pindo 4.6.9 → 4.7.0

data/lib/pindo/module/cert/keychainhelper.rb

@@ -0,0 +1,138 @@
+
+require 'open3'
+require 'security'
+
+module Pindo
+  
+  module KeychainHelper
+
+    def self.import_file(path, keychain_path, keychain_password: nil, certificate_password: "", skip_set_partition_list: false, output: false)
+      puts "Could not find file '#{path}'" unless File.exist?(path)
+
+      password_part = " -P #{certificate_password.shellescape}"
+
+      command = "security import #{path.shellescape} -k '#{keychain_path.shellescape}'"
+      command << password_part
+      command << " -T /usr/bin/codesign" # to not be asked for permission when running a tool like `gym` (before Sierra)
+      command << " -T /usr/bin/security"
+      command << " -T /usr/bin/productbuild" # to not be asked for permission when using an installer cert for macOS
+      command << " -T /usr/bin/productsign"  # to not be asked for permission when using an installer cert for macOS
+      command << " 1> /dev/null" unless output
+
+      sensitive_command = command.gsub(password_part, " -P ********")
+      UI.command(sensitive_command) if output
+      Open3.popen3(command) do |stdin, stdout, stderr, thrd|
+        UI.command_output(stdout.read.to_s) if output
+
+        # Set partition list only if success since it can be a time consuming process if a lot of keys are installed
+        if thrd.value.success? && !skip_set_partition_list
+          keychain_password ||= resolve_keychain_password(keychain_path)
+          set_partition_list(path, keychain_path, keychain_password: keychain_password, output: output)
+        else
+          # Output verbose if file is already installed since not an error otherwise we will show the whole error
+          err = stderr.read.to_s.strip
+          if err.include?("SecKeychainItemImport") && err.include?("The specified item already exists in the keychain")
+            # UI.verbose("'#{File.basename(path)}' is already installed on this machine")
+          else
+            raise Informative, err
+          end
+        end
+      end
+    end
+
+    def self.help_backticks(command, print: true)
+      # UI.command(command) if print
+      result = `#{command}`
+      # UI.command_output(result) if print
+      return result
+    end
+
+    def self.set_partition_list(path, keychain_path, keychain_password: nil, output: false)
+      # When security supports partition lists, also add the partition IDs
+      # See https://openradar.appspot.com/28524119
+      if help_backticks('security -h | grep set-key-partition-list', print: false).length > 0
+        password_part = " -k #{keychain_password.to_s.shellescape}"
+
+        command = "security set-key-partition-list"
+        command << " -S apple-tool:,apple:,codesign:"
+        command << " -s" # This is a needed in Catalina to prevent "security: SecKeychainItemCopyAccess: A missing value was detected."
+        command << password_part
+        command << " #{keychain_path.shellescape}"
+        command << " 1> /dev/null" # always disable stdout. This can be very verbose, and leak potentially sensitive info
+
+        # Showing loading indicator as this can take some time if a lot of keys installed
+        # Helper.show_loading_indicator("Setting key partition list... (this can take a minute if there are a lot of keys installed)")
+
+        # Strip keychain password from command output
+        sensitive_command = command.gsub(password_part, " -k ********")
+        UI.command(sensitive_command) if output
+        Open3.popen3(command) do |stdin, stdout, stderr, thrd|
+          unless thrd.value.success?
+            err = stderr.read.to_s.strip
+
+            # Inform user when no/wrong password was used as its needed to prevent UI permission popup from Xcode when signing
+            if err.include?("SecKeychainItemSetAccessWithPassword")
+              keychain_name = File.basename(keychain_path, ".*")
+              Security::InternetPassword.delete(server: server_name(keychain_name))
+
+              # UI.important("")
+              # UI.important("Could not configure imported keychain item (certificate) to prevent UI permission popup when code signing\n" \
+              #          "Check if you supplied the correct `keychain_password` for keychain: `#{keychain_path}`\n" \
+              #          "#{err}")
+              # UI.important("")
+              # UI.important("Please look at the following docs to see how to set a keychain password:")
+              # UI.important(" - https://docs.fastlane.tools/actions/sync_code_signing")
+              # UI.important(" - https://docs.fastlane.tools/actions/get_certificates")
+              puts "密码错误"
+            else
+              raise Informative, err
+            end
+          end
+        end
+
+        # Hiding after Open3 finishes
+        # Helper.hide_loading_indicator
+
+      end
+    end
+
+    # https://github.com/fastlane/fastlane/issues/14196
+    # Keychain password is needed to set the partition list to
+    # prevent Xcode from prompting dialog for keychain password when signing
+    # 1. Uses keychain password from login keychain if found
+    # 2. Prompts user for keychain password and stores it in login keychain for user later
+    def self.resolve_keychain_password(keychain_path)
+      keychain_name = File.basename(keychain_path, ".*")
+      server = server_name(keychain_name)
+
+      # Attempt to find password in keychain for keychain
+      item = Security::InternetPassword.find(server: server)
+      if item
+        keychain_password = item.password
+        # UI.important("Using keychain password from keychain item #{server} in #{keychain_path}")
+      end
+
+      if keychain_password.nil?
