motion-provisioning 0.0.1

data/lib/motion-provisioning/mobileprovision.rb

@@ -0,0 +1,84 @@
+module MotionProvisioning
+  # Represents a .mobileprobision file on disk
+  class MobileProvision
+
+    attr_accessor :hash, :enabled_services, :certificates
+
+    # @param path (String): Path to the .mobileprovision file
+    def initialize(path)
+      file = File.read(path)
+      start_index = file.index("<?xml")
+      end_index = file.index("</plist>") + 8
+      length = end_index - start_index
+      self.hash = Plist::parse_xml(file.slice(start_index, length))
+      self.certificates = []
+      self.enabled_services = []
+
+      entitlements_keys = hash['Entitlements'].keys
+      Service.constants.each do |constant_name|
+        service = Service.const_get(constant_name)
+        keys = service.mobileprovision_keys
+        if (keys - entitlements_keys).empty?
+          self.enabled_services << service
+        end
+      end
+
+      hash['DeveloperCertificates'].each do |certificate|
+        self.certificates << certificate.read
+      end
+    end
+
+    def name
+      hash['Name']
+    end
+
+    def devices
+      hash['ProvisionedDevices'].map(&:downcase)
+    end
+
+    # Checks wether the .mobileprovision file is valid by checking its
+    # expiration date, entitlements and certificates
+    # @param certificate (String): Path to the certificate file
+    # @param app_entitlements (Hash): A hash containing the app's entitlements
+    # @return Boolean
+    def valid?(certificate, app_entitlements)
+      return false if hash['ExpirationDate'] < DateTime.now
+
+      # entitlements = hash['Entitlements']
+      # # Remove entitlements that are not relevant for
+      # # Always true in development mobileprovision
+      # entitlements.delete('get-task-allow')
+      # # Always true in distribution mobileprovision
+      # entitlements.delete('beta-reports-active')
+      # entitlements.delete('application-identifier')
+      # entitlements.delete('com.apple.developer.team-identifier')
+      # # Always present, usually "$teamidentifier.*"
+      # entitlements.delete('keychain-access-groups')
+      # entitlements.delete('aps-environment')
+
+      # if app_entitlements != entitlements
+      #   missing_in_app = entitlements.to_a - app_entitlements.to_a
+      #   if missing_in_app.any?
+      #     Utils.log("Error", "These entitlements are present in the provisioning profile but not in your app configuration:")
+      #     puts missing_in_app
+      #   end
+
+      #   missing_in_profile = app_entitlements.to_a - entitlements.to_a
+      #   if missing_in_profile.any?
+      #     Utils.log("Error", "These entitlements are present in your app configuration but not in your provisioning profile:")
+      #     puts missing_in_profile
+      #   end
+
+      #   return false
+      # end
+
+      if !certificates.include?(File.read(certificate))
+        Utils.log("Warning", "Your provisioning profile does not include your certificate. Repairing...")
+        return false
+      end
+
+      true
+    end
+
+  end
+end

data/lib/motion-provisioning/provisioning_profile.rb

@@ -0,0 +1,136 @@
+module MotionProvisioning
+  class ProvisioningProfile
+
+    attr_accessor :type, :platform
+
+    def client
+      MotionProvisioning.client
+    end
+
+    def provisioning_profile(bundle_id, app_name, platform, type)
+      self.type = type
+      self.platform = platform
+      provisioning_profile_path = File.expand_path("./provisioning/#{bundle_id}_#{platform}_#{type}_provisioning_profile.mobileprovision")
+      provisioning_profile_name = "(MotionProvisioning) #{bundle_id} #{platform} #{type}"
+      certificate_type = type == :development ? :development : :distribution
+      certificate_platform = platform == :mac ? :mac : :ios
+      certificate_path = File.expand_path("./provisioning/#{certificate_platform}_#{certificate_type}_certificate.cer")
+      if !File.exist?(certificate_path)
+        Utils.log('Error', "Couldn't find the certificate in path '#{certificate_path}'.")
+        Utils.log('Error', "Make sure you're configuring the certificate *before* the provisioning profile in the Rakefile.")
+        abort
+      end
+
+      # Create the folder to store the certs
+      FileUtils.mkdir_p(File.expand_path('./provisioning'))
+
+      if File.exist?(provisioning_profile_path) && ENV['recreate_profile'].nil?
+        mobileprovision = MobileProvision.new(provisioning_profile_path)
+        if mobileprovision.valid?(certificate_path, MotionProvisioning.entitlements)
+          Utils.log('Info', "Using provisioning profile '#{mobileprovision.name}'.")
+          return provisioning_profile_path
+        end
+      end
+
+      # ensure a client is created and logged in
+      client
+
+      app = Application.find_or_create(bundle_id: bundle_id, name: app_name, mac: platform == :mac)
+
+      profile = profile_type.find_by_bundle_id(bundle_id, mac: platform == :mac).detect do |profile|
+        next if profile.platform.downcase.include?("tvos") && platform != :tvos
+        next if !profile.platform.downcase.include?("tvos") && platform == :tvos
+        profile.name == provisioning_profile_name
+      end
+
+      # Offer to register devices connected to the current computer
+      force_repair = false
+      if [:development, :adhoc].include?(type) && [:ios, :tvos].include?(platform)
+        ids = `/Library/RubyMotion/bin/ios/deploy -D`.split("\n")
+
+        # If there is a profile, we check the device is included.
+        # Otherwise check if the device is registered in the Developer Portal.
+        if profile
+          profile_devices = profile.devices.map(&:udid)
+          ids.each do |id|
+            next if profile_devices.include?(id.downcase)
+            answer = Utils.ask("Info", "This computer is connected to an iOS device with ID '#{id}' which is not included in the profile. Do you want to register it? (Y/n):")
+            if answer.downcase == 'y'
+              Utils.log('Info', "Registering device with ID '#{id}'")
+              Spaceship::Portal::Device.create!(name: 'iOS Device', udid: id)
+              force_repair = true
+            end
+          end
+        else
+          ids.each do |id|
+            existing = Spaceship::Portal::Device.find_by_udid(id)
+            next if existing
+            answer = Utils.ask("Info", "This computer is connected to an iOS device with ID '#{id}' which is not registered in the Developer Portal. Do you want to register it? (Y/n):")
+            if answer.downcase == 'y'
+              Utils.log('Info', "Registering device with ID '#{id}'")
+              client.create_device!('iOS Device', id)
+            end
+          end
+        end
+      end
+
+      certificates = if type == :development
+          client.development_certificates(mac: platform == :mac).map { |c| Spaceship::Portal::Certificate.factory(c) }
+        else
+          certificate_platform = platform == :mac ? :mac : :ios
+          certificate_sha1 = OpenSSL::Digest::SHA1.new(File.read(File.expand_path("./provisioning/#{certificate_platform}_distribution_certificate.cer")))
+          cert = client.distribution_certificates(mac: platform == :mac).detect do |c|
+            OpenSSL::Digest::SHA1.new(c['certContent'].read) == certificate_sha1
+          end
+
+          if cert.nil?
+            Utils.log('Error', 'Your distribution certificate is invalid. Recreate it by setting the env variable "recreate_certificate=1" and running the command again.')
+            abort
+          end
+
+          # Distribution profiles can only contain one certificate
+          [Spaceship::Portal::Certificate.factory(cert)]
+        end
+
+      if profile.nil?
+        sub_platform = platform == :tvos ? 'tvOS' : nil
+        Utils.log('Info', 'Could not find any existing profiles, creating a new one.')
+
+        begin
+          profile = profile_type.create!(name: provisioning_profile_name, bundle_id: bundle_id,
+            certificate: certificates , devices: nil, mac: platform == :mac, sub_platform: sub_platform)
+        rescue => ex
+          if ex.to_s.include?("Your team has no devices")
+            Utils.log("Error", "Your team has no devices for which to generate a provisioning profile. Connect a device to use for development or manually add device IDs by running: rake \"motion-provisioning:add-device[device_name,device_id]\"")
+            abort
+          end
+          raise ex
+        end
+      elsif profile.status != 'Active' || profile.certificates.map(&:id) != certificates.map(&:id) || force_repair
+        Utils.log('Info', "Repairing provisioning profile '#{profile.name}'.")
+        profile.certificates = certificates
+        devices = case platform
+          when :tvos then Spaceship::Device.all_apple_tvs
+          when :mac then Spaceship::Device.all_macs
+          else Spaceship::Device.all_ios_profile_devices
+          end
+        profile.devices = type == :distribution ? [] : devices
+        profile = profile.repair!
+      end
+
+      Utils.log('Info', "Using provisioning profile '#{profile.name}'.")
+      File.write(provisioning_profile_path, profile.download)
+      provisioning_profile_path
+    end
+
+    # The kind of provisioning profile we're interested in
+    def profile_type
+      return @profile_type if @profile_type
+      @profile_type = Spaceship.provisioning_profile.app_store
+      @profile_type = Spaceship.provisioning_profile.in_house if client.in_house?
+      @profile_type = Spaceship.provisioning_profile.ad_hoc if self.type == :adhoc
+      @profile_type = Spaceship.provisioning_profile.development if self.type == :development
+      @profile_type
+    end
+  end
+end

data/lib/motion-provisioning/spaceship/free_portal_client.rb

@@ -0,0 +1,123 @@
+module Spaceship
+  class FreePortalClient < Spaceship::PortalClient
+
+    def create_provisioning_profile!(name, distribution_method, app_id, certificate_ids, device_ids, mac: false, sub_platform: nil)
+      ensure_csrf
+
+      params = {
+        teamId: team_id,
+        appIdId: app_id,
+      }
+
+      r = request_plist(:post, "https://developerservices2.apple.com/services/QH65B2/#{platform_slug(mac)}/downloadTeamProvisioningProfile.action", params)
+      parse_response(r, 'provisioningProfile')
+    end
+
+    def download_provisioning_profile(profile_id, mac: false)
+      r = request_plist(:post, "https://developerservices2.apple.com/services/QH65B2/#{platform_slug(mac)}/downloadProvisioningProfile.action", {
+        teamId: team_id,
+        provisioningProfileId: profile_id
+      })
+      a = parse_response(r, 'provisioningProfile')
+      if a['encodedProfile']
+        a['encodedProfile'].read
+      end
+    end
+
+    def devices(mac: false)
+      paging do |page_number|
+        r = request_plist(:post, "https://developerservices2.apple.com/services/QH65B2/#{platform_slug(mac)}/listDevices.action", {
+          teamId: team_id,
+          pageNumber: page_number,
+          pageSize: page_size,
+          sort: 'name=asc'
+        })
+        parse_response(r, 'devices')
+      end
+    end
+
+    def create_device!(device_name, device_id, mac: false)
+      req = request_plist(:post, "https://developerservices2.apple.com/services/#{PROTOCOL_VERSION}/#{platform_slug(mac)}/addDevice.action", {
+	teamId: team_id,
+	deviceNumber: device_id,
+	name: device_name
+      })
+
+      parse_response(req, 'device')
+    end
+
+    def apps(mac: false)
+      paging do |page_number|
+
+        r = request_plist(:post, "https://developerservices2.apple.com/services/QH65B2/#{platform_slug(mac)}/listAppIds.action?clientId=XABBG36SBA", {
+          teamId: team_id,
+          pageNumber: page_number,
+          pageSize: page_size,
+          sort: 'name=asc'
+        })
+        parse_response(r, 'appIds')
+      end
+    end
+
+    def details_for_app(app)
+      r = request_plist(:post, "https://developerservices2.apple.com/services/QH65B2/#{platform_slug(app.mac?)}/getAppIdDetail.action", {
+        teamId: team_id,
+        identifier: app.app_id
+      })
+      parse_response(r, 'appId')
+    end
+
+    def create_app!(type, name, bundle_id, mac: false)
+      params = {
+        identifier: bundle_id,
+        name: name,
+        teamId: team_id
+      }
+
+      ensure_csrf
+
+      r = request_plist(:post, "https://developerservices2.apple.com/services/QH65B2/#{platform_slug(mac)}/addAppId.action?clientId=XABBG36SBA", params)
+      parse_response(r, 'appId')
+    end
+
+    def revoke_development_certificate(serial_number, mac: false)
+      r = request_plist(:post, "https://developerservices2.apple.com/services/QH65B2/#{platform_slug(mac)}/revokeDevelopmentCert.action?clientId=XABBG36SBA", {
+        teamId: team_id,
+        serialNumber: serial_number,
+      })
+      parse_response(r, 'certRequests')
+    end
+
+    def create_development_certificate(csr, mac: false)
+      ensure_csrf
+
+      r = request_plist(:post, "https://developerservices2.apple.com/services/QH65B2/#{platform_slug(mac)}/submitDevelopmentCSR.action?clientId=XABBG36SBA&teamId=#{team_id}", {
+        teamId: team_id,
+        csrContent: csr
+      })
+
+      parse_response(r, 'certRequest')
+    end
+
+    private
+
+    def ensure_csrf
+      if csrf_tokens.count == 0
+        # If we directly create a new resource (e.g. app) without querying anything before
+        # we don't have a valid csrf token, that's why we have to do at least one request
+        teams
+      end
+    end
+
+    def request_plist(method, url_or_path = nil, params = nil, headers = {}, &block)
+      headers['X-Xcode-Version'] = '7.3.1 (7D1014)'
+      headers['Content-Type'] = 'text/x-xml-plist'
+      params = params.to_plist if params
+      headers.merge!(csrf_tokens)
+      headers['User-Agent'] = USER_AGENT
+      response = send_request(method, url_or_path, params, headers, &block)
+      return response
+    end
+
+  end
+end

