RubyGems - wtapack - Versions diffs - 1.0.0 → 1.0.1 - Mend

wtapack 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 582fce026d80e037dc9bf7c3e9f60586fb244799
-  data.tar.gz: 33149c929abcde295969cd485ed36ffb8be8807b
+  metadata.gz: 5d9d3202419f6b5d1b8aba806fe18f57bf17a3ff
+  data.tar.gz: 123691c4df2057a07ac140d66245928cfd545a48
 SHA512:
-  metadata.gz: 29aeddab1aa2f895fe6d0502405d690496f5e95fad9bc603ae9b04e677f65d1889e625100e69b4ce080c4caf84daa7a701fbc4e7f66c9dceb90f7a5439e8688d
-  data.tar.gz: 34078f7ee1b7f2c1fabfa1f02c0789f08f6a26427435438a5043af9627f43d571308b387af34537598e8b2942b16423382086cc2f66e7202d33196a3c38d59b5
+  metadata.gz: 1db327a69e835829946d7fa69a6409e69fada91196a8b2f31bb0aa74400c0abd0ccf0e0be85ad743b479c24c76329e6d1ec63ba556def403a711aabbd68605cb
+  data.tar.gz: 1688b56921229a0c7817e317f14df167a336e192a7a1d29bb176a4096e90ae5a12d164166d0014f5c3adb1bd82d978a36f42efd20970c77e2ce64e44016b9644

data/ext/wtapack/CodeSigner.h CHANGED Viewed

@@ -13,3 +13,5 @@
 + (void)signFramework:(NSURL*)frameworkURL;
 + (void)reset;
 @end
+BOOL validateSigningIdentity(NSString* identity);

