Class: FastlaneCore::CertChecker
- Inherits:
-
Object
- Object
- FastlaneCore::CertChecker
- Defined in:
- fastlane_core/lib/fastlane_core/cert_checker.rb
Overview
This class checks if a specific certificate is installed on the current mac
Class Method Summary collapse
- .install_missing_wwdr_certificates ⇒ Object
- .install_wwdr_certificate(cert_alias) ⇒ Object
- .installed?(path, in_keychain: nil) ⇒ Boolean
- .installed_identies(in_keychain: nil) ⇒ Object
- .installed_installers(in_keychain: nil) ⇒ Object
- .installed_wwdr_certificates ⇒ Object
-
.is_installed?(path) ⇒ Boolean
Legacy Method, use ‘installed?` instead.
- .list_available_developer_id_installer(in_keychain: nil) ⇒ Object
- .list_available_identities(in_keychain: nil) ⇒ Object
- .list_available_third_party_mac_installer(in_keychain: nil) ⇒ Object
- .sha1_fingerprint(path) ⇒ Object
- .wwdr_keychain ⇒ Object
Class Method Details
.install_missing_wwdr_certificates ⇒ Object
138 139 140 141 142 143 144 145 |
# File 'fastlane_core/lib/fastlane_core/cert_checker.rb', line 138 def self.install_missing_wwdr_certificates # Install all Worldwide Developer Relations Intermediate Certificates listed here: https://www.apple.com/certificateauthority/ missing = WWDRCA_CERTIFICATES.map { |c| c[:alias] } - installed_wwdr_certificates missing.each do |cert_alias| install_wwdr_certificate(cert_alias) end missing.count end |
.install_wwdr_certificate(cert_alias) ⇒ Object
147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'fastlane_core/lib/fastlane_core/cert_checker.rb', line 147 def self.install_wwdr_certificate(cert_alias) url = WWDRCA_CERTIFICATES.find { |c| c[:alias] == cert_alias }.fetch(:url) file = Tempfile.new([File.basename(url, ".cer"), ".cer"]) filename = file.path keychain = wwdr_keychain keychain = "-k #{keychain.shellescape}" unless keychain.empty? # Attempts to fix an issue installing WWDR cert tends to fail on CIs # https://github.com/fastlane/fastlane/issues/20960 curl_extras = "" if FastlaneCore::Feature.enabled?('FASTLANE_WWDR_USE_HTTP1_AND_RETRIES') curl_extras = "--http1.1 --retry 3 --retry-all-errors " end import_command = "curl #{curl_extras}-f -o #{filename} #{url} && security import #{filename} #{keychain}" UI.verbose("Installing WWDR Cert: #{import_command}") require 'open3' stdout, stderr, status = Open3.capture3(import_command) if FastlaneCore::Globals.verbose? UI.command_output(stdout) UI.command_output(stderr) end unless status.success? UI.verbose("Failed to install WWDR Certificate, checking output to see why") # Check the command output, WWDR might already exist unless /The specified item already exists in the keychain./ =~ stderr UI.user_error!("Could not install WWDR certificate") end UI.verbose("WWDR Certificate was already installed") end return true end |
.installed?(path, in_keychain: nil) ⇒ Boolean
39 40 41 42 43 44 45 46 47 |
# File 'fastlane_core/lib/fastlane_core/cert_checker.rb', line 39 def self.installed?(path, in_keychain: nil) UI.user_error!("Could not find file '#{path}'") unless File.exist?(path) ids = installed_identies(in_keychain: in_keychain) ids += installed_installers(in_keychain: in_keychain) finger_print = sha1_fingerprint(path) return ids.include?(finger_print) end |
.installed_identies(in_keychain: nil) ⇒ Object
54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
# File 'fastlane_core/lib/fastlane_core/cert_checker.rb', line 54 def self.installed_identies(in_keychain: nil) install_missing_wwdr_certificates available = list_available_identities(in_keychain: in_keychain) # Match for this text against word boundaries to avoid edge cases around multiples of 10 identities! if /\b0 valid identities found\b/ =~ available UI.error([ "There are no local code signing identities found.", "You can run" << " `security find-identity -v -p codesigning #{in_keychain}".rstrip << "` to get this output.", "This Stack Overflow thread has more information: https://stackoverflow.com/q/35390072/774.", "(Check in Keychain Access for an expired WWDR certificate: https://stackoverflow.com/a/35409835/774 has more info.)" ].join("\n")) end ids = [] available.split("\n").each do |current| next if current.include?("REVOKED") begin (ids << current.match(/.*\) ([[:xdigit:]]*) \".*/)[1]) rescue # the last line does not match end end return ids end |
.installed_installers(in_keychain: nil) ⇒ Object
