RubyGems - wtapack - Versions diffs - 1.0.0 → 1.0.1 - Mend

wtapack 1.0.0 → 1.0.1

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 582fce026d80e037dc9bf7c3e9f60586fb244799
-  data.tar.gz: 33149c929abcde295969cd485ed36ffb8be8807b
+  metadata.gz: 5d9d3202419f6b5d1b8aba806fe18f57bf17a3ff
+  data.tar.gz: 123691c4df2057a07ac140d66245928cfd545a48
 SHA512:
-  metadata.gz: 29aeddab1aa2f895fe6d0502405d690496f5e95fad9bc603ae9b04e677f65d1889e625100e69b4ce080c4caf84daa7a701fbc4e7f66c9dceb90f7a5439e8688d
-  data.tar.gz: 34078f7ee1b7f2c1fabfa1f02c0789f08f6a26427435438a5043af9627f43d571308b387af34537598e8b2942b16423382086cc2f66e7202d33196a3c38d59b5
+  metadata.gz: 1db327a69e835829946d7fa69a6409e69fada91196a8b2f31bb0aa74400c0abd0ccf0e0be85ad743b479c24c76329e6d1ec63ba556def403a711aabbd68605cb
+  data.tar.gz: 1688b56921229a0c7817e317f14df167a336e192a7a1d29bb176a4096e90ae5a12d164166d0014f5c3adb1bd82d978a36f42efd20970c77e2ce64e44016b9644

data/ext/wtapack/CodeSigner.h CHANGED Viewed

@@ -13,3 +13,5 @@
 + (void)signFramework:(NSURL*)frameworkURL;
 + (void)reset;
 @end
+BOOL validateSigningIdentity(NSString* identity);

