spaceship 0.0.15 → 0.1.0

data/lib/spaceship/portal/certificate.rb

@@ -0,0 +1,273 @@
+require 'openssl'
+
+module Spaceship
+  module Portal
+    # Represents a certificate from the Apple Developer Portal.
+    #
+    # This can either be a code signing identity or a push profile
+    class Certificate < PortalBase
+      # @return (String) The ID given from the developer portal. You'll probably not need it.
+      # @example
+      #   "P577TH3PAA"
+      attr_accessor :id
+
+      # @return (String) The name of the certificate
+      # @example Company
+      #   "SunApps GmbH"
+      # @example Push Profile
+      #   "com.krausefx.app"
+      attr_accessor :name
+
+      # @return (String) Status of the certificate
+      # @example
+      #   "Issued"
+      attr_accessor :status
+
+      # @return (Date) The date and time when the certificate was created
+      # @example
+      #   2015-04-01 21:24:00 UTC
+      attr_accessor :created
+
+      # @return (Date) The date and time when the certificate will expire
+      # @example
+      #   2016-04-01 21:24:00 UTC
+      attr_accessor :expires
+
+      # @return (String) The owner type that defines if it's a push profile
+      #  or a code signing identity
+      #
+      # @example Code Signing Identity
+      #   "team"
+      # @example Push Certificate
+      #   "bundle"
+      attr_accessor :owner_type
+
+      # @return (String) The name of the owner
+      #
+      # @example Code Signing Identity (usually the company name)
+      #   "SunApps Gmbh"
+      # @example Push Certificate (the name of your App ID)
+      #   "Awesome App"
+      attr_accessor :owner_name
+
+      # @return (String) The ID of the owner, that can be used to
+      #  fetch more information
+      # @example
+      #   "75B83SPLAA"
+      attr_accessor :owner_id
+
+      # Indicates the type of this certificate
+      # which is automatically used to determine the class of
+      # the certificate. Available values listed in CERTIFICATE_TYPE_IDS
+      # @return (String) The type of the certificate
+      # @example Production Certificate
+      #   "R58UK2EWSO"
+      # @example Development Certificate
+      #   "5QPB9NHCEI"
+      attr_accessor :type_display_id
+
+      attr_mapping({
+        'certificateId' => :id,
+        'name' => :name,
+        'statusString' => :status,
+        'dateCreated' => :created,
+        'expirationDate' => :expires,
+        'ownerType' => :owner_type,
+        'ownerName' => :owner_name,
+        'ownerId' => :owner_id,
+        'certificateTypeDisplayId' => :type_display_id
+      })
+
+      #####################################################
+      # Certs are not associated with apps
+      #####################################################
+
+      # A development code signing certificate used for development environment
+      class Development < Certificate; end
+
+      # A production code signing certificate used for distribution environment
+      class Production < Certificate; end
+
+      # An In House code signing certificate used for enterprise distributions
+      class InHouse < Certificate; end
+
+      #####################################################
+      # Certs that are specific for one app
+      #####################################################
+
+      # Abstract class for push certificates. Check out the subclasses
+      # DevelopmentPush, ProductionPush, WebsitePush and VoipPush
+      class PushCertificate < Certificate; end
+
+      # A push notification certificate for development environment
+      class DevelopmentPush < PushCertificate; end
+
+      # A push notification certificate for production environment
+      class ProductionPush < PushCertificate; end
+
+      # A push notification certificate for websites
+      class WebsitePush < PushCertificate; end
+
+      # A push notification certificate for the VOIP environment
+      class VoipPush < PushCertificate; end
+
+      # Passbook certificate
+      class Passbook < Certificate; end
+
+      # ApplePay certificate
+      class ApplePay < Certificate; end
+
+      CERTIFICATE_TYPE_IDS = {
+        "5QPB9NHCEI" => Development,
+        "R58UK2EWSO" => Production,
+        "9RQEK7MSXA" => InHouse,
+        "LA30L5BJEU" => Certificate,
+        "BKLRAVXMGM" => DevelopmentPush,
+        "3BQKVH9I2X" => ProductionPush,
+        "Y3B2F3TYSI" => Passbook,
+        "3T2ZP62QW8" => WebsitePush,
+        "E5D663CMZW" => WebsitePush,
+        "4APLUP237T" => ApplePay
+      }
+
+      #class methods
+      class << self
+        # Create a new code signing request that can be used to
+        # generate a new certificate
+        # @example
+        #  Create a new certificate signing request
+        #  csr, pkey = Spaceship.certificate.create_certificate_signing_request
+        #
+        #  # Use the signing request to create a new distribution certificate
+        #  Spaceship.certificate.production.create!(csr: csr)
+        def create_certificate_signing_request
+          key = OpenSSL::PKey::RSA.new 2048
+          csr = OpenSSL::X509::Request.new
