UNPKG

@capgo/cli

Version:

A CLI to upload to capgo servers

github.com/Cap-go/capgo/tree/main/cli

Cap-go/capgo

142 lines (141 loc) 5.29 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
/** * Generate a JWT for App Store Connect API authentication. * Uses ES256 algorithm with the .p8 private key. */ export declare function generateJwt(keyId: string, issuerId: string, p8Content: string): string; /** * Verify the API key works and try to detect the team ID from existing certificates. * Throws on 401/403 with a user-friendly message. */ export declare function verifyApiKey(token: string): Promise<{ valid: true; teamId: string; }>; export interface AscDistributionCert { id: string; name: string; serialNumber: string; expirationDate: string; /** * Base64-encoded DER of the certificate. Populated when {@link listDistributionCerts} * is called with `includeContent: true` — kept optional so existing callers don't pay * the larger payload when they don't need it. */ certificateContent?: string; } /** * List all iOS distribution certificates. * * Set `includeContent: true` when you need to compute the cert's SHA1 for * matching against a local Keychain identity ({@link findCertIdBySha1}). */ export declare function listDistributionCerts(token: string, options?: { includeContent?: boolean; }): Promise<AscDistributionCert[]>; /** * Compute the SHA1 hash of an ASC certificate's base64-DER content. Returns * the lowercase 40-char hex string used elsewhere as the canonical identity * key — matches the SHA1 reported by `security find-identity` on macOS. * * SECURITY NOTE on SHA1: this is NOT a security primitive. macOS itself * reports code-signing identities as cert-DER SHA1 (via `security * find-identity`), and we have to use the same hash to look up an Apple-side * cert by its on-Mac counterpart. SHA1 here is a non-secret identifier, not * a message digest protecting any data. CodeQL's "weak cryptographic * algorithm" rule is suppressed for this reason. */ export declare function computeCertSha1(certificateContentBase64: string): string; /** * Match a local Keychain identity (by its SHA1) against an Apple-side * certificate and return the Apple certificate ID needed for profile * creation. Returns null if no Apple-side cert matches the SHA1. */ export declare function findCertIdBySha1(token: string, sha1: string): Promise<string | null>; /** * List all provisioning profiles linked to a specific Apple-side certificate. * Used by the import-flow no-match-recovery menu to surface profiles that * exist on Apple but haven't been downloaded to the user's Mac. */ export interface AscProfileSummary { id: string; name: string; profileType: string; profileContent: string; expirationDate: string; bundleIdentifier: string; } export declare function listProfilesForCert(token: string, certificateId: string): Promise<AscProfileSummary[]>; /** * Revoke (delete) a certificate by ID. */ export declare function revokeCertificate(token: string, certId: string): Promise<void>; /** * Error thrown when certificate limit is reached. * Contains the existing certificates so the UI can ask the user which to revoke. */ export declare class CertificateLimitError extends Error { readonly certificates: AscDistributionCert[]; constructor(certificates: AscDistributionCert[]); } /** * Create a distribution certificate using a CSR. * Returns the certificate ID, base64 DER content, expiration date, and team ID. * * Throws CertificateLimitError if the limit is reached, so the UI can ask * the user which certificate to revoke. */ export declare function createCertificate(token: string, csrPem: string): Promise<{ certificateId: string; certificateContent: string; expirationDate: string; teamId: string; }>; /** * Find an existing bundle ID or register a new one. * Returns the Apple resource ID needed for profile creation. */ export declare function ensureBundleId(token: string, identifier: string): Promise<{ bundleIdResourceId: string; }>; /** * Get the profile name we use for a given appId. */ export declare function getCapgoProfileName(appId: string): string; /** * Find existing provisioning profiles matching our naming convention. * Only returns profiles we created (named "Capgo <appId> AppStore"). */ export declare function findCapgoProfiles(token: string, appId: string): Promise<Array<{ id: string; name: string; profileType: string; }>>; /** * Delete a provisioning profile by ID. */ export declare function deleteProfile(token: string, profileId: string): Promise<void>; /** * Create an App Store provisioning profile linking a certificate and bundle ID. * Returns the base64 mobileprovision content. * * Throws a DuplicateProfileError if duplicate profiles exist, so the caller * can ask the user whether to delete them and retry. */ export declare class DuplicateProfileError extends Error { readonly profiles: Array<{ id: string; name: string; profileType: string; }>; constructor(profiles: Array<{ id: string; name: string; profileType: string; }>); } export declare function createProfile(token: string, bundleIdResourceId: string, certificateId: string, appId: string): Promise<{ profileId: string; profileName: string; profileContent: string; expirationDate: string; }>;