ios_config_profile 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (71) hide show
  1. checksums.yaml +7 -0
  2. data/.codeclimate.yml +9 -0
  3. data/.gitignore +35 -0
  4. data/.rspec +2 -0
  5. data/.rubocop.yml +602 -0
  6. data/.simplecov +4 -0
  7. data/CHANGELOG.md +67 -0
  8. data/CODE_OF_CONDUCT.md +13 -0
  9. data/Gemfile +5 -0
  10. data/LICENSE +661 -0
  11. data/README.md +15 -0
  12. data/Rakefile +5 -0
  13. data/ios_config_profile.gemspec +28 -0
  14. data/lib/ios_config_profile.rb +8 -0
  15. data/lib/ios_config_profile/basic_payload.rb +31 -0
  16. data/lib/ios_config_profile/command_payload.rb +24 -0
  17. data/lib/ios_config_profile/content/install_application_payload.rb +23 -0
  18. data/lib/ios_config_profile/content/install_book_payload.rb +23 -0
  19. data/lib/ios_config_profile/content/install_doc_payload.rb +27 -0
  20. data/lib/ios_config_profile/content/install_market_app_payload.rb +23 -0
  21. data/lib/ios_config_profile/content/installed_application_list_payload.rb +17 -0
  22. data/lib/ios_config_profile/content/remove_application_payload.rb +22 -0
  23. data/lib/ios_config_profile/content/remove_book_payload.rb +23 -0
  24. data/lib/ios_config_profile/content/remove_doc_payload.rb +23 -0
  25. data/lib/ios_config_profile/content/web_clip_payload.rb +38 -0
  26. data/lib/ios_config_profile/device/app_lock_payload.rb +33 -0
  27. data/lib/ios_config_profile/device/clear_passcode_payload.rb +24 -0
  28. data/lib/ios_config_profile/device/dep_payload.rb +40 -0
  29. data/lib/ios_config_profile/device/device_information_payload.rb +69 -0
  30. data/lib/ios_config_profile/device/enrollment_payload.rb +25 -0
  31. data/lib/ios_config_profile/device/erase_device_payload.rb +18 -0
  32. data/lib/ios_config_profile/device/install_profile_payload.rb +22 -0
  33. data/lib/ios_config_profile/device/lock_device_payload.rb +17 -0
  34. data/lib/ios_config_profile/device/mdm_payload.rb +40 -0
  35. data/lib/ios_config_profile/device/remove_profile_payload.rb +22 -0
  36. data/lib/ios_config_profile/device/restrictions_payload.rb +144 -0
  37. data/lib/ios_config_profile/device/scep_payload.rb +34 -0
  38. data/lib/ios_config_profile/device/security_payload.rb +32 -0
  39. data/lib/ios_config_profile/device/set_device_name_payload.rb +22 -0
  40. data/lib/ios_config_profile/device/vpn_payload.rb +86 -0
  41. data/lib/ios_config_profile/encrypted_payload.rb +14 -0
  42. data/lib/ios_config_profile/version.rb +4 -0
  43. data/spec/basic_payload_spec.rb +53 -0
  44. data/spec/command_payload_spec.rb +12 -0
  45. data/spec/content/install_application_payload_spec.rb +15 -0
  46. data/spec/content/install_book_payload_spec.rb +14 -0
  47. data/spec/content/install_doc_payload_spec.rb +16 -0
  48. data/spec/content/install_market_app_payload_spec.rb +15 -0
  49. data/spec/content/installed_application_list_payload_spec.rb +13 -0
  50. data/spec/content/remove_application_payoad_spec.rb +13 -0
  51. data/spec/content/remove_book_payload_spec.rb +14 -0
  52. data/spec/content/remove_doc_payload_spec.rb +18 -0
  53. data/spec/content/web_clip_payload_spec.rb +22 -0
  54. data/spec/device/app_lock_payload_spec.rb +23 -0
  55. data/spec/device/clear_passcode_payload_spec.rb +14 -0
  56. data/spec/device/dep_payload_spec.rb +18 -0