+          csr.version = 0
+          csr.subject = OpenSSL::X509::Name.new([
+            ['CN', 'PEM', OpenSSL::ASN1::UTF8STRING]
+          ])
+          csr.public_key = key.public_key
+          csr.sign(key, OpenSSL::Digest::SHA1.new)
+          return [csr, key]
+        end
+
+        # Create a new object based on a hash.
+        # This is used to create a new object based on the server response.
+        def factory(attrs)
+          # Example:
+          # => {"name"=>"iOS Distribution: SunApps GmbH",
+          #  "certificateId"=>"XC5PH8DAAA",
+          #  "serialNumber"=>"797E732CCE8B7AAA",
+          #  "status"=>"Issued",
+          #  "statusCode"=>0,
+          #  "expirationDate"=>#<DateTime: 2015-11-25T22:45:50+00:00 ((2457352j,81950s,0n),+0s,2299161j)>,
+          #  "certificatePlatform"=>"ios",
+          #  "certificateType"=>
+          #   {"certificateTypeDisplayId"=>"R58UK2EAAA",
+          #    "name"=>"iOS Distribution",
+          #    "platform"=>"ios",
+          #    "permissionType"=>"distribution",
+          #    "distributionType"=>"store",
+          #    "distributionMethod"=>"app",
+          #    "ownerType"=>"team",
+          #    "daysOverlap"=>364,
+          #    "maxActive"=>2}}
+
+          if attrs['certificateType']
+            # On some accounts this is nested, so we need to flatten it
+            attrs.merge!(attrs['certificateType'])
+            attrs.delete('certificateType')
+          end
+
+          # Parse the dates
+          attrs['expirationDate'] = (Time.parse(attrs['expirationDate']) rescue attrs['expirationDate'])
+          attrs['dateCreated'] = (Time.parse(attrs['dateCreated']) rescue attrs['dateCreated'])
+
+          # Here we go
+          klass = CERTIFICATE_TYPE_IDS[attrs['certificateTypeDisplayId']]
+          klass ||= Certificate
+          klass.client = @client
+          klass.new(attrs)
+        end
+
+        # @return (Array) Returns all certificates of this account.
+        #  If this is called from a subclass of Certificate, this will
+        #  only include certificates matching the current type.
+        def all
+          if (self == Certificate) # are we the base-class?
+            types = CERTIFICATE_TYPE_IDS.keys
+          else
+            types = [CERTIFICATE_TYPE_IDS.key(self)]
+          end
+
+          client.certificates(types).map do |cert|
+            factory(cert)
+          end
+        end
+
+        # @return (Certificate) Find a certificate based on the ID of the certificate.
+        def find(certificate_id)
+          all.find do |c|
+            c.id == certificate_id
+          end
+        end
+
+        # Generate a new certificate based on a code certificate signing request
+        # @param csr (OpenSSL::X509::Request) (required): The certificate signing request to use. Get one using
+        #   `create_certificate_signing_request`
+        # @param bundle_id (String) (optional): The app identifier this certificate is for.
+        #  This value is only needed if you create a push profile. For normal code signing
+        #  certificates, you must only pass a certificate signing request.
+        # @example
+        #  # Create a new certificate signing request
+        #  csr, pkey = Spaceship::Certificate.create_certificate_signing_request
+        #
+        #  # Use the signing request to create a new distribution certificate
+        #  Spaceship::Certificate::Production.create!(csr: csr)
+        # @return (Device): The newly created device
+        def create!(csr: nil, bundle_id: nil)
+          type = CERTIFICATE_TYPE_IDS.key(self)
+
+          # look up the app_id by the bundle_id
+          if bundle_id
+            app = Spaceship::App.find(bundle_id)
+            raise "Could not find app with bundle id '#{bundle_id}'" unless app
+            app_id = app.app_id
+          end
+
+          # ensure csr is a OpenSSL::X509::Request
+          csr = OpenSSL::X509::Request.new(csr) if csr.is_a?(String)
+
+          # if this succeeds, we need to save the .cer and the private key in keychain access or wherever they go in linux
+          response = client.create_certificate!(type, csr.to_pem, app_id)
+          # munge the response to make it work for the factory
+          response['certificateTypeDisplayId'] = response['certificateType']['certificateTypeDisplayId']
+          self.new(response)
+        end
+      end
+
+      # instance methods
+
+      # @return (String) Download the raw data of the certificate without parsing
+      def download_raw
+        client.download_certificate(id, type_display_id)
+      end
+
+      # @return (OpenSSL::X509::Certificate) Downloads and parses the certificate
+      def download
+        OpenSSL::X509::Certificate.new(download_raw)
+      end
+
+      # Revoke the certificate. You shouldn't use this method probably.
+      def revoke!
+        client.revoke_certificate!(id, type_display_id)
+      end
+
+      # @return (Bool): Is this certificate a push profile for apps?
+      def is_push?
+        self.kind_of?PushCertificate
+      end
+    end
+  end
+end

data/lib/spaceship/portal/device.rb

@@ -0,0 +1,102 @@
+module Spaceship
+  module Portal
+    # Represents a device from the Apple Developer Portal
+    class Device < PortalBase
+      # @return (String) The ID given from the developer portal. You'll probably not need it.
+      # @example 
+      #   "XJXGVS46MW"
+      attr_accessor :id
+
+      # @return (String) The name of the device
+      # @example 
+      #   "Felix Krause's iPhone 6"
+      attr_accessor :name
+
+      # @return (String) The UDID of the device
+      # @example 
+      #   "4c24a7ee5caaa4847f49aaab2d87483053f53b65"
+      attr_accessor :udid
+
+      # @return (String) The platform of the device. This is probably always "ios"
+      # @example 
+      #   "ios"
+      attr_accessor :platform
+
+      # @return (String) Status of the device. Probably always "c"
+      # @example 
+      #   "c"
+      attr_accessor :status
+
+      attr_mapping({
+        'deviceId' => :id,
+        'name' => :name,
+        'deviceNumber' => :udid,
+        'devicePlatform' => :platform,
+        'status' => :status
+      })
+
+      class << self
+        # Create a new object based on a hash.
+        # This is used to create a new object based on the server response.
+        def factory(attrs)
+          self.new(attrs)
+        end
+
+        # @return (Array) Returns all devices registered for this account
+        def all
+          client.devices.map { |device| self.factory(device) }
+        end
+
+        # @return (Device) Find a device based on the ID of the device. *Attention*: 
+        #  This is *not* the UDID. nil if no device was found.
+        def find(device_id)
+          all.find do |device|
+            device.id == device_id
+          end
+        end
+
+        # @return (Device) Find a device based on the UDID of the device. nil if no device was found.
+        def find_by_udid(device_udid)
+          all.find do |device|
+            device.udid == device_udid
+          end
+        end
+
+        # @return (Device) Find a device based on its name. nil if no device was found.
+        def find_by_name(device_name)
+          all.find do |device|
+            device.name == device_name
+          end
+        end
+
+        # Register a new device to this account
+        # @param name (String) (required): The name of the new device
+        # @param udid (String) (required): The UDID of the new device
+        # @example 
+        #   Spaceship.device.create!(name: "Felix Krause's iPhone 6", udid: "4c24a7ee5caaa4847f49aaab2d87483053f53b65")
+        # @return (Device): The newly created device
+        def create!(name: nil, udid: nil)
+          # Check whether the user has passed in a UDID and a name
+          unless (udid and name)
+            raise "You cannot create a device without a device_id (UDID) and name"
+          end
+
+          # Find the device by UDID, raise an exception if it already exists
+          if self.find_by_udid(udid)
+            raise "The device UDID '#{udid}' already exists on this team."
+          end
+
+          # Find the device by name, raise an exception if it already exists
+          if self.find_by_name(name)
+            raise "The device name '#{name}' already exists on this team, use different one."
+          end
+
+          device = client.create_device!(name, udid)
+
+          # Update self with the new device
+          self.new(device)
+        end
+      end
+    end
+  end
+end

data/lib/spaceship/portal/portal.rb

@@ -0,0 +1,6 @@
+require 'spaceship/portal/portal_base'
+require 'spaceship/portal/app'
+require 'spaceship/portal/certificate'
+require 'spaceship/portal/device'
+require 'spaceship/portal/provisioning_profile'
+require 'spaceship/portal/portal_client'

data/lib/spaceship/portal/portal_base.rb

@@ -0,0 +1,13 @@
+module Spaceship
+  class PortalBase < Spaceship::Base
+    class << self
+      def client
+        (
+            @client or
+            Spaceship::Portal.client or
+            raise "Please login using `Spaceship::Portal.login('user', 'password')`"
+          )
+      end
+    end
+  end
+end

data/lib/spaceship/portal/portal_client.rb

@@ -0,0 +1,289 @@
+module Spaceship
+  class PortalClient < Spaceship::Client
+
+    #####################################################
+    # @!group Init and Login
+    #####################################################
+
+    def self.hostname
+      "https://developer.apple.com/services-account/#{PROTOCOL_VERSION}/"
+    end
+
+    # Fetches the latest API Key from the Apple Dev Portal
+    def api_key
+      cache_path = "/tmp/spaceship_api_key.txt"
+      begin
+        cached = File.read(cache_path) 
+      rescue Errno::ENOENT
+      end
+      return cached if cached
+
+      landing_url = "https://developer.apple.com/membercenter/index.action"
+      logger.info("GET: " + landing_url)
+      headers = @client.get(landing_url).headers
+      results = headers['location'].match(/.*appIdKey=(\h+)/)
+      if results.length > 1
+        api_key = results[1]
+        File.write(cache_path, api_key)
+        return api_key
+      else
+        raise "Could not find latest API Key from the Dev Portal"
+      end
+    end
+
+    def send_login_request(user, password)
+      response = request(:post, "https://idmsa.apple.com/IDMSWebAuth/authenticate", {
+        appleId: user,
+        accountPassword: password,
+        appIdKey: api_key
+      })
+
+      if response['Set-Cookie'] =~ /myacinfo=(\w+);/
+        @cookie = "myacinfo=#{$1};"
+        return @client
+      else
+        # User Credentials are wrong
+        raise InvalidUserCredentialsError.new(response)
+      end
+    end
+
+    # @return (Array) A list of all available teams
+    def teams
+      r = request(:post, 'account/listTeams.action')
+      parse_response(r, 'teams')
+    end
+
+    # @return (String) The currently selected Team ID
+    def team_id
+      return @current_team_id if @current_team_id
+
+      if teams.count > 1
+        puts "The current user is in #{teams.count} teams. Pass a team ID or call `select_team` to choose a team. Using the first one for now."
+      end
+      @current_team_id ||= teams[0]['teamId']
+    end
+
+    # Shows a team selection for the user in the terminal. This should not be
+    # called on CI systems
+    def select_team
+      @current_team_id = self.UI.select_team
+    end
+
+    # Set a new team ID which will be used from now on
+    def team_id=(team_id)
+      @current_team_id = team_id
+    end
+
+    # @return (Hash) Fetches all information of the currently used team
+    def team_information
+      teams.find do |t|
+        t['teamId'] == team_id
+      end
+    end
+
+    # Is the current session from an Enterprise In House account?
+    def in_house?
+      # TODO: move to portal
+      return @in_house unless @in_house.nil?
+      @in_house = (team_information['type'] == 'In-House')
+    end
+
+
+    #####################################################
+    # @!group Apps
+    #####################################################
+
+    def apps
+      paging do |page_number|
+        r = request(:post, 'account/ios/identifiers/listAppIds.action', {
+          teamId: team_id,
+          pageNumber: page_number,
+          pageSize: page_size,
+          sort: 'name=asc'
+        })
+        parse_response(r, 'appIds')
+      end
+    end
+
+    def details_for_app(app)
+      r = request(:post, 'account/ios/identifiers/getAppIdDetail.action', {
+        teamId: team_id,
+        appIdId: app.app_id
+      })
+      parse_response(r, 'appId')
+    end
+
+    def create_app!(type, name, bundle_id)
+      ident_params = case type.to_sym
+      when :explicit
+        {
+          type: 'explicit',
+          explicitIdentifier: bundle_id,
+          appIdentifierString: bundle_id,
+          push: 'on',
+          inAppPurchase: 'on',
+          gameCenter: 'on'
+        }
+      when :wildcard
+        {
+          type: 'wildcard',
+          wildcardIdentifier: bundle_id,
+          appIdentifierString: bundle_id
+        }
+      end
+
+      params = {
+        appIdName: name,
+        teamId: team_id
+      }
+
+      params.merge!(ident_params)
+
+      r = request(:post, 'account/ios/identifiers/addAppId.action', params)
+      parse_response(r, 'appId')
+    end
+
+    def delete_app!(app_id)
+      r = request(:post, 'account/ios/identifiers/deleteAppId.action', {
+        teamId: team_id,
+        appIdId: app_id
+      })
+      parse_response(r)
+    end
+
+    #####################################################
+    # @!group Devices
+    #####################################################
+
+    def devices
+      paging do |page_number|
+        r = request(:post, 'account/ios/device/listDevices.action', {
+          teamId: team_id,
+          pageNumber: page_number,
+          pageSize: page_size,
+          sort: 'name=asc'
+        })
+        parse_response(r, 'devices')
+      end
+    end
+
+    def create_device!(device_name, device_id)
+      r = request(:post) do |r|
+        r.url "https://developerservices2.apple.com/services/#{PROTOCOL_VERSION}/ios/addDevice.action"
+        r.params = {
+          teamId: team_id,
+          deviceNumber: device_id,
+          name: device_name
+        }
+      end
+
+      parse_response(r, 'device')
+    end
+
+    #####################################################
+    # @!group Certificates
+    #####################################################
+
+    def certificates(types)
+      paging do |page_number|
+        r = request(:post, 'account/ios/certificate/listCertRequests.action', {
+          teamId: team_id,
+          types: types.join(','),
+          pageNumber: page_number,
+          pageSize: page_size,
+          sort: 'certRequestStatusCode=asc'
+        })
+        parse_response(r, 'certRequests')
+      end
+    end
+
+    def create_certificate!(type, csr, app_id = nil)
+      r = request(:post, 'account/ios/certificate/submitCertificateRequest.action', {
+        teamId: team_id,
+        type: type,
+        csrContent: csr,
+        appIdId: app_id  #optional
+      })
+      parse_response(r, 'certRequest')
+    end
+
+    def download_certificate(certificate_id, type)
+      {type: type, certificate_id: certificate_id}.each { |k, v| raise "#{k} must not be nil" if v.nil? }
+
+      r = request(:post, 'https://developer.apple.com/account/ios/certificate/certificateContentDownload.action', {
+        teamId: team_id,
+        displayId: certificate_id,
+        type: type
+      })
+      parse_response(r)
+    end
+
+    def revoke_certificate!(certificate_id, type)
+      r = request(:post, 'account/ios/certificate/revokeCertificate.action', {
+        teamId: team_id,
+        certificateId: certificate_id,
+        type: type
+      })
+      parse_response(r, 'certRequests')
+    end
+
+    #####################################################
+    # @!group Provisioning Profiles
+    #####################################################
+
+    def provisioning_profiles
+      r = request(:post) do |r|
+        r.url "https://developerservices2.apple.com/services/#{PROTOCOL_VERSION}/ios/listProvisioningProfiles.action"
+        r.params = {
+          teamId: team_id,
+          includeInactiveProfiles: true,
+          onlyCountLists: true,
+        }
+      end
+
+      parse_response(r, 'provisioningProfiles')
+    end
+
+    def create_provisioning_profile!(name, distribution_method, app_id, certificate_ids, device_ids)
+      r = request(:post, 'account/ios/profile/createProvisioningProfile.action', {
+        teamId: team_id,
+        provisioningProfileName: name,
+        appIdId: app_id,
+        distributionType: distribution_method,
+        certificateIds: certificate_ids,
+        deviceIds: device_ids
+      })
+      parse_response(r, 'provisioningProfile')
+    end
+
+    def download_provisioning_profile(profile_id)
+      r = request(:get, 'https://developer.apple.com/account/ios/profile/profileContentDownload.action', {
+        teamId: team_id,
+        displayId: profile_id
+      })
+      parse_response(r)
+    end
+
+    def delete_provisioning_profile!(profile_id)
+      r = request(:post, 'account/ios/profile/deleteProvisioningProfile.action', {
+        teamId: team_id,
+        provisioningProfileId: profile_id
+      })
+      parse_response(r)
+    end
+
+    def repair_provisioning_profile!(profile_id, name, distribution_method, app_id, certificate_ids, device_ids)
+      r = request(:post, 'account/ios/profile/regenProvisioningProfile.action', {
+        teamId: team_id,
+        provisioningProfileId: profile_id,
+        provisioningProfileName: name,
+        appIdId: app_id,
+        distributionType: distribution_method,
+        certificateIds: certificate_ids.first, # we are most of the times only allowed to pass one
+        deviceIds: device_ids
+      })
+
+      parse_response(r, 'provisioningProfile')
+    end
+  end
+end