Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Signing Configuration Profiles with OpenSSL In Pure Ruby
#!/usr/bin/env ruby
require 'openssl'
# Global defines.
private_key_file = 'key.pem'
signing_cert_file = 'cert.pem'
intermediate_cert_files = %w(intermediate_cert1.pem intermediate_cert2.pem)
configuration_profile_file = 'profile.mobileconfig'
# Paths.
directory_path = File.expand_path(File.dirname(__FILE__))
private_key_path = File.join(directory_path, private_key_file)
signing_cert_path = File.join(directory_path, signing_cert_file)
intermediate_cert_paths = intermediate_cert_files.map do |intermediate_cert_file|
File.join(directory_path, intermediate_cert_file)
end
configuration_profile_path = File.join(directory_path,
configuration_profile_file)
# Read private key.
private_key_data = File.read(private_key_path)
private_key = OpenSSL::PKey::RSA.new(private_key_data)
# Read signing certificate.
signing_cert_data = File.read(signing_cert_path)
signing_cert = OpenSSL::X509::Certificate.new(signing_cert_data)
# Read intermediate certificates.
intermediate_certs = intermediate_cert_paths.map do |intermediate_cert_path|
intermediate_cert_data = File.read(intermediate_cert_path)
OpenSSL::X509::Certificate.new(intermediate_cert_data)
end
# Read configuration profile.
configuration_profile_data = File.read(configuration_profile_path)
# Sign the configuration profile.
signing_flags = OpenSSL::PKCS7::BINARY
signature = OpenSSL::PKCS7.sign(signing_cert, private_key,
configuration_profile_data, intermediate_certs,
signing_flags)
signed_config_profile_file = 'profile-signed.mobileconfig'
signed_config_profile_path = File.join(directory_path,
signed_config_profile_file)
File.write(signed_config_profile_path, signature.to_der)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment