Fixes issue where AltStore revokes its own certificate

Uses embedded certificate from AltServer if possible, but then falls back to asking user to refresh AltStore manually if the certificate used to install AltStore is revoked.
2026-02-09 06:43:25 +01:00 · 2019-10-28 13:16:55 -07:00
parent 1bde885b17
commit e785fc47ee
8 changed files with 316 additions and 102 deletions
--- a/AltStore/Operations/ResignAppOperation.swift
+++ b/AltStore/Operations/ResignAppOperation.swift
@@ -400,6 +400,21 @@ private extension ResignAppOperation
                    guard let udid = Bundle.main.object(forInfoDictionaryKey: Bundle.Info.deviceID) as? String else { throw OperationError.unknownUDID }
                    additionalValues[Bundle.Info.deviceID] = udid
                    additionalValues[Bundle.Info.serverID] = UserDefaults.standard.preferredServerID
+                    
+                    if
+                        let data = Keychain.shared.signingCertificate,
+                        let signingCertificate = ALTCertificate(p12Data: data, password: nil),
+                        let encryptingPassword = Keychain.shared.signingCertificatePassword
+                    {
+                        additionalValues[Bundle.Info.certificateID] = signingCertificate.serialNumber
+                        
+                        let encryptedData = signingCertificate.encryptedP12Data(withPassword: encryptingPassword)
+                        try encryptedData?.write(to: appBundle.certificateURL, options: .atomic)
+                    }
+                    else
+                    {
+                        // The embedded certificate + certificate identifier are already in app bundle, no need to update them.
+                    }
                }
                
                // Prepare app