Extract Certificate Subject from a Provisioning Profile

gistfile1.sh

# Parse a provisioning profile
# Extract the first DeveloperCertificates <data> entry
# Remove any leading whitespace
# Remove any blank lines
# Base64 decode the blob
# Parse the .cer with OpenSSL
# Extract the first line, which is the certificate subject (the rest is the cert blob)
# End up with a string like: subject= /UID=AABBCCDDEE/CN=iPhone Developer: First Last (FFGGHHIIJJ)/C=US

# Note: Uses xmlstarlet to parse the plist, but you could probably use PlistBuddy or grep, too

security cms -D -i "/path/to/some.mobileprovision" | \
xml sel -t -v "/plist/dict/key[. = 'DeveloperCertificates']/following-sibling::array[1]/data[1]" | \
awk '{print $1}' | sed '/^$/d' | base64 -D | openssl x509 -subject -inform der | head -n 1

# A simpler version with less dependencies and more informative output
fn="${1:-none}"
security cms -D -i "$fn" |sed -ne 's/^.*<data>\(.*\)<\/data>.*$/\1/p' |base64 -D | openssl x509 -subject -   inform der | head -n 1
security cms -D -i "$fn" |sed -ne 's/^.*<data>\(.*\)<\/data>.*$/\1/p' |base64 -D | shasum -

# The first command reads the subject lines, the second caclulates the SHA1 sum, as it's useable for codesign and PackageApplication --sign arguments together with the --embed Profile
# actually security cms -D -i ... can be put into the sed step with

sed -ne '2,/^<\/plist>/s/^.*<data>\(.*\)<\/data>.*$/\1/p' "$fn"

Hrm, neither script works for me.

First says:
unable to load certificate
18494:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/crypto/asn1/asn1_lib.c:153:

Second says:
unknown option -
usage: x509 args

ruby impl