motion-provisioning 1.0.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b943a1370641d985fcc5ff8b17e1d7d371972e491c8af1b2f34ebd9bbdb950ef
-  data.tar.gz: 322e1d8e91d79cad29bd87f07689b9290406e116e11d33c5155b125e53fb745f
+  metadata.gz: 48e42fb68d7a25eb15c82c1aa8a5b3a1c6e228ced5d59682f75a4c115a30fcae
+  data.tar.gz: 88e05257a72160fb218b36780c16ce6c9a93094a2121820f3294a80f7a7c79e2
 SHA512:
-  metadata.gz: b5f3fa4e86d33e2a03e4bb7f54b3d61242eeab905a0b3876df8bf9e698d3933fe237db8d49e1403570d5b33e87c21dfd4a4c4d6aacb8ad727bb2e7c2697f40d5
-  data.tar.gz: d135cf35c5cf17a2bfabd89d9a62073ad085c12bd2b05cbd11d67890c6dd77b7f4feecb975370d60ce8aaa769650f6c0985dc7e8454cb581644677783a9bbf77
+  metadata.gz: cd5e4c1d65e25e5d9ec9defb1b93a33296e09a7ee94aa1545430f387558089dc7e95da007ff87a9522ca5bca1534355cae5d3aa51c4b96b10b3767396895e58a
+  data.tar.gz: '0238f533575b8bb4f52d8ef38cfd6ce1480b3b11cd10018d5839d9bc04b5a0d0b5f75e3017051d2dfb6d9f747190e919dca3d51d788b65b48722c22fbdb86a5e'

data/README.md

@@ -170,6 +170,10 @@ After you create a new distribution certificate, share the
 corresponding `.cer` and `.p12` files located in the `provisioning`
 folder with your team members.
 
+After copying the files to the team member's `provisioning` directory,
+drag and drop the certificate file into the Keychain Access app's login
+keychain in order to install the certificate.
+
 ## Recreate certificates and profiles
 
 Once the certificates and profiles are cached in the `provisioning`
@@ -184,6 +188,9 @@ Or to recreate the development certificate:
 
     rake device recreate_certificate=1
 
+Or to recreate the distribution certificate:
+
+    rake archive:distribution recreate_certificate=1
 
 ## Entitlements and App Services
 

data/bin/console

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "motion-provisioning"
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+rake generate_certificates
+rake build_export_private_key
+

