public static EntitlementsBlob CreateEntitlementsBlob(EntitlementsFile entitlements) { EntitlementsBlob entitlementsBlob = new EntitlementsBlob(); #if MAX_PLIST_COMPATIBILITY // XCode will remove the keychain-access-groups key from embedded entitlements // More info: https://github.com/openbakery/gradle-xcodePlugin/issues/220 if (entitlements.RootNode is PListNet.Nodes.DictionaryNode) { ((PListNet.Nodes.DictionaryNode)entitlements.RootNode).Remove("keychain-access-groups"); } #endif entitlementsBlob.Data = entitlements.GetBytes(PListNet.PListFormat.Xml); return(entitlementsBlob); }
public static void ResignExecutable(MachObjectFile file, string bundleIdentifier, List <X509Certificate> certificateChain, AsymmetricKeyEntry privateKey, byte[] infoFileBytes, byte[] codeResourcesBytes, EntitlementsFile entitlements) { X509Certificate signingCertificate = certificateChain[certificateChain.Count - 1]; string certificateCN = CertificateHelper.GetCertificateCommonName(signingCertificate); string teamID = CertificateHelper.GetCertificateOrganizationalUnit(signingCertificate); SegmentCommand linkEditSegment = SegmentCommandHelper.FindLinkEditSegment(file.LoadCommands); if (linkEditSegment == null) { throw new InvalidDataException("LinkEdit segment was not found"); } if (file.LoadCommands[file.LoadCommands.Count - 1].CommandType != LoadCommandType.CodeSignature) { throw new NotImplementedException("The last LoadCommand entry is not CodeSignature"); } CodeSignatureCommand command = (CodeSignatureCommand)file.LoadCommands[file.LoadCommands.Count - 1]; int codeLength = (int)command.DataOffset; CodeDirectoryBlob codeDirectory = CreateCodeDirectoryBlob(codeLength, bundleIdentifier, teamID); CodeRequirementsBlob codeRequirements = CreateCodeRequirementsBlob(bundleIdentifier, certificateCN); EntitlementsBlob entitlementsBlob = CreateEntitlementsBlob(entitlements); CmsSignatureBlob cmsSignature = new CmsSignatureBlob(); // We create a dummy signature to determine the length required cmsSignature.Data = CMSHelper.GenerateSignature(certificateChain, privateKey, codeDirectory.GetBytes()); CodeSignatureSuperBlob codeSignature = new CodeSignatureSuperBlob(); codeSignature.Entries.Add(CodeSignatureEntryType.CodeDirectory, codeDirectory); codeSignature.Entries.Add(CodeSignatureEntryType.Requirements, codeRequirements); codeSignature.Entries.Add(CodeSignatureEntryType.Entitlements, entitlementsBlob); codeSignature.Entries.Add(CodeSignatureEntryType.CmsSignature, cmsSignature); command.DataSize = (uint)codeSignature.Length; uint finalFileSize = command.DataOffset + command.DataSize; SegmentCommandHelper.SetEndOffset(linkEditSegment, finalFileSize); byte[] codeToHash = ByteReader.ReadBytes(file.GetBytes(), 0, codeLength); UpdateHashes(codeDirectory, codeToHash, infoFileBytes, codeRequirements, codeResourcesBytes, entitlementsBlob); cmsSignature.Data = CMSHelper.GenerateSignature(certificateChain, privateKey, codeDirectory.GetBytes()); // Store updated code signature: byte[] codeSignatureBytes = codeSignature.GetBytes(); Array.Resize <byte>(ref file.Data, (codeLength - file.DataOffset) + (int)command.DataSize); ByteWriter.WriteBytes(file.Data, (int)command.DataOffset - file.DataOffset, codeSignatureBytes); }