  57. data/spec/device/device_information_payload_spec.rb +28 -0
  58. data/spec/device/enrollment_payload_spec.rb +18 -0
  59. data/spec/device/erase_device_payload_spec.rb +11 -0
  60. data/spec/device/install_profile_payload_spec.rb +13 -0
  61. data/spec/device/lock_device_payload_spec.rb +11 -0
  62. data/spec/device/mdm_payload_spec.rb +41 -0
  63. data/spec/device/remove_profile_payload_spec.rb +14 -0
  64. data/spec/device/restrictions_payload_spec.rb +42 -0
  65. data/spec/device/scep_payload_spec.rb +14 -0
  66. data/spec/device/security_payload_spec.rb +29 -0
  67. data/spec/device/set_device_name_payload_spec.rb +14 -0
  68. data/spec/device/vpn_payload_spec.rb +75 -0
  69. data/spec/encrypted_payload_spec.rb +26 -0
  70. data/spec/spec_helper.rb +14 -0
  71. metadata +241 -0
@@ -0,0 +1,69 @@
1
+ module IOSConfigProfile
2
+ class DeviceInformationPayload < Hash
3
+ include IOSConfigProfile::BasicPayload
4
+
5
+ def initialize
6
+ merge! device_information_request_payload
7
+ end
8
+
9
+ private
10
+
11
+ def device_information_request_payload
12
+ {
13
+ "RequestType" => "DeviceInformation",
14
+ "Queries" => queries,
15
+ }
16
+ end
17
+
18
+ def queries
19
+ GENERAL + ITUNES + DEVICE + NETWORK
20
+ end
21
+
22
+ GENERAL = %w[UDID Languages Locales DeviceID OrganizationInfo].freeze
23
+
24
+ ITUNES = %w[iTunesStoreAccountIsActive iTunesStoreAccountHash].freeze
25
+
26
+ DEVICE = %w[
27
+ DeviceName
28
+ OSVersion
29
+ BuildVersion
30
+ ModelName
31
+ Model
32
+ ProductName
33
+ SerialNumber
34
+ DeviceCapacity
35
+ AvailableDeviceCapacity
36
+ BatteryLevel
37
+ CellularTechnology
38
+ IMEI
39
+ MEID
40
+ ModemFirmwareVersion
41
+ IsSupervised
42
+ IsDeviceLocatorServiceEnabled
43
+ IsActivationLockEnabled
44
+ IsDoNotDisturbInEffect
45
+ DeviceID
46
+ EASDeviceIdentifier
47
+ ].freeze
48
+
49
+ NETWORK = %w[
50
+ ICCID
51
+ BluetoothMAC
52
+ WiFiMAC
53
+ EthernetMACs
54
+ CurrentCarrierNetwork
55
+ SIMCarrierNetwork
56
+ SubscriberCarrierNetwork
57
+ CarrierSettingsVersion
58
+ PhoneNumber
59
+ VoiceRoamingEnabled
60
+ DataRoamingEnabled
61
+ IsRoaming
62
+ PersonalHotspotEnabled
63
+ SubscriberMCC
64
+ SubscriberMNC
65
+ CurrentMCC
66
+ CurrentMNC
67
+ ].freeze
68
+ end
69
+ end
@@ -0,0 +1,25 @@
1
+ module IOSConfigProfile
2
+ class EnrollmentPayload < Array
3
+ include IOSConfigProfile::BasicPayload
4
+
5
+ attr_reader :url, :topic, :identity_cert, :identity_cert_password
6
+
7
+ def initialize(url, topic, identity_cert, identity_cert_password)
8
+ @url = url
9
+ @topic = topic
10
+ @identity_cert = identity_cert
11
+ @identity_cert_password = identity_cert_password
12
+ require_attributes :url, :topic, :identity_cert, :identity_cert_password
13
+ push security_payload
14
+ push mdm_payload
15
+ end
16
+
17
+ def mdm_payload
18
+ @mdm_payload ||= IOSConfigProfile::MDMPayload.new(url, security_payload, topic)
19
+ end
20
+
21
+ def security_payload
22
+ @security_payload ||= IOSConfigProfile::SecurityPayload.new(identity_cert, identity_cert_password)
23
+ end
24
+ end
25
+ end
@@ -0,0 +1,18 @@
1
+ module IOSConfigProfile
2
+ class EraseDevicePayload < Hash
3
+ include IOSConfigProfile::BasicPayload
4
+
5
+ def initialize
6
+ merge! erase_device_payload
7
+ end
8
+
9
+ private
10
+
11
+ def erase_device_payload
12
+ {
13
+ "RequestType" => "EraseDevice",
14
+
15
+ }
16
+ end
17
+ end
18
+ end
@@ -0,0 +1,22 @@
1
+ module IOSConfigProfile
2
+ class InstallProfilePayload < Hash
3
+ include IOSConfigProfile::BasicPayload
4
+
5
+ attr_accessor :profile
6
+
7
+ def initialize(profile)
8
+ self.profile = profile
9
+ require_attributes :profile
10
+ merge! install_profile_payload
11
+ end
12
+
13
+ private
14
+
15
+ def install_profile_payload
16
+ {
17
+ "RequestType" => "InstallProfile",
18
+ "Payload" => StringIO.new(profile),
19
+ }
20
+ end
21
+ end
22
+ end
@@ -0,0 +1,17 @@
1
+ module IOSConfigProfile
2
+ class LockDevicePayload < Hash
3
+ include IOSConfigProfile::BasicPayload
4
+
5
+ def initialize
6
+ merge! lock_device_payload
7
+ end
8
+
9
+ private
10
+
11
+ def lock_device_payload
12
+ {
13
+ "RequestType" => "DeviceLock",
14
+ }
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,40 @@
1
+ module IOSConfigProfile
2
+ class MDMPayload < Hash
3
+ include IOSConfigProfile::BasicPayload
4
+
5
+ attr_reader :url, :security_payload, :topic
6
+
7
+ def initialize(url, security_payload, topic)
8
+ raise "url must be https" if url[0, 5] != "https"
9
+ @url = url
10
+ @security_payload = security_payload
11
+ @topic = topic
12
+ require_attributes :url, :topic, :security_payload
13
+ replace mdm_payload
14
+ end
15
+
16
+ private
17
+
18
+ def mdm_payload
19
+ {
20
+ "Topic" => topic,
21
+ "ServerURL" => "#{url}/command",
22
+ "CheckInURL" => "#{url}/checkin",
23
+ "PayloadUUID" => uuid,
24
+ "IdentityCertificateUUID" => security_payload.uuid,
25
+
26
+ "SignMessage" => false,
27
+ "AccessRights" => 8191,
28
+ "UseDevelopmentAPNS" => false,
29
+ "CheckOutWhenRemoved" => true,
30
+
31
+ "PayloadType" => "com.apple.mdm",
32
+ "PayloadVersion" => 1,
33
+ "PayloadIdentifier" => "com.cellabusipcu.profile.mdm",
34
+ "PayloadDisplayName" => "Mobile Device Management",
35
+ "PayloadDescription" => "Configures Mobile Device Management",
36
+ "PayloadOrganization" => "Cellabus, Inc.",
37
+ }
38
+ end
39
+ end
40
+ end
@@ -0,0 +1,22 @@
1
+ module IOSConfigProfile
2
+ class RemoveProfilePayload < Hash
3
+ include IOSConfigProfile::BasicPayload
4
+
5
+ attr_accessor :device_profile_identifier
6
+
7
+ def initialize(device_profile_identifier)
8
+ self.device_profile_identifier = device_profile_identifier
9
+ require_attributes :device_profile_identifier
10
+ merge! remove_profile_payload
11
+ end
12
+
13
+ private
14
+
15
+ def remove_profile_payload
16
+ {
17
+ "RequestType" => "RemoveProfile",
18
+ "Identifier" => device_profile_identifier,
19
+ }
20
+ end
21
+ end
22
+ end
@@ -0,0 +1,144 @@
1
+ module IOSConfigProfile
2
+ class RestrictionsPayload < Hash
3
+ include IOSConfigProfile::BasicPayload
4
+
5
+ def initialize(custom_values = nil)
6
+ payload = generate_restrictions(custom_values)
7
+ payload = add_boilerplate payload
8
+ merge! payload
9
+ end
10
+
11
+ def self.available_payloads
12
+ # key => [english description, default, (options)]
13
+ {
14
+ "allowAssistant" => ["Allow Siri", true],
15
+ "allowAssistantWhileLocked" => ["Allow Siri while device is locked", true],
16
+ "allowCamera" => ["Allow camera usage", true],
17
+ "allowCloudBackup" => ["Allow iCloud", true],
18
+ "allowCloudKeychainSync" => ["Allow cloud keychain synchronization", true],
19
+ "allowDiagnosticSubmission" => ["Allow automatic submission of diagnostic reports to Apple", true],
20
+ "allowFingerprintForUnlock" => ["Allow Touch ID (fingerprint) to unlock device", true],
21
+ "allowGlobalBackgroundFetchWhenRoaming" => ["Allow global background fetch activity when device is roaming", true],
22
+ "allowInAppPurchases" => ["Allow in-app purchasing", true],
23
+ "allowLockScreenControlCenter" => ["Allow Control Center on the Lock screen", true],
24
+ "allowLockScreenNotificationView" => ["Allow Notifications view in Notification Center on the lock screen", true],
25
+ "allowLockScreenTodayView" => ["Allow Today view in Notification Center on the lock screen", true],
26
+ "allowOpenFromManagedToUnmanaged" => ["Allow documents in managed apps and accounts to be opened in unmanaged apps and accounts", true],
27
+ "allowOpenFromUnmanagedToManaged" => ["Allow documents in unmanaged apps and accounts to be opened in managed apps and accounts", true],
28
+ "allowOTAPKIUpdates" => ["Allow over-the-air PKI updates", true],
29
+ "allowPassbookWhileLocked" => ["Allow Passbook notifications on the lock screen", true],
30
+ "allowPhotoStream" => ["Allow Photo Stream", true],
31
+ "safariAllowAutoFill" => ["Allow Safari auto-fill", true],
32
+ "safariForceFraudWarning" => ["Force Safari fraud warning", true],
33
+ "safariAllowJavascript" => ["Allow Safari to execute JavaScript", true],
34
+ "safariAllowPopups" => ["Allow Safari to show pop-up tabs", true],
35
+ "allowSharedStream" => ["Allow Shared Photo Stream", true],
36
+ "allowUntrustedTLSPrompt" => ["Allow untrusted HTTPS certificates", true],
37
+ "allowVoiceDialing" => ["Allow voice dialing", true],
38
+ "allowYouTube" => ["Allow YouTube", true],
39
+ "forceAssistantProfanityFilter" => ["Force profanity filter assistant", false],
40
+ "forceEncryptedBackup" => ["Force encrypt all backups", false],
41
+ "forceITunesStorePasswordEntry" => ["Force require iTunes password for each transaction", false],
42
+ "forceLimitAdTracking" => ["Limit ad tracking", false],
43
+ "forceAirPlayOutgoingRequestsPairingPassword" => ["Force all devices receiving AirPlay requests from this device to use a pairing password", false],
44
+ "forceAirPlayIncomingRequestsPairingPassword" => ["Force all devices sending AirPlay requests to this device to use a password", false],
45
+ "allowManagedAppsCloudSync" => ["Allow managed applications to use cloud sync", true],
46
+ "allowActivityContinuation" => ["Allow Activity Continuation", true],
47
+ "allowEnterpriseBookBackup" => ["Allow Enterprise books to be backed up", true],
48
+ "allowEnterpriseBookMetadataSync" => ["Allow Enterprise book notes and highlights to be synchronized", true],
49
+ "forceAirDropUnmanaged" => ["Consider AirDrop to be an unmanaged drop target (iOS 9+)", false],
50
+ "allowScreenShot" => ["Allow display screenshots (also allow screen recording for iOS 9+)", true],
51
+
52
+ }
53
+ end
54
+
55
+ def self.available_supervised_payloads
56
+ # key => [english description, default, (options)]
57
+ {
58
+ "allowiTunes" => ["Allow iTunes Music Store", true],
59
+ "allowVideoConferencing" => ["Allow video conferencing", true],
60
+ "allowAppInstallation" => ["Allow App Store installations and updates", true],
61