data/export_private_key/export_private_key.c

@@ -0,0 +1,144 @@
+/* 
+ * This file contains modified code with copyright:
+ *
+ * Copyright (c) 2003-2010,2012,2014 Apple Inc. All Rights Reserved.
+ *
+ * Covered by the APPLE PUBLIC SOURCE LICENSE 
+ * (http://opensource.apple.com/license/apsl/)
+ */
+
+#import <CoreFoundation/CoreFoundation.h>
+#import <Security/Security.h>
+
+#define DEBUG 0
+
+unsigned char
+hexValue(char c)
+{
+  static const char digits[] = "0123456789abcdef";
+  char *p;
+  if (p = strchr(digits, tolower(c)))
+    return p - digits;
+  else
+    return 0;
+}
+
+void
+fromHex(const char *hexDigits, CSSM_DATA *data)
+{
+  size_t bytes = strlen(hexDigits) / 2;	// (discards malformed odd end)
+  if (bytes > data->Length)
+    return;
+  // length(bytes); // (will assert if we try to grow it)
+  size_t n;
+  for (n = 0; n < bytes; n++) {
+    data->Data[n] = (uint8)(hexValue(hexDigits[2*n]) << 4 | hexValue(hexDigits[2*n+1]));
+  }
+}
+
+int main(int argc, char *argv[]) {
+
+  if (argc != 4) {
+    exit(1);
+  }
+
+  char* identity_name = argv[1];
+  char* hash = argv[2];
+  char* key_password = argv[3];
+
+  // First get a list of Identities matching the specified name
+  const void* values[] = {
+    kSecClassIdentity,
+    kCFBooleanTrue,
+    CFStringCreateWithCString(NULL, identity_name, kCFStringEncodingUTF8),
+    kSecMatchLimitAll
+  };
+  const void* keys[] = {
+    kSecClass,
+    kSecReturnRef,
+    kSecMatchSubjectContains,
+    kSecMatchLimit
+  };
+  CFIndex numValues = sizeof(keys)/sizeof(void*);
+  CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values, numValues, NULL, NULL);
+
+  CFTypeRef results;
+  if (SecItemCopyMatching(query, &results) != noErr) {
+    exit(1);
+  }
+
+  // Prepare the Identity hash
+  CSSM_DATA hashData = { 0, NULL };
+  CSSM_SIZE len = strlen(hash)/2;
+  hashData.Length = len;
+  hashData.Data = (uint8 *)malloc(hashData.Length);
+  fromHex(hash, &hashData);
+
+  SecIdentityRef item;
+  CSSM_DATA certData = { 0, NULL };
+  SecCertificateRef cert = NULL;
+  Boolean found = FALSE;
+  
+  // Check all found identitied, looking for one whose certificate matches the
+  // specified hash
+  CFIndex count = CFArrayGetCount(results);
+  for (int i = 0; i < count; i++) {
+    item = CFArrayGetValueAtIndex(results, i);	
+    
+    if (SecIdentityCopyCertificate(item, &cert) != noErr) {
+      CFRelease(&item);
+      continue;
+    }
+    
+    if (SecCertificateGetData(cert, &certData) != noErr) {
+      CFRelease(&cert);
+      CFRelease(&item);
+      continue;
+    }
+
+    uint8 candidate_sha1_hash[20];
+    CSSM_DATA digest;
+    digest.Length = sizeof(candidate_sha1_hash);
+    digest.Data = candidate_sha1_hash;
+    if ((SecDigestGetData(CSSM_ALGID_SHA1, &digest, &certData) == CSSM_OK) &&
+      (hashData.Length == digest.Length) &&
+      (!memcmp(hashData.Data, digest.Data, digest.Length))) {
+      found = TRUE;
+      break;
+    }
+  }
+
+  if (found) {
+#if DEBUG
+    CFStringRef nameRef = NULL;
+    if (SecCertificateCopyCommonName(cert, &nameRef) != noErr) {
+      exit(1);
+    }
+
+    char *cert_name = CFStringGetCStringPtr(nameRef, kCFStringEncodingUTF8);
+    printf("%s\n", cert_name);
+#endif
+    
+    // Finally, get the encrypted private key using the specified password
+    // and print it to stdout in PEM format
+    SecKeyRef key = NULL;
+    if (SecIdentityCopyPrivateKey(item, &key) != noErr) {
+      exit(1);
+    }
+  
+    SecKeyImportExportParameters keyParams;
+    keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
+    keyParams.flags = 0;
+    keyParams.passphrase = CFDataCreate(NULL, key_password, 5);
+    keyParams.alertTitle = 0;
+    keyParams.alertPrompt = 0;    
+    
+    CFDataRef key_data;
+    OSStatus status = SecKeychainItemExport(key, kSecFormatWrappedPKCS8, 
+        kSecItemPemArmour, &keyParams, &key_data);
+  
+    if(status == noErr) {
+      write(fileno(stdout), CFDataGetBytePtr(key_data), CFDataGetLength(key_data));
+    }
+  }
+}

data/lib/motion-provisioning/certificate.rb

@@ -24,14 +24,13 @@ module MotionProvisioning
         installed_cert = identities.detect { |e| e[:fingerprint] == fingerprint }
         if installed_cert
           Utils.log("Info", "Using certificate '#{installed_cert[:name]}'.")
-          return installed_cert[:name]
+          return installed_cert[:fingerprint]
         else
           # The certificate is not installed, so we install the cert and the key
           import_file(private_key_path)
           import_file(certificate_path)
-          name = common_name(certificate_path)
-          Utils.log("Info", "Using certificate '#{name}'.")
-          return name
+          Utils.log("Info", "Using certificate '#{common_name(certificate_path)}'.")
+          return sha1_fingerprint(certificate_path)
         end
       end
 
@@ -48,23 +47,23 @@ module MotionProvisioning
         end
       end
 
-      # There are no certificates in the server so we create a new one
       if certificates.empty?
-        Utils.log("Warning", "Couldn't find any existing certificates... creating a new one.")
+        # There are no certificates in the server so we create a new one
+        Utils.log("Warning", "Couldn't find any existing certificates. Creating a new certificate...")
         if certificate = create_certificate
-          return common_name(certificate)
+          return sha1_fingerprint(certificate)
         else
           Utils.log("Error", "Something went wrong when trying to create a new certificate.")
           abort
         end
-      # There are certificates in the server, but none is installed locally. Revoke all and create a new one.
       elsif installed_certificate.nil?
-        Utils.log("Error", "None of the available certificates (#{certificates.count}) is installed on the local machine. Revoking...")
+        # There are certificates in the server, but none are installed locally. Revoke all and create a new one.
+        Utils.log("Error", "None of the available certificates (#{certificates.count}) are installed locally. Revoking...")
 
