def getAndSendPushToken(self, tree, namespace, deviceHardwareIdWithoutPrefix): items = tree.findall("./{%s}SyncBody/{%s}Results/{%s}Item/." % (namespace, namespace, namespace)) pushToken = None for item in items: locUri = item.find("./{%s}Source/{%s}LocURI/." % (namespace, namespace)).text if locUri == TOKEN_URI % self.config.get("Enrollment", "ProviderId"): pushToken = item.find("./{%s}Data/." % namespace).text break if pushToken is not None: queryResult = globalFunctions.queryApi( self.config, { "hardware_id": deviceHardwareIdWithoutPrefix, "push_token": pushToken }, self.config.get("API", "AssignPushToken")) if queryResult["success"] != True: globalFunctions.printDebugLog( self.config, "QUERY API FAILED", self.config.get("API", "AssignPushToken") + " response: " + str(result)) return queryResult["success"] == True globalFunctions.printDebugLog(self.config, "Error in obtaining Push Token", "Push Token is None") return False
def assignHardwareIdToApi(self, deviceId, deviceHardwareIdWithoutPrefix): result = globalFunctions.queryApi( self.config, { "device_id": deviceId, "hardware_id": deviceHardwareIdWithoutPrefix }, self.config.get("API", "AssignHardwareId")) if not result["success"]: globalFunctions.printDebugLog( self.config, "QUERY API FAILED", self.config.get("API", "AssignHardwareId") + " response: " + str(result)) return result["success"]
def index(self, **kwargs): if 'Content-Type' not in cherrypy.request.headers: return "Error, no content type" if cherrypy.request.method == "GET": return "" if cherrypy.request.headers['Content-Type'] == CONTENT_TYPE_SOAP: cherrypy.response.headers['Content-Type'] = CONTENT_TYPE_SOAP requestBody = cherrypy.request.body.read() globalFunctions.printDebugLog(self.config, "DISCOVERY REQUEST", requestBody) tree = ET.fromstring(requestBody) messageId = tree.find("./{%s}Header/{%s}MessageID/." % (NAMESPACE_S, NAMESPACE_A)).text toReturn = self.makeResponse(messageId) globalFunctions.printDebugLog(self.config, "DISCOVERY RESPONSE", toReturn) return toReturn return "unsupported request"
def index(self, **kwargs): if 'Content-Type' not in cherrypy.request.headers: return "Error, no content type" if cherrypy.request.headers['Content-Type'] == CONTENT_TYPE_SOAP: cherrypy.response.headers['Content-Type'] = CONTENT_TYPE_SOAP requestBody = cherrypy.request.body.read() globalFunctions.printDebugLog(self.config, "ENROLLMENT REQUEST", requestBody) tree = ET.fromstring(requestBody) xmlDoc = XmlDoc() messageId = tree.find("./{%s}Header/{%s}MessageID/." % (NAMESPACE_S, NAMESPACE_A)).text binarySecurityTokenPem = tree.find( "./{%s}Body/{%s}RequestSecurityToken/{%s}BinarySecurityToken/." % (NAMESPACE_S, NAMESPACE_WST, NAMESPACE_WSSE)).text binarySecurityToken = M2Crypto.X509.load_request_string( self.reformatRequestToken(binarySecurityTokenPem)) usernameToken = tree.find( "./{%s}Header/{%s}Security/{%s}UsernameToken/." % (NAMESPACE_S, NAMESPACE_WSSE, NAMESPACE_WSSE)) #username is enrollment token username = usernameToken.find("./{%s}Username/." % NAMESPACE_WSSE).text #password is parent pid password = usernameToken.find("./{%s}Password/." % NAMESPACE_WSSE).text result = globalFunctions.queryApi( self.config, { 'token': username, 'pin': password }, self.config.get("API", "CheckTokenUrl")) if result["success"] != True: globalFunctions.printDebugLog( self.config, "cannot verify username and token", "") return deviceId = str(result["device_id"]) toReturn = self.makeResponse(messageId, binarySecurityToken, deviceId) globalFunctions.printDebugLog(self.config, "ENROLLMENT RESPONSE", toReturn) return toReturn return "unsupported request"