+ "allowAddingGameCenterFriends" => ["Allow adding Game Center friends", true],
62
+ "allowAppRemoval" => ["Allow removal of apps from iOS device", true],
63
+ "allowCloudDocumentSync" => ["Allow document and key-value syncing with iCloud", true],
64
+ "allowExplicitContent" => ["Allow explicit music or video content from iTunes Store", true],
65
+ "allowMultiplayerGaming" => ["Allow multiplayer gaming", true],
66
+ "allowSafari" => ["Allow Safari", true],
67
+ "allowAccountModification" => ["Allow account modification", true],
68
+ "allowAirDrop" => ["Allow AirDrop", true],
69
+ "allowAppCellularDataModification" => ["Allow changes to cellular data usage for apps", true],
70
+ "allowAssistantUserGeneratedContent" => ["Allow Siri to query user-generated content from the web", true],
71
+ "allowBookstore" => ["Allow iBookstore", true],
72
+ "allowBookstoreErotica" => ["Allow iBookstore media that has been tagged as erotica", true],
73
+ "allowChat" => ["Allow Messages app", true],
74
+ "allowFindMyFriendsModification" => ["Allow changes to Find My Friends", true],
75
+ "allowGameCenter" => ["Allow Game Center", true],
76
+ "allowHostPairing" => ["Allow host pairing (except for supervision host)", true],
77
+ "allowUIConfigurationProfileInstallation" => ["Allow installing configuration profiles and certificates interactively", true],
78
+ "allowEraseContentAndSettings" => ['Allow the "Erase All Content And Settings" option in the Reset UI', true],
79
+ "allowSpotlightInternetResults" => ["Allow Spotlight to return Internet search results", true],
80
+ "allowEnablingRestrictions" => ['Enable the "Enable Restrictions" option in the Restrictions UI in Settings', true],
81
+ "allowPodcasts" => ["Allow podcasts", true],
82
+ "allowDefinitionLookup" => ["Allow definition lookups", true],
83
+ "allowPredictiveKeyboard" => ["Allow predictive keyboards", true],
84
+ "allowAutoCorrection" => ["Allow keyboard auto-correction", true],
85
+ "allowSpellCheck" => ["Allow keyboard spell-check", true],
86
+ "allowUIAppInstallation" => ["Allow App Store (iOS 9+)", true],
87
+ "allowKeyboardShortcuts" => ["Allow keyboard shortcuts (iOS 9+)", true],
88
+ "allowPairedWatch" => ["Allow pairing of Apple watch (iOS 9+)", true],
89
+ "allowPasscodeModification" => ["Allow pairing of Apple watch (iOS 9+)", true],
90
+ "allowDeviceNameModification" => ["Allow device name to be changed (iOS 9+)", true],
91
+ "allowWallpaperModification" => ["Allow wallpaper to be changed (iOS 9+)", true],
92
+ "allowAutomaticAppDownloads" => ["Allow automatic downloading of apps purchased on other devices for the same iTunes account (iOS 9+)", false],
93
+ "allowEnterpriseAppTrust" => ["Trust enterprise apps (iOS 9+)", true],
94
+ "allowCloudPhotoLibrary" => ["Allow iCloud Photo Library (iOS 9+)", true],
95
+ "allowNews" => ["Allow Apple News", true],
96
+ }
97
+ end
98
+
99
+ private
100
+
101
+ def restrictions_payload
102
+ default_payload = {}
103
+ IOSConfigProfile::RestrictionsPayload.available_payloads.each { |k, v| default_payload[k] = v[1] }
104
+ IOSConfigProfile::RestrictionsPayload.available_supervised_payloads.each { |k, v| default_payload[k] = v[1] }
105
+ default_payload
106
+ end
107
+
108
+ def generate_restrictions(custom_values)
109
+ if not custom_values.is_a? Hash
110
