ios-mobileprovision-finder

API to find an iOS mobile provision

Using as command line tool

Usage: ios-mobileprovision-finder -u [device uuid] -i [app bundle id]

Options:
  -h, --help      Show help                                            [boolean]
  -u, --uuid      Provide one or more device UUIDs the searched provisioning
                  profile should be able to deploy to.                   [array]
  -i, --app-id    Provide application bundle identifier the searched
                  provisioning profile should match.                    [string]
  -e, --eligible  Prints only eligible profiles       [boolean] [default: false]
  -t, --team      Provide team name the provisioning profile should belong to.
                                                                        [string]
  -p, --type      'development', 'distribution', 'adhoc' or 'all'; - specify the
                  provisioning profile type.   [string] [default: "development"]

Example:

mcsofcankov:ios-mobileprovision-finder cankov$ ios-mobileprovision-finder -e -i org.nativescript.examples -t 'Telerik A D'
eligible:
 - 'iOS Team Provisioning Profile: *' Telerik A D (exp: 5 Nov 2017) 16455071-eb38-4ebc-9a79-0ef50f76307a id: CHSQ3M3P37.* Development
 - 'NativeScriptWildCard' Telerik A D (exp: 2 Nov 2017) 3aa58a65-f8da-4c67-bce8-ff9624822e31 id: CHSQ3M3P37.* Development
 - 'iOS Team Provisioning Profile: org.nativescript.examples' Telerik A D (exp: 5 Nov 2017) f79232c0-b3b3-4b9d-be8e-f4f398cead88 id: CHSQ3M3P37.org.nativescript.examples Development

JavaScript API

Read the public API from index.d.ts and the ios-mobileprovision-finder.ts command line tool for example.

import { provision, cert } from "./index";

const certificates = cert.read();
const provisionProfiles = provision.read();
const result = provision.select(provisionProfiles, {
    AppId: "org.nativescript.examples",
    TeamName: "Telerik AD",
    Certificates: certificates.valid
});
result.eligible.forEach(({Name, UUID}) => {
    console.log(` - ${Name} ${UUID}`);
});

Under the hood

Provisioning profiles

Read all files in Library/MobileDevice/Provisioning Profiles/ and scan for the plist containing provisioning profile information. Parse the plist and keep the data.

Certificates

List all the valid certificates in the default keychain search list using:

security find-identity -p codesigning

It yelds output such as:

  1) FAE6210D184FCC1707B87F1C582280A286898EE3 "iPhone Distribution: Telerik A D (CHSQ3M3P37)"
  2) 89936062DD52C7FEF2273E677AC98D109F198A84 "iPhone Developer: Panayot Cankov (3KZR3BE4ZD)" (CSSMERR_TP_CERT_REVOKED)
  3) 0F0077D3EBEA9D0AB6668B8BCB90152ACE7BA4E9 "iPhone Developer: Panayot Cankov (TT4M4FMX2A)" (CSSMERR_TP_CERT_REVOKED)
  4) 07AB20E16C86E2B548A91920B83EC27D78AFC7EB "iPhone Developer: Panayot Cankov (3KZR3BE4ZD)"
  5) 9354FAEF631DC3E9B07929F20991829FF5E21C36 "iPhone Developer: Panayot Cankov (TT4M4FMX2A)"
  6) 9D591A6ADAF9C99A9C19FC1A8EE7FA153C613441 "iPhone Distribution: Telerik AD"

That is then parsed and the PEMs are retrieved using:

security find-certificate -apZ

This prints the certificate SHAs, match ths SHA with the valid certs from the previous step, along PEMs. The PEMs and cert names are combined and later certificates can be matched with the certificates in the provisioning profiles.

This relies on the cert hashes.