         # For distribution, ask before revoking
         if self.type == :distribution
-          answer = Utils.ask("Info", "There are #{certificates.count} distribution certificates in your account, but none installed locally.\n" \
-                    "Before revoking and creating a new one, ask other team members who might have them installed to share them with you.\n" \
+          answer = Utils.ask("Info", "There #{certificates.count == 1 ? 'is 1' : "are #{certificates.count}"} distribution certificate(s) in your account, but none installed locally.\n" \
+                    "Before revoking and creating a new certificate, ask other team members who might have them installed to share them with you.\n" \
                     "Do you want to continue revoking the certificates? (Y/n):")
           abort if answer.no?
         end
@@ -79,13 +78,43 @@ module MotionProvisioning
         end
 
         if certificate = create_certificate
-          return common_name(certificate)
+          return sha1_fingerprint(certificate)
         else
           Utils.log("Error", "Something went wrong when trying to create a new certificate...")
           abort
         end
-      # There are certificates on the server, and one of them is installed locally.
+      elsif ENV['recreate_certificate'] != nil
+        # Force recreate certificate, even though a valid certificate is already installed locally
+
+        if self.type == :distribution
+          answer = Utils.ask("Info", "There are #{certificates.count} distribution certificates in your account.\n" \
+                    "Before revoking and creating a new one, ask other team members who might have them installed to share them with you.\n" \
+                    "Do you want to revoke the existing certificates? (Y/n):")
+          if answer.yes?
+            certificates.each(&:revoke!)
+          end
+        else
+          answer = Utils.ask("Info", "You have #{certificates.count} development certificates in your account.\n" \
+                    "Do you want to revoke your existing certificates? (Y/n):")
+          if answer.yes?
+            if MotionProvisioning.free
+              certificates.each do |certificate|
+                client.revoke_development_certificate(certificate.motionprovisioning_serialNumber)
+              end
+            else
+              certificates.each(&:revoke!)
+            end
+          end
+        end
+
+        if certificate = create_certificate
+          return sha1_fingerprint(certificate)
+        else
+          Utils.log("Error", "Something went wrong when trying to create a new certificate.")
+          abort
+        end
       else
+        # There are certificates on the server, and one of them is installed locally.
         Utils.log("Info", "Found certificate '#{installed_certificate.name}' which is installed in the local machine.")
 
         path = store_certificate_raw(installed_certificate.motionprovisioning_certContent || installed_certificate.download_raw)
@@ -97,7 +126,7 @@ module MotionProvisioning
         # This certificate is installed on the local machine
         Utils.log("Info", "Using certificate '#{installed_certificate.name}'.")
 
-        common_name(path)
+        sha1_fingerprint(path)
       end
     end
 
@@ -134,7 +163,7 @@ module MotionProvisioning
       when :mac
         cert_type = Spaceship.certificate.mac_development
         cert_type = Spaceship.certificate.mac_app_distribution if self.type == :distribution
-        cert_type = Spaceship.certificate.developer_i_d_application if self.type == :developer_id
+        cert_type = Spaceship.certificate.developer_id_application if self.type == :developer_id
       end
       cert_type
     end
@@ -191,9 +220,9 @@ module MotionProvisioning
       Utils.log("Info", "Successfully installed certificate.")
 
       if self.type == :distribution
-        Utils.log("Warning", "You have just created a distribution certificate. These certificates must be shared with other team members by sending them the private key (.p12) and certificate (.cer) files in your output folder and install them in the keychain.")
+        Utils.log("Warning", "You have just created a distribution certificate. These certificates must be shared with other team members by sending them the private key (.p12) and certificate (.cer) files in your 'provisioning' folder and install them in the keychain.")
       else
-        Utils.log("Warning", "You have just created a development certificate. If you want to use this certificate on another machine, transfer the private key (.p12) and certificate (.cer) files in your output folder and install them in the keychain.")
+        Utils.log("Warning", "You have just created a development certificate. If you want to use this certificate on another machine, transfer the private key (.p12) and certificate (.cer) files in your 'provisioning' folder and install them in the keychain.")
       end
       Utils.ask("Info", "Press any key to continue...")
 

data/lib/motion-provisioning/provisioning_profile.rb

@@ -30,8 +30,7 @@ module MotionProvisioning
         end
       end
 
-      # ensure a client is created and logged in
-      client
+      client # ensure a client is created and logged in
 
       app = Application.find_or_create(bundle_id: bundle_id, name: app_name, mac: platform == :mac)
 
@@ -78,6 +77,7 @@ module MotionProvisioning
           certificate_platform = platform == :mac ? :mac : :ios
           certificate_sha1 = OpenSSL::Digest::SHA1.new(File.read(File.join(output_path, "#{certificate_platform}_distribution_certificate.cer")))
           cert = client.distribution_certificates(mac: platform == :mac).detect do |c|
+            # Compare downloaded cert content against local cert content to make sure they match
             OpenSSL::Digest::SHA1.new(c['certContent'].read) == certificate_sha1
           end
 

data/lib/motion-provisioning/spaceship/free_portal_client.rb

@@ -5,7 +5,7 @@ module Spaceship
     def teams
       return @teams if @teams
       req = request(:post, "https://developerservices2.apple.com/services/#{PROTOCOL_VERSION}/listTeams.action", nil, {
-        'X-Xcode-Version' => XCODE_VERSION # necessary in order to work with Xcode free team
+        'X-Xcode-Version' => XCODE_VERSION # necessary in order to list Xcode free team
       })
       @teams = parse_response(req, 'teams').sort_by do |team|
         [

data/lib/motion-provisioning/tasks.rb

@@ -1,4 +1,5 @@
 require 'rake'
+
 namespace 'motion-provisioning' do
   desc 'Add a device to the provisioning portal: rake "motion-provisioning:add-device[device_name,device_id]"'
   task 'add-device', [:name, :id] do |t, args|

data/lib/motion-provisioning/version.rb

@@ -1,3 +1,3 @@
 module MotionProvisioning
-  VERSION = "1.0.1"
+  VERSION = "1.1.0"
 end

data/lib/motion-provisioning.rb

@@ -5,7 +5,6 @@ require 'date'
 
 require 'plist'
 require 'security'
-require 'highline/import'
 require 'spaceship'
 require 'motion-provisioning/spaceship/portal/certificate'
 require 'motion-provisioning/spaceship/portal_client'

metadata

@@ -1,63 +1,30 @@
 --- !ruby/object:Gem::Specification
 name: motion-provisioning
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - Mark Villacampa
-autorequire: 
+- Andrew Havens
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-01-22 00:00:00.000000000 Z
+date: 2021-08-27 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: highline
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.7.2
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 2.0.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.7.2
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: fastlane
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.113.0
+        version: '2.182'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.113.0
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.12'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.12'
+        version: '2.182'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -106,14 +73,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.21'
+        version: '3.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.21'
+        version: '3.7'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -132,13 +99,17 @@ description: A small library that manages certificates and profiles automaticall
   from the command line, with minimal configuration.
 email:
 - m@markvillacampa.com
+- email@andrewhavens.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
 - LICENSE.txt
 - README.md
+- bin/console
 - bin/export_private_key
+- bin/setup
+- export_private_key/export_private_key.c
 - lib/motion-provisioning.rb
 - lib/motion-provisioning/application.rb
 - lib/motion-provisioning/certificate.rb
@@ -150,11 +121,11 @@ files:
 - lib/motion-provisioning/tasks.rb
 - lib/motion-provisioning/utils.rb
 - lib/motion-provisioning/version.rb
-homepage: https://github.com/HipByte/motion-provisioning
+homepage: https://github.com/rubymotion-community/motion-provisioning
 licenses:
 - BSD
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -169,9 +140,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.2.15
+signing_key:
 specification_version: 4
 summary: Simplified provisioning for RubyMotion iOS, tvOS and macOS apps.
 test_files: []