def gen_new_device_identity(self): '''Generate a new certificat and key intended for a new MDM payload Returns an m2certs.Identity instance.''' # TODO: increment CA serial # we don't persist the key as it should only be held and used by # the client device dev_key = RSAPrivateKey() dev_csr = CertificateRequest(dev_key, CN=MDM_DEVICE_CN) dev_crt = Certificate.cert_from_req_signed_by_cacert(dev_csr, self.ca_cert, self.ca_privkey) # save certificate in DB db_dev_crt = DBCertificate() db_dev_crt.cert_type = 'mdm.device' db_dev_crt.pem_certificate = dev_crt.get_pem() db_session.add(db_dev_crt) db_session.commit() return Identity(dev_key, dev_crt)