更新时间:2022-04-18 22:31:13
如果仍然有人在使用Ruby签名和加密配置文件时遇到问题,下面的答案将是有用的。
Incase if still anybody is having issues with signing and encrypting the profile with Ruby, following answer would be useful.
I have used OpenSSL module available in Ruby and Plist gem.
考虑密码限制
passcode_payload ={
'PayloadUUID' => 'RANDOM_STRING_UUID',
'PayloadOrganization' => 'PayloadOrganization',
'PayloadVersion' => 1,
'PayloadIdentifier' => 'com.test.PayloadIdentifier',
'PayloadType' => 'Configuration',
'PayloadDisplayName' => 'PayloadDisplayName',
'PayloadRemovalDisallowed' => false
}
passcode_payload_content = {
'PayloadDescription' => 'PayloadDescription',
'PayloadDisplayName' => 'PayloadDisplayName',
'PayloadIdentifier' => 'PayloadIdentifier',
'PayloadOrganization' => 'PayloadOrganization',
'PayloadType' => 'com.apple.mobiledevice.passwordpolicy',
'PayloadUUID' => "RANDOM_STRING_UUID",
'PayloadVersion' => 1,
'allowSimple' => true,
'forcePIN' => true
'maxPINAgeInDays' => 20,
'minComplexChars' => 1,
'minLength' => 4,
'requireAlphanumeric' => true
}
**
**
通常,对于普通个人资料, passcode_payload_content
进入
passcode_payload ['PayloadContent']
作为字典数组。
Usually for a normal profile the passcode_payload_content
goes into the passcode_payload['PayloadContent']
as array of dictionaries.
passcode_payload ['PayloadContent'] = [passcode_payload_content]
但对于加密的个人资料, PayloadContent
并且应根据 EncryptedPayloadContent 。 html#// apple_ref / doc / uid / TP40010206-CH1-SW52rel =nofollow>配置个人资料键参考文档。
But for an encrypted profile, PayloadContent
should be removed and EncryptedPayloadContent
should be used as per the configuration profile key reference document.
,
要加密配置文件,请执行以下操作:
删除 PayloadContent $
请注意,此plist中的***对象是数组,而不是
字典。CMS将串行化plist加密为包络数据。
以DER格式序列化加密的数据。将序列化数据设置为
,作为配置文件中Data Plist项的值,使用键EncryptedPayloadContent
To encrypt a profile do the following:
Remove the PayloadContent
array and serialize it as a proper plist.Note that the top-level object in this plist is an array, not a dictionary. CMS-encrypt the serialized plist as enveloped data. Serialize the encrypted data in DER format. Set the serialized data as the value of as a Data plist item in the profile, using the key EncryptedPayloadContent
由于plist中的***对象应该是一个数组
Since top level object in the plist should be an array
passcode_payload_content_array = [passcode_payload_content]
序列化到正确的plist
Serializing to proper plist
to_be_encrypted_plist = passcode_payload_content_array.to_plist
加密凭证负载内容,
device_certificate = OpenSSL::X509::Certificate.new File.read('deviceIdentityCertificate.pem')
encrypted_payload = OpenSSL::PKCS7.encrypt([device_certificate],to_be_encrypted_plist, OpenSSL::Cipher::Cipher::new("des-ede3-cbc"),OpenSSL::PKCS7::BINARY)
添加加密的有效内容到原始有效负载的格式
Add encrypted payload content to the original payload in der format
passcode_payload['EncryptedPayloadContent'] = StringIO.new(encrypted_payload.to_der)
**
**
signed_passcode_profile = OpenSSL::PKCS7.sign(SSL_CERTIFICATE, SSL_KEY, passcode_payload.to_plist, [], OpenSSL::PKCS7::BINARY)
最后,可以使用
send_data signed_passcode_profile.to_der, :type => "application/x-apple-aspen-config"
发送有效载荷。