StephenDev0/isideload
1
0
Fork 0
mirror of https://github.com/nab138/isideload.git synced 2026-03-02 06:26:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rudimentary untested support for imported certs

Browse Source
This commit is contained in:
nab138
2026-02-16 12:31:20 -05:00
parent e7263b982b
commit 21566ed485
2 changed files with 62 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
isideload/src/sideload/sideloader.rs
View File

@@ -18,8 +18,9 @@ use crate::{
use std::path::PathBuf; use std::path::PathBuf;
use apple_codesign::{AppleCertificate, cryptography::parse_pfx_data};
use idevice::provider::IdeviceProvider; use idevice::provider::IdeviceProvider;
use rootcause::prelude::*; use rootcause::{option_ext::OptionExt, prelude::*};
use tracing::info; use tracing::info;
pub struct Sideloader { pub struct Sideloader {
@@ -168,12 +169,15 @@ impl Sideloader {
) )
.await?; .await?;
let settings =
sign::signing_settings(&cert_identity).context("Failed to create signing settings")?;
sign::sign( sign::sign(
settings,
&mut app, &mut app,
&cert_identity, provisioning_profile.encoded_profile.as_ref(),
&provisioning_profile,
&special, &special,
&team, &team.team_id,
) )
.context("Failed to sign app")?; .context("Failed to sign app")?;
@@ -255,6 +259,37 @@ impl Sideloader {
Ok(team) Ok(team)
} }
pub async fn sign_cert(
app_path: PathBuf,
p12: Vec<u8>,
password: &str,
provisioning_profile: Vec<u8>,
) -> Result<(PathBuf, Option<SpecialApp>), Report> {
let (cert, key) = parse_pfx_data(&p12, password).context("Failed to parse p12")?;
let team_id = cert
.apple_team_id()
.ok_or_report()
.context("Certificate is missing Apple team ID")?;
let settings = sign::imported_cert_signing_settings(&key, cert)
.context("Failed to create signing settings")?;
let mut app = Application::new(app_path)?;
let special = app.get_special_app();
//app.update_bundle_id(&main_bundle_id, &main_app_id_str)?;
sign::sign(
settings,
&mut app,
&provisioning_profile,
&special,
&team_id,
)
.context("Failed to sign app")?;
Ok((app.bundle.bundle_dir, special))
}
pub fn get_dev_session(&mut self) -> &mut DeveloperSession { pub fn get_dev_session(&mut self) -> &mut DeveloperSession {
&mut self.dev_session &mut self.dev_session
} }

36
isideload/src/sideload/sign.rs
View File

@@ -3,9 +3,9 @@ use plist::Dictionary;
use plist_macro::plist_to_xml_string; use plist_macro::plist_to_xml_string;
use rootcause::{option_ext::OptionExt, prelude::*}; use rootcause::{option_ext::OptionExt, prelude::*};
use tracing::info; use tracing::info;
use x509_certificate::{CapturedX509Certificate, KeyInfoSigner};
use crate::{ use crate::{
dev::{app_ids::Profile, teams::DeveloperTeam},
sideload::{ sideload::{
application::{Application, SpecialApp}, application::{Application, SpecialApp},
cert_identity::CertificateIdentity, cert_identity::CertificateIdentity,
@@ -14,18 +14,13 @@ use crate::{
}; };
pub fn sign( pub fn sign(
mut settings: SigningSettings,
app: &mut Application, app: &mut Application,
cert_identity: &CertificateIdentity, provisioning_profile: &[u8],
provisioning_profile: &Profile,
special: &Option<SpecialApp>, special: &Option<SpecialApp>,
team: &DeveloperTeam, team_id: &str,
) -> Result<(), Report> { ) -> Result<(), Report> {
let mut settings = signing_settings(cert_identity)?; let entitlements: Dictionary = entitlements_from_prov(provisioning_profile, special, team_id)?;
let entitlements: Dictionary = entitlements_from_prov(
provisioning_profile.encoded_profile.as_ref(),
special,
team,
)?;
settings settings
.set_entitlements_xml( .set_entitlements_xml(
@@ -65,10 +60,25 @@ pub fn signing_settings<'a>(cert: &'a CertificateIdentity) -> Result<SigningSett
Ok(settings) Ok(settings)
} }
pub fn imported_cert_signing_settings<'a, T: KeyInfoSigner>(
key: &'a T,
cert: CapturedX509Certificate,
) -> Result<SigningSettings<'a>, Report> {
let mut settings = SigningSettings::default();
settings.set_signing_key(key, cert);
settings.set_for_notarization(false);
settings.set_shallow(true);
settings.chain_apple_certificates();
settings.set_team_id_from_signing_certificate();
Ok(settings)
}
fn entitlements_from_prov( fn entitlements_from_prov(
data: &[u8], data: &[u8],
special: &Option<SpecialApp>, special: &Option<SpecialApp>,
team: &DeveloperTeam, team_id: &str,
) -> Result<Dictionary, Report> { ) -> Result<Dictionary, Report> {
let start = data let start = data
.windows(6) .windows(6)
@@ -94,13 +104,13 @@ fn entitlements_from_prov(
) { ) {
let mut keychain_access = vec![plist::Value::String(format!( let mut keychain_access = vec![plist::Value::String(format!(
"{}.com.kdt.livecontainer.shared", "{}.com.kdt.livecontainer.shared",
team.team_id team_id
))]; ))];
for number in 1..128 { for number in 1..128 {
keychain_access.push(plist::Value::String(format!( keychain_access.push(plist::Value::String(format!(
"{}.com.kdt.livecontainer.shared.{}", "{}.com.kdt.livecontainer.shared.{}",
team.team_id, number team_id, number
))); )));
} }