}".green + " devices"
+          status = parser.provisionedDevices.include?(device) ? "Device with UDID #{device} found".green :
+            "Device with UDID #{device} not found".red
+          puts status
+          errors += 1 if !parser.provisionedDevices.include?(device)
+        end
+      end
+
+      puts
+      puts "No errors encountered".green if errors == 0
+      puts "#{errors} errors encountered!".red if errors > 0
+
+    ensure
+      ipa.cleanUp
+    end
+  end
+end
+
+command :convert do |c|
+  c.syntax = 'ipa_utils convert p12_path [...]'
+  c.summary = 'Convert a p12 to PEM'
+
+  c.example 'description', 'ipa_utils convert p12_file_path'
+  c.option '-o', '--out outpath', 'Out put file for the Pem file'
+  # c.option '-d', '--device udid', 'UDID of device to check if its included in embedded provision profile'
+
+  c.action do |args, options|
+
+    path = checkArgs args, "p12"
+    exit unless path
+
+    outpath = options.out || "~/Desktop/out.pem"
+
+    begin
+
+      puts
+      puts "Converting P12 to Pem"
+      system "openssl pkcs12 -in #{path} -out #{outpath} -nodes -clcerts"
+      puts "Pem saved at " + outpath.green
+
+    ensure
+
+    end
+  end
+end
+
+command :certificate do |c|
+  c.syntax = 'ipa_utils certificate ipa [...]'
+  c.summary = 'fetch the correct push identity from the provided ipa (WIP)'
+
+  c.example 'description', 'ipa_utils certificate ipa_path (WIP)'
+
+  c.action do |args, options|
+
+    path = checkArgs args, "ipa"
+    exit unless path
+
+    begin
+      #Todo
+      puts
+      ipa = IpaUtilities.new path
+      ipa.unzipAndParse
+      parser = ipa.provisionParser
+
+      apnsEnviroment = parser.isAPNSProduction ? "Production" : "Development"
+      identityName = "Apple #{apnsEnviroment} IOS Push Services: #{parser.appBundleID}"
+
+      puts "Searching Keychain for identity " + identityName.green
+
+      identities = `security find-identity -v -p ssl-client`
+      puts "Item found please export it from your keychain".green if identities.lines.index{|s| s.include?(identityName)}
+      puts "Item couldnt be found in your keychain".red if !identities.lines.index{|s| s.include?(identityName)}
+
+    ensure
+      ipa.cleanUp
+    end
+  end
+end
+
+command :resign do |c|
+  c.syntax = 'ipa_utils resign ipa -p new_profile'
+  c.summary = 'Resigns the passed ipa to the new passed profile'
+
+  c.example 'description', 'ipa_utils certificate ipa_path -p profile'
+  c.option '-p', '--profile profile', 'Path of the provision profile to use'
+  c.option '-o', '--out outpath', 'Out put file for the Pem file'
+
+  c.action do |args, options|
+
+    puts
+
+    path = checkArgs args, "ipa"
+    exit unless path
+
+    profile = options.profile
+    if !profile
+      say_error "pass a profile with -p profile-path"
+      exit
+    end
+
+    exit unless checkFileExists "provision profile", profile
+
+    outpath = options.out || "~/Desktop/resigned.ipa"
+
+    begin
+
+      ipa = IpaUtilities.new path
+
+      ipa.unzipAndParse
+      ipa.deleteOldSignature
+
+      parser = ipa.provisionParser
+
+      puts "Copying the new provision profile to app bundle"
+      system "cp \"#{profile}\" \"Payload/#{ipa.bundleName}/embedded.mobileprovision\""
+
+      puts "Writing Entitlements.plist"
+      File.write "Entitlements.plist", parser.entitlementForSigning
+
+      buildName = parser.isBuildRelease ? "Distribution" : "Development"
+      system "codesign -s \"iPhone #{buildName}: #{parser.teamName} (#{parser.teamIdentifier})\" --entitlements Entitlements.plist \"Payload/DummyApp.app\" -f"
+
+      puts
+      ipa.zip outpath
+
+    ensure
+      ipa.cleanUp
+    end
+  end
+end
+
+def checkArgs args, title
+  if args.nil? || args.empty?
+    say_error "Path to #{title} is required"
+    return nil
+  end
+
+  checkFileExists title, args.first
+end
+
+def checkFileExists title, path
+
+  if !File.exist?path
+    say_error "Couldn't find #{title} with path #{path}"
+    return nil
+  end
+
+  path
+end