data/lib/motion-provisioning/spaceship/portal_client.rb

@@ -0,0 +1,34 @@
+module Spaceship
+  class PortalClient < Spaceship::Client
+
+    def distribution_certificates(mac: false)
+      paging do |page_number|
+        r = request(:post, "https://developerservices2.apple.com/services/QH65B2/#{platform_slug(mac)}/downloadDistributionCerts.action?clientId=XABBG36SBA&teamId=#{team_id}")
+        parse_response(r, 'certificates')
+      end
+    end
+
+    def development_certificates(mac: false)
+      paging do |page_number|
+        r = request(:post, "https://developerservices2.apple.com/services/QH65B2/#{platform_slug(mac)}/listAllDevelopmentCerts.action?clientId=XABBG36SBA&teamId=#{team_id}")
+        parse_response(r, 'certificates')
+      end
+    end
+
+    # Fix a bug in Fastlane where the slug is hardcoded to ios
+    def create_certificate!(type, csr, app_id = nil)
+      ensure_csrf
+
+      mac = Spaceship::Portal::Certificate::MAC_CERTIFICATE_TYPE_IDS.keys.include?(type)
+
+      r = request(:post, "account/#{platform_slug(mac)}/certificate/submitCertificateRequest.action", {
+        teamId: team_id,
+        type: type,
+        csrContent: csr,
+        appIdId: app_id # optional
+      })
+      parse_response(r, 'certRequest')
+    end
+
+  end
+end

data/lib/motion-provisioning/tasks.rb

@@ -0,0 +1,14 @@
+require 'rake'
+namespace 'motion-provisioning' do
+  desc 'Add a device to the provisioning portal: rake "motion-provisioning:add-device[device_name,device_id]"'
+  task 'add-device', [:name, :id] do |t, args|
+    name = args[:name]
+    id = args[:id]
+    if name.nil? || id.nil?
+      puts "Missing device name or id."
+      puts "Syntax: rake \"motion-provisioning:add-device[device_name,device_id]\""
+      exit
+    end
+    MotionProvisioning.client.create_device!(name, id)
+  end
+end

data/lib/motion-provisioning/utils.rb

@@ -0,0 +1,59 @@
+module MotionProvisioning
+  module Utils
+    module_function
+    def log(what, msg)
+      require 'thread'
+      @print_mutex ||= Mutex.new
+      # Because this method can be called concurrently, we don't want to mess any output.
+      @print_mutex.synchronize do
+        $stderr.puts(what(what) + ' ' + msg)
+      end
+    end
+
+    def ask(what, question)
+      what = "\e[1m" + what.rjust(10) + "\e[0m" # bold
+      $stderr.print(what(what) + ' ' + question + ' ')
+      $stderr.flush
+
+      result = $stdin.gets
+      result.chomp! if result
+      result
+    end
+
+    def ask_password(what, question)
+      require 'io/console' # needed for noecho
+
+      # Save current buffering mode
+      buffering = $stderr.sync
+
+      # Turn off buffering
+      $stderr.sync = true
+      `stty -icanon`
+
+      begin
+        $stderr.print(what(what) + ' ' + question + ' ')
+        $stderr.flush
+        pw = ""
+
+        $stderr.noecho do
+          while ( char = $stdin.getc ) != "\n" # break after [Enter]
+            putc "*"
+            pw << char
+          end
+        end
+      ensure
+        print "\n"
+      end
+
+      # Restore original buffering mode
+      $stderr.sync = buffering
+
+      `stty -icanon`
+      pw
+    end
+
+    def what(what)
+      "\e[1m" + what.rjust(10) + "\e[0m" # bold
+    end
+  end
+end