Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- require 'Logger'
- require 'OpenSSL'
- class IdentityManager < Object
- attr_accessor :logger
- def initialize()
- super
- self.logger = Logger.new(STDOUT)
- self.logger.level = Logger::ERROR
- self.logger.formatter = proc do |severity, datetime, progname, message|
- "#{message}\n"
- end
- end
- class SigningIdentity < Object
- attr_accessor :long_id
- attr_accessor :full_name_string
- attr_accessor :organization_id
- attr_accessor :logger
- def self.organization_string_for_identity(identity_full_name_string, logger)
- fail "Invalid identity full name string for organization search!" unless identity_full_name_string.length > 0
- certificate_dump_command = "security find-certificate -c \"#{identity_full_name_string}\" -p"
- logger.info "Dumping certificate with command #{certificate_dump_command}"
- certificate_dump_result = `#{certificate_dump_command}`
- fail "Certificate dump failed: #{$?.exitstatus}!" unless $?.exitstatus == 0
- certificate = OpenSSL::X509::Certificate.new certificate_dump_result
- certificate_subject = certificate.subject.to_s
- certificate_organization_match = /OU=([0-9A-Z]*)/.match(certificate_subject)
- fail "Can't parse certification information!" unless certificate_organization_match
- certificate_organization = certificate_organization_match.captures.first
- logger.info "Found organization #{certificate_organization} for certificate #{identity_full_name_string}"
- certificate_organization
- end
- def self.create_identity(long_id, full_name_string, logger)
- identity = SigningIdentity.new()
- identity.long_id = long_id
- identity.full_name_string = full_name_string
- identity.organization_id = organization_string_for_identity(full_name_string, logger)
- identity.logger = logger
- identity
- end
- def sign_bundle(bundle_path_to_sign)
- codesign_path = "/usr/bin/codesign"
- fail "Can't find codesign binary" unless File.exists? codesign_path
- self.logger.info "Signing Bundle @ #{bundle_path_to_sign}"
- codesign_command = "#{codesign_path} --force --sign \"#{self.long_id}\" \"#{bundle_path_to_sign}\""
- self.logger.info "Executing Codesign ... #{codesign_command}"
- codesign_return = system codesign_command
- fail "Codesign command failed: #{$?.exitstatus}" unless codesign_return
- end
- end
- def find_identities(identity_search_string = nil, team_identifier = nil)
- self.logger.info "Searching for identity internal with identity string (#{identity_search_string}), team identifier (#{team_identifier})"
- search_command = "/usr/bin/security find-identity -p codesigning -v"
- search_command_output = `#{search_command}`
- if search_command_output
- lines = search_command_output.lines.reject do |line|
- reject = identity_search_string != nil && line.include?(identity_search_string) == false
- self.logger.info "Rejecting line \"#{line.strip}\" due to search not matching" if reject
- end
- if lines
- identities = lines.collect do |line|
- regex = /[0-9]+\)\s*([A-Z0-9]*)\s\"((?:\w|\s|[:])*\s*\((\w*)\))"/
- if line.match(regex)
- long_id, full_name_string, short_id = (line.match regex).captures
- if long_id && short_id && full_name_string
- found_identity = SigningIdentity.create_identity(long_id, full_name_string, self.logger)
- self.logger.info "Found Possible Identity #{long_id}, #{short_id}, #{full_name_string}: #{found_identity}"
- found_identity
- end
- end
- end
- identities.compact!
- self.logger.info "Identities list to check: \"#{identities}\""
- if identities
- self.logger.info "Checking #{identities.count} identities against team identifier \"team_identifier\""
- identities = identities.reject do |identity|
- self.logger.info "Checking identity with organization id \"#{identity.organization_id}\" against target team identifier \"#{team_identifier}\""
- team_identifier != nil && identity.organization_id != team_identifier
- end
- end
- identities
- end
- end
- end
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement