ios_config_profile 1.3.0

data/lib/ios_config_profile/device/vpn_payload.rb

@@ -0,0 +1,86 @@
+module IOSConfigProfile
+  class VPNPayload < Hash
+    include IOSConfigProfile::BasicPayload
+
+    # Hash containing :override_primary, :vpn_type
+    attr_accessor :vpn_config
+
+    def initialize(config)
+      self.vpn_config = config
+      require_attributes :vpn_config
+      merge! vpn_payload
+    end
+
+    private
+
+    def vpn_payload
+      {
+        "PayloadContent" => [{
+          "PayloadType" => "com.apple.vpn.managed",
+          "PayloadIdentifier" => "com.cellabus.vpn",
+          "PayloadDescription" => "Set up VPN networking access",
+          "PayloadUUID" => uuid,
+          "PayloadVersion" => 1,
+          "UserDefinedName" => "VPN",
+          "OverridePrimary" => vpn_config[:override_primary],
+          "VPNType" => vpn_config[:vpn_type],
+          "OnDemandEnabled" => 0,
+          "OnDemandRules" => [],
+          "VendorConfig" => get_vendor_config,
+        }],
+        "PayloadType" => "Configuration",
+        "PayloadDisplayName" => "Cellabus VPN Configuration",
+        "PayloadIdentifier" => "com.cellabus.vpn",
+        "PayloadUUID" => uuid,
+        "PayloadVersion" => 1,
+      }
+    end
+
+    def get_vendor_config
+      if vpn_config[:vpn_type] == "L2TP"
+        get_l2tp_config
+      elsif vpn_config[:vpn_type] == "PPTP"
+        raise NotImplementedError
+      elsif vpn_config[:vpn_type] == "IPSec"
+        get_ipsec_config
+      elsif vpn_config[:vpn_type] == "IKEv2"
+        raise NotImplementedError
+      elsif vpn_config[:vpn_type] == "AlwaysOn"
+        raise NotImplementedError
+      else
+        raise NotImplementedError
+      end
+    end
+
+    def get_l2tp_config
+      {
+        "AuthName" => vpn_config[:auth_name],
+        "AuthPassword" => vpn_config[:auth_password],
+        "TokenCard" => false,
+        "CommRemoteAccess" => vpn_config[:comm_remote_access],
+        "AuthEAPPlugins" => [],
+        "AuthProtocol" => [],
+        "CCPMPPE40Enabled" => false,
+        "CCPMPPE128Enabled" => false,
+        "CCPEnabled" => false,
+      }
+    end
+
+    def get_ipsec_config
+      config = {
+        "RemoteAddress" => vpn_config[:remote_address],
+        "AuthenticationMethod" => vpn_config[:authentication_method],
+        "XAuthName" => vpn_config[:x_auth_name],
+        "XAuthEnabled" => vpn_config[:x_auth_enabled],
+        "SharedSecret" => vpn_config[:shared_secret],
+        "PayloadCertificateUUID" => vpn_config[:payload_certificate_uuid],
+        "PromptForVPNPIN" => vpn_config[:prompt_for_vpn_pin],
+      }
+      if vpn_config[:authentication_method] == "SharedSecret"
+        config["LocalIdentifier"] = vpn_config[:local_identifier]
+        config["LocalIdentifierType"] = vpn_config[:local_identifier_type]
+      end
+      config
+    end
+  end
+end

data/lib/ios_config_profile/encrypted_payload.rb

@@ -0,0 +1,14 @@
+module IOSConfigProfile
+  class EncryptedPayload < IOSCertEnrollment::Profile
+    def initialize(payload)
+      super()
+      self.payload = payload.to_plist
+    end
+
+    # Encrypts the profile, wraps it into configuration profile and signs it
+    def encrypted_configuration(p7sign_certificates)
+      encrypted_profile = encrypt p7sign_certificates
+      configuration encrypted_profile.certificate
+    end
+  end
+end

data/lib/ios_config_profile/version.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+module IOSConfigProfile
+  VERSION = "1.3.0".freeze
+end