+        # if UI.interactive?
+          # UI.important("Enter the password for #{keychain_path}")
+          # UI.important("This passphrase will be stored in your local keychain with the name #{server} and used in future runs")
+          # UI.important("This prompt can be avoided by specifying the 'keychain_password' option or 'MATCH_KEYCHAIN_PASSWORD' environment variable")
+          keychain_password = FastlaneCore::Helper.ask_password(message: "Password for #{keychain_name} keychain: ", confirm: true, confirmation_message: "Type password for #{keychain_name} keychain again: ")
+          Security::InternetPassword.add(server, "", keychain_password)
+        # else
+          # UI.important("Keychain password for #{keychain_path} was not specified and not found in your keychain. Specify the 'keychain_password' option to prevent the UI permission popup when code signing")
+          # keychain_password = ""
+        # end
+      end
+
+      return keychain_password
+    end
+
+    # server name used for accessing the macOS keychain
+    def self.server_name(keychain_name)
+      ["fastlane", "keychain", keychain_name].join("_")
+    end
+
+    private_class_method :server_name
+  end
+end

data/lib/pindo/module/{pemcreate.rb → cert/pemhelper.rb}

@@ -1,6 +1,8 @@
 
 module Pindo
-  module Pemcreate
+
+  module PemHelper
+
     def create_certificate(bundle_id:nil, type:"prod", output_path:"")
 
       if bundle_id.empty? || output_path.empty?

data/lib/pindo/module/cert/provisioninghelper.rb

@@ -0,0 +1,137 @@
+require 'plist'
+require 'json'
+
+module Pindo
+  class Provisioninghelper
+    class << self
+      # @return (Hash) The hash with the data of the provisioning profile
+      # @example
+      #  {"AppIDName"=>"My App Name",
+      #   "ApplicationIdentifierPrefix"=>["5A997XSAAA"],
+      #   "CreationDate"=>#<DateTime: 2015-05-24T20:38:03+00:00 ((2457167j,74283s,0n),+0s,2299161j)>,
+      #   "DeveloperCertificates"=>[#<StringIO:0x007f944b9666f8>],
+      #   "Entitlements"=>
+      #    {"keychain-access-groups"=>["5A997XSAAA.*"],
+      #     "get-task-allow"=>false,
+      #     "application-identifier"=>"5A997XAAA.net.sunapps.192",
+      #     "com.apple.developer.team-identifier"=>"5A997XAAAA",
+      #     "aps-environment"=>"production",
+      #     "beta-reports-active"=>true},
+      #   "ExpirationDate"=>#<DateTime: 2015-11-25T22:45:50+00:00 ((2457352j,81950s,0n),+0s,2299161j)>,
+      #   "Name"=>"net.sunapps.192 AppStore",
+      #   "TeamIdentifier"=>["5A997XSAAA"],
+      #   "TeamName"=>"SunApps GmbH",
+      #   "TimeToLive"=>185,
+      #   "UUID"=>"1752e382-53bd-4910-a393-aaa7de0005ad",
+      #   "Version"=>1}
+      def parse(path, keychain_path = nil)
+        
+
+        plist = Plist.parse_xml(decode(path, keychain_path))
+        # puts JSON.pretty_generate(plist)
+        if (plist || []).count > 5
+          plist
+        else
+          raise Informative, "Error parsing provisioning profile at path '#{path}'"
+        end
+      end
+
+      # @return [String] The UUID of the given provisioning profile
+      def uuid(path, keychain_path = nil)
+        parse(path, keychain_path).fetch("UUID")
+      end
+
+      # @return [String] The Name of the given provisioning profile
+      def name(path, keychain_path = nil)
+        parse(path, keychain_path).fetch("Name")
+      end
+
+      def bundle_id(path, keychain_path = nil)
+        profile = parse(path, keychain_path)
+        app_id_prefix = profile["ApplicationIdentifierPrefix"].first
+        entitlements = profile["Entitlements"]
+        app_identifier = entitlements["application-identifier"] || entitlements["com.apple.application-identifier"]
+        bundle_id = app_identifier.gsub("#{app_id_prefix}.", "")
+        bundle_id
+      rescue
+        UI.error("Unable to extract the Bundle Id from the provided provisioning profile '#{path}'.")
