class FastlaneCore::CertChecker
This class checks if a specific certificate is installed on the current mac
Public Class Methods
install_wwdr_certificate(url)
click to toggle source
# File fastlane_core/lib/fastlane_core/cert_checker.rb, line 97 def self.install_wwdr_certificate(url) file = Tempfile.new(File.basename(url)) filename = file.path keychain = wwdr_keychain keychain = "-k #{keychain.shellescape}" unless keychain.empty? require 'open3' import_command = "curl -f -o #{filename} #{url} && security import #{filename} #{keychain}" UI.verbose("Installing WWDR Cert: #{import_command}") stdout, stderr, _status = Open3.capture3(import_command) if FastlaneCore::Globals.verbose? UI.command_output(stdout) UI.command_output(stderr) end unless $?.success? UI.verbose("Failed to install WWDR Certificate, checking output to see why") # Check the command output, WWDR might already exist unless /The specified item already exists in the keychain./ =~ stderr UI.user_error!("Could not install WWDR certificate") end UI.verbose("WWDR Certificate was already installed") end return true end
install_wwdr_certificates()
click to toggle source
# File fastlane_core/lib/fastlane_core/cert_checker.rb, line 92 def self.install_wwdr_certificates install_wwdr_certificate('https://developer.apple.com/certificationauthority/AppleWWDRCA.cer') install_wwdr_certificate('https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer') end
installed?(path, in_keychain: nil)
click to toggle source
# File fastlane_core/lib/fastlane_core/cert_checker.rb, line 9 def self.installed?(path, in_keychain: nil) UI.user_error!("Could not find file '#{path}'") unless File.exist?(path) ids = installed_identies(in_keychain: in_keychain) ids += installed_installers(in_keychain: in_keychain) finger_print = sha1_fingerprint(path) return ids.include?(finger_print) end
installed_identies(in_keychain: nil)
click to toggle source
# File fastlane_core/lib/fastlane_core/cert_checker.rb, line 24 def self.installed_identies(in_keychain: nil) install_wwdr_certificates unless wwdr_certificates_installed? available = list_available_identities(in_keychain: in_keychain) # Match for this text against word boundaries to avoid edge cases around multiples of 10 identities! if /\b0 valid identities found\b/ =~ available UI.error([ "There are no local code signing identities found.", "You can run" << " `security find-identity -v -p codesigning #{in_keychain}".rstrip << "` to get this output.", "This Stack Overflow thread has more information: https://stackoverflow.com/q/35390072/774.", "(Check in Keychain Access for an expired WWDR certificate: https://stackoverflow.com/a/35409835/774 has more info.)" ].join("\n")) end ids = [] available.split("\n").each do |current| next if current.include?("REVOKED") begin (ids << current.match(/.*\) ([[:xdigit:]]*) \".*/)[1]) rescue # the last line does not match end end return ids end
installed_installers(in_keychain: nil)
click to toggle source
# File fastlane_core/lib/fastlane_core/cert_checker.rb, line 51 def self.installed_installers(in_keychain: nil) available = self.list_available_third_party_mac_installer(in_keychain: in_keychain) available += self.list_available_developer_id_installer(in_keychain: in_keychain) return available.scan(/^SHA-1 hash: ([[:xdigit:]]+)$/).flatten end
is_installed?(path)
click to toggle source
Legacy Method, use `installed?` instead
# File fastlane_core/lib/fastlane_core/cert_checker.rb, line 20 def self.is_installed?(path) installed?(path) end
list_available_developer_id_installer(in_keychain: nil)
click to toggle source
# File fastlane_core/lib/fastlane_core/cert_checker.rb, line 75 def self.list_available_developer_id_installer(in_keychain: nil) # -Z Print SHA-256 (and SHA-1) hash of the certificate # -a Find all matching certificates, not just the first one # -c Match on "name" when searching (optional) commands = ['security find-certificate -Z -a -c "Developer ID Installer"'] commands << in_keychain if in_keychain `#{commands.join(' ')}` end
list_available_identities(in_keychain: nil)
click to toggle source
# File fastlane_core/lib/fastlane_core/cert_checker.rb, line 58 def self.list_available_identities(in_keychain: nil) # -v Show valid identities only (default is to show all identities) # -p Specify policy to evaluate commands = ['security find-identity -v -p codesigning'] commands << in_keychain if in_keychain `#{commands.join(' ')}` end
list_available_third_party_mac_installer(in_keychain: nil)
click to toggle source
# File fastlane_core/lib/fastlane_core/cert_checker.rb, line 66 def self.list_available_third_party_mac_installer(in_keychain: nil) # -Z Print SHA-256 (and SHA-1) hash of the certificate # -a Find all matching certificates, not just the first one # -c Match on "name" when searching (optional) commands = ['security find-certificate -Z -a -c "3rd Party Mac Developer Installer"'] commands << in_keychain if in_keychain `#{commands.join(' ')}` end
sha1_fingerprint(path)
click to toggle source
# File fastlane_core/lib/fastlane_core/cert_checker.rb, line 140 def self.sha1_fingerprint(path) file_data = File.read(path.to_s) cert = OpenSSL::X509::Certificate.new(file_data) return OpenSSL::Digest::SHA1.new(cert.to_der).to_s.upcase rescue => error UI.error(error) UI.user_error!("Error parsing certificate '#{path}'") end
wwdr_certificates_installed?()
click to toggle source
# File fastlane_core/lib/fastlane_core/cert_checker.rb, line 84 def self.wwdr_certificates_installed? certificate_name = "Apple Worldwide Developer Relations Certification Authority" keychain = wwdr_keychain response = Helper.backticks("security find-certificate -a -c '#{certificate_name}' #{keychain.shellescape}", print: FastlaneCore::Globals.verbose?) certs = response.split("keychain: \"#{keychain}\"").drop(1) certs.count == 2 end
wwdr_keychain()
click to toggle source
# File fastlane_core/lib/fastlane_core/cert_checker.rb, line 125 def self.wwdr_keychain priority = [ "security list-keychains -d user", "security default-keychain -d user" ] priority.each do |command| keychains = Helper.backticks(command, print: FastlaneCore::Globals.verbose?).split("\n") unless keychains.empty? # Select first keychain name from returned keychains list return keychains[0].strip.tr('"', '') end end return "" end