require_relative 'spaceship_ensure' require_relative 'encryption' require_relative 'storage' require_relative 'module' require_relative 'generator' require 'fastlane_core/provisioning_profile' require 'fileutils' module Match class Importer def import_cert(params, cert_path: nil, p12_path: nil, profile_path: nil) # Get and verify cert, p12 and profiles path cert_path = ensure_valid_file_path(cert_path, "Certificate", ".cer") p12_path = ensure_valid_file_path(p12_path, "Private key", ".p12") profile_path = ensure_valid_file_path(profile_path, "Provisioning profile", ".mobileprovision or .provisionprofile", optional: true) # Storage storage = Storage.for_mode(params[:storage_mode], { git_url: params[:git_url], shallow_clone: params[:shallow_clone], skip_docs: params[:skip_docs], git_branch: params[:git_branch], git_full_name: params[:git_full_name], git_user_email: params[:git_user_email], git_private_key: params[:git_private_key], git_basic_authorization: params[:git_basic_authorization], git_bearer_authorization: params[:git_bearer_authorization], clone_branch_directly: params[:clone_branch_directly], type: params[:type].to_s, platform: params[:platform].to_s, google_cloud_bucket_name: params[:google_cloud_bucket_name].to_s, google_cloud_keys_file: params[:google_cloud_keys_file].to_s, google_cloud_project_id: params[:google_cloud_project_id].to_s, skip_google_cloud_account_confirmation: params[:skip_google_cloud_account_confirmation], s3_bucket: params[:s3_bucket], s3_region: params[:s3_region], s3_access_key: params[:s3_access_key], s3_secret_access_key: params[:s3_secret_access_key], s3_object_prefix: params[:s3_object_prefix], gitlab_project: params[:gitlab_project], readonly: params[:readonly], username: params[:username], team_id: params[:team_id], team_name: params[:team_name], api_key_path: params[:api_key_path], api_key: params[:api_key] }) storage.download # Encryption encryption = Encryption.for_storage_mode(params[:storage_mode], { git_url: params[:git_url], working_directory: storage.working_directory }) encryption.decrypt_files if encryption UI.success("Repo is at: '#{storage.working_directory}'") # Map match type into Spaceship::ConnectAPI::Certificate::CertificateType cert_type = Match.cert_type_sym(params[:type]) case cert_type when :development certificate_type = [ Spaceship::ConnectAPI::Certificate::CertificateType::IOS_DEVELOPMENT, Spaceship::ConnectAPI::Certificate::CertificateType::MAC_APP_DEVELOPMENT, Spaceship::ConnectAPI::Certificate::CertificateType::DEVELOPMENT ].join(',') when :distribution, :enterprise certificate_type = [ Spaceship::ConnectAPI::Certificate::CertificateType::IOS_DISTRIBUTION, Spaceship::ConnectAPI::Certificate::CertificateType::MAC_APP_DISTRIBUTION, Spaceship::ConnectAPI::Certificate::CertificateType::DISTRIBUTION ].join(',') when :developer_id_application certificate_type = [ Spaceship::ConnectAPI::Certificate::CertificateType::DEVELOPER_ID_APPLICATION, Spaceship::ConnectAPI::Certificate::CertificateType::DEVELOPER_ID_APPLICATION_G2 ].join(',') when :mac_installer_distribution certificate_type = [ Spaceship::ConnectAPI::Certificate::CertificateType::MAC_INSTALLER_DISTRIBUTION ].join(',') when :developer_id_installer certificate_type = [ Spaceship::ConnectAPI::Certificate::CertificateType::DEVELOPER_ID_INSTALLER ].join(',') else UI.user_error!("Cert type '#{cert_type}' is not supported") end prov_type = Match.profile_type_sym(params[:type]) output_dir_certs = File.join(storage.prefixed_working_directory, "certs", cert_type.to_s) output_dir_profiles = File.join(storage.prefixed_working_directory, "profiles", prov_type.to_s) should_skip_certificate_matching = params[:skip_certificate_matching] # In case there is no access to Apple Developer portal but we have the certificates, keys and profiles if should_skip_certificate_matching cert_name = File.basename(cert_path, ".*") p12_name = File.basename(p12_path, ".*") # Make dir if doesn't exist FileUtils.mkdir_p(output_dir_certs) dest_cert_path = File.join(output_dir_certs, "#{cert_name}.cer") dest_p12_path = File.join(output_dir_certs, "#{p12_name}.p12") else if (api_token = Spaceship::ConnectAPI::Token.from(hash: params[:api_key], filepath: params[:api_key_path])) UI.message("Creating authorization token for App Store Connect API") Spaceship::ConnectAPI.token = api_token elsif !Spaceship::ConnectAPI.token.nil? UI.message("Using existing authorization token for App Store Connect API") else UI.message("Login to App Store Connect (#{params[:username]})") Spaceship::ConnectAPI.login(params[:username], use_portal: true, use_tunes: false, portal_team_id: params[:team_id], team_name: params[:team_name]) end # Need to get the cert id by comparing base64 encoded cert content with certificate content from the API responses certs = Spaceship::ConnectAPI::Certificate.all(filter: { certificateType: certificate_type }) # Base64 encode contents to find match from API to find a cert ID cert_contents_base_64 = Base64.strict_encode64(File.binread(cert_path)) matching_cert = certs.find do |cert| cert.certificate_content == cert_contents_base_64 end UI.user_error!("This certificate cannot be imported - the certificate contents did not match with any available on the Developer Portal") if matching_cert.nil? # Make dir if doesn't exist FileUtils.mkdir_p(output_dir_certs) dest_cert_path = File.join(output_dir_certs, "#{matching_cert.id}.cer") dest_p12_path = File.join(output_dir_certs, "#{matching_cert.id}.p12") end files_to_commit = [dest_cert_path, dest_p12_path] # Copy files IO.copy_stream(cert_path, dest_cert_path) IO.copy_stream(p12_path, dest_p12_path) unless profile_path.nil? FileUtils.mkdir_p(output_dir_profiles) bundle_id = FastlaneCore::ProvisioningProfile.bundle_id(profile_path) profile_extension = FastlaneCore::ProvisioningProfile.profile_extension(profile_path) profile_type_name = Match::Generator.profile_type_name(prov_type) dest_profile_path = File.join(output_dir_profiles, "#{profile_type_name}_#{bundle_id}#{profile_extension}") files_to_commit.push(dest_profile_path) IO.copy_stream(profile_path, dest_profile_path) end # Encrypt and commit encryption.encrypt_files if encryption storage.save_changes!(files_to_commit: files_to_commit) ensure storage.clear_changes if storage end def ensure_valid_file_path(file_path, file_description, file_extension, optional: false) optional_file_message = optional ? " or leave empty to skip this file" : "" file_path ||= UI.input("#{file_description} (#{file_extension}) path#{optional_file_message}:") file_path = File.absolute_path(file_path) unless file_path == "" file_path = File.exist?(file_path) ? file_path : nil UI.user_error!("#{file_description} does not exist at path: #{file_path}") unless !file_path.nil? || optional file_path end end end