def create_from_dep_profile(self, dep_profile, serial_number, udid, payload): # Build a new secret, only for one enrollment, only for this machine # scep server. enrollment_secret = dep_profile.enrollment_secret meta_business_unit = enrollment_secret.meta_business_unit tags = list(enrollment_secret.tags.all()) # verified only once with the SCEP payload quota = 1 # expires 60 minutes from now, plenty enough for the device to contact the SCEP server expired_at = timezone.now() + timedelta(hours=1) new_es = EnrollmentSecret( meta_business_unit=meta_business_unit, serial_numbers=[serial_number], udids=[udid], quota=quota, expired_at=expired_at, ) new_es.save(secret_length=56) # CN max 64 - $ separator - prefix MDM$DEP new_es.tags = tags enrollment_session = self.model(status=self.model.STARTED, dep_profile=dep_profile, enrollment_secret=new_es) enrollment_session.update_with_payload(payload) return enrollment_session
def create_from_enrollment(self, enrollment, serial_number): enrollment_secret = enrollment.secret tags = list(enrollment_secret.tags.all()) new_es = EnrollmentSecret( meta_business_unit=enrollment_secret.meta_business_unit, serial_numbers=[serial_number], quota=2, # Verified max twice. SCEP? + Enrollment completion expired_at=enrollment_secret.expired_at) new_es.save(secret_length=59) # CN max 64 - $ separator - FLBT prefix new_es.tags.set(tags) return self.create(enrollment=enrollment, status=self.model.STARTED, enrollment_secret=new_es)
def create_from_realm_user(self, ota_enrollment, realm_user): enrollment_secret = ota_enrollment.enrollment_secret tags = list(enrollment_secret.tags.all()) new_es = EnrollmentSecret( meta_business_unit=enrollment_secret.meta_business_unit, quota=3, # Verified three times: config profile download + 2 different SCEP payloads expired_at=enrollment_secret.expired_at ) new_es.save(secret_length=56) # CN max 64 - $ separator - prefix, ota or mdm$ota new_es.tags.set(tags) enrollment_session = self.model(status=self.model.PHASE_1, ota_enrollment=ota_enrollment, realm_user=realm_user, enrollment_secret=new_es) enrollment_session.save() return enrollment_session
def create_from_ota_enrollment(self, ota_enrollment, serial_number, udid): # Built a new secret that can be used only by one specific machine enrollment_secret = ota_enrollment.enrollment_secret tags = list(enrollment_secret.tags.all()) new_es = EnrollmentSecret( meta_business_unit=enrollment_secret.meta_business_unit, serial_numbers=[serial_number], udids=[udid], quota=2, # Verified twice with 2 different SCEP payloads expired_at=enrollment_secret.expired_at ) new_es.save(secret_length=60) # CN max 64 - $ separator - prefix, ota or mdm new_es.tags = tags return self.create(status=self.model.PHASE_2, ota_enrollment=ota_enrollment, enrollment_secret=new_es)