+      end
+
+      def mac?(path, keychain_path = nil)
+        parse(path, keychain_path).fetch("Platform", []).include?('OSX')
+      end
+
+      def profile_filename(path, keychain_path = nil)
+        basename = uuid(path, keychain_path)
+        basename + profile_extension(path, keychain_path)
+      end
+
+      def profile_extension(path, keychain_path = nil)
+        if mac?(path, keychain_path)
+          ".provisionprofile"
+        else
+          ".mobileprovision"
+        end
+      end
+
+      def profiles_path
+        path = File.expand_path("~") + "/Library/MobileDevice/Provisioning Profiles/"
+        # If the directory doesn't exist, create it first
+        unless File.directory?(path)
+          FileUtils.mkdir_p(path)
+        end
+
+        return path
+      end
+
+      # Installs a provisioning profile for Xcode to use
+      def install(path, keychain_path = nil)
+
+        
+        destination = File.join(profiles_path, profile_filename(path, keychain_path))
+        puts "Installing provisioning profile... #{destination}"
+        
+        if path != destination
+          # copy to Xcode provisioning profile directory
+          FileUtils.copy(path, destination)
+          unless File.exist?(destination)
+            raise Informative, "Failed installation of provisioning profile at location: '#{destination}'"
+          end
+        end
+        destination
+      end
+
+      private
+
+      def isMacOS?
+        (/darwin/ =~ RUBY_PLATFORM) != nil
+      end
+
+
+      def decode(path, keychain_path = nil)
+          require 'tmpdir'
+          Dir.mktmpdir('fastlane') do |dir|
+            err = "#{dir}/cms.err"
+            # we want to prevent the error output to mix up with the standard output because of
+            # /dev/null: https://github.com/fastlane/fastlane/issues/6387
+            if isMacOS?
+              if keychain_path.nil?
+                decoded = `security cms -D -i "#{path}" 2> #{err}`
+              else
+                decoded = `security cms -D -i "#{path}" -k "#{keychain_path.shellescape}" 2> #{err}`
+              end
+            else
+              # `security` only works on Mac, fallback to `openssl`
+              # via https://stackoverflow.com/a/14379814/252627
+              decoded = `openssl smime -inform der -verify -noverify -in #{path.shellescape} 2> #{err}`
+            end
+
+            if $?.exitstatus != 0
+              raise Informative, "Failure to decode #{path}"
+            end
+            decoded
+          end
+      end
+    end
+  end
+end

data/lib/pindo/module/cert/xcodecerthelper.rb

@@ -0,0 +1,301 @@
+
+require 'fileutils'
+
+module Pindo
+
+    module XcodeCertHelper
+        
+        def get_target_name_map
+            return {
+                "MainTarget" => "bundle_id",
+                "Content" => "bundle_id_pushcontent",
+                "Service" => "bundle_id_pushservice",
+                "Keyboard" => "bundle_id_keyboard",
+                "iMessage" => "bundle_id_imessage",
+                "Siri" => "bundle_id_siri",
+                "SiriUI" => "bundle_id_siriui",
+                "Widget" => "bundle_id_widget",
+                "Extension" => "bundle_id_extension",
+                "ExtensionAd" => "bundle_id_extensionad",
+                "ExtensionPorn" => "bundle_id_extensionporn",
+                "WatchApp" => "bundle_id_watchapp",
+                "WatchAppComplication" => "bundle_id_watchapp_extension"
+            }
+        end
+
+        def create_provisioning_info_array(build_type:nil)
+
+          provisioning_info_array = []
+
+          bundle_id_map = get_bundle_id_map
+          
+          bundle_id_map.each do |type, bundle_id_temp|
+            provisioning_info = {}
+            provisioning_info['type'] = type
+            provisioning_info['bundle_id'] = bundle_id_temp
