FEAT: included codec for Apple's Provision Profile files

Author: Oldes

src/mezz/codec-der.reb

@@ -310,7 +310,7 @@ register-codec [
 			|
 			#{2B060105050703} (main: "PKIX key purpose") [
 				  #"^(01)" (name: 'serverAuth)
-				  #"^(02)" (name: 'clientAuth)
+				| #"^(02)" (name: 'clientAuth)
 				| #"^(03)" (name: 'codeSigning)
 			] end
 			|
@@ -319,6 +319,7 @@ register-codec [
 			] end
 			|
 			#{0992268993F22C6401} (main: "Attribute") [
+				; http://oid-info.com/cgi-bin/display?tree=0.9.2342.19200300.100.1.1
 				#"^(01)" (name: 'uid)
 			] end
 		]
@@ -335,17 +336,3 @@ register-codec [
 
 	verbose: 0
 ]
-
-register-codec [
-	name:  'mobileprovision
-	type:  'cryptography
-	title: "Apple's mobileprovision file"
-	suffixes: [%.mobileprovision]
-	decode: function[data [binary!]][
-		try [
-			der: codecs/DER/decode data
-			result: to string! der/sequence/cs0/sequence/sequence/cs0/2
-		]
-		result
-	]
-]

src/mezz/codec-plist.reb

@@ -2,20 +2,21 @@ REBOL [
 	name:    plist
 	type:    module
 	options: [delay]
-	version: 0.0.1
-	title:   "REBOL 3 codec for PLIST files"
+	version: 1.0.0
+	title:   "PLIST codec"
 	file:    https://raw.githubusercontent.com/Oldes/Rebol3/master/src/mezz/codec-plist.reb
 	author:  "Oldes"
 	history: [
-		07-Apr-2022 "Oldes" {Initial version of the PLIST decoder}
+		07-Apr-2022 "Oldes" {Initial version of the PLIST and Provisioning Profile decoder}
 	]
-	References: [
+	references: [
 		https://developer.apple.com/library/archive/documentation/Cocoa/Conceptual/PropertyLists/Introduction/Introduction.html
 		https://medium.com/@karaiskc/understanding-apples-binary-property-list-format-281e6da00dbd
 	]
 	todo: {
 		* Support binary PLIST version
 		* PLIST encoder
+		* Provision profile data validation?
 	}
 ]
 
@@ -113,7 +114,7 @@ register-codec [
 								change/only v compose [
 									commonName:  (crt/subject/commonName)
 									valid-to:    (crt/valid-to)
-									fingerprint: (crt/fingerprint)
+									fingerprint: (select crt 'fingerprint)
 								]
 							]
 						]
@@ -140,3 +141,50 @@ register-codec [
 		]
 	]
 ]
+
+register-codec [
+	name:  'provision
+	type:  'cryptography
+	title: "Apple's Provisioning Profile File Format"
+	suffixes: [%.provisionprofile %.mobileprovision]
+
+	decode: function [
+		{Extract PLIST data from a provision profile}
+		data  [binary! file! url!]
+		;return: [map!]
+	] [
+		unless binary? data [ data: read data ]
+
+		der: codecs/der/decode data
+		parse der [
+			'SEQUENCE into [
+				'OBJECT_IDENTIFIER #{2A864886F70D010702} 'CS0 into [
+					'SEQUENCE into [
+						'INTEGER set version: binary!
+						'SET into [
+							'SEQUENCE into [
+								'OBJECT_IDENTIFIER set oid: binary! (
+									hash-alg: codecs/der/decode-oid oid
+								)
+								to end
+							]
+						]
+						'SEQUENCE into [
+							'OBJECT_IDENTIFIER #{2A864886F70D010701} 'CS0 into [
+								'OCTET_STRING set plist: binary!
+							]
+						]
+						; follows certificates used to sign the data..
+						; validation is not implemented!
+						to end
+					]
+					to end
+				]
+				to end
+			]
+		]
+		either binary? plist [
+			codecs/plist/decode plist
+		][	none ]
+	]
+]

src/tests/units/codecs-test.r3

@@ -546,6 +546,16 @@ if find codecs 'plist [
 			--assert map? data: load %units/files/Some.plist
 			--assert data/AppIDName = "Test Application"
 			--assert data/UUID      = "bba91992-3a72-46b3-bc5f-f7b59aa49236"
+	
+		--test-- "Load mobileprovision file"
+			--assert all [
+				map? data: load %units/files/Some.mobileprovision
+				data/AppIDName = "Samorost 1"
+				data/UUID      = "be387546-d90d-40cd-83e6-95eb6f5f0861"
+				block? data/ProvisionedDevices
+				block? data/DeveloperCertificates
+				object? decode 'crt data/DeveloperCertificates/1
+			]
 	===end-group===
 ]