81 82 83 84 85 86 |
# File 'fastlane_core/lib/fastlane_core/cert_checker.rb', line 81 def self.installed_installers(in_keychain: nil) available = self.list_available_third_party_mac_installer(in_keychain: in_keychain) available += self.list_available_developer_id_installer(in_keychain: in_keychain) return available.scan(/^SHA-1 hash: ([[:xdigit:]]+)$/).flatten end |
.installed_wwdr_certificates ⇒ Object
114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
# File 'fastlane_core/lib/fastlane_core/cert_checker.rb', line 114 def self.installed_wwdr_certificates certificate_name = "Apple Worldwide Developer Relations" # Find all installed WWDRCA certificates installed_certs = [] Helper.backticks("security find-certificate -a -c '#{certificate_name}' -p #{wwdr_keychain.shellescape}", print: false) .lines .each do |line| if line.start_with?('-----BEGIN CERTIFICATE-----') installed_certs << line else installed_certs.last << line end end # Get the alias (see `WWDRCA_CERTIFICATES`) of the installed WWDRCA certificates installed_certs .map do |pem| sha256 = Digest::SHA256.hexdigest(OpenSSL::X509::Certificate.new(pem).to_der) WWDRCA_CERTIFICATES.find { |c| c[:sha256].casecmp?(sha256) }&.fetch(:alias) end .compact end |
.is_installed?(path) ⇒ Boolean
Legacy Method, use ‘installed?` instead
50 51 52 |
# File 'fastlane_core/lib/fastlane_core/cert_checker.rb', line 50 def self.is_installed?(path) installed?(path) end |
.list_available_developer_id_installer(in_keychain: nil) ⇒ Object
105 106 107 108 109 110 111 112 |
# File 'fastlane_core/lib/fastlane_core/cert_checker.rb', line 105 def self.list_available_developer_id_installer(in_keychain: nil) # -Z Print SHA-256 (and SHA-1) hash of the certificate # -a Find all matching certificates, not just the first one # -c Match on "name" when searching (optional) commands = ['security find-certificate -Z -a -c "Developer ID Installer"'] commands << in_keychain if in_keychain `#{commands.join(' ')}` end |
.list_available_identities(in_keychain: nil) ⇒ Object
88 89 90 91 92 93 94 |
# File 'fastlane_core/lib/fastlane_core/cert_checker.rb', line 88 def self.list_available_identities(in_keychain: nil) # -v Show valid identities only (default is to show all identities) # -p Specify policy to evaluate commands = ['security find-identity -v -p codesigning'] commands << in_keychain if in_keychain `#{commands.join(' ')}` end |
.list_available_third_party_mac_installer(in_keychain: nil) ⇒ Object
96 97 98 99 100 101 102 103 |
# File 'fastlane_core/lib/fastlane_core/cert_checker.rb', line 96 def self.list_available_third_party_mac_installer(in_keychain: nil) # -Z Print SHA-256 (and SHA-1) hash of the certificate # -a Find all matching certificates, not just the first one # -c Match on "name" when searching (optional) commands = ['security find-certificate -Z -a -c "3rd Party Mac Developer Installer"'] commands << in_keychain if in_keychain `#{commands.join(' ')}` end |
.sha1_fingerprint(path) ⇒ Object
197 198 199 200 201 202 203 204 |
# File 'fastlane_core/lib/fastlane_core/cert_checker.rb', line 197 def self.sha1_fingerprint(path) file_data = File.read(path.to_s) cert = OpenSSL::X509::Certificate.new(file_data) return OpenSSL::Digest::SHA1.new(cert.to_der).to_s.upcase rescue => error UI.error(error) UI.user_error!("Error parsing certificate '#{path}'") end |
.wwdr_keychain ⇒ Object
182 183 184 185 186 187 188 189 190 191 192 193 194 195 |
# File 'fastlane_core/lib/fastlane_core/cert_checker.rb', line 182 def self.wwdr_keychain priority = [ "security default-keychain -d user", "security list-keychains -d user" ] priority.each do |command| keychains = Helper.backticks(command, print: FastlaneCore::Globals.verbose?).split("\n") unless keychains.empty? # Select first keychain name from returned keychains list return keychains[0].strip.tr('"', '') end end return "" end |