ios_config_profile 1.3.0

data/lib/ios_config_profile/device/device_information_payload.rb

@@ -0,0 +1,69 @@
+module IOSConfigProfile
+  class DeviceInformationPayload < Hash
+    include IOSConfigProfile::BasicPayload
+
+    def initialize
+      merge! device_information_request_payload
+    end
+
+    private
+
+    def device_information_request_payload
+      {
+        "RequestType" => "DeviceInformation",
+        "Queries" => queries,
+      }
+    end
+
+    def queries
+      GENERAL + ITUNES + DEVICE + NETWORK
+    end
+
+    GENERAL = %w[UDID Languages Locales DeviceID OrganizationInfo].freeze
+
+    ITUNES = %w[iTunesStoreAccountIsActive iTunesStoreAccountHash].freeze
+
+    DEVICE = %w[
+      DeviceName
+      OSVersion
+      BuildVersion
+      ModelName
+      Model
+      ProductName
+      SerialNumber
+      DeviceCapacity
+      AvailableDeviceCapacity
+      BatteryLevel
+      CellularTechnology
+      IMEI
+      MEID
+      ModemFirmwareVersion
+      IsSupervised
+      IsDeviceLocatorServiceEnabled
+      IsActivationLockEnabled
+      IsDoNotDisturbInEffect
+      DeviceID
+      EASDeviceIdentifier
+    ].freeze
+
+    NETWORK = %w[
+      ICCID
+      BluetoothMAC
+      WiFiMAC
+      EthernetMACs
+      CurrentCarrierNetwork
+      SIMCarrierNetwork
+      SubscriberCarrierNetwork
+      CarrierSettingsVersion
+      PhoneNumber
+      VoiceRoamingEnabled
+      DataRoamingEnabled
+      IsRoaming
+      PersonalHotspotEnabled
+      SubscriberMCC
+      SubscriberMNC
+      CurrentMCC
+      CurrentMNC
+    ].freeze
+  end
+end

data/lib/ios_config_profile/device/enrollment_payload.rb

@@ -0,0 +1,25 @@
+module IOSConfigProfile
+  class EnrollmentPayload < Array
+    include IOSConfigProfile::BasicPayload
+
+    attr_reader :url, :topic, :identity_cert, :identity_cert_password
+
+    def initialize(url, topic, identity_cert, identity_cert_password)
+      @url = url
+      @topic = topic
+      @identity_cert = identity_cert
+      @identity_cert_password = identity_cert_password
+      require_attributes :url, :topic, :identity_cert, :identity_cert_password
+      push security_payload
+      push mdm_payload
+    end
+
+    def mdm_payload
+      @mdm_payload ||= IOSConfigProfile::MDMPayload.new(url, security_payload, topic)
+    end
+
+    def security_payload
+      @security_payload ||= IOSConfigProfile::SecurityPayload.new(identity_cert, identity_cert_password)
+    end
+  end
+end

data/lib/ios_config_profile/device/erase_device_payload.rb

@@ -0,0 +1,18 @@
+module IOSConfigProfile
+  class EraseDevicePayload < Hash
+    include IOSConfigProfile::BasicPayload
+
+    def initialize
+      merge! erase_device_payload
+    end
+
+    private
+
+    def erase_device_payload
+      {
+        "RequestType" => "EraseDevice",
+
+      }
+    end
+  end
+end

data/lib/ios_config_profile/device/install_profile_payload.rb

@@ -0,0 +1,22 @@
+module IOSConfigProfile
+  class InstallProfilePayload < Hash
+    include IOSConfigProfile::BasicPayload
+
+    attr_accessor :profile
+
+    def initialize(profile)
+      self.profile = profile
+      require_attributes :profile
+      merge! install_profile_payload
+    end
+
+    private
+
+    def install_profile_payload
+      {
+        "RequestType" => "InstallProfile",
+        "Payload" => StringIO.new(profile),
+      }
+    end
+  end
+end

data/lib/ios_config_profile/device/lock_device_payload.rb

@@ -0,0 +1,17 @@
+module IOSConfigProfile
+  class LockDevicePayload < Hash
+    include IOSConfigProfile::BasicPayload
+
+    def initialize
+      merge! lock_device_payload
+    end
+
+    private
+
+    def lock_device_payload
+      {
+        "RequestType" => "DeviceLock",
+      }
+    end
+  end
+end

data/lib/ios_config_profile/device/mdm_payload.rb

@@ -0,0 +1,40 @@
+module IOSConfigProfile
+  class MDMPayload < Hash
+    include IOSConfigProfile::BasicPayload
+
+    attr_reader :url, :security_payload, :topic
+
+    def initialize(url, security_payload, topic)
+      raise "url must be https" if url[0, 5] != "https"
+      @url = url
+      @security_payload = security_payload
+      @topic = topic
+      require_attributes :url, :topic, :security_payload
+      replace mdm_payload
+    end
+
+    private
+
+    def mdm_payload
+      {
+        "Topic" => topic,
+        "ServerURL" => "#{url}/command",
+        "CheckInURL" => "#{url}/checkin",
+        "PayloadUUID" => uuid,
+        "IdentityCertificateUUID" => security_payload.uuid,
+
+        "SignMessage" => false,
+        "AccessRights" => 8191,
+        "UseDevelopmentAPNS" => false,
+        "CheckOutWhenRemoved" => true,
+
+        "PayloadType" => "com.apple.mdm",
+        "PayloadVersion" => 1,
+        "PayloadIdentifier" => "com.cellabusipcu.profile.mdm",
+        "PayloadDisplayName" => "Mobile Device Management",
+        "PayloadDescription" => "Configures Mobile Device Management",
+        "PayloadOrganization" => "Cellabus, Inc.",
+      }
+    end
+  end
+end

data/lib/ios_config_profile/device/remove_profile_payload.rb

@@ -0,0 +1,22 @@
+module IOSConfigProfile
+  class RemoveProfilePayload < Hash
+    include IOSConfigProfile::BasicPayload
+
+    attr_accessor :device_profile_identifier
+
+    def initialize(device_profile_identifier)
+      self.device_profile_identifier = device_profile_identifier
+      require_attributes :device_profile_identifier
+      merge! remove_profile_payload
+    end
+
+    private
+
+    def remove_profile_payload
+      {
+        "RequestType" => "RemoveProfile",
+        "Identifier" => device_profile_identifier,
+      }
+    end
+  end
+end

