Shinolr/checkSign.sh

## checkSign.sh
# USAGE: ./checkSign.sh {ipa文件名：xxx.ipa}
# 看到⚠️证明该ipa证书签名有问题

# 删除文件
echo "🗑 删除codesign,pem,plist,和“Payload”文件夹及其子文件"
if [ -d "Payload" ] ; then
rm -rf Payload
fi
rm -f codesign0
rm -f codesign1
rm -f codesign2
rm -f *.pem
rm -f *.plist
rm -f iTunesArtwork

# 参数检查
canshu=$1
ipaFile=${canshu##*/}
# 截取&拼接.app
appFile=${ipaFile%.*}".app"
islegal=$(echo $1 | grep ".ipa$")
echo "👀 请检查参数"
echo "ipa: $ipaFile"
echo "app: $appFile"
if [ -n "$islegal" ]; then
	if [ ! -f "$ipaFile" ]; then
		echo "❌ “$1”文件不存在，结束进程"
		exit 0
	fi
else
	echo "❌ 参数格式必须是文件全名:xxx.ipa，结束进程"
	exit 0
fi

# 解压
unzip -q $ipaFile
# 导出签名
codesign -dvv --extract-certificates Payload/*.app
if [ ! -f "codesign0" ] || [ ! -f "codesign1" ] || [ ! -f "codesign2" ]; then
	echo "⚠️ 导出codesign完整3个文件失败，该ipa文件证书过期或者被损坏"
	#TODO: 可在这里做替换ipa操作
else
	openssl x509 c-inform DER -in codesign0 -out codesign0.pem
	openssl x509 -inform DER -in codesign1 -out codesign1.pem
	openssl x509 -inform DER -in codesign2 -out codesign2.pem
	cat codesign1.pem codesign2.pem > cachain.pem
	openssl x509 -inform DER -in codesign0 -noout -nameopt -oneline -subject -serial -dates
	if openssl ocsp -issuer cachain.pem -cert codesign0.pem -url `openssl x509 -in codesign0.pem -noout -ocsp_uri` -CAfile cachain.pem -header 'host' 'ocsp.apple.com' | grep revoked ; then
	    echo "⚠️ 证书被Revoke，请替换"
	    #TODO: 可在这里做替换ipa操作
	else
	    echo "💯执行完毕，该ipa包证书可用"
	fi
fi
	# USAGE: ./checkSign.sh {ipa文件名：xxx.ipa}
	# 看到⚠️证明该ipa证书签名有问题

	# 删除文件
	echo "🗑 删除codesign,pem,plist,和“Payload”文件夹及其子文件"
	if [ -d "Payload" ] ; then
	rm -rf Payload
	fi
	rm -f codesign0
	rm -f codesign1
	rm -f codesign2
	rm -f *.pem
	rm -f *.plist
	rm -f iTunesArtwork

	# 参数检查
	canshu=$1
	ipaFile=${canshu##*/}
	# 截取&拼接.app
	appFile=${ipaFile%.*}".app"
	islegal=$(echo $1 \| grep ".ipa$")
	echo "👀 请检查参数"
	echo "ipa: $ipaFile"
	echo "app: $appFile"
	if [ -n "$islegal" ]; then
	if [ ! -f "$ipaFile" ]; then
	echo "❌ “$1”文件不存在，结束进程"
	exit 0
	fi
	else
	echo "❌ 参数格式必须是文件全名:xxx.ipa，结束进程"
	exit 0
	fi

	# 解压
	unzip -q $ipaFile
	# 导出签名
	codesign -dvv --extract-certificates Payload/*.app
	if [ ! -f "codesign0" ] \|\| [ ! -f "codesign1" ] \|\| [ ! -f "codesign2" ]; then
	echo "⚠️ 导出codesign完整3个文件失败，该ipa文件证书过期或者被损坏"
	#TODO: 可在这里做替换ipa操作
	else
	openssl x509 c-inform DER -in codesign0 -out codesign0.pem
	openssl x509 -inform DER -in codesign1 -out codesign1.pem
	openssl x509 -inform DER -in codesign2 -out codesign2.pem
	cat codesign1.pem codesign2.pem > cachain.pem
	openssl x509 -inform DER -in codesign0 -noout -nameopt -oneline -subject -serial -dates
	if openssl ocsp -issuer cachain.pem -cert codesign0.pem -url `openssl x509 -in codesign0.pem -noout -ocsp_uri` -CAfile cachain.pem -header 'host' 'ocsp.apple.com' \| grep revoked ; then
	echo "⚠️ 证书被Revoke，请替换"
	#TODO: 可在这里做替换ipa操作
	else
	echo "💯执行完毕，该ipa包证书可用"
	fi
	fi