Remove cert error stuff

Author: NovaDev404

Sources/prostore/certificates/CertificatesManager.swift

@@ -1,7 +1,7 @@
+// certificates.swift
 import Foundation
 import Security
 import CryptoKit
-import Combine
 
 public enum CertificateCheckResult {
     case incorrectPassword
@@ -19,152 +19,156 @@ public enum CertificateError: Error {
     case unknown
 }
 
-public final class CertificatesManager: ObservableObject {
-    public static let shared = CertificatesManager()
-    private init() {}
-
-    /// Returns the currently selected SecIdentity by loading from the selected folder in UserDefaults
-    public var selectedIdentity: SecIdentity? {
-        guard let folderName = UserDefaults.standard.string(forKey: "selectedCertificateFolder"),
-              !folderName.isEmpty else {
-            return nil
-        }
-
-        let certDir = CertificateFileManager.shared.certificatesDirectory
-            .appendingPathComponent(folderName)
-
-        let p12URL = certDir.appendingPathComponent("certificate.p12")
-        let pwURL  = certDir.appendingPathComponent("password.txt")
-
-        guard let p12Data = try? Data(contentsOf: p12URL),
-              let passwordRaw = try? String(contentsOf: pwURL, encoding: .utf8) else {
-            return nil
-        }
-
-        let password = passwordRaw.trimmingCharacters(in: .whitespacesAndNewlines)
-
-        var items: CFArray?
-        let options = [kSecImportExportPassphrase as String: password] as CFDictionary
-
-        let status = SecPKCS12Import(p12Data as CFData, options, &items)
-
-        guard status == errSecSuccess,
-              let cfItems = items as? [[String: Any]],
-              let identityAny = cfItems.first?[kSecImportItemIdentity as String],
-              CFGetTypeID(identityAny as CFTypeRef) == SecIdentityGetTypeID() else {
-            return nil
-        }
-
-        let identity = identityAny as! SecIdentity
-        return identity
-    }
-
-    // MARK: - SHA256 hex
-    public static func sha256Hex(_ d: Data) -> String {
+public final class CertificatesManager {
+    // SHA256 hex from Data
+    static func sha256Hex(_ d: Data) -> String {
         let digest = SHA256.hash(data: d)
         return digest.map { String(format: "%02x", $0) }.joined()
     }
-
-    // MARK: - Public key data
+    
+    // Export public key bytes for a certificate (SecCertificate -> SecKey -> external representation)
     private static func publicKeyData(from cert: SecCertificate) throws -> Data {
         guard let secKey = SecCertificateCopyKey(cert) else {
             throw CertificateError.certExtractionFailed
         }
-        var error: Unmanaged<CFError>?
-        guard let data = SecKeyCopyExternalRepresentation(secKey, &error) as Data? else {
-            let code = error.map { OSStatus(CFErrorGetCode($0.takeRetainedValue())) } ?? -1
-            throw CertificateError.publicKeyExportFailed(code)
+        
+        var cfErr: Unmanaged<CFError>?
+        guard let keyData = SecKeyCopyExternalRepresentation(secKey, &cfErr) as Data? else {
+            if let cfError = cfErr?.takeRetainedValue() {
+                let code = CFErrorGetCode(cfError)
+                throw CertificateError.publicKeyExportFailed(OSStatus(code))
+            } else {
+                throw CertificateError.publicKeyExportFailed(-1)
+            }
         }
-        return data
+        
+        return keyData
     }
-
-    // MARK: - Extract certs from mobileprovision
+    
+    // Extract the <plist>...</plist> portion from a .mobileprovision (PKCS7) blob,
+    // parse it to a dictionary and return SecCertificate objects from DeveloperCertificates.
     private static func certificatesFromMobileProvision(_ data: Data) throws -> [SecCertificate] {
         let startTag = Data("<plist".utf8)
         let endTag = Data("</plist>".utf8)
-
+        
         guard let startRange = data.range(of: startTag),
               let endRange = data.range(of: endTag) else {
             throw CertificateError.plistExtractionFailed
         }
-
+        
         let plistData = data[startRange.lowerBound..<endRange.upperBound]
         let parsed = try PropertyListSerialization.propertyList(from: Data(plistData), options: [], format: nil)
-
-        guard let dict = parsed as? [String: Any],
-              let devArray = dict["DeveloperCertificates"] as? [Any] else {
-            throw CertificateError.noCertsInProvision
+        
+        guard let dict = parsed as? [String: Any] else {
+            throw CertificateError.plistExtractionFailed
         }
-
-        var result: [SecCertificate] = []
-        for item in devArray {
-            if let certData = item as? Data,
-               let cert = SecCertificateCreateWithData(nil, certData as CFData) {
-                result.append(cert)
-            } else if let base64 = item as? String,
-                      let certData = Data(base64Encoded: base64),
-                      let cert = SecCertificateCreateWithData(nil, certData as CFData) {
-                result.append(cert)
+        
+        var resultCerts: [SecCertificate] = []
+        if let devArray = dict["DeveloperCertificates"] as? [Any] {
+            for item in devArray {
+                if let certData = item as? Data {
+                    if let secCert = SecCertificateCreateWithData(nil, certData as CFData) {
+                        resultCerts.append(secCert)
+                    }
+                } else if let base64String = item as? String,
+                          let certData = Data(base64Encoded: base64String) {
+                    if let secCert = SecCertificateCreateWithData(nil, certData as CFData) {
+                        resultCerts.append(secCert)
+                    }
+                }
             }
         }
-
-        guard !result.isEmpty else { throw CertificateError.noCertsInProvision }
-        return result
+        
+        if resultCerts.isEmpty {
+            throw CertificateError.noCertsInProvision
+        }
+        
+        return resultCerts
     }
-
-    // MARK: - Display name from provision
-    public func getCertificateName(mobileProvisionData: Data) -> String? {
+    
+    /// Get the certificate's display name (subject summary)
+    public static func getCertificateName(mobileProvisionData: Data) -> String? {
+        // Extract the <plist>...</plist> block from the mobileprovision (PKCS7) blob
         let startTag = Data("<plist".utf8)
         let endTag = Data("</plist>".utf8)
         guard let startRange = mobileProvisionData.range(of: startTag),
-              let endRange = mobileProvisionData.range(of: endTag) else { return nil }
-
-        let plistData = mobileProvisionData[startRange.lowerBound..<endRange.upperBound]
-        guard let parsed = try? PropertyListSerialization.propertyList(from: Data(plistData), options: [], format: nil),
-              let dict = parsed as? [String: Any] else { return nil }
-
-        return (dict["TeamName"] as? String) ?? (dict["Name"] as? String)
-    }
-
-    // MARK: - Check p12 ↔ mobileprovision match
-    public static func check(p12Data: Data, password: String, mobileProvisionData: Data) -> Result<CertificateCheckResult, Error> {
-        let options = [kSecImportExportPassphrase as String: password] as CFDictionary
-        var items: CFArray?
+              let endRange = mobileProvisionData.range(of: endTag) else {
+            return nil
+        }
 
