class DEPAccount(db.Model):
"""DEP Account
This table stores information about a single DEP account (aka one 'MDM Server' in the portal),
and its current token.
"""
__tablename__ = 'dep_accounts'
id = db.Column(db.Integer, primary_key=True)
# certificate for PKI of server token
certificate_id = db.Column(db.ForeignKey('certificates.id'))
certificate = db.relationship('DEPServerTokenCertificate', backref='dep_configurations')
# OAuth creds
consumer_key = db.Column(db.String())
consumer_secret = db.Column(db.String())
access_token = db.Column(db.String())
access_secret = db.Column(db.String())
access_token_expiry = db.Column(db.DateTime())
token_updated_at = db.Column(db.DateTime())
# Current session token
auth_session_token = db.Column(db.String())
# Information synchronised from the /account endpoint
server_name = db.Column(db.String())
server_uuid = db.Column(GUID)
admin_id = db.Column(db.String())
facilitator_id = db.Column(db.String())
org_name = db.Column(db.String())
org_email = db.Column(db.String())
org_phone = db.Column(db.String())
org_address = db.Column(db.String())
org_type = db.Column(db.Enum(DEPOrgType))
org_version = db.Column(db.Enum(DEPOrgVersion))
org_id = db.Column(db.String())
org_id_hash = db.Column(db.String())
url = db.Column(db.String())
# Hold the state of the in-progress fetch/sync in case the DEP thread dies
cursor = db.Column(db.String())
more_to_follow = db.Column(db.Boolean())
fetched_until = db.Column(db.DateTime())
default_dep_profile_id = db.Column(db.Integer, db.ForeignKey('dep_profiles.id'))
default_dep_profile = db.relationship('DEPProfile', backref='default_for_accounts',
foreign_keys=[default_dep_profile_id])
class Certificate(db.Model):
"""Polymorphic base for certificate types.
These certificate classes are only intended to be used for storing certificates related to running the MDM or
certificates issued by the MDM internal CA or SCEP service.
Note that X.509 name attributes have fixed lengths as defined in `RFC5280`_.
:table: certificates
.. _RFC5280:
http://www.ietf.org/rfc/rfc5280.txt
"""
__tablename__ = 'certificates'
id = db.Column(db.Integer, primary_key=True)
"""id (int): Primary Key"""
pem_data = db.Column(db.Text, nullable=False)
"""pem_data (str): PEM Encoded Certificate Data"""
rsa_private_key_id = db.Column(db.Integer,
db.ForeignKey('rsa_private_keys.id'))
"""rsa_private_key_id (int): Foreign key reference to an RSAPrivateKey IF the private key was generated by us."""
rsa_private_key = db.relationship(
'RSAPrivateKey',
backref='certificates',
)
x509_cn = db.Column(db.String(64), nullable=True)
"""x509_cn (str): X.509 Common Name"""
x509_ou = db.Column(db.String(32))
"""x509_ou (str): X.509 Organizational Unit"""
x509_o = db.Column(db.String(64))
"""x509_o (str): X.509 Organization"""
x509_c = db.Column(db.String(2))
"""x509_c (str): X.509 2 letter Country Code"""
x509_st = db.Column(db.String(128))
"""x509_st (str): X.509 State or Location"""
not_before = db.Column(db.DateTime(timezone=False), nullable=False)
"""not_before (datetime): Certificate validity - not before"""
not_after = db.Column(db.DateTime(timezone=False), nullable=False)
"""not_after (datetime): Certificate validity - not after"""
serial = db.Column(db.BigInteger)
"""serial (int): Serial Number"""
# SHA-256 hash of DER-encoded certificate
fingerprint = db.Column(db.String(64),
nullable=False,
index=True,
unique=True) # Unique
"""fingerprint (str): SHA-256 hash of certificate"""
push_topic = db.Column(db.String,
nullable=True) # Only required for push certificate
"""push_topic (str): Only present for Push Certificates, the x.509 User ID field value"""
discriminator = db.Column(db.String(20))
"""discriminator (str): The type of certificate"""
__mapper_args__ = {
'polymorphic_on': discriminator,
'polymorphic_identity': 'certificates',
}
@classmethod
def from_crypto_type(cls, certificate: x509.Certificate,
certtype: CertificateType):
# type: (certtype, x509.Certificate, CertificateType) -> Certificate
m = cls()
m.pem_data = certificate.public_bytes(serialization.Encoding.PEM)
m.not_after = certificate.not_valid_after
m.not_before = certificate.not_valid_before
m.fingerprint = certificate.fingerprint(hashes.SHA256())
m.discriminator = certtype.value
m.serial = certificate.serial_number
subject: x509.Name = certificate.subject
cns = subject.get_attributes_for_oid(NameOID.COMMON_NAME)
if cns is not None:
m.x509_cn = cns[0].value
return m