def index(self, **kwargs): if 'Content-Type' not in cherrypy.request.headers: return "Error, no content type" if cherrypy.request.headers['Content-Type'] == CONTENT_TYPE_SYNCML: cherrypy.response.headers['Content-Type'] = CONTENT_TYPE_SYNCML requestBody = cherrypy.request.body.read() tree = ET.fromstring(requestBody) xmlDoc = XmlDoc() globalFunctions.printDebugLog(self.config, "OMADM REQUEST", xmlDoc.elementToString(tree)) namespace = self.namespaceWithSyncMLVersion(tree) deviceHardwareId = self.getDeviceHardwareId(tree, namespace) deviceHardwareIdWithoutPrefix = deviceHardwareId[ len(DEVICE_HARDWARE_ID_PREFIX):] deviceId = self.getDeviceId(tree, namespace) sessionId = tree.find("./{%s}SyncHdr/{%s}SessionID/." % (namespace, namespace)).text msgId = tree.find("./{%s}SyncHdr/{%s}MsgID/." % (namespace, namespace)).text if self.isUnenrollmentRequest(tree, namespace, deviceHardwareIdWithoutPrefix): toReturn = self.responseForUnenrollment( deviceHardwareId, sessionId, msgId) elif msgId == "1": if (not self.assignHardwareIdToApi( deviceId, deviceHardwareIdWithoutPrefix) or self.checkApiIfUserShouldUnenroll( deviceHardwareIdWithoutPrefix)): toReturn = self.responseWithForceUnenrollment( deviceHardwareId, sessionId, msgId) else: toReturn = self.responseWithStandardPolicy( deviceHardwareId, sessionId, msgId) elif msgId == "2": if self.messageIsForceUnenrollmentResponse(tree, namespace): toReturn = self.responseForCloseConnection( deviceHardwareId, sessionId, msgId) elif not self.getAndSendPushToken( tree, namespace, deviceHardwareIdWithoutPrefix): return "internal error" elif self.getSyncInterval(tree, namespace) != self.config.get( "Enrollment", "SynchInterval"): toReturn = self.responseForChangeSyncInterval( deviceHardwareId, sessionId, msgId) else: toReturn = self.responseForCloseConnection( deviceHardwareId, sessionId, msgId) else: toReturn = self.responseForCloseConnection( deviceHardwareId, sessionId, msgId) globalFunctions.printDebugLog(self.config, "OMADM RESPONSE", toReturn) return toReturn return "unsupported request"
def createProvisioningXML(self, tokenRequest, deviceId): xmlDoc = XmlDoc() wapProvisioningDoc = xmlDoc.element('wap-provisioningdoc') xmlDoc.addAttribute(wapProvisioningDoc, "version", '1.1') characteristicCertificateStore = self.makeCharacteristicNode( xmlDoc, wapProvisioningDoc, 'CertificateStore') characteristicRoot = self.makeCharacteristicNode( xmlDoc, characteristicCertificateStore, 'Root') characteristicSystem = self.makeCharacteristicNode( xmlDoc, characteristicRoot, 'System') rootCertificate = self.createRootCertificate() characteristicNumSystem = self.makeCharacteristicNode( xmlDoc, characteristicSystem, rootCertificate.get_fingerprint('sha1')) self.makeParmNode(xmlDoc, characteristicNumSystem, "EncodedCertificate", self.reformatCertificate(rootCertificate.as_pem())) characteristicMy = self.makeCharacteristicNode( xmlDoc, characteristicCertificateStore, 'My') characteristicUser = self.makeCharacteristicNode( xmlDoc, characteristicMy, 