From 6bec87145c27fd278563ae8b52fd0fb53a20d860 Mon Sep 17 00:00:00 2001
From: Brian Samson <brian@briansamson.com>
Date: Wed, 19 Feb 2014 14:32:54 -0600
Subject: [PATCH] add support for signing with intermediate certificates

---
 lib/ios-cert-enrollment/configuration.rb | 1 +
 lib/ios-cert-enrollment/profile.rb       | 2 +-
 lib/ios-cert-enrollment/ssl.rb           | 8 +++++++-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/ios-cert-enrollment/configuration.rb b/lib/ios-cert-enrollment/configuration.rb
index 7092658..4bb57e6 100644
--- a/lib/ios-cert-enrollment/configuration.rb
+++ b/lib/ios-cert-enrollment/configuration.rb
@@ -6,6 +6,7 @@ module Configuration
     VALID_OPTIONS_KEYS = [
       :ssl_certificate_path,
       :ssl_key_path,
+      :intermediate_certificate_paths,
       :base_url,
       :identifier,
       :display_name,
diff --git a/lib/ios-cert-enrollment/profile.rb b/lib/ios-cert-enrollment/profile.rb
index 37601fb..9ed6435 100644
--- a/lib/ios-cert-enrollment/profile.rb
+++ b/lib/ios-cert-enrollment/profile.rb
@@ -100,7 +100,7 @@ def configuration(encrypted_content)
     
     
     def sign
-      signed_profile = OpenSSL::PKCS7.sign(SSL.certificate, SSL.key,  self.payload, [], OpenSSL::PKCS7::BINARY)
+      signed_profile = OpenSSL::PKCS7.sign(SSL.certificate, SSL.key,  self.payload, SSL.intermediate_certificates, OpenSSL::PKCS7::BINARY)
       return Certificate.new(signed_profile.to_der, "application/x-apple-aspen-config")        
       
     end
diff --git a/lib/ios-cert-enrollment/ssl.rb b/lib/ios-cert-enrollment/ssl.rb
index 431fe50..23b82ed 100644
--- a/lib/ios-cert-enrollment/ssl.rb
+++ b/lib/ios-cert-enrollment/ssl.rb
@@ -1,6 +1,6 @@
 module IOSCertEnrollment
   module SSL
-    @@key, @@certificate = nil
+    @@key, @@certificate, @@intermediate_certificates = nil
     class << self    
       def key
         return @@key if @@key
@@ -11,6 +11,12 @@ def certificate
         return @@certificate if @@certificate
         return @@certificate = OpenSSL::X509::Certificate.new(File.read(IOSCertEnrollment.ssl_certificate_path))
       end
+
+      def intermediate_certificates
+        return @@intermediate_certificates if @@intermediate_certificates
+        certificate_paths = IOSCertEnrollment.intermediate_certificate_paths || []
+        @@intermediate_certificates = certificate_paths.collect{|x| OpenSSL::X509::Certificate.new(File.read(x))}
+      end
     end
     
   end