extract embedded provisioning profile data from a .IPA

ios-profile-extract.sh

#!/bin/bash

#todo: nested binary entitlements?
#todo: noclobber
#todo: "in-place" to save in original path

readonly MODE_PLIST=0
readonly MODE_RAW=1
readonly MODE_ENTITLEMENTS=2

function print_usage () {
	cat <<EOF
Usage: ios-profile-extract -[rPu] [file]

	file: .ipa file

	-r, --raw: do not convert to .plist
	-P, --plist: convert to .plist (default)
	-e, --entitlements: extract binary entitlements instead
	-u, --usage: print this usage statement

EOF
}

function extract_profile () {
	unzip -qq -p "$1" "Payload/*.app/embedded.mobileprovision"
}

function extract_entitlements () {
	local p n bin bp
	
	p=$(unzip -qq -l "$1" 'Payload/*.app/' | awk '{print $4}')
	n=`basename -s '.app' "$p"`
	bp="Payload/${n}.app/${n}"
	bin=`mktemp -t ios-profile-extract`
	
	unzip -qq -p "$1" "$bp" > "$bin"
	codesign -d --entitlements=:- "$bin" 2>/dev/null
	rm "$bin"
}

RUNMODE=$MODE_PLIST

while [ -n "$1" ]; do

	case "$1" in
		-e|--entitlements)
			RUNMODE=$MODE_ENTITLEMENTS
			;;
		-r|--raw)
			RUNMODE=$MODE_RAW
			;;
		-P|--plist)
			RUNMODE=$MODE_PLIST
			;;
		-h|-u|--help|--usage)
			print_usage
			true
			exit
			;;
		*)
			INFILE="$1"
			suffix=${INFILE##*.}
			if [[ $suffix != 'ipa' ]]; then
				printf 'Error: invalid suffix "%s"\n' "$suffix" 1>&2
				print-usage
				exit -1
			fi
			break
			;;
		esac
	shift
done

FN=$(basename "$INFILE")
OUTFILE="${FN%.*}"


if [ $RUNMODE -eq $MODE_ENTITLEMENTS ]; then
	extract_entitlements "$INFILE" > "${OUTFILE}.entitlements.plist"
else
	extract_profile "$INFILE" | (
		if [ $RUNMODE -eq $MODE_PLIST ]; then
			security cms -D > "${OUTFILE}.plist"
		else
			cat > "${OUTFILE}.mobileprovision"
		fi
	)
fi