'User') clientCertificate = self.createClientCertificate(tokenRequest) characteristicNumUser = self.makeCharacteristicNode( xmlDoc, characteristicUser, clientCertificate.get_fingerprint('sha1')) self.makeParmNode(xmlDoc, characteristicNumUser, "EncodedCertificate", self.reformatCertificate(clientCertificate.as_pem())) characteristicPrivateKeyContainer = self.makeCharacteristicNode( xmlDoc, characteristicNumUser, 'PrivateKeyContainer') characteristicWSTEP = self.makeCharacteristicNode( xmlDoc, characteristicMy, 'WSTEP') characteristicRenew = self.makeCharacteristicNode( xmlDoc, characteristicWSTEP, 'Renew') self.makeParmNode(xmlDoc, characteristicRenew, "ROBOSupport", "true", "boolean") self.makeParmNode(xmlDoc, characteristicRenew, "RenewPeriod", self.config.get("Enrollment", "ROBORenewPeriod"), "integer") self.makeParmNode(xmlDoc, characteristicRenew, "RetryInterval", self.config.get("Enrollment", "ROBORetryInterval"), "integer") characteristicApplication = self.makeCharacteristicNode( xmlDoc, wapProvisioningDoc, 'APPLICATION') self.makeParmNode(xmlDoc, characteristicApplication, "APPID", "w7") self.makeParmNode(xmlDoc, characteristicApplication, "PROVIDER-ID", self.config.get("Enrollment", "ProviderId")) self.makeParmNode(xmlDoc, characteristicApplication, "NAME", self.config.get("Enrollment", "Name")) self.makeParmNode(xmlDoc, characteristicApplication, "ADDR", self.config.get("Enrollment", "MDMServerUrl")) self.makeParmNode(xmlDoc, characteristicApplication, "INIT", "") characteristicAPPAUTH = self.makeCharacteristicNode( xmlDoc, characteristicApplication, 'APPAUTH') self.makeParmNode(xmlDoc, characteristicAPPAUTH, "AAUTHLEVEL", "CLIENT") self.makeParmNode(xmlDoc, characteristicAPPAUTH, "AAUTHSECRET", DUMMY) self.makeParmNode(xmlDoc, characteristicAPPAUTH, "AAUTHDATA", DUMMY) characteristicAPPAUTH = self.makeCharacteristicNode( xmlDoc, characteristicApplication, 'APPAUTH') self.makeParmNode(xmlDoc, characteristicAPPAUTH, "AAUTHLEVEL", "APPSRV") self.makeParmNode(xmlDoc, characteristicAPPAUTH, "AAUTHNAME", deviceId) self.makeParmNode(xmlDoc, characteristicAPPAUTH, "AAUTHSECRET", DUMMY) characteristicDMClient = self.makeCharacteristicNode( xmlDoc, wapProvisioningDoc, 'DMClient') characteristicProvider = self.makeCharacteristicNode( xmlDoc, characteristicDMClient, 'Provider') characteristicTestMDMServer = self.makeCharacteristicNode( xmlDoc, characteristicProvider, self.config.get("Enrollment", "ProviderId")) characteristicPoll = self.makeCharacteristicNode( xmlDoc, characteristicTestMDMServer, 'Poll') self.makeParmNode(xmlDoc, characteristicPoll, "NumberOfFirstRetries", "8", "integer") self.makeParmNode(xmlDoc, characteristicPoll, "IntervalForFirstSetOfRetries", "15", "integer") self.makeParmNode(xmlDoc, characteristicPoll, "NumberOfSecondRetries", "5", "integer") self.makeParmNode(xmlDoc, characteristicPoll, "IntervalForSecondSetOfRetries", "3", "integer") self.makeParmNode(xmlDoc, characteristicPoll, "NumberOfRemainingScheduledRetries", "0", "integer") self.makeParmNode(xmlDoc, characteristicPoll, "IntervalForRemainingScheduledRetries", self.config.get("Enrollment", "SynchInterval"), "integer") toReturn = xmlDoc.elementToString(wapProvisioningDoc, False) globalFunctions.printDebugLog(self.config, "ENROLLMENT WAP PROVINSIONING FILE", toReturn) return toReturn