Last active
January 14, 2020 03:14
-
-
Save Shinolr/d9ab1590a9433795b058d9d36dcfa124 to your computer and use it in GitHub Desktop.
check enterprise signed status
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# USAGE: ./checkSign.sh {ipa文件名:xxx.ipa} | |
# 看到⚠️证明该ipa证书签名有问题 | |
# 删除文件 | |
echo "🗑 删除codesign,pem,plist,和“Payload”文件夹及其子文件" | |
if [ -d "Payload" ] ; then | |
rm -rf Payload | |
fi | |
rm -f codesign0 | |
rm -f codesign1 | |
rm -f codesign2 | |
rm -f *.pem | |
rm -f *.plist | |
rm -f iTunesArtwork | |
# 参数检查 | |
canshu=$1 | |
ipaFile=${canshu##*/} | |
# 截取&拼接.app | |
appFile=${ipaFile%.*}".app" | |
islegal=$(echo $1 | grep ".ipa$") | |
echo "👀 请检查参数" | |
echo "ipa: $ipaFile" | |
echo "app: $appFile" | |
if [ -n "$islegal" ]; then | |
if [ ! -f "$ipaFile" ]; then | |
echo "❌ “$1”文件不存在,结束进程" | |
exit 0 | |
fi | |
else | |
echo "❌ 参数格式必须是文件全名:xxx.ipa,结束进程" | |
exit 0 | |
fi | |
# 解压 | |
unzip -q $ipaFile | |
# 导出签名 | |
codesign -dvv --extract-certificates Payload/*.app | |
if [ ! -f "codesign0" ] || [ ! -f "codesign1" ] || [ ! -f "codesign2" ]; then | |
echo "⚠️ 导出codesign完整3个文件失败,该ipa文件证书过期或者被损坏" | |
#TODO: 可在这里做替换ipa操作 | |
else | |
openssl x509 c-inform DER -in codesign0 -out codesign0.pem | |
openssl x509 -inform DER -in codesign1 -out codesign1.pem | |
openssl x509 -inform DER -in codesign2 -out codesign2.pem | |
cat codesign1.pem codesign2.pem > cachain.pem | |
openssl x509 -inform DER -in codesign0 -noout -nameopt -oneline -subject -serial -dates | |
if openssl ocsp -issuer cachain.pem -cert codesign0.pem -url `openssl x509 -in codesign0.pem -noout -ocsp_uri` -CAfile cachain.pem -header 'host' 'ocsp.apple.com' | grep revoked ; then | |
echo "⚠️ 证书被Revoke,请替换" | |
#TODO: 可在这里做替换ipa操作 | |
else | |
echo "💯执行完毕,该ipa包证书可用" | |
fi | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment