def create_certificate(self,
certificate_type: CertificateType = CertificateType.
IOS_DEVELOPMENT,
certificate_key: Optional[
Types.CertificateKeyArgument] = None,
certificate_key_password: Optional[
Types.CertificateKeyPasswordArgument] = None,
p12_container_password: str = '',
save: bool = False,
should_print: bool = True) -> SigningCertificate:
"""
Create code signing certificates of given type
"""
private_key = _get_certificate_key(certificate_key,
certificate_key_password)
if private_key is None:
raise AppStoreConnectError(
'Cannot create resource without private key')
csr = Certificate.create_certificate_signing_request(private_key)
csr_content = Certificate.get_certificate_signing_request_content(csr)
create_params = dict(csr_content=csr_content,
certificate_type=certificate_type,
omit_keys=['csr_content'])
certificate = self._create_resource(
self.api_client.signing_certificates, should_print,
**create_params)
if save:
self._save_certificate(certificate, private_key,
p12_container_password)
return certificate
def test_create(self):
private_key = PrivateKey.from_pem(self.unencrypted_pem.content)
csr = Certificate.create_certificate_signing_request(private_key)
csr_content = Certificate.get_certificate_signing_request_content(csr)
certificate = self.api_client.signing_certificates.create(CertificateType.IOS_DEVELOPMENT, csr_content)
assert isinstance(certificate, SigningCertificate)
assert certificate.attributes.displayName == 'Created via API'
assert certificate.type is ResourceType.CERTIFICATES
def test_p12_to_certificate(mock_certificate_p12):
p12_bytes = mock_certificate_p12.read_bytes()
certificate = Certificate.from_p12(p12_bytes, '123456')
assert certificate.is_signed_with(PrivateKey.from_pem(private_key))
assert certificate.as_pem() == certificate_pem
assert certificate.serial == 17878171000481113533
assert certificate.issuer == {'C': 'UK', 'L': 'London', 'O': 'Nevercode'}
def test_is_code_signing_certificate(cert_common_name,
is_code_signing_certificate,
certificate_asn1):
patched_common_name = mock.PropertyMock(return_value=cert_common_name)
with mock.patch.object(Certificate,
'common_name',
new_callable=patched_common_name):
certificate = Certificate.from_ans1(certificate_asn1)
assert certificate.is_code_signing_certificate(
) is is_code_signing_certificate
def _find_certificates(self):
process = self.execute(('security', 'find-certificate', '-a', '-p', self.path), show_output=False)
if process.returncode != 0:
raise KeychainError(f'Unable to list certificates from keychain {self.path}', process)
pem = ''
for line in process.stdout.splitlines():
pem += line + '\n'
if line == '-----END CERTIFICATE-----':
try:
yield Certificate.from_pem(pem)
except ValueError:
self.logger.warning(Colors.YELLOW('Failed to read certificate from keychain'))
pem = ''
def _save_certificate(self,
certificate: SigningCertificate,
private_key: PrivateKey,
p12_container_password: str) -> pathlib.Path:
certificate_path = self._get_unique_path(f'{certificate.get_display_info()}.p12', self.certificates_directory)
try:
p12_path = Certificate.from_ans1(certificate.asn1_content).export_p12(
private_key,
p12_container_password,
export_path=certificate_path)
except (ValueError, IOError) as error:
raise AppStoreConnectError(*error.args)
self.printer.log_saved(certificate, p12_path)
return p12_path
def list_certificates(
self,
certificate_type: Optional[CertificateType] = None,
profile_type: Optional[ProfileType] = None,
display_name: Optional[str] = None,
certificate_key: Optional[Types.CertificateKeyArgument] = None,
certificate_key_password: Optional[
Types.CertificateKeyPasswordArgument] = None,
p12_container_password: str = '',
save: bool = False,
should_print: bool = True) -> List[SigningCertificate]:
"""
List Signing Certificates from Apple Developer Portal matching given constraints.
"""
private_key = _get_certificate_key(certificate_key,
certificate_key_password)
if save and private_key is None:
raise AppStoreConnectError(
'Cannot create or save resource without private key')
if profile_type:
certificate_type = CertificateType.from_profile_type(profile_type)
certificate_filter = self.api_client.signing_certificates.Filter(
certificate_type=certificate_type, display_name=display_name)
certificates = self._list_resources(
certificate_filter, self.api_client.signing_certificates,
should_print)
if private_key:
certificates = [
certificate for certificate in certificates
if Certificate.from_ans1(
certificate.asn1_content).is_signed_with(private_key)
]
self.printer.log_filtered(SigningCertificate, certificates,
'for given private key')
if save:
assert private_key is not None # Make mypy happy
self._save_certificates(certificates, private_key,
p12_container_password)
return certificates
def test_certificate_does_not_have_key(certificate_asn1, encrypted_pem):
pk = PrivateKey.from_pem(encrypted_pem.content, encrypted_pem.password)
certificate = Certificate.from_ans1(certificate_asn1)
assert certificate.is_signed_with(pk) is False
def test_certificate_has_key(certificate_asn1, unencrypted_pem):
pk = PrivateKey.from_pem(unencrypted_pem.content)
certificate = Certificate.from_ans1(certificate_asn1)
assert certificate.is_signed_with(pk) is True
def test_create_certificate_signing_request(unencrypted_pem):
pk = PrivateKey.from_pem(unencrypted_pem.content)
csr = Certificate.create_certificate_signing_request(pk)
assert csr.signature_hash_algorithm.name == 'sha256'
assert csr.is_signature_valid is True
assert csr.public_bytes(serialization.Encoding.PEM) == public_bytes
def test_p12_to_certificate_no_password(mock_certificate_p12_no_password):
p12_bytes = mock_certificate_p12_no_password.read_bytes()
certificate = Certificate.from_p12(p12_bytes)
assert certificate.serial == 17878171000481113533