data/ipa_utilities.gemspec

@@ -0,0 +1,23 @@
+$:.push File.expand_path("../lib", __FILE__)
+require "ipa_utilities/version"
+
+Gem::Specification.new do |s|
+  s.name        = 'ipa_utilities'
+  s.version     =  IpaVersion::VERSION
+  s.date        = '2014-07-16'
+  s.summary     = "Utilities and library to handle useful ipa operations"
+  s.description = "ipa_utilities is a gem that helps in execute common ipa operations, such as verify, resign and others"
+  s.authors     = ["Omar Abdelhafith"]
+  s.email       = 'o.arrabi@me.com'
+  s.files       = Dir["./**/*"].reject { |file| file =~ /\.\/(bin|log|pkg|script|spec|test|vendor)/ }
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_dependency "commander", "~> 4.1"
+  s.add_dependency "json", '~> 1.8'
+  s.add_dependency "CFPropertyList", '~> 2.2'
+  s.add_dependency "colorize", '~> 0.7'
+
+  s.homepage    = 'http://nsomar.com'
+  s.license     = 'MIT'
+end

data/lib/ipa_utilities/IpaUtilities.rb

@@ -0,0 +1,63 @@
+require 'cfpropertylist'
+require 'pathname'
+require 'base64'
+require 'colorize'
+require 'ipa_utilities/Parsers'
+
+class IpaUtilities
+  attr :provisionParser
+
+  def initialize ipaPath
+    pn = Pathname.new(ipaPath)
+    @ipaPath = pn.dirname
+    @ipaName = pn.basename
+    @fullPath = ipaPath
+  end
+
+  def unzip
+    say "Unzipping " + @fullPath.green if $verbose
+    system "unzip #{@fullPath} > log.txt"
+  end
+
+  def zip path
+    say "Zipping " + @fullPath.green if $verbose
+    system "zip -qr \"_new.ipa\" Payload"
+    system "cp _new.ipa #{path}"
+    say "Resigned ipa saved at " + path.green if $verbose
+  end
+
+  def bundleName
+    Dir.entries("Payload").last
+  end
+
+  def verifyCodeSign
+    result = `codesign -v Payload/#{bundleName} 2>&1`
+    result.empty? ? "Signature Valid\n".green : "Signature Not Valid\n".red + result.red if $verbose
+  end
+
+  def parse
+    @provisionPath = "Payload/#{bundleName}/embedded.mobileprovision"
+    @provisionParser = ProvisionParser.new @provisionPath
+  end
+
+  def unzipAndParse
+    unzip
+    puts "App bundle name is " + bundleName.green if $verbose
+
+    parse
+    say "Reading provision profile at "+ @provisionPath.green if $verbose
+    puts if $verbose
+  end
+
+  def deleteOldSignature
+    system "rm -rf Payload/*.app/_CodeSignature"
+    puts "Deleting old code sign file" if $verbose
+  end
+
+  def cleanUp
+    system "rm -rf Payload"
+    system "rm -rf tmp.plist"
+    system "rm -rf Entitlements.plist"
+    system "rm -rf _new.ipa"
+  end
+end

