fix: macOS 15.0 beta2 fcs-key

cmd/ipsw/cmd/fw/aea.go

@@ -115,7 +115,7 @@ var aeaCmd = &cobra.Command{
 			if err != nil {
 				return fmt.Errorf("failed to parse AEA: %v", err)
 			}
-			pkmap, err := metadata.GetPrivateKey(nil)
+			pkmap, err := metadata.GetPrivateKey(nil, false)
 			if err != nil {
 				return fmt.Errorf("failed to get private key: %v", err)
 			}

internal/commands/extract/extract.go

@@ -571,7 +571,7 @@ func FcsKeys(c *Config) ([]string, error) {
 			if err != nil {
 				return nil, fmt.Errorf("failed to parse AEA1 metadata: %v", err)
 			}
-			pkmap, err := metadata.GetPrivateKey(nil)
+			pkmap, err := metadata.GetPrivateKey(nil, true)
 			if err != nil {
 				return nil, err
 			}

pkg/aea/aea.go

@@ -59,6 +59,9 @@ type PrivateKey []byte
 
 func (k PrivateKey) UnmarshalBinaryPrivateKey() ([]byte, error) {
 	block, _ := pem.Decode(k)
+	if block == nil {
+		return nil, fmt.Errorf("failed to decode p8 key")
+	}
 	parsedKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse p8 key: %v", err)
@@ -72,7 +75,7 @@ func (k PrivateKey) UnmarshalBinaryPrivateKey() ([]byte, error) {
 
 type Metadata map[string][]byte
 
-func (md Metadata) GetPrivateKey(data []byte) (map[string]PrivateKey, error) {
+func (md Metadata) GetPrivateKey(data []byte, skipEmbedded bool) (map[string]PrivateKey, error) {
 	out := make(map[string]PrivateKey)
 
 	if len(data) > 0 {
@@ -86,15 +89,17 @@ func (md Metadata) GetPrivateKey(data []byte) (map[string]PrivateKey, error) {
 	}
 
 	// check if keys are already loaded
-	if keys, err := getKeys(); err == nil {
-		u, err := url.Parse(string(privKeyURL))
-		if err != nil {
-			return nil, err
-		}
-		for k, v := range keys {
-			if strings.EqualFold(k, path.Base(u.Path)) {
-				out[k] = PrivateKey(v)
-				return out, nil
+	if !skipEmbedded {
+		if keys, err := getKeys(); err == nil {
+			u, err := url.Parse(string(privKeyURL))
+			if err != nil {
+				return nil, err
+			}
+			for k, v := range keys {
+				if strings.EqualFold(k, path.Base(u.Path)) {
+					out[k] = PrivateKey(v)
+					return out, nil
+				}
 			}
 		}
 	}
@@ -105,6 +110,10 @@ func (md Metadata) GetPrivateKey(data []byte) (map[string]PrivateKey, error) {
 	}
 	defer resp.Body.Close()
 
+	if resp.StatusCode != 200 {
+		return nil, fmt.Errorf("failed to connect to fcs-key URL: %s", resp.Status)
+	}
+
 	privKey, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
@@ -137,7 +146,7 @@ func (md Metadata) DecryptFCS(pemData []byte) ([]byte, error) {
 		return nil, err
 	}
 
-	pkmap, err := md.GetPrivateKey(pemData)
+	pkmap, err := md.GetPrivateKey(pemData, false)
 	if err != nil {
 		return nil, err
 	}