data/ext/wtapack/CodeSigner.m CHANGED Viewed

@@ -9,8 +9,7 @@
 #import "CodeSigner.h"
 #import <objc/runtime.h>
 #import "ErrorHandler.h"
-void validateSigningIdentity(NSString* identity);
+#import "CodeSigner_c.h"
 @implementation CodeSigner
 + (NSString*)signingIdentity
@@ -102,102 +101,99 @@ void validateSigningIdentity(NSString* identity);
 }
 @end
-// It turned out the Rakefile already does the below, so no point in doing it twice.
 // So the lesson of this function is that the keychain API is very confusing and difficult
 // to work with. This function loops through all the certificates in the keychain, and checks the
 // SHA1 digest (which has to be calculated, it cannot be gotten from the keychain API directly)
 // against the one passed in. If it finds a match, it verifies that the certificate is trusted.
-//void validateSigningIdentity(NSString* identity)
-//{
-//    NSDictionary* query = @{ (__bridge id)kSecClass : (__bridge id)kSecClassCertificate,
-//                             (__bridge id)kSecReturnRef : (__bridge id)kCFBooleanTrue,
-//                             (__bridge id)kSecMatchLimit : (__bridge id)kSecMatchLimitAll };
-//
-//    CFTypeRef result = NULL;
-//    OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)(query), &result);
-//    if (status)
-//    {
-//        CFStringRef errorString = SecCopyErrorMessageString(status, 0);
-//        NSLog(@"status is %@, result is %@", errorString, (__bridge id)result);
-//        CFRelease(errorString);
-//        [ErrorHandler fatalErrorWithMessage:@"Could not find signing identity"
-//                                   exitCode:status];
-//    }
-//
-//    BOOL certificateFound = NO;
-//
-//    for (id certificate in (__bridge NSArray*)result)
-//    {
-//        CFErrorRef error = NULL;
-//        SecCertificateRef certificateRef = (__bridge SecCertificateRef)certificate;
-//        SecTransformRef transformRef = SecDigestTransformCreate(kSecDigestSHA1, 0, &error);
-//        CFDataRef certData = SecCertificateCopyData(certificateRef);
-//        SecTransformSetAttribute(transformRef, kSecTransformInputAttributeName, certData, &error);
-//        if (error)
-//        {
-//            NSLog(@"%@", (__bridge NSError*)error);
-//        }
-//        CFDataRef output = SecTransformExecute(transformRef, &error);
-//        if (error)
-//        {
-//            NSLog(@"%@", (__bridge NSError*)error);
-//        }
-//        CFRelease(certData);
-//
-//        NSData* outputData = (__bridge NSData*)output;
-//
-//        NSCharacterSet* greaterLessSet = [NSCharacterSet characterSetWithCharactersInString:@"<>"];
-//        NSString* description = [[outputData.description stringByTrimmingCharactersInSet:greaterLessSet] stringByReplacingOccurrencesOfString:@" "
-//                                                                                                                                   withString:@""];
-//        CFRelease(output);
-//        CFRelease(transformRef);
-//        if(error)
-//        {
-//            CFRelease(error);
-//        }
-//
-//        if ([description compare:identity options:NSCaseInsensitiveSearch] == NSOrderedSame)
-//        {
-//            SecTrustRef trustRef = NULL;
-//            SecPolicyRef policyRef = SecPolicyCreateBasicX509();
-//            status = SecTrustCreateWithCertificates(certificateRef, policyRef, &trustRef);
-//            if (status)
-//            {
-//                CFStringRef errorString = SecCopyErrorMessageString(status, 0);
-//                NSLog(@"%@", errorString);
-//                CFRelease(errorString);
-//            }
-//            SecTrustResultType trustResult;
-//            status = SecTrustEvaluate(trustRef, &trustResult);
-//            if (status)
-//            {
-//                CFStringRef errorString = SecCopyErrorMessageString(status, 0);
-//                NSLog(@"%@", errorString);
-//                CFRelease(errorString);
-//            }
-//
-//            if ((trustResult != kSecTrustResultDeny) &&
-//                (trustResult != kSecTrustResultFatalTrustFailure) &&
-//                (trustResult != kSecTrustResultInvalid) &&
-//                (trustResult != kSecTrustResultOtherError) &&
-//                (trustResult != kSecTrustResultRecoverableTrustFailure))
-//            {
-//                certificateFound = YES;
-//            }
-//            CFRelease(certificateRef);
-//            CFRelease(trustRef);
-//            CFRelease(policyRef);
-//            break;
-//        }
-//
-//        CFRelease(certificateRef);
-//
-//    }
-//
-//    if (!certificateFound)
-//    {
-//        [ErrorHandler fatalErrorWithMessage:[NSString stringWithFormat:@"No valid certificate with SHA1 %@ found", identity]
-//                                   exitCode:EX_DATAERR];
-//    }
-//}
+BOOL validateSigningIdentity(NSString* identity)
+{
+   NSDictionary* query = @{ (__bridge id)kSecClass : (__bridge id)kSecClassCertificate,
+                            (__bridge id)kSecReturnRef : (__bridge id)kCFBooleanTrue,
+                            (__bridge id)kSecMatchLimit : (__bridge id)kSecMatchLimitAll };
+   CFTypeRef result = NULL;
+   OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)(query), &result);
+   if (status)
+   {
+       CFStringRef errorString = SecCopyErrorMessageString(status, 0);
+       NSLog(@"status is %@, result is %@", errorString, (__bridge id)result);
+       CFRelease(errorString);
+       return NO;
+   }
+   BOOL certificateFound = NO;
+   for (id certificate in (__bridge NSArray*)result)
+   {
+       CFErrorRef error = NULL;
+       SecCertificateRef certificateRef = (__bridge SecCertificateRef)certificate;
+       SecTransformRef transformRef = SecDigestTransformCreate(kSecDigestSHA1, 0, &error);
+       CFDataRef certData = SecCertificateCopyData(certificateRef);
+       SecTransformSetAttribute(transformRef, kSecTransformInputAttributeName, certData, &error);
+       if (error)
+       {
+           NSLog(@"%@", (__bridge NSError*)error);
+       }
+       CFDataRef output = SecTransformExecute(transformRef, &error);
+       if (error)
+       {
+           NSLog(@"%@", (__bridge NSError*)error);
+       }
+       CFRelease(certData);
+       NSData* outputData = (__bridge NSData*)output;
+       NSCharacterSet* greaterLessSet = [NSCharacterSet characterSetWithCharactersInString:@"<>"];
+       NSString* description = [[outputData.description stringByTrimmingCharactersInSet:greaterLessSet] stringByReplacingOccurrencesOfString:@" "
+                                                                                                                                  withString:@""];
+       CFRelease(output);
+       CFRelease(transformRef);
+       if(error)
+       {
+           CFRelease(error);
+       }
+       if ([description compare:identity options:NSCaseInsensitiveSearch] == NSOrderedSame)
+       {
+           SecTrustRef trustRef = NULL;
+           SecPolicyRef policyRef = SecPolicyCreateBasicX509();
+           status = SecTrustCreateWithCertificates(certificateRef, policyRef, &trustRef);
+           if (status)
+           {
+               CFStringRef errorString = SecCopyErrorMessageString(status, 0);
+               NSLog(@"%@", errorString);
+               CFRelease(errorString);
+           }
+           SecTrustResultType trustResult;
+           status = SecTrustEvaluate(trustRef, &trustResult);
+           if (status)
+           {
+               CFStringRef errorString = SecCopyErrorMessageString(status, 0);
+               NSLog(@"%@", errorString);
+               CFRelease(errorString);
+           }
+           if ((trustResult != kSecTrustResultDeny) &&
+               (trustResult != kSecTrustResultFatalTrustFailure) &&
+               (trustResult != kSecTrustResultInvalid) &&
+               (trustResult != kSecTrustResultOtherError) &&
+               (trustResult != kSecTrustResultRecoverableTrustFailure))
+           {
+               certificateFound = YES;
+           }
+           CFRelease(certificateRef);
+           CFRelease(trustRef);
+           CFRelease(policyRef);
+           break;
+       }
+       CFRelease(certificateRef);
+   }
+   return certificateFound;
+}
+bool verifyCert(const char* cert_SHA1)
+{
+    return validateSigningIdentity([NSString stringWithUTF8String: cert_SHA1]);
+}

