def create_from_dep_profile(self, dep_profile, serial_number, udid, payload):
# Build a new secret, only for one enrollment, only for this machine
# scep server.
enrollment_secret = dep_profile.enrollment_secret
meta_business_unit = enrollment_secret.meta_business_unit
tags = list(enrollment_secret.tags.all())
# verified only once with the SCEP payload
quota = 1
# expires 60 minutes from now, plenty enough for the device to contact the SCEP server
expired_at = timezone.now() + timedelta(hours=1)
new_es = EnrollmentSecret(
meta_business_unit=meta_business_unit,
serial_numbers=[serial_number],
udids=[udid],
quota=quota,
expired_at=expired_at,
)
new_es.save(secret_length=56) # CN max 64 - $ separator - prefix MDM$DEP
new_es.tags = tags
enrollment_session = self.model(status=self.model.STARTED,
dep_profile=dep_profile,
enrollment_secret=new_es)
enrollment_session.update_with_payload(payload)
return enrollment_session
def create_from_enrollment(self, enrollment, serial_number):
enrollment_secret = enrollment.secret
tags = list(enrollment_secret.tags.all())
new_es = EnrollmentSecret(
meta_business_unit=enrollment_secret.meta_business_unit,
serial_numbers=[serial_number],
quota=2, # Verified max twice. SCEP? + Enrollment completion
expired_at=enrollment_secret.expired_at)
new_es.save(secret_length=59) # CN max 64 - $ separator - FLBT prefix
new_es.tags.set(tags)
return self.create(enrollment=enrollment,
status=self.model.STARTED,
enrollment_secret=new_es)
def create_from_realm_user(self, ota_enrollment, realm_user):
enrollment_secret = ota_enrollment.enrollment_secret
tags = list(enrollment_secret.tags.all())
new_es = EnrollmentSecret(
meta_business_unit=enrollment_secret.meta_business_unit,
quota=3, # Verified three times: config profile download + 2 different SCEP payloads
expired_at=enrollment_secret.expired_at
)
new_es.save(secret_length=56) # CN max 64 - $ separator - prefix, ota or mdm$ota
new_es.tags.set(tags)
enrollment_session = self.model(status=self.model.PHASE_1,
ota_enrollment=ota_enrollment,
realm_user=realm_user,
enrollment_secret=new_es)
enrollment_session.save()
return enrollment_session
def create_from_ota_enrollment(self, ota_enrollment, serial_number, udid):
# Built a new secret that can be used only by one specific machine
enrollment_secret = ota_enrollment.enrollment_secret
tags = list(enrollment_secret.tags.all())
new_es = EnrollmentSecret(
meta_business_unit=enrollment_secret.meta_business_unit,
serial_numbers=[serial_number],
udids=[udid],
quota=2, # Verified twice with 2 different SCEP payloads
expired_at=enrollment_secret.expired_at
)
new_es.save(secret_length=60) # CN max 64 - $ separator - prefix, ota or mdm
new_es.tags = tags
return self.create(status=self.model.PHASE_2,
ota_enrollment=ota_enrollment,
enrollment_secret=new_es)