+ custom_values = Hash.new
111
+ end
112
+ default_payload = restrictions_payload
113
+ payload = {}
114
+ custom_values.each do |k, v|
115
+ if not default_payload.has_key? k
116
+ next
117
+ end
118
+ if default_payload[k].to_s != v.to_s
119
+ payload[k] = v
120
+ end
121
+ end
122
+ payload
123
+ end
124
+
125
+ def add_boilerplate(payload)
126
+ content = {
127
+ "PayloadType" => "com.apple.applicationaccess",
128
+ "PayloadIdentifier" => "com.cellabus.restrictions",
129
+ "PayloadDescription" => "Restrict device capabilities",
130
+ "PayloadUUID" => uuid,
131
+ "PayloadRemovalDisallowed" => true,
132
+ "PayloadVersion" => 1,
133
+ }.merge payload
134
+ {
135
+ "PayloadContent" => [content],
136
+ "PayloadType" => "Configuration",
137
+ "PayloadDisplayName" => "Cellabus Device Restrictions",
138
+ "PayloadIdentifier" => "com.cellabus.config.mdm.#{SecureRandom.urlsafe_base64}",
139
+ "PayloadUUID" => uuid,
140
+ "PayloadVersion" => 1,
141
+ }
142
+ end
143
+ end
144
+ end
@@ -0,0 +1,34 @@
1
+ module IOSConfigProfile
2
+ class SCEPPayload < Hash
3
+ include IOSConfigProfile::BasicPayload
4
+
5
+ attr_accessor :url
6
+
7
+ def initialize(url)
8
+ self.url = url
9
+ require_attributes :url
10
+ merge! security_payload
11
+ end
12
+
13
+ private
14
+
15
+ def security_payload
16
+ {
17
+ "URL" => url,
18
+ # 'Name' => 'Cellabus SCEP Payload',
19
+ # 'Subject' => '',
20
+ # 'Challenge' => '',
21
+ # 'Keysize' => 1024,
22
+ # 'Key Type' => 'RSA',
23
+ # 'Key Usage' => 5,
24
+
25
+ "PayloadType" => "com.apple.security.scep",
26
+ "PayloadVersion" => 1,
27
+ "PayloadIdentifier" => "com.cellabus.profile.scep",
28
+ "PayloadDisplayName" => "Security",
29
+ "PayloadDescription" => "Provides device authentication (certificate or identity).",
30
+ "PayloadOrganization" => "",
31
+ }
32
+ end
33
+ end
34
+ end
@@ -0,0 +1,32 @@
1
+ module IOSConfigProfile
2
+ class SecurityPayload < Hash
3
+ include IOSConfigProfile::BasicPayload
4
+
5
+ attr_accessor :content, :password
6
+
7
+ def initialize(content, password)
8
+ self.content = content
9
+ self.password = password
10
+ require_attributes :content, :password
11
+ merge! security_payload
12
+ end
13
+
14
+ private
15
+
16
+ def security_payload
17
+ {
18
+ "Password" => password,
19
+ "PayloadUUID" => uuid,
20
+ "PayloadContent" => StringIO.new(content),
21
+ "PayloadCertificateFileName" => "identity.p12",
22
+
23
+ "PayloadType" => "com.apple.security.pkcs12",
24
+ "PayloadVersion" => 1,
25
+ "PayloadIdentifier" => "com.cellabusipcu.profile.credential",
26
+ "PayloadDisplayName" => "Security",
27
+ "PayloadDescription" => "Provides device authentication (certificate or identity).",
28
+ "PayloadOrganization" => "Cellabus, Inc.",
29
+ }
30
+ end
31
+ end
32
+ end
@@ -0,0 +1,22 @@
1
+ module IOSConfigProfile
2
+ class SetDeviceNamePayload < Hash
3
+ include IOSConfigProfile::BasicPayload
4
+
5
+ attr_accessor :new_device_name
6
+
7
+ def initialize(new_device_name)
8
+ self.new_device_name = new_device_name
9
+ require_attributes :new_device_name
10
+ merge! set_device_name_payload
11
+ end
12
+
13
+ private
14
+
15
+ def set_device_name_payload
16
+ {
17
+ "RequestType" => "Settings",
18
+ "Settings" => [{ "Item" => "DeviceName", "DeviceName" => new_device_name }],
19
+ }
20
+ end
21
+ end
22
+ end