pkg/aea/data/fcs-keys.json

@@ -1 +1 @@
-{"C76OEoiX5Lfc0nRQtn1cLkOEwDtC8HGIM_M_1rJgQ9g=":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ21qWDBwYmU2WWErMDJUek4KY0laWHZ6L1VId1lMN1JwUVFka01QV1pmT2UraFJBTkNBQVRzeUsxZEJzUFJVZU15b2hWM2VJUG5JNGw2SzhjUApWeGZGRXBEd01DdXNlTUVrV0UzV0w5QXcvTTMyRk5Ta2lYZUNpQXoxMXBOdUJVWGVmTkFPSXlkSQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==","k_VQtA6uNC_IsMkQrz-3juymNnKSkjWFMr1epfCaVHU=":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ0xMSitUYnQwK1gxRnIrVHoKY2YwbGRQaStnRDZOZGZYVytjR2lJMXhLdmxlaFJBTkNBQVJ5aUZ0MmRsVGtBYU1kRzYrSDZ5cDdCVjNlOFo3dwpmL0FRU3lWNy83aVpjVXA2NUtrV2RNRlJmNWFyWFlraElQSlU1R3JtRjVlaFdJcDVIUVVWYkZnbgotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==","emS2Z48W5hiK6-9wCuih_4olLWp2NLZ3KfK8zPHASvM=":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ0FMV05HalFLUEFkYzdSUTgKa0VNeFpoV2llNnhsc2dUZUZyVTJXRXN3aHRhaFJBTkNBQVJQelIraG5vbDJSbmNGdmpmWk44bXJUN3F4TjdRSwovY29WazJxSDN1cFF3eExKWTBaTzhtZDV2RzRSQXVDUG8yUDJSaUxxbXJ3K1lVL3laUVVDam10aAotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==","vqTQNjxKOR8CCw4-SSqrJCmVu7x1zktNdOXoNm7RIXQ=":"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPEVycm9yPjxDb2RlPkFjY2Vzc0RlbmllZDwvQ29kZT48TWVzc2FnZT5BY2Nlc3MgRGVuaWVkPC9NZXNzYWdlPjxSZXF1ZXN0SWQ+UFJQNU43RlNaV0REV01EMzwvUmVxdWVzdElkPjxIb3N0SWQ+clU3SjRzQnNodHlSenR4RUhaTURMd2JDazQvUjNNNUN0ZDlsQzBweW9uTEFiYUJVeE81dE5Jb2RxWmQwZGtHcXVlcncva0NwSHJjPTwvSG9zdElkPjwvRXJyb3I+"}
+{"C76OEoiX5Lfc0nRQtn1cLkOEwDtC8HGIM_M_1rJgQ9g=":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ21qWDBwYmU2WWErMDJUek4KY0laWHZ6L1VId1lMN1JwUVFka01QV1pmT2UraFJBTkNBQVRzeUsxZEJzUFJVZU15b2hWM2VJUG5JNGw2SzhjUApWeGZGRXBEd01DdXNlTUVrV0UzV0w5QXcvTTMyRk5Ta2lYZUNpQXoxMXBOdUJVWGVmTkFPSXlkSQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==","emS2Z48W5hiK6-9wCuih_4olLWp2NLZ3KfK8zPHASvM=":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ0FMV05HalFLUEFkYzdSUTgKa0VNeFpoV2llNnhsc2dUZUZyVTJXRXN3aHRhaFJBTkNBQVJQelIraG5vbDJSbmNGdmpmWk44bXJUN3F4TjdRSwovY29WazJxSDN1cFF3eExKWTBaTzhtZDV2RzRSQXVDUG8yUDJSaUxxbXJ3K1lVL3laUVVDam10aAotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==","k_VQtA6uNC_IsMkQrz-3juymNnKSkjWFMr1epfCaVHU=":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ0xMSitUYnQwK1gxRnIrVHoKY2YwbGRQaStnRDZOZGZYVytjR2lJMXhLdmxlaFJBTkNBQVJ5aUZ0MmRsVGtBYU1kRzYrSDZ5cDdCVjNlOFo3dwpmL0FRU3lWNy83aVpjVXA2NUtrV2RNRlJmNWFyWFlraElQSlU1R3JtRjVlaFdJcDVIUVVWYkZnbgotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==","vqTQNjxKOR8CCw4-SSqrJCmVu7x1zktNdOXoNm7RIXQ=":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ0tiRlBtMzFzOU4zQmNQdGUKU3RhWml3dzFwVStaME1PVEw2My9ERU41K3FpaFJBTkNBQVNDZ3FrMU5ONTVQM0lqdmhCdmVRS2c1S1dIMlprYQp4eGYzMVFyU3BBVW5tOGpJSkpPR2tndTZETDM5ZzZCM1labm1DN09NeW1SVVNhLy9sNWNQRWEyNQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg=="}