data/lib/ios_config_profile/device/restrictions_payload.rb

@@ -0,0 +1,144 @@
+module IOSConfigProfile
+  class RestrictionsPayload < Hash
+    include IOSConfigProfile::BasicPayload
+
+    def initialize(custom_values = nil)
+      payload = generate_restrictions(custom_values)
+      payload = add_boilerplate payload
+      merge! payload
+    end
+
+    def self.available_payloads
+      # key => [english description, default, (options)]
+      {
+        "allowAssistant" => ["Allow Siri", true],
+        "allowAssistantWhileLocked" => ["Allow Siri while device is locked", true],
+        "allowCamera" => ["Allow camera usage", true],
+        "allowCloudBackup" => ["Allow iCloud", true],
+        "allowCloudKeychainSync" => ["Allow cloud keychain synchronization", true],
+        "allowDiagnosticSubmission" => ["Allow automatic submission of diagnostic reports to Apple", true],
+        "allowFingerprintForUnlock" => ["Allow Touch ID (fingerprint) to unlock device", true],
+        "allowGlobalBackgroundFetchWhenRoaming" => ["Allow global background fetch activity when device is roaming", true],
+        "allowInAppPurchases" => ["Allow in-app purchasing", true],
+        "allowLockScreenControlCenter" => ["Allow Control Center on the Lock screen", true],
+        "allowLockScreenNotificationView" => ["Allow Notifications view in Notification Center on the lock screen", true],
+        "allowLockScreenTodayView" => ["Allow Today view in Notification Center on the lock screen", true],
+        "allowOpenFromManagedToUnmanaged" => ["Allow documents in managed apps and accounts to be opened in unmanaged apps and accounts", true],
+        "allowOpenFromUnmanagedToManaged" => ["Allow documents in unmanaged apps and accounts to be opened in managed apps and accounts", true],
+        "allowOTAPKIUpdates" => ["Allow over-the-air PKI updates", true],
+        "allowPassbookWhileLocked" => ["Allow Passbook notifications on the lock screen", true],
+        "allowPhotoStream" => ["Allow Photo Stream", true],
+        "safariAllowAutoFill" => ["Allow Safari auto-fill", true],
+        "safariForceFraudWarning" => ["Force Safari fraud warning", true],
+        "safariAllowJavascript" => ["Allow Safari to execute JavaScript", true],
+        "safariAllowPopups" => ["Allow Safari to show pop-up tabs", true],
+        "allowSharedStream" => ["Allow Shared Photo Stream", true],
+        "allowUntrustedTLSPrompt" => ["Allow untrusted HTTPS certificates", true],
+        "allowVoiceDialing" => ["Allow voice dialing", true],
+        "allowYouTube" => ["Allow YouTube", true],
+        "forceAssistantProfanityFilter" => ["Force profanity filter assistant", false],
+        "forceEncryptedBackup" => ["Force encrypt all backups", false],
+        "forceITunesStorePasswordEntry" => ["Force require iTunes password for each transaction", false],
+        "forceLimitAdTracking" => ["Limit ad tracking", false],
+        "forceAirPlayOutgoingRequestsPairingPassword" => ["Force all devices receiving AirPlay requests from this device to use a pairing password", false],
+        "forceAirPlayIncomingRequestsPairingPassword" => ["Force all devices sending AirPlay requests to this device to use a password", false],
+        "allowManagedAppsCloudSync" => ["Allow managed applications to use cloud sync", true],
+        "allowActivityContinuation" => ["Allow Activity Continuation", true],
+        "allowEnterpriseBookBackup" => ["Allow Enterprise books to be backed up", true],
+        "allowEnterpriseBookMetadataSync" => ["Allow Enterprise book notes and highlights to be synchronized", true],
+        "forceAirDropUnmanaged" => ["Consider AirDrop to be an unmanaged drop target (iOS 9+)", false],
+        "allowScreenShot" => ["Allow display screenshots (also allow screen recording for iOS 9+)", true],
+
+      }
+    end
+
+    def self.available_supervised_payloads
+      # key => [english description, default, (options)]
+      {
+        "allowiTunes" => ["Allow iTunes Music Store", true],
+        "allowVideoConferencing" => ["Allow video conferencing", true],
+        "allowAppInstallation" => ["Allow App Store installations and updates", true],
+        "allowAddingGameCenterFriends" => ["Allow adding Game Center friends", true],
+        "allowAppRemoval" => ["Allow removal of apps from iOS device", true],
+        "allowCloudDocumentSync" => ["Allow document and key-value syncing with iCloud", true],
+        "allowExplicitContent" => ["Allow explicit music or video content from iTunes Store", true],
+        "allowMultiplayerGaming" => ["Allow multiplayer gaming", true],
+        "allowSafari" => ["Allow Safari", true],
+        "allowAccountModification" => ["Allow account modification", true],
+        "allowAirDrop" => ["Allow AirDrop", true],
+        "allowAppCellularDataModification" => ["Allow changes to cellular data usage for apps", true],
+        "allowAssistantUserGeneratedContent" => ["Allow Siri to query user-generated content from the web", true],
+        "allowBookstore" => ["Allow iBookstore", true],
+        "allowBookstoreErotica" => ["Allow iBookstore media that has been tagged as erotica", true],
+        "allowChat" => ["Allow Messages app", true],
+        "allowFindMyFriendsModification" => ["Allow changes to Find My Friends", true],
+        "allowGameCenter" => ["Allow Game Center", true],
+        "allowHostPairing" => ["Allow host pairing (except for supervision host)", true],
+        "allowUIConfigurationProfileInstallation" => ["Allow installing configuration profiles and certificates interactively", true],
+        "allowEraseContentAndSettings" => ['Allow the "Erase All Content And Settings" option in the Reset UI', true],
+        "allowSpotlightInternetResults" => ["Allow Spotlight to return Internet search results", true],
+        "allowEnablingRestrictions" => ['Enable the "Enable Restrictions" option in the Restrictions UI in Settings', true],
+        "allowPodcasts" => ["Allow podcasts", true],
+        "allowDefinitionLookup" => ["Allow definition lookups", true],
+        "allowPredictiveKeyboard" => ["Allow predictive keyboards", true],
+        "allowAutoCorrection" => ["Allow keyboard auto-correction", true],
+        "allowSpellCheck" => ["Allow keyboard spell-check", true],
+        "allowUIAppInstallation" => ["Allow App Store (iOS 9+)", true],
+        "allowKeyboardShortcuts" => ["Allow keyboard shortcuts (iOS 9+)", true],
+        "allowPairedWatch" => ["Allow pairing of Apple watch (iOS 9+)", true],
+        "allowPasscodeModification" => ["Allow pairing of Apple watch (iOS 9+)", true],
+        "allowDeviceNameModification" => ["Allow device name to be changed (iOS 9+)", true],
+        "allowWallpaperModification" => ["Allow wallpaper to be changed (iOS 9+)", true],
+        "allowAutomaticAppDownloads" => ["Allow automatic downloading of apps purchased on other devices for the same iTunes account (iOS 9+)", false],
+        "allowEnterpriseAppTrust" => ["Trust enterprise apps (iOS 9+)", true],
+        "allowCloudPhotoLibrary" => ["Allow iCloud Photo Library (iOS 9+)", true],
+        "allowNews" => ["Allow Apple News", true],
+      }
+    end
+
+    private
+
+    def restrictions_payload
+      default_payload = {}
+      IOSConfigProfile::RestrictionsPayload.available_payloads.each { |k, v| default_payload[k] = v[1] }
+      IOSConfigProfile::RestrictionsPayload.available_supervised_payloads.each { |k, v| default_payload[k] = v[1] }
+      default_payload
+    end
+
+    def generate_restrictions(custom_values)
+      if not custom_values.is_a? Hash
+        custom_values = Hash.new
+      end
+      default_payload = restrictions_payload
+      payload = {}
+      custom_values.each do |k, v|
+        if not default_payload.has_key? k
+          next
+        end
+        if default_payload[k].to_s != v.to_s
+          payload[k] = v
+        end
+      end
+      payload
+    end
+
+    def add_boilerplate(payload)
+      content = {
+        "PayloadType" => "com.apple.applicationaccess",
+        "PayloadIdentifier" => "com.cellabus.restrictions",
+        "PayloadDescription" => "Restrict device capabilities",
+        "PayloadUUID" => uuid,
+        "PayloadRemovalDisallowed" => true,
+        "PayloadVersion" => 1,
+      }.merge payload
+      {
+        "PayloadContent" => [content],
+        "PayloadType" => "Configuration",
+        "PayloadDisplayName" => "Cellabus Device Restrictions",
+        "PayloadIdentifier" => "com.cellabus.config.mdm.#{SecureRandom.urlsafe_base64}",
+        "PayloadUUID" => uuid,
+        "PayloadVersion" => 1,
+      }
+    end
+  end
+end

