[match][sigh][cert] Added checking hash of installed wwdr certificates (

#20507) * Added checking hash of installed wwdr certificates Co-authored-by: Aaron Brager <getaaron@gmail.com>
fastlane · Aug 3, 2022 · 203f195 · 203f195
1 parent 850593c
commit 203f195
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/fastlane_core/lib/fastlane_core/cert_checker.rb b/fastlane_core/lib/fastlane_core/cert_checker.rb
@@ -83,10 +83,13 @@ def self.list_available_developer_id_installer(in_keychain: nil)
 
     def self.wwdr_certificate_installed?
       certificate_name = "Apple Worldwide Developer Relations Certification Authority"
+      certificate_hash = "SHA-256 hash: BDD4ED6E74691F0C2BFD01BE0296197AF1379E0418E2D300EFA9C3BEF642CA30"
+
       keychain = wwdr_keychain
-      response = Helper.backticks("security find-certificate -a -c '#{certificate_name}' #{keychain.shellescape}", print: FastlaneCore::Globals.verbose?)
-      certs = response.split("keychain: \"#{keychain}\"").drop(1)
-      certs.count >= 1
+      response = Helper.backticks("security find-certificate -a -c '#{certificate_name}' -Z #{keychain.shellescape} | grep ^SHA-256", print: FastlaneCore::Globals.verbose?)
+
+      certs = response.split("\n")
+      certs.include?(certificate_hash)
     end
 
     def self.install_wwdr_certificate