-        let status = SecPKCS12Import(p12Data as CFData, options, &items)
+        let plistDataSlice = mobileProvisionData[startRange.lowerBound..<endRange.upperBound]
+        let plistData = Data(plistDataSlice)
 
-        if status == errSecAuthFailed { return .success(.incorrectPassword) }
+        // Parse plist into a dictionary
+        guard let parsed = try? PropertyListSerialization.propertyList(from: plistData, options: [], format: nil),
+              let dict = parsed as? [String: Any] else {
+            return nil
+        }
 
-        guard status == errSecSuccess,
-              let itemsArray = items as? [[String: Any]],
-              let identityAny = itemsArray.first?[kSecImportItemIdentity as String],
-              CFGetTypeID(identityAny as CFTypeRef) == SecIdentityGetTypeID() else {
-            return .failure(CertificateError.p12ImportFailed(status))
+        // Prefer TeamName if present
+        if let teamName = dict["TeamName"] as? String, !teamName.isEmpty {
+            return teamName
         }
 
-        let identity = identityAny as! SecIdentity
+        // Fallback to Name (string)
+        if let name = dict["Name"] as? String, !name.isEmpty {
+            return name
+        }
 
+        return nil
+    }
+    
+    /// Top-level check: returns result
+    public static func check(p12Data: Data, password: String, mobileProvisionData: Data) -> Result<CertificateCheckResult, Error> {
+        let options = [kSecImportExportPassphrase as String: password] as CFDictionary
+        var itemsCF: CFArray?
+        
+        let importStatus = SecPKCS12Import(p12Data as CFData, options, &itemsCF)
+        
+        if importStatus == errSecAuthFailed {
+            return .success(.incorrectPassword)
+        }
+        
+        guard importStatus == errSecSuccess, let items = itemsCF as? [[String: Any]], items.count > 0 else {
+            return .failure(CertificateError.p12ImportFailed(importStatus))
+        }
+        
+        guard let first = items.first else {
+            return .failure(CertificateError.identityExtractionFailed)
+        }
+        
+        let identity = first[kSecImportItemIdentity as String] as! SecIdentity
+        
         var certRef: SecCertificate?
-        guard SecIdentityCopyCertificate(identity, &certRef) == errSecSuccess,
-              let p12Cert = certRef else {
+        let certStatus = SecIdentityCopyCertificate(identity, &certRef)
+        
+        guard certStatus == errSecSuccess, let p12Cert = certRef else {
             return .failure(CertificateError.certExtractionFailed)
         }
-
+        
         do {
-            let p12KeyData = try publicKeyData(from: p12Cert)
-            let p12Hash = sha256Hex(p12KeyData)
-
-            let embedded = try certificatesFromMobileProvision(mobileProvisionData)
-
-            for cert in embedded {
-                let keyData = try publicKeyData(from: cert)
-                if sha256Hex(keyData) == p12Hash {
-                    return .success(.success)
+            let p12PubKeyData = try publicKeyData(from: p12Cert)
+            let p12Hash = sha256Hex(p12PubKeyData)
+            
+            let embeddedCerts = try certificatesFromMobileProvision(mobileProvisionData)
+            
+            for cert in embeddedCerts {
+                do {
+                    let embPubKeyData = try publicKeyData(from: cert)
+                    let embHash = sha256Hex(embPubKeyData)
+                    
+                    if embHash == p12Hash {
+                        return .success(.success)
+                    }
+                } catch {
+                    continue
                 }
             }
+            
             return .success(.noMatch)
         } catch {
             return .failure(error)
         }
     }
+
 }