Advertisement
Guest User

Untitled

a guest
Jun 18th, 2013
65
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.22 KB | None | 0 0
  1. require 'Logger'
  2. require 'OpenSSL'
  3.  
  4. class IdentityManager < Object
  5. attr_accessor :logger
  6.  
  7. def initialize()
  8. super
  9. self.logger = Logger.new(STDOUT)
  10. self.logger.level = Logger::ERROR
  11. self.logger.formatter = proc do |severity, datetime, progname, message|
  12. "#{message}\n"
  13. end
  14. end
  15.  
  16. class SigningIdentity < Object
  17. attr_accessor :long_id
  18. attr_accessor :full_name_string
  19. attr_accessor :organization_id
  20. attr_accessor :logger
  21.  
  22. def self.organization_string_for_identity(identity_full_name_string, logger)
  23. fail "Invalid identity full name string for organization search!" unless identity_full_name_string.length > 0
  24. certificate_dump_command = "security find-certificate -c \"#{identity_full_name_string}\" -p"
  25. logger.info "Dumping certificate with command #{certificate_dump_command}"
  26. certificate_dump_result = `#{certificate_dump_command}`
  27. fail "Certificate dump failed: #{$?.exitstatus}!" unless $?.exitstatus == 0
  28. certificate = OpenSSL::X509::Certificate.new certificate_dump_result
  29. certificate_subject = certificate.subject.to_s
  30. certificate_organization_match = /OU=([0-9A-Z]*)/.match(certificate_subject)
  31. fail "Can't parse certification information!" unless certificate_organization_match
  32. certificate_organization = certificate_organization_match.captures.first
  33. logger.info "Found organization #{certificate_organization} for certificate #{identity_full_name_string}"
  34. certificate_organization
  35. end
  36.  
  37. def self.create_identity(long_id, full_name_string, logger)
  38. identity = SigningIdentity.new()
  39. identity.long_id = long_id
  40. identity.full_name_string = full_name_string
  41. identity.organization_id = organization_string_for_identity(full_name_string, logger)
  42. identity.logger = logger
  43. identity
  44. end
  45.  
  46. def sign_bundle(bundle_path_to_sign)
  47. codesign_path = "/usr/bin/codesign"
  48. fail "Can't find codesign binary" unless File.exists? codesign_path
  49.  
  50. self.logger.info "Signing Bundle @ #{bundle_path_to_sign}"
  51. codesign_command = "#{codesign_path} --force --sign \"#{self.long_id}\" \"#{bundle_path_to_sign}\""
  52. self.logger.info "Executing Codesign ... #{codesign_command}"
  53. codesign_return = system codesign_command
  54. fail "Codesign command failed: #{$?.exitstatus}" unless codesign_return
  55. end
  56. end
  57.  
  58. def find_identities(identity_search_string = nil, team_identifier = nil)
  59. self.logger.info "Searching for identity internal with identity string (#{identity_search_string}), team identifier (#{team_identifier})"
  60. search_command = "/usr/bin/security find-identity -p codesigning -v"
  61. search_command_output = `#{search_command}`
  62.  
  63. if search_command_output
  64. lines = search_command_output.lines.reject do |line|
  65. reject = identity_search_string != nil && line.include?(identity_search_string) == false
  66. self.logger.info "Rejecting line \"#{line.strip}\" due to search not matching" if reject
  67. end
  68.  
  69. if lines
  70. identities = lines.collect do |line|
  71. regex = /[0-9]+\)\s*([A-Z0-9]*)\s\"((?:\w|\s|[:])*\s*\((\w*)\))"/
  72. if line.match(regex)
  73. long_id, full_name_string, short_id = (line.match regex).captures
  74.  
  75. if long_id && short_id && full_name_string
  76. found_identity = SigningIdentity.create_identity(long_id, full_name_string, self.logger)
  77. self.logger.info "Found Possible Identity #{long_id}, #{short_id}, #{full_name_string}: #{found_identity}"
  78. found_identity
  79. end
  80. end
  81. end
  82. identities.compact!
  83.  
  84. self.logger.info "Identities list to check: \"#{identities}\""
  85.  
  86. if identities
  87. self.logger.info "Checking #{identities.count} identities against team identifier \"team_identifier\""
  88. identities = identities.reject do |identity|
  89. self.logger.info "Checking identity with organization id \"#{identity.organization_id}\" against target team identifier \"#{team_identifier}\""
  90. team_identifier != nil && identity.organization_id != team_identifier
  91. end
  92. end
  93.  
  94. identities
  95. end
  96. end
  97. end
  98. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement