Class: Spaceship::Portal::Certificate

Inherits:

Spaceship::PortalBase

• Object
• Base
• Spaceship::PortalBase
• Spaceship::Portal::Certificate

Defined in:

lib/spaceship/portal/certificate.rb

Overview

Represents a certificate from the Apple Developer Portal.

This can either be a code signing identity or a push profile

Direct Known Subclasses

ApplePay, DeveloperIDApplication, DeveloperIDInstaller, Development, InHouse, MacAppDistribution, MacDevelopment, MacInstallerDistribution, Passbook, Production, PushCertificate

Defined Under Namespace

Classes: ApplePay, DeveloperIDApplication, DeveloperIDInstaller, Development, DevelopmentPush, InHouse, MacAppDistribution, MacDevelopment, MacDevelopmentPush, MacInstallerDistribution, MacProductionPush, Passbook, Production, ProductionPush, PushCertificate, VoipPush, WebsitePush

Constant Summary

IOS_CERTIFICATE_TYPE_IDS =

{
  "5QPB9NHCEI" => Development,
  "R58UK2EWSO" => Production,
  "9RQEK7MSXA" => InHouse,
  "LA30L5BJEU" => Certificate,
  "BKLRAVXMGM" => DevelopmentPush,
  "UPV3DW712I" => ProductionPush,
  "Y3B2F3TYSI" => Passbook,
  "3T2ZP62QW8" => WebsitePush,
  "E5D663CMZW" => VoipPush,
  "4APLUP237T" => ApplePay
}

OLDER_IOS_CERTIFICATE_TYPES =

[
  # those are also sent by the browser, but not sure what they represent
  "T44PTHVNID",
  "DZQUP8189Y",
  "FGQUP4785Z",
  "S5WE21TULA",
  "3BQKVH9I2X", # ProductionPush,
  "FUOY7LWJET"
]

MAC_CERTIFICATE_TYPE_IDS =

{
  "749Y1QAGU7" => MacDevelopment,
  "HXZEUKP0FP" => MacAppDistribution,
  "2PQI8IDXNH" => MacInstallerDistribution,
  "OYVN2GW35E" => DeveloperIDInstaller,
  "W0EURJRMC5" => DeveloperIDApplication,
  "CDZ7EMXIZ1" => MacProductionPush,
  "HQ4KP3I34R" => MacDevelopmentPush,
  "DIVN2GW3XT" => DeveloperIDApplication
}

CERTIFICATE_TYPE_IDS =

IOS_CERTIFICATE_TYPE_IDS.merge(MAC_CERTIFICATE_TYPE_IDS)

Instance Attribute Summary

• #can_download ⇒ Bool

  Whether or not the certificate can be downloaded.

• #created ⇒ Date

  The date and time when the certificate was created.

• #expires ⇒ Date

  The date and time when the certificate will expire.

• #id ⇒ String

  The ID given from the developer portal.

• #name ⇒ String

  The name of the certificate.

• #owner_id ⇒ String

  The ID of the owner, that can be used to fetch more information.

• #owner_name ⇒ String

  The name of the owner.

• #owner_type ⇒ String

  The owner type that defines if it’s a push profile or a code signing identity.

• #status ⇒ String

  Status of the certificate.

• #type_display_id ⇒ String

  Indicates the type of this certificate which is automatically used to determine the class of the certificate.

Attributes inherited from Base

#client, #raw_data

Class Method Summary

• .all(mac: false) ⇒ Array

  Returns all certificates of this account.

• .create!(csr: nil, bundle_id: nil) ⇒ Certificate

  Generate a new certificate based on a code certificate signing request.

• .create_certificate_signing_request ⇒ Object

  Create a new code signing request that can be used to generate a new certificate.

• .factory(attrs) ⇒ Object

  Create a new object based on a hash.

• .find(certificate_id, mac: false) ⇒ Certificate

  Find a certificate based on the ID of the certificate.

Instance Method Summary

• #download ⇒ OpenSSL::X509::Certificate

  Downloads and parses the certificate.

• #download_raw ⇒ String

  Download the raw data of the certificate without parsing.

• #is_push? ⇒ Bool

  : Is this certificate a push profile for apps?.

• #mac? ⇒ Bool

  Is this a Mac profile?.

• #revoke! ⇒ Object

  Revoke the certificate.

Methods inherited from Spaceship::PortalBase

client

Methods inherited from Base

attr_accessor, attr_mapping, #attributes, attributes, #initialize, #inspect, mapping_module, method_missing, set_client, #setup, #to_s

Constructor Details

This class inherits a constructor from Spaceship::Base

Instance Attribute Details

#can_download ⇒ Bool

Returns Whether or not the certificate can be downloaded.

Returns:

• (Bool) —

  Whether or not the certificate can be downloaded

# File 'lib/spaceship/portal/certificate.rb', line 70

def can_download
  @can_download
end

#created ⇒ Date

Returns The date and time when the certificate was created.

Examples:

2015-04-01 21:24:00 UTC

Returns:

• (Date) —

  The date and time when the certificate was created

# File 'lib/spaceship/portal/certificate.rb', line 29

def created
  @created
end

#expires ⇒ Date

Returns The date and time when the certificate will expire.

Examples:

2016-04-01 21:24:00 UTC

Returns:

• (Date) —

  The date and time when the certificate will expire

# File 'lib/spaceship/portal/certificate.rb', line 34

def expires
  @expires
end

#id ⇒ String

Returns The ID given from the developer portal. You’ll probably not need it.

Examples:

"P577TH3PAA"

Returns:

• (String) —

  The ID given from the developer portal. You’ll probably not need it.

# File 'lib/spaceship/portal/certificate.rb', line 12

def id
  @id
end

#name ⇒ String

Returns The name of the certificate.

Examples:

Company

"SunApps GmbH"

Push Profile

"com.krausefx.app"

Returns:

• (String) —

  The name of the certificate

# File 'lib/spaceship/portal/certificate.rb', line 19

def name
  @name
end

#owner_id ⇒ String

Returns The ID of the owner, that can be used to fetch more information.

Examples:

"75B83SPLAA"

Returns:

• (String) —

  The ID of the owner, that can be used to fetch more information

# File 'lib/spaceship/portal/certificate.rb', line 57

def owner_id
  @owner_id
end

#owner_name ⇒ String

Returns The name of the owner.

Examples:

Code Signing Identity (usually the company name)

"SunApps Gmbh"

Push Certificate (the name of your App ID)

"Awesome App"

Returns:

• (String) —

  The name of the owner

# File 'lib/spaceship/portal/certificate.rb', line 51

def owner_name
  @owner_name
end

#owner_type ⇒ String

Returns The owner type that defines if it’s a push profile or a code signing identity.

Examples:

Code Signing Identity

"team"

Push Certificate

"bundle"

Returns:

• (String) —

  The owner type that defines if it’s a push profile or a code signing identity

# File 'lib/spaceship/portal/certificate.rb', line 43

def owner_type
  @owner_type
end

#status ⇒ String

Returns Status of the certificate.

Examples:

"Issued"

Returns:

• (String) —

  Status of the certificate

# File 'lib/spaceship/portal/certificate.rb', line 24

def status
  @status
end

#type_display_id ⇒ String

Indicates the type of this certificate which is automatically used to determine the class of the certificate. Available values listed in CERTIFICATE_TYPE_IDS

Examples:

Production Certificate

"R58UK2EWSO"

Development Certificate

"5QPB9NHCEI"

Returns:

• (String) —

  The type of the certificate

# File 'lib/spaceship/portal/certificate.rb', line 67

def type_display_id
  @type_display_id
end

Class Method Details

.all(mac: false) ⇒ Array

Returns all certificates of this account. If this is called from a subclass of Certificate, this will only include certificates matching the current type.

Parameters:

• mac (Bool) (defaults to: false) —

  Fetches Mac certificates if true. (Ignored if callsed from a subclass)

Returns:

• (Array) —

  Returns all certificates of this account. If this is called from a subclass of Certificate, this will only include certificates matching the current type.

# File 'lib/spaceship/portal/certificate.rb', line 248

def all(mac: false)
  if self == Certificate # are we the base-class?
    type_ids = mac ? MAC_CERTIFICATE_TYPE_IDS : IOS_CERTIFICATE_TYPE_IDS
    types = type_ids.keys
    types += OLDER_IOS_CERTIFICATE_TYPES unless mac
  else
    types = [CERTIFICATE_TYPE_IDS.key(self)]
    mac = MAC_CERTIFICATE_TYPE_IDS.values.include? self
  end

  client.certificates(types, mac: mac).map do |cert|
    factory(cert)
  end
end

.create!(csr: nil, bundle_id: nil) ⇒ Certificate

Generate a new certificate based on a code certificate signing request

Examples:

# Create a new certificate signing request
csr, pkey = Spaceship::Certificate.create_certificate_signing_request

# Use the signing request to create a new distribution certificate
Spaceship::Certificate::Production.create!(csr: csr)

Parameters:

• csr (OpenSSL::X509::Request) (defaults to: nil) —

  (required): The certificate signing request to use. Get one using ‘create_certificate_signing_request`

• bundle_id (String) (defaults to: nil) —

  (optional): The app identifier this certificate is for. This value is only needed if you create a push profile. For normal code signing certificates, you must only pass a certificate signing request.