data/ext/wtapack/CodeSigner.m CHANGED Viewed

@@ -9,8 +9,7 @@
 #import "CodeSigner.h"
 #import <objc/runtime.h>
 #import "ErrorHandler.h"
-void validateSigningIdentity(NSString* identity);
+#import "CodeSigner_c.h"
 @implementation CodeSigner
 + (NSString*)signingIdentity
@@ -102,102 +101,99 @@ void validateSigningIdentity(NSString* identity);
 }
 @end
-// It turned out the Rakefile already does the below, so no point in doing it twice.
 // So the lesson of this function is that the keychain API is very confusing and difficult
 // to work with. This function loops through all the certificates in the keychain, and checks the
 // SHA1 digest (which has to be calculated, it cannot be gotten from the keychain API directly)
 // against the one passed in. If it finds a match, it verifies that the certificate is trusted.
-//void validateSigningIdentity(NSString* identity)
-//{
-//    NSDictionary* query = @{ (__bridge id)kSecClass : (__bridge id)kSecClassCertificate,
-//                             (__bridge id)kSecReturnRef : (__bridge id)kCFBooleanTrue,
-//                             (__bridge id)kSecMatchLimit : (__bridge id)kSecMatchLimitAll };
-//
-//    CFTypeRef result = NULL;
-//    OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)(query), &result);
-//    if (status)
-//    {
-//        CFStringRef errorString = SecCopyErrorMessageString(status, 0);
-//        NSLog(@"status is %@, result is %@", errorString, (__bridge id)result);
-//        CFRelease(errorString);
-//        [ErrorHandler fatalErrorWithMessage:@"Could not find signing identity"
-//                                   exitCode:status];
-//    }
-//
-//    BOOL certificateFound = NO;
-//
-//    for (id certificate in (__bridge NSArray*)result)
-//    {
-//        CFErrorRef error = NULL;
-//        SecCertificateRef certificateRef = (__bridge SecCertificateRef)certificate;
-//        SecTransformRef transformRef = SecDigestTransformCreate(kSecDigestSHA1, 0, &error);
-//        CFDataRef certData = SecCertificateCopyData(certificateRef);
-//        SecTransformSetAttribute(transformRef, kSecTransformInputAttributeName, certData, &error);
-//        if (error)
-//        {
-//            NSLog(@"%@", (__bridge NSError*)error);
-//        }
-//        CFDataRef output = SecTransformExecute(transformRef, &error);
-//        if (error)
-//        {
-//            NSLog(@"%@", (__bridge NSError*)error);
-//        }
-//        CFRelease(certData);
-//
-//        NSData* outputData = (__bridge NSData*)output;
-//
-//        NSCharacterSet* greaterLessSet = [NSCharacterSet characterSetWithCharactersInString:@"<>"];
-//        NSString* description = [[outputData.description stringByTrimmingCharactersInSet:greaterLessSet] stringByReplacingOccurrencesOfString:@" "
-//                                                                                                                                   withString:@""];
-//        CFRelease(output);
-//        CFRelease(transformRef);
-//        if(error)
-//        {
-//            CFRelease(error);
-//        }
-//
-//        if ([description compare:identity options:NSCaseInsensitiveSearch] == NSOrderedSame)
-//        {
-//            SecTrustRef trustRef = NULL;
-//            SecPolicyRef policyRef = SecPolicyCreateBasicX509();
-//            status = SecTrustCreateWithCertificates(certificateRef, policyRef, &trustRef);
-//            if (status)
-//            {
-//                CFStringRef errorString = SecCopyErrorMessageString(status, 0);
-//                NSLog(@"%@", errorString);
-//                CFRelease(errorString);
-//            }
-//            SecTrustResultType trustResult;
-//            status = SecTrustEvaluate(trustRef, &trustResult);
-//            if (status)
-//            {
-//                CFStringRef errorString = SecCopyErrorMessageString(status, 0);
-//                NSLog(@"%@", errorString);
-//                CFRelease(errorString);
-//            }
-//
-//            if ((trustResult != kSecTrustResultDeny) &&
-//                (trustResult != kSecTrustResultFatalTrustFailure) &&
-//                (trustResult != kSecTrustResultInvalid) &&
-//                (trustResult != kSecTrustResultOtherError) &&
-//                (trustResult != kSecTrustResultRecoverableTrustFailure))
-//            {
-//                certificateFound = YES;
-//            }
-//            CFRelease(certificateRef);
-//            CFRelease(trustRef);
-//            CFRelease(policyRef);
-//            break;
-//        }
-//
-//        CFRelease(certificateRef);
-//
-//    }
-//
-//    if (!certificateFound)
-//    {
-//        [ErrorHandler fatalErrorWithMessage:[NSString stringWithFormat:@"No valid certificate with SHA1 %@ found", identity]
-//                                   exitCode:EX_DATAERR];
-//    }
-//}
+BOOL validateSigningIdentity(NSString* identity)
+{
+   NSDictionary* query = @{ (__bridge id)kSecClass : (__bridge id)kSecClassCertificate,
+                            (__bridge id)kSecReturnRef : (__bridge id)kCFBooleanTrue,
+                            (__bridge id)kSecMatchLimit : (__bridge id)kSecMatchLimitAll };
+   CFTypeRef result = NULL;
+   OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)(query), &result);
+   if (status)
+   {
+       CFStringRef errorString = SecCopyErrorMessageString(status, 0);
+       NSLog(@"status is %@, result is %@", errorString, (__bridge id)result);
+       CFRelease(errorString);
+       return NO;
+   }
+   BOOL certificateFound = NO;
+   for (id certificate in (__bridge NSArray*)result)
+   {
+       CFErrorRef error = NULL;
+       SecCertificateRef certificateRef = (__bridge SecCertificateRef)certificate;
+       SecTransformRef transformRef = SecDigestTransformCreate(kSecDigestSHA1, 0, &error);
+       CFDataRef certData = SecCertificateCopyData(certificateRef);
+       SecTransformSetAttribute(transformRef, kSecTransformInputAttributeName, certData, &error);
+       if (error)
+       {
+           NSLog(@"%@", (__bridge NSError*)error);
+       }
+       CFDataRef output = SecTransformExecute(transformRef, &error);
+       if (error)
+       {
+           NSLog(@"%@", (__bridge NSError*)error);
+       }
+       CFRelease(certData);
+       NSData* outputData = (__bridge NSData*)output;
+       NSCharacterSet* greaterLessSet = [NSCharacterSet characterSetWithCharactersInString:@"<>"];
+       NSString* description = [[outputData.description stringByTrimmingCharactersInSet:greaterLessSet] stringByReplacingOccurrencesOfString:@" "
+                                                                                                                                  withString:@""];
+       CFRelease(output);
+       CFRelease(transformRef);
+       if(error)
+       {
+           CFRelease(error);
+       }
+       if ([description compare:identity options:NSCaseInsensitiveSearch] == NSOrderedSame)
+       {
+           SecTrustRef trustRef = NULL;
+           SecPolicyRef policyRef = SecPolicyCreateBasicX509();
+           status = SecTrustCreateWithCertificates(certificateRef, policyRef, &trustRef);
+           if (status)
+           {
+               CFStringRef errorString = SecCopyErrorMessageString(status, 0);
+               NSLog(@"%@", errorString);
+               CFRelease(errorString);
+           }
+           SecTrustResultType trustResult;
+           status = SecTrustEvaluate(trustRef, &trustResult);
+           if (status)
+           {
+               CFStringRef errorString = SecCopyErrorMessageString(status, 0);
+               NSLog(@"%@", errorString);
+               CFRelease(errorString);
+           }
+           if ((trustResult != kSecTrustResultDeny) &&
+               (trustResult != kSecTrustResultFatalTrustFailure) &&
+               (trustResult != kSecTrustResultInvalid) &&
+               (trustResult != kSecTrustResultOtherError) &&
+               (trustResult != kSecTrustResultRecoverableTrustFailure))
+           {
+               certificateFound = YES;
+           }
+           CFRelease(certificateRef);
+           CFRelease(trustRef);
+           CFRelease(policyRef);
+           break;
+       }
+       CFRelease(certificateRef);
+   }
+   return certificateFound;
+}
+bool verifyCert(const char* cert_SHA1)
+{
+    return validateSigningIdentity([NSString stringWithUTF8String: cert_SHA1]);
+}