data/spec/basic_payload_spec.rb

@@ -0,0 +1,53 @@
+require "spec_helper"
+
+describe IOSConfigProfile::BasicPayload do
+  class Payload
+    include IOSConfigProfile::BasicPayload
+
+    def to_plist
+      "payload in plist format"
+    end
+  end
+
+  let(:payload) { Payload.new }
+
+  describe "#uuid" do
+    it "returns a uuid" do
+      uuid1 = payload.uuid
+      uuid2 = Payload.new.uuid
+      expect(uuid1).to_not eq uuid2
+    end
+  end
+
+  describe '#to_encrypted_payload' do
+    let(:payload) { Payload.new }
+
+    subject { payload.to_encrypted_payload }
+
+    it { is_expected.to be_an IOSConfigProfile::EncryptedPayload }
+    its(:payload) { should == "payload in plist format" }
+  end
+
+  describe '#to_command_payload' do
+    let(:payload) { Payload.new }
+
+    subject { payload.to_command_payload }
+
+    it { is_expected.to be_a IOSConfigProfile::CommandPayload }
+    its(:command) { should == payload }
+  end
+
+  describe "#require_attributes" do
+    it "will check for multiple attributes" do
+      payload.send(:require_attributes, :to_plist, :uuid)
+      expect { payload.send(:require_attributes, :to_plist, :asdf) }.to raise_error NoMethodError
+    end
+  end
+
+  describe "#require_attribute" do
+    it "will raise an error if the name doesn't exist" do
+      payload.send(:require_attribute, :to_plist)
+      expect { payload.send(:require_attribute, :asdf) }.to raise_error NoMethodError
+    end
+  end
+end

data/spec/command_payload_spec.rb

@@ -0,0 +1,12 @@
+require "spec_helper"
+
+describe IOSConfigProfile::CommandPayload do
+  subject { IOSConfigProfile::CommandPayload.new "command" }
+
+  its(:command) { should == "command" }
+
+  it "should have a payload" do
+    expect(subject["Command"]).to eq "command"
+    expect(subject["CommandUUID"]).to_not be_nil
+  end
+end

data/spec/content/install_application_payload_spec.rb

@@ -0,0 +1,15 @@
+require "spec_helper"
+
+describe IOSConfigProfile::InstallApplicationPayload do
+  let(:install_application_payload_attributes) do
+    {
+      "RequestType" => "InstallApplication",
+      "iTunesStoreID" => 265,
+      "ManagementFlags" => 1,
+    }
+  end
+
+  subject { IOSConfigProfile::InstallApplicationPayload.new 265 }
+
+  it { is_expected.to eq(install_application_payload_attributes) }
+end

data/spec/content/install_book_payload_spec.rb

@@ -0,0 +1,14 @@
+require "spec_helper"
+
+describe IOSConfigProfile::InstallBookPayload do
+  subject { IOSConfigProfile::InstallBookPayload }
+
+  describe "#initialize" do
+    it "has the correct payload" do
+      payload = subject.new("asdf")
+      expect(payload["RequestType"]).to eq "InstallMedia"
+      expect(payload["MediaType"]).to eq "Book"
+      expect(payload["iTunesStoreID"]).to eq "asdf"
+    end
+  end
+end

data/spec/content/install_doc_payload_spec.rb

@@ -0,0 +1,16 @@
+require "spec_helper"
+
+describe IOSConfigProfile::InstallDocPayload do
+  subject { IOSConfigProfile::InstallDocPayload }
+
+  describe "#initialize" do
+    it "has the correct payload" do
+      payload = subject.new("asdf", "qwer")
+      expect(payload["RequestType"]).to eq "InstallMedia"
+      expect(payload["MediaType"]).to eq "Book"
+      expect(payload["MediaURL"]).to eq "asdf"
+      expect(payload["Kind"]).to eq "pdf"
+      expect(payload["Title"]).to eq "qwer"
+    end
+  end
+end

data/spec/content/install_market_app_payload_spec.rb

@@ -0,0 +1,15 @@
+require "spec_helper"
+
+describe IOSConfigProfile::InstallMarketAppPayload do
+  let(:install_market_app_payload_attributes) do
+    {
+      "RequestType" => "InstallApplication",
+      "ManifestURL" => "https://cellabus.com/cellabus.plist",
+      "ManagementFlags" => 1,
+    }
+  end
+
+  subject { IOSConfigProfile::InstallMarketAppPayload.new "https://cellabus.com/cellabus.plist" }
+
+  it { is_expected.to eq(install_market_app_payload_attributes) }
+end

data/spec/content/installed_application_list_payload_spec.rb

@@ -0,0 +1,13 @@
+require "spec_helper"
+
+describe IOSConfigProfile::InstalledApplicationListPayload do
+  let(:installed_application_list_payload_attributes) do
+    {
+      "RequestType" => "InstalledApplicationList",
+    }
+  end
+
+  subject { IOSConfigProfile::InstalledApplicationListPayload.new }
+
+  it { is_expected.to eq(installed_application_list_payload_attributes) }
+end