data/lib/ipa_utilities/Parsers.rb

@@ -0,0 +1,138 @@
+class PemParser
+
+  def initialize file
+    @identity = PemParser.signingIdentitiesWithFile(file).first
+  end
+
+  def name
+    @identity
+  end
+
+  def isAPNS
+    @identity.include?("IOS Push Services")
+  end
+
+  def isProduction
+    !@identity.include?("Development")
+  end
+
+  def enviroment
+    isProduction ? "Production" : "Development (Sandbox)"
+  end
+
+  def bundleID
+    /: (.*?)$/.match(@identity).captures.first
+  end
+
+  def self.signingIdentitiesWithBase64 base64
+    string = "-----BEGIN CERTIFICATE-----\n"
+    string += base64
+    string += "-----END CERTIFICATE-----"
+
+    File.write("cer.pem", string)
+
+    pem = `openssl x509 -text -in cer.pem`
+
+    system "rm -rf cer.pem"
+
+    identity = /CN=(.*?),/.match(pem).captures
+    identity
+  end
+
+  def self.signingIdentitiesWithFile file
+    pem = `openssl x509 -text -in #{file}`
+    identity = /CN=(.*?),/.match(pem).captures
+    identity
+  end
+end
+
+class ProvisionParser
+
+  def initialize provisionPath
+    @provisionPath = provisionPath
+    parse
+  end
+
+  def parse
+    # read mobileprovision and convert it to plist
+    `security cms -D -i #{@provisionPath} > tmp.plist`
+
+    # Get info from plist
+    plist = CFPropertyList::List.new
+    plist = CFPropertyList::List.new(:file => "tmp.plist")
+    @data = CFPropertyList.native_types(plist.value)
+  end
+
+  def uuid
+    @data["UUID"]
+  end
+
+  def signingIdentities
+
+    arr = []
+
+    certificates.each do |var|
+      arr << PemParser.signingIdentitiesWithBase64(Base64.encode64(var))
+    end
+
+    arr
+  end
+
+  def certificates
+    @data["DeveloperCertificates"]
+  end
+
+  def provisionedDevices
+    @data["ProvisionedDevices"]
+  end
+
+  def isAPNSProduction
+    @data["Entitlements"]["aps-environment"] == "production"
+  end
+
+  def isBuildRelease
+    @data["Entitlements"]["get-task-allow"] == false
+  end
+
+  def isBuildDistro
+    @data["ProvisionedDevices"].nil?
+  end
+
+  def isAPNSandAppSameEnviroment
+    isBuildRelease == isAPNSProduction
+  end
+
+  def appBundleID
+    var = @data["Entitlements"]["application-identifier"]
+    var.slice!(@data["TeamIdentifier"].first + ".")
+    var
+  end
+
+  def teamName
+    @data["TeamName"]
+  end
+
+  def teamIdentifier
+    @data["Entitlements"]["com.apple.developer.team-identifier"]
+  end
+
+  def apnsEnviroment
+    isAPNSProduction ? "Production" : "Development (Sandbox)"
+  end
+
+  def buildEnviroment
+    if isBuildRelease
+      isBuildDistro ? "Distribution" : "AdHoc"
+    else
+      "Development"
+    end
+  end
+
+  def entitlementForSigning
+    filePath = File.expand_path "#{__FILE__}/../../resources/Original.Entitlements.plist"
+    file = File.read filePath
+    file.sub! "BUNDLE_ID", "#{teamIdentifier}.#{appBundleID}"
+    file.sub! "GET_TASK_ALLOW", isBuildRelease ? "false" : "true"
+  end
+
+end

data/lib/ipa_utilities/version.rb

@@ -0,0 +1,3 @@
+module IpaVersion
+  VERSION = "0.0.2"
+end

data/lib/ipa_utilities.rb

@@ -0,0 +1,3 @@
+require "ipa_utilities/IpaUtilities"
+require "ipa_utilities/Parsers"
+require "ipa_utilities/version"

data/lib/resources/Original.Entitlements.plist

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>application-identifier</key>
+    <string>BUNDLE_ID</string>
+    <key>get-task-allow</key>
+    <GET_TASK_ALLOW/>
+  </dict>
+</plist>

metadata

@@ -0,0 +1,111 @@
+--- !ruby/object:Gem::Specification
+name: ipa_utilities
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- Omar Abdelhafith
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-07-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: commander
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.1'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: CFPropertyList
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+description: ipa_utilities is a gem that helps in execute common ipa operations, such
+  as verify, resign and others
+email: o.arrabi@me.com
+executables:
+- ipa_utilities
+extensions: []
+extra_rdoc_files: []
+files:
+- "./Gemfile"
+- "./Gemfile.lock"
+- "./README.md"
+- "./ipa_utilities.gemspec"
+- "./lib/ipa_utilities.rb"
+- "./lib/ipa_utilities/IpaUtilities.rb"
+- "./lib/ipa_utilities/Parsers.rb"
+- "./lib/ipa_utilities/version.rb"
+- "./lib/resources/Original.Entitlements.plist"
+- bin/ipa_utilities
+homepage: http://nsomar.com
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.3.0
+signing_key: 
+specification_version: 4
+summary: Utilities and library to handle useful ipa operations
+test_files: []