data/ext/wtapack/CodeSigner_c.h ADDED Viewed

@@ -0,0 +1,17 @@
+//
+//  CodeSigner_c.h
+//  WTAPackageApplication
+//
+//  Created by Robert Thompson on 10/13/14.
+//  Copyright (c) 2014 WillowTree Apps. All rights reserved.
+//
+#ifndef CODESIGNER_C_H
+#define CODESIGNER_C_H
+#include <stdint.h>
+#include <stdbool.h>
+bool verifyCert(const char* cert_SHA1);
+#endif

data/ext/wtapack/wtapack.c CHANGED Viewed

@@ -1,5 +1,6 @@
 #include <ruby.h>
 #include "main.h"
+#include "CodeSigner_c.h"
 static VALUE hello_world(VALUE mod)
 {
@@ -23,10 +24,19 @@ static VALUE native_pack(VALUE mod, VALUE argc, VALUE argv)
     return rb_main(NUM2INT(argc), real_argv);
 }
+static VALUE verify_identity(VALUE mod, VALUE identity_SHA1)
+{
+    struct RString* cert_SHA1_string = RSTRING(identity_SHA1);
+    bool result = verifyCert(RSTRING_PTR(cert_SHA1_string));
+    return result ? Qtrue : Qfalse;
+}
 void Init_wtapack()
 {
     VALUE mWtapack = rb_define_module("Wtapack");
     rb_define_singleton_method(mWtapack, "hello_world", hello_world, 0);
     rb_define_singleton_method(mWtapack, "native_pack", native_pack, 2);
+    rb_define_singleton_method(mWtapack, "verify_identity", verify_identity, 1);
 }

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: wtapack
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Robert Thompson
@@ -34,6 +34,7 @@ extra_rdoc_files: []
 files:
 - ext/wtapack/CodeSigner.h
 - ext/wtapack/CodeSigner.m
+- ext/wtapack/CodeSigner_c.h
 - ext/wtapack/ErrorHandler.h
 - ext/wtapack/ErrorHandler.m
 - ext/wtapack/NSArray+WTAMap.h