data/lib/ios_config_profile/device/scep_payload.rb

@@ -0,0 +1,34 @@
+module IOSConfigProfile
+  class SCEPPayload < Hash
+    include IOSConfigProfile::BasicPayload
+
+    attr_accessor :url
+
+    def initialize(url)
+      self.url = url
+      require_attributes :url
+      merge! security_payload
+    end
+
+    private
+
+    def security_payload
+      {
+        "URL" => url,
+        # 'Name' => 'Cellabus SCEP Payload',
+        # 'Subject' => '',
+        # 'Challenge' => '',
+        # 'Keysize' => 1024,
+        # 'Key Type' => 'RSA',
+        # 'Key Usage' => 5,
+
+        "PayloadType" => "com.apple.security.scep",
+        "PayloadVersion" => 1,
+        "PayloadIdentifier" => "com.cellabus.profile.scep",
+        "PayloadDisplayName" => "Security",
+        "PayloadDescription" => "Provides device authentication (certificate or identity).",
+        "PayloadOrganization" => "",
+      }
+    end
+  end
+end

data/lib/ios_config_profile/device/security_payload.rb

@@ -0,0 +1,32 @@
+module IOSConfigProfile
+  class SecurityPayload < Hash
+    include IOSConfigProfile::BasicPayload
+
+    attr_accessor :content, :password
+
+    def initialize(content, password)
+      self.content = content
+      self.password = password
+      require_attributes :content, :password
+      merge! security_payload
+    end
+
+    private
+
+    def security_payload
+      {
+        "Password" => password,
+        "PayloadUUID" => uuid,
+        "PayloadContent" => StringIO.new(content),
+        "PayloadCertificateFileName" => "identity.p12",
+
+        "PayloadType" => "com.apple.security.pkcs12",
+        "PayloadVersion" => 1,
+        "PayloadIdentifier" => "com.cellabusipcu.profile.credential",
+        "PayloadDisplayName" => "Security",
+        "PayloadDescription" => "Provides device authentication (certificate or identity).",
+        "PayloadOrganization" => "Cellabus, Inc.",
+      }
+    end
+  end
+end

data/lib/ios_config_profile/device/set_device_name_payload.rb

@@ -0,0 +1,22 @@
+module IOSConfigProfile
+  class SetDeviceNamePayload < Hash
+    include IOSConfigProfile::BasicPayload
+
+    attr_accessor :new_device_name
+
+    def initialize(new_device_name)
+      self.new_device_name = new_device_name
+      require_attributes :new_device_name
+      merge! set_device_name_payload
+    end
+
+    private
+
+    def set_device_name_payload
+      {
+        "RequestType" => "Settings",
+        "Settings" => [{ "Item" => "DeviceName", "DeviceName" => new_device_name }],
+      }
+    end
+  end
+end