+            name_temp = Match::Utils.environment_variable_name_profile_name(app_identifier: bundle_id_temp, type: build_type)
+            provisioning_info['profile_name'] = ENV[name_temp]
+            path_temp = Match::Utils.environment_variable_name_profile_path(app_identifier:bundle_id_temp,type: build_type)
+            provisioning_info['profile_path'] = ENV[path_temp]
+            signing_identity_key=Match::Utils.environment_variable_name_certificate_name(app_identifier: bundle_id_temp,type: build_type)
+            provisioning_info["signing_identity"] = ENV[signing_identity_key]
+            team_id_key =  Match::Utils.environment_variable_name_team_id(app_identifier: bundle_id_temp,type:build_type)
+            provisioning_info["team_id"] = ENV[team_id_key]
+            provisioning_info_array << provisioning_info
+          end
+
+            
+            return provisioning_info_array
+        end
+
+        def config_project_cert(new_proj_name:nil, new_project_dir:nil, cert_type:nil, team_id_vaule:nil, provisioning_info_array:nil)
+
+
+            new_proj_fullname = File.join(new_project_dir, new_proj_name) + ".xcodeproj"
+            new_project_obj = Xcodeproj::Project.open(new_proj_fullname)
+
+            new_project_obj.root_object.build_configuration_list.set_setting('CODE_SIGN_IDENTITY[sdk=iphoneos*]', "Apple Distribution")
+            new_project_obj.root_object.build_configuration_list.set_setting('CODE_SIGN_IDENTITY*', "Apple Distribution")
+
+            if cert_type == "development"
+                new_project_obj.root_object.build_configuration_list.set_setting('CODE_SIGN_IDENTITY[sdk=iphoneos*]', "Apple Development")
+                new_project_obj.root_object.build_configuration_list.set_setting('CODE_SIGN_IDENTITY*', "Apple Development")
+            end
+
+            new_project_obj.root_object.attributes['TargetAttributes'] = new_project_obj.root_object.attributes['TargetAttributes'] || {}
+            target_atts_obj = new_project_obj.root_object.attributes['TargetAttributes']
+
+            target_map = get_target_name_map
+
+            new_project_obj.targets.each do |target|
+
+                provisioning_info = nil
+
+                if target.product_type.include?(Xcodeproj::Constants::PRODUCT_TYPE_UTI[:application])
+                    bundle_id_map_key = target_map["MainTarget"]
+                    provisioning_info = provisioning_info_array.select { |s| s["type"].to_s.eql?(bundle_id_map_key.to_s) }.first
+                elsif
+                    target_map.each do |k, v|
+                        if target.name.to_s.end_with?(k)
+                            bundle_id_map_key = v.to_s
+                            provisioning_info = provisioning_info_array.select { |s| s["type"].to_s.eql?(bundle_id_map_key.to_s) }.first
+                        end
+                    end
+                end
+
+                target.build_configurations.each do |config|
+                    target_atts_obj[target.uuid] = target_atts_obj[target.uuid] || {}
+                    target_atts_obj[target.uuid]['DevelopmentTeam'] = team_id_vaule
+                    target_atts_obj[target.uuid]['ProvisioningStyle'] = "Manual"
+                    config.build_settings['DEVELOPMENT_TEAM'] = team_id_vaule
+                    config.build_settings['DEVELOPMENT_TEAM[sdk=iphoneos*]'] = team_id_vaule
+                    config.build_settings['CODE_SIGN_STYLE'] = "Manual"
+
+                    config.build_settings['CODE_SIGN_IDENTITY'] = "Apple Distribution"
+                    config.build_settings['CODE_SIGN_IDENTITY[sdk=iphoneos*]'] = "Apple Distribution"
+    
+                    if cert_type == "development"
+                        config.build_settings['CODE_SIGN_IDENTITY'] = "Apple Development"
+                        config.build_settings['CODE_SIGN_IDENTITY[sdk=iphoneos*]'] = "Apple Development"
+                    end
+
+                    if !provisioning_info.nil?
+                        config.build_settings['PRODUCT_BUNDLE_IDENTIFIER'] = provisioning_info["bundle_id"]
+                        config.build_settings['PROVISIONING_PROFILE_SPECIFIER'] = provisioning_info['profile_name']
+                        config.build_settings['PROVISIONING_PROFILE_SPECIFIER[sdk=iphoneos*]'] = provisioning_info['profile_name']
+                        
+                    end
+                end
+
+            end
+            new_project_obj.save
+
+        end    
+        
+        def config_infoplist_cert(new_proj_name:nil, new_project_dir:nil, icloud_id:nil, group_id:nil, provisioning_info_array:nil)
+
+            new_proj_fullname = File.join(new_project_dir, new_proj_name) + ".xcodeproj"
+            project_obj = Xcodeproj::Project.open(new_proj_fullname)
+            entitlements_plist_path = File.join(new_project_dir, new_proj_name + ".entitlements")
+
+                project_obj.targets.each do |target|
+
+                    temp_entitlements_file = target.build_configurations.first.build_settings['CODE_SIGN_ENTITLEMENTS']
+                    if !temp_entitlements_file.nil? && !temp_entitlements_file.empty?
+                        entitlements_plist_path = File.join(new_project_dir, temp_entitlements_file)
+
+                        if !File.exist?(entitlements_plist_path)
+                          raise Informative, "Target: #{target.name.to_s} 找不到文件 #{entitlements_plist_path}"
+                        end
+                    end
+
+                    temp_info = target.build_configurations.first.build_settings['INFOPLIST_FILE']
+                    info_plist_path = File.join(new_project_dir, temp_info)
+                    if target.product_type.to_s.eql?("com.apple.product-type.application") &&  !File.exist?(info_plist_path)
+                        raise Informative, "Missing Target #{target.name.to_s} Info.plist!!!  #{info_plist_path}  Modify Info.plist Error !!!"           
+                    end
+
+
+                    if target.product_type.to_s.eql?("com.apple.product-type.application") then
+                        add_swark_entitlement(entitlements_plist_path:entitlements_plist_path, bundle_id_dict:provisioning_info_array)
+                        if !icloud_id.nil?
+                          modify_entitlements_plist(entitlements_plist_path:entitlements_plist_path, icloud_id:icloud_id)
+                          modify_info_plist_icloud(plist_file_name:info_plist_path, icloud_id:icloud_id)
+                        else
+                          modify_info_plist_icloud(plist_file_name:info_plist_path, icloud_id:nil)
+                        end
+                    end
+                    if !group_id.nil?
+                        modify_entitlements_plist(entitlements_plist_path:entitlements_plist_path, group_id:group_id)
+                    end
+                end
+
+        end
+
+        def modify_entitlements_plist(entitlements_plist_path:nil, group_id:nil, icloud_id:nil)
+            if File.exist?(entitlements_plist_path)
+
+                entitlements_plist_dict = Xcodeproj::Plist.read_from_path(entitlements_plist_path)
+
+                if !group_id.nil? && !entitlements_plist_dict['com.apple.security.application-groups'].nil?
+                    entitlements_plist_dict['com.apple.security.application-groups'] = [group_id]
+                end
+
+                if !icloud_id.nil?
+                    entitlements_plist_dict['com.apple.developer.icloud-container-identifiers'] = [icloud_id]
+                    entitlements_plist_dict['com.apple.developer.ubiquity-container-identifiers'] = [icloud_id]
+                end
+
+                Xcodeproj::Plist.write_to_path(entitlements_plist_dict, entitlements_plist_path)
+            end
+        end
+
+
+        def modify_info_plist_icloud(plist_file_name:nil, icloud_id:nil)
+              if ! File.exist? (plist_file_name)
+                raise Informative, "修改Info.list 路径错误!!! #{plist_file_name}"
+              end
+              if File.exist?(plist_file_name)
+                  info_plist_dict = Xcodeproj::Plist.read_from_path(plist_file_name)
+
+                  if !icloud_id.nil?
+
+                      temp_value = {}
+                      if !info_plist_dict['NSUbiquitousContainers'].nil? && info_plist_dict['NSUbiquitousContainers'].is_a?(Hash)
+                        info_plist_dict['NSUbiquitousContainers'].each do |key, value|
+                          if key.include?("iCloud.")
+                            temp_value = value
+                            break;
+                          end
+                        end
+                      end
+                      info_plist_dict['NSUbiquitousContainers'] = {}
+                      info_plist_dict['NSUbiquitousContainers'][icloud_id] = temp_value || {}
+                  else
+                      info_plist_dict['NSUbiquitousContainers'] = nil
+                  end
+
+                  Xcodeproj::Plist.write_to_path(info_plist_dict, plist_file_name)
+
+              end
+        end
+
+        def create_upload_cert_info(apple_id:nil, cert_type:nil, provisioning_info_array:nil)
+            
+            cert_dir = File.join(Dir.pwd, "cert")
+            cert_json_file = File.join(cert_dir, "certs.json")
+
+            if !File.exist?(cert_dir)
+             FileUtils.mkdir_p(cert_dir)
+            end
+
+            cert_json = []
+            begin
+                cert_json = JSON.parse(File.read(cert_json_file)) if File.exist?(cert_json_file)
+                cert_json = cert_json || []
+            rescue StandardError => e
+                cert_json = []
+            end
+
+            bundle_id = provisioning_info_array.select { |s| s["type"].to_s.eql?("bundle_id") }.first["bundle_id"]
+            team_id_vaule = provisioning_info_array.first["team_id"]
+            bundle_id_signing_identity = provisioning_info_array.first["signing_identity"]
+
+            account_cert_set = {}
+            select_result= cert_json.select { |x| x["account_name"].eql?(apple_id) }.first
+            if select_result.nil?
+
+            account_cert_set = {}
+            else
+
+            account_cert_set = select_result
+            cert_json.delete_if { |x| x["account_name"].eql?(apple_id) }
+            end
+
+            account_cert_set["account_name"] = apple_id
+            account_cert_set["team_id"] = team_id_vaule
+            account_cert_set["certs"] = account_cert_set["certs"] || []
+
+            cert_item = {}
+            cert_item_result = account_cert_set["certs"].select { |x| x["cert_id"].eql?(bundle_id_signing_identity)}.first
+            if cert_item_result.nil?
+            cert_item = {}
+            else
+            cert_item = cert_item_result
+            account_cert_set["certs"].delete_if { |x| x["cert_id"].eql?(bundle_id_signing_identity)}
+            end
+
+            cert_item["cert_id"] = cert_item["cert_id"] || bundle_id_signing_identity
+            cert_item["password"] = "goodcert1"
+            cert_item["cert_file"] = "#{cert_type}.p12".downcase
+            cert_item["cert_type"] = cert_type.downcase
+            cert_item["cert_provisioning_group"] = cert_item["cert_provisioning_group"] || []
+
+
+
+            cert_provisioning_group_item = {}
+            provisioning_group_id = [cert_type, "group", bundle_id].join("_")
+
+            provisioning_group_result = cert_item["cert_provisioning_group"].select { |x| x["provisioning_group_id"].eql?(provisioning_group_id)}.first
+            if provisioning_group_result.nil?
+            cert_provisioning_group_item = {}
+            else
+            cert_provisioning_group_item = provisioning_group_result
+            cert_item["cert_provisioning_group"].delete_if { |x| x["provisioning_group_id"].eql?(provisioning_group_id)}
+            end
+
+
+
+            cert_provisioning_group_item["provisioning_group_id"] = provisioning_group_id
+            cert_provisioning_group_item["provisioning_main_bundle_id"] = bundle_id
+            cert_provisioning_group_item["provisioning_items"] = []
+
+            group_id = [cert_type, "group", bundle_id].join("_")
+            provisioning_info_array.each do |provisioning_info|
+                bundle_id_temp = provisioning_info['bundle_id']
+                provisioning_id = [cert_type, bundle_id_temp].join("_")
+                
+                cert_provisioning_group_item["provisioning_items"] << {
+                  "bundle_id" => bundle_id_temp,
+                  "provisioning_id" => provisioning_id,
+                  "group_id" => group_id,
+                  "provisioning_file" => provisioning_id + ".mobileprovision"
+                }
+                real_path = provisioning_info["profile_path"]
+                FileUtils.cp_r(real_path, File.join(cert_dir, provisioning_id + ".mobileprovision"))
+
+            end
+
+            cert_item["cert_provisioning_group"] << cert_provisioning_group_item
+            account_cert_set["certs"] << cert_item
+            cert_json << account_cert_set
+            File.open(cert_json_file, "w") do |f|
+                f.write(JSON.pretty_generate(cert_json.compact))
+            end
+
+            return account_cert_set
+        end
+
+
+    end
+end