Exemple #1
0
def ca_trust_payload_from_configuration() -> PEMCertificatePayload:
    """Create a CA payload with the PEM representation of the Certificate Authority used by this instance.

    You need to check whether the app config contains 'CA_CERTIFICATE' before invoking this.
    """
    try:
        org = db.session.query(Organization).one()
    except NoResultFound:
        abort(500, 'No organization is configured, cannot generate enrollment profile.')
    except MultipleResultsFound:
        abort(500, 'Multiple organizations, backup your database and start again')

    with open(current_app.config['CA_CERTIFICATE'], 'rb') as fd:
        pem_data = fd.read()
        pem_payload = PEMCertificatePayload(
            uuid=uuid4(),
            identifier=org.payload_prefix + '.ca',
            payload_content=pem_data,
            display_name='Certificate Authority',
            description='Required for your device to trust the server',
            type='com.apple.security.root',
            version=1
        )

        return pem_payload
Exemple #2
0
def ssl_trust_payload_from_configuration() -> PEMCertificatePayload:
    """Generate a PEM certificate payload in order to trust this host.

    """
    try:
        org = db.session.query(Organization).one()
    except NoResultFound:
        abort(
            500,
            'No organization is configured, cannot generate enrollment profile.'
        )
    except MultipleResultsFound:
        abort(500,
              'Multiple organizations, backup your database and start again')

    basepath = os.path.dirname(__file__)
    certpath = os.path.join(basepath, current_app.config['SSL_CERTIFICATE'])

    with open(certpath, 'rb') as fd:
        pem_payload = PEMCertificatePayload(
            uuid=uuid4(),
            identifier=org.payload_prefix + '.ssl',
            payload_content=fd.read(),
            display_name='Web Server Certificate',
            description='Required for your device to trust the server',
            type='com.apple.security.pkcs1',
            version=1)
        return pem_payload
Exemple #3
0
def trust_mobileconfig():
    """Generate a trust profile, if one is required.

    :resheader Content-Type: application/x-apple-aspen-config
    :statuscode 200:
    :statuscode 500: The system has not been configured, so we can't produce anything.
    """
    try:
        org = db.session.query(Organization).one()
    except NoResultFound:
        abort(
            500,
            'No organization is configured, cannot generate enrollment profile.'
        )
    except MultipleResultsFound:
        abort(500,
              'Multiple organizations, backup your database and start again')

    profile = Profile(
        identifier=org.payload_prefix + '.trust',
        uuid=uuid4(),
        display_name='Commandment Trust Profile',
        description='Allows your device to trust the MDM server',
        organization=org.name,
        version=1,
        scope=PayloadScope.System,
    )

    if 'CA_CERTIFICATE' in current_app.config:
        # If you specified a CA certificate, we assume it isn't a CA trusted by Apple devices.
        ca_payload = ca_trust_payload_from_configuration()
        profile.payloads.append(ca_payload)

    if 'SSL_CERTIFICATE' in current_app.config:
        basepath = os.path.dirname(__file__)
        certpath = os.path.join(basepath,
                                current_app.config['SSL_CERTIFICATE'])
        with open(certpath, 'rb') as fd:
            pem_payload = PEMCertificatePayload(
                uuid=uuid4(),
                identifier=org.payload_prefix + '.ssl',
                payload_content=fd.read(),
                display_name='Web Server Certificate',
                description='Required for your device to trust the server',
                type='com.apple.security.pkcs1',
                version=1)
            profile.payloads.append(pem_payload)

    schema = profile_schema.ProfileSchema()
    result = schema.dump(profile)
    plist_data = dumps_none(result.data, skipkeys=True)

    return plist_data, 200, {
        'Content-Type': PROFILE_CONTENT_TYPE,
        'Content-Disposition': 'attachment; filename="trust.mobileconfig"'
    }