I finally got the answer from an answer to another questionon SO.

我终于从关于 SO 的另一个问题的答案中得到了答案。

Basically the .mobileprovision file is a CMSencrypted XML file. It can be decoded using securityon OS X:

.mobileprovision 文件基本上是一个CMS加密的 XML 文件。它可以security在 OS X 上使用解码：

security cms -D -i /path/to/profile.mobileprovision

I don't have an answer to your initial question, but I can explain how to extract the signing certificate from the .mobileprovision file:

我没有回答你最初的问题，但我可以解释如何从 .mobileprovision 文件中提取签名证书：

1. The plist part of the .mobileprovision has a key 'DeveloperCertificates', whose value is an array of NSData.
2. Each NSData is a .cer file - the signing certificate you are looking for.

1. .mobileprovision 的 plist 部分有一个键“DeveloperCertificates”，它的值是一个 NSData 数组。
2. 每个 NSData 都是一个 .cer 文件 - 您正在寻找的签名证书。

I have a short shell script for extracting the subject of the signing certificate directly from the .mobileprovision file here: https://gist.github.com/2147247- the script works with only one certificate in the array mentioned earlier, which should be the common case.

我有一个简短的 shell 脚本，用于直接从 .mobileprovision 文件中提取签名证书的主题：https://gist.github.com/2147247 - 该脚本仅适用于前面提到的数组中的一个证书，应该是常见的情况。

As you can see in the script, I have no answer to your third question, I am just cutting away the first line and everything after the closing tag.

正如您在脚本中看到的，我没有回答您的第三个问题，我只是删除了第一行和结束标记之后的所有内容。

use

用

security cms -D -i /path/to/profile.mobileprovision

if you get the error message security: SecPolicySetValue: One or more parameters passed to a function were not validjust pipe the error to /dev/null

如果您收到错误消息，security: SecPolicySetValue: One or more parameters passed to a function were not valid只需将错误通过管道传送到/dev/null

security cms -D -i /path/to/profile.mobileprovision 2> /dev/null

The .mobileprovision file is a DER encoded ASN.1,

.mobileprovision 文件是DER 编码的 ASN.1，

The plist is one of the values stored in this ASN.1 message.

plist 是存储在此 ASN.1 消息中的值之一。

The file is basically the public distribution key + Apple public certificate chain + allowed devices that can be installed on to - as long as the IPA file is likewise signed.

该文件基本上是公共分发密钥 + Apple 公共证书链 + 允许安装的设备 - 只要 IPA 文件同样签名。

Your key is encoded in to the plist entry. and the binary data after the plist are the associated public certficates: the Apple Root public certificate (downloadable from Appleand the Apple iPhone Certification Authority (downloadable via your Apple portal).

您的密钥被编码到 plist 条目中。plist 之后的二进制数据是相关的公共证书：Apple Root 公共证书（可从Apple和 Apple iPhone Certification Authority 下载（可通过您的 Apple 门户下载）。

[Updated based on comments]

[根据评论更新]

The real goal is to work out the certificate "common name" used my the mobile provision file so that the app can be re-signed.

真正的目标是使用我的移动配置文件计算出证书“通用名称”，以便应用程序可以重新签名。

Inside the mobile provisioning file ApplicationIdentifierPrefixtag contains the certificate UserID. This number could be used to find the certificate in the keychain tool.

移动配置文件ApplicationIdentifierPrefix标签内包含证书用户 ID。此编号可用于在钥匙串工具中查找证书。

So manually, the steps would be:

所以手动，步骤是：

1. Extract the ApplicationIdentifierPrefixnumber from the .mobileprovision file
2. Open the keychain app. Look through each login/certificate to find the one with matching UserId

1. ApplicationIdentifierPrefix从 .mobileprovision 文件中提取号码
2. 打开钥匙串应用。查看每个登录名/证书以找到具有匹配 UserId 的登录名/证书

To automate the process

使过程自动化

1. run some fancy unix command to extract the ID
2. run security find-certificate -a >a.outthen grep for the ID. Then find the common name from the same record.

1. 运行一些花哨的 unix 命令来提取 ID
2. security find-certificate -a >a.out然后为 ID运行grep。然后从同一记录中找到通用名称。