Returns:

• (Certificate) —

  : The newly created certificate

# File 'lib/spaceship/portal/certificate.rb', line 284

def create!(csr: nil, bundle_id: nil)
  type = CERTIFICATE_TYPE_IDS.key(self)

  # look up the app_id by the bundle_id
  if bundle_id
    app = Spaceship::App.find(bundle_id)
    raise "Could not find app with bundle id '#{bundle_id}'" unless app
    app_id = app.app_id
  end

  # ensure csr is a OpenSSL::X509::Request
  csr = OpenSSL::X509::Request.new(csr) if csr.kind_of?(String)

  # if this succeeds, we need to save the .cer and the private key in keychain access or wherever they go in linux
  response = client.create_certificate!(type, csr.to_pem, app_id)
  # munge the response to make it work for the factory
  response['certificateTypeDisplayId'] = response['certificateType']['certificateTypeDisplayId']
  self.new(response)
end

.create_certificate_signing_request ⇒ Object

Create a new code signing request that can be used to generate a new certificate

Examples:

Create a new certificate signing request
csr, pkey = Spaceship.certificate.create_certificate_signing_request

# Use the signing request to create a new distribution certificate
Spaceship.certificate.production.create!(csr: csr)

# File 'lib/spaceship/portal/certificate.rb', line 191

def create_certificate_signing_request
  key = OpenSSL::PKey::RSA.new 2048
  csr = OpenSSL::X509::Request.new
  csr.version = 0
  csr.subject = OpenSSL::X509::Name.new([
                                          ['CN', 'PEM', OpenSSL::ASN1::UTF8STRING]
                                        ])
  csr.public_key = key.public_key
  csr.sign(key, OpenSSL::Digest::SHA1.new)
  return [csr, key]
end

.factory(attrs) ⇒ Object

Create a new object based on a hash. This is used to create a new object based on the server response.

# File 'lib/spaceship/portal/certificate.rb', line 205

def factory(attrs)
  # Example:
  # => {"name"=>"iOS Distribution: SunApps GmbH",
  #  "certificateId"=>"XC5PH8DAAA",
  #  "serialNumber"=>"797E732CCE8B7AAA",
  #  "status"=>"Issued",
  #  "statusCode"=>0,
  #  "expirationDate"=>#<DateTime: 2015-11-25T22:45:50+00:00 ((2457352j,81950s,0n),+0s,2299161j)>,
  #  "certificatePlatform"=>"ios",
  #  "certificateType"=>
  #   {"certificateTypeDisplayId"=>"R58UK2EAAA",
  #    "name"=>"iOS Distribution",
  #    "platform"=>"ios",
  #    "permissionType"=>"distribution",
  #    "distributionType"=>"store",
  #    "distributionMethod"=>"app",
  #    "ownerType"=>"team",
  #    "daysOverlap"=>364,
  #    "maxActive"=>2}}

  if attrs['certificateType']
    # On some accounts this is nested, so we need to flatten it
    attrs.merge!(attrs['certificateType'])
    attrs.delete('certificateType')
  end

  # Parse the dates
  # rubocop:disable Style/RescueModifier
  attrs['expirationDate'] = (Time.parse(attrs['expirationDate']) rescue attrs['expirationDate'])
  attrs['dateCreated'] = (Time.parse(attrs['dateCreated']) rescue attrs['dateCreated'])
  # rubocop:enable Style/RescueModifier

  # Here we go
  klass = CERTIFICATE_TYPE_IDS[attrs['certificateTypeDisplayId']]
  klass ||= Certificate
  klass.client = @client
  klass.new(attrs)
end

.find(certificate_id, mac: false) ⇒ Certificate

Returns Find a certificate based on the ID of the certificate.

Parameters:

• mac (Bool) (defaults to: false) —

  Searches Mac certificates if true

Returns:

• (Certificate) —

  Find a certificate based on the ID of the certificate.

# File 'lib/spaceship/portal/certificate.rb', line 265

def find(certificate_id, mac: false)
  all(mac: mac).find do |c|
    c.id == certificate_id
  end
end

Instance Method Details

#download ⇒ OpenSSL::X509::Certificate

Returns Downloads and parses the certificate.

Returns:

• (OpenSSL::X509::Certificate) —

  Downloads and parses the certificate

# File 'lib/spaceship/portal/certificate.rb', line 313

def download
  OpenSSL::X509::Certificate.new(download_raw)
end

#download_raw ⇒ String

Returns Download the raw data of the certificate without parsing.

Returns:

• (String) —

  Download the raw data of the certificate without parsing

# File 'lib/spaceship/portal/certificate.rb', line 308

def download_raw
  client.download_certificate(id, type_display_id, mac: mac?)
end

#is_push? ⇒ Bool

Returns : Is this certificate a push profile for apps?.

Returns:

• (Bool) —

  : Is this certificate a push profile for apps?

# File 'lib/spaceship/portal/certificate.rb', line 323

def is_push?
  self.kind_of? PushCertificate
end

#mac? ⇒ Bool

Returns Is this a Mac profile?.

Returns:

• (Bool) —

  Is this a Mac profile?

# File 'lib/spaceship/portal/certificate.rb', line 328

def mac?
  MAC_CERTIFICATE_TYPE_IDS.include? type_display_id
end

#revoke! ⇒ Object

Revoke the certificate. You shouldn’t use this method probably.

# File 'lib/spaceship/portal/certificate.rb', line 318

def revoke!
  client.revoke_certificate!(id, type_display_id, mac: mac?)
end