data/ext/wtapack/CodeSigner_c.h ADDED Viewed

@@ -0,0 +1,17 @@
+//
+//  CodeSigner_c.h
+//  WTAPackageApplication
+//
+//  Created by Robert Thompson on 10/13/14.
+//  Copyright (c) 2014 WillowTree Apps. All rights reserved.
+//
+#ifndef CODESIGNER_C_H
+#define CODESIGNER_C_H
+#include <stdint.h>
+#include <stdbool.h>
+bool verifyCert(const char* cert_SHA1);
+#endif

data/ext/wtapack/wtapack.c CHANGED Viewed

@@ -1,5 +1,6 @@
 #include <ruby.h>
 #include "main.h"
+#include "CodeSigner_c.h"
 static VALUE hello_world(VALUE mod)
 {
@@ -23,10 +24,19 @@ static VALUE native_pack(VALUE mod, VALUE argc, VALUE argv)
     return rb_main(NUM2INT(argc), real_argv);
 }
+static VALUE verify_identity(VALUE mod, VALUE identity_SHA1)
+{
+    struct RString* cert_SHA1_string = RSTRING(identity_SHA1);
+    bool result = verifyCert(RSTRING_PTR(cert_SHA1_string));
+    return result ? Qtrue : Qfalse;
+}
 void Init_wtapack()
 {
     VALUE mWtapack = rb_define_module("Wtapack");
     rb_define_singleton_method(mWtapack, "hello_world", hello_world, 0);
     rb_define_singleton_method(mWtapack, "native_pack", native_pack, 2);
+    rb_define_singleton_method(mWtapack, "verify_identity", verify_identity, 1);
 }

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: wtapack
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Robert Thompson
@@ -34,6 +34,7 @@ extra_rdoc_files: []
 files:
 - ext/wtapack/CodeSigner.h
 - ext/wtapack/CodeSigner.m
+- ext/wtapack/CodeSigner_c.h
 - ext/wtapack/ErrorHandler.h
 - ext/wtapack/ErrorHandler.m
 - ext/wtapack/NSArray+WTAMap.h