def gen_new_device_identity(self):
'''Generate a new certificat and key intended for a new MDM payload
Returns an m2certs.Identity instance.'''
# TODO: increment CA serial
# we don't persist the key as it should only be held and used by
# the client device
dev_key = RSAPrivateKey()
dev_csr = CertificateRequest(dev_key, CN=MDM_DEVICE_CN)
dev_crt = Certificate.cert_from_req_signed_by_cacert(dev_csr, self.ca_cert, self.ca_privkey)
# save certificate in DB
db_dev_crt = DBCertificate()
db_dev_crt.cert_type = 'mdm.device'
db_dev_crt.pem_certificate = dev_crt.get_pem()
db_session.add(db_dev_crt)
db_session.commit()
return Identity(dev_key, dev_crt)
