def ca_trust_payload_from_configuration() -> PEMCertificatePayload: """Create a CA payload with the PEM representation of the Certificate Authority used by this instance. You need to check whether the app config contains 'CA_CERTIFICATE' before invoking this. """ try: org = db.session.query(Organization).one() except NoResultFound: abort(500, 'No organization is configured, cannot generate enrollment profile.') except MultipleResultsFound: abort(500, 'Multiple organizations, backup your database and start again') with open(current_app.config['CA_CERTIFICATE'], 'rb') as fd: pem_data = fd.read() pem_payload = PEMCertificatePayload( uuid=uuid4(), identifier=org.payload_prefix + '.ca', payload_content=pem_data, display_name='Certificate Authority', description='Required for your device to trust the server', type='com.apple.security.root', version=1 ) return pem_payload
def ssl_trust_payload_from_configuration() -> PEMCertificatePayload: """Generate a PEM certificate payload in order to trust this host. """ try: org = db.session.query(Organization).one() except NoResultFound: abort( 500, 'No organization is configured, cannot generate enrollment profile.' ) except MultipleResultsFound: abort(500, 'Multiple organizations, backup your database and start again') basepath = os.path.dirname(__file__) certpath = os.path.join(basepath, current_app.config['SSL_CERTIFICATE']) with open(certpath, 'rb') as fd: pem_payload = PEMCertificatePayload( uuid=uuid4(), identifier=org.payload_prefix + '.ssl', payload_content=fd.read(), display_name='Web Server Certificate', description='Required for your device to trust the server', type='com.apple.security.pkcs1', version=1) return pem_payload
def trust_mobileconfig(): """Generate a trust profile, if one is required. :resheader Content-Type: application/x-apple-aspen-config :statuscode 200: :statuscode 500: The system has not been configured, so we can't produce anything. """ try: org = db.session.query(Organization).one() except NoResultFound: abort( 500, 'No organization is configured, cannot generate enrollment profile.' ) except MultipleResultsFound: abort(500, 'Multiple organizations, backup your database and start again') profile = Profile( identifier=org.payload_prefix + '.trust', uuid=uuid4(), display_name='Commandment Trust Profile', description='Allows your device to trust the MDM server', organization=org.name, version=1, scope=PayloadScope.System, ) if 'CA_CERTIFICATE' in current_app.config: # If you specified a CA certificate, we assume it isn't a CA trusted by Apple devices. ca_payload = ca_trust_payload_from_configuration() profile.payloads.append(ca_payload) if 'SSL_CERTIFICATE' in current_app.config: basepath = os.path.dirname(__file__) certpath = os.path.join(basepath, current_app.config['SSL_CERTIFICATE']) with open(certpath, 'rb') as fd: pem_payload = PEMCertificatePayload( uuid=uuid4(), identifier=org.payload_prefix + '.ssl', payload_content=fd.read(), display_name='Web Server Certificate', description='Required for your device to trust the server', type='com.apple.security.pkcs1', version=1) profile.payloads.append(pem_payload) schema = profile_schema.ProfileSchema() result = schema.dump(profile) plist_data = dumps_none(result.data, skipkeys=True) return plist_data, 200, { 'Content-Type': PROFILE_CONTENT_TYPE, 'Content-Disposition': 'attachment; filename="trust.mobileconfig"' }