data/spec/content/remove_application_payoad_spec.rb

@@ -0,0 +1,13 @@
+require "spec_helper"
+
+describe IOSConfigProfile::RemoveApplicationPayload do
+  subject { IOSConfigProfile::RemoveApplicationPayload }
+
+  describe "#initialize" do
+    it "has the correct payload" do
+      payload = subject.new("asdf")
+      expect(payload["RequestType"]).to eq "RemoveApplication"
+      expect(payload["Identifier"]).to eq "asdf"
+    end
+  end
+end

data/spec/content/remove_book_payload_spec.rb

@@ -0,0 +1,14 @@
+require "spec_helper"
+
+describe IOSConfigProfile::RemoveBookPayload do
+  subject { IOSConfigProfile::RemoveBookPayload }
+
+  describe "#initialize" do
+    it "has the correct payload" do
+      payload = subject.new("asdf")
+      expect(payload["RequestType"]).to eq "RemoveMedia"
+      expect(payload["MediaType"]).to eq "Book"
+      expect(payload["iTunesStoreID"]).to eq "asdf"
+    end
+  end
+end

data/spec/content/remove_doc_payload_spec.rb

@@ -0,0 +1,18 @@
+require "spec_helper"
+
+describe IOSConfigProfile::RemoveDocPayload do
+  subject { IOSConfigProfile::RemoveDocPayload }
+
+  describe "#initialize" do
+    it "must be initialized with a doc's url" do
+      payload = subject.new "1234"
+      expect(payload["PersistentID"]).to eq "com.cellabus.files.1234"
+      expect { subject.new nil }.to raise_error RuntimeError
+    end
+    it "has required payload values" do
+      payload = subject.new "1234"
+      expect(payload["RequestType"]).to eq "RemoveMedia"
+      expect(payload["MediaType"]).to eq "Book"
+    end
+  end
+end

data/spec/content/web_clip_payload_spec.rb

@@ -0,0 +1,22 @@
+require "spec_helper"
+
+describe IOSConfigProfile::WebClipPayload do
+  subject { IOSConfigProfile::WebClipPayload.new "asdf.com", "ASDF", "PNGasdf" }
+
+  it "contains valid Configuration entries" do
+    expect(subject["PayloadType"]).to eq "Configuration"
+    expect(subject["PayloadDisplayName"]).to eq "Cellabus Web Clip"
+  end
+
+  it "contains valid PayloadContent" do
+    expect(subject["PayloadContent"][0]["URL"]).to eq "asdf.com"
+    expect(subject["PayloadContent"][0]["Label"]).to eq "ASDF"
+    expect(subject["PayloadContent"][0]["Icon"].string[0, 3]).to eq "PNG"
+    expect(subject["PayloadContent"][0]["IsRemovable"]).to be_falsey
+    expect(subject["PayloadContent"][0]["PayloadType"]).to eq "com.apple.webClip.managed"
+  end
+
+  it "can be turned into an encrypted payload" do
+    expect(subject.to_encrypted_payload).to be
+  end
+end

data/spec/device/app_lock_payload_spec.rb

@@ -0,0 +1,23 @@
+require "spec_helper"
+
+describe IOSConfigProfile::AppLockPayload do
+  subject { IOSConfigProfile::AppLockPayload }
+
+  describe "#initialize" do
+    it "must be initialized with an app's bundle id" do
+      payload = subject.new "1234"
+      expect(payload["PayloadContent"][0]["App"]["Identifier"]).to eq "1234"
+      expect { subject.new nil }.to raise_error RuntimeError
+    end
+    it "has required payload values" do
+      payload = subject.new "1234"
+      expect(payload["PayloadIdentifier"]).to eq "com.cellabusapplock.profile.mdm"
+      expect(payload["PayloadContent"][0]["PayloadType"]).to eq "com.apple.app.lock"
+    end
+    it "has a uuid" do
+      payload1 = subject.new "1234"
+      payload2 = subject.new "1234"
+      expect(payload1["PayloadUUID"]).to_not eq payload2["PayloadUUID"]
+    end
+  end
+end

data/spec/device/clear_passcode_payload_spec.rb

@@ -0,0 +1,14 @@
+require "spec_helper"
+
+describe IOSConfigProfile::ClearPasscodePayload do
+  subject { IOSConfigProfile::ClearPasscodePayload }
+
+  describe "#initialize" do
+    it "requires an unlock token" do
+      token = "asdf"
+      payload = subject.new(token)
+      expect(payload["RequestType"]).to eq "ClearPasscode"
+      expect(payload["UnlockToken"].gets).to eq "asdf"
+    end
+  end
+end

data/spec/device/dep_payload_spec.rb

@@ -0,0 +1,18 @@
+require "spec_helper"
+
+describe IOSConfigProfile::DEPPayload do
+  subject { IOSConfigProfile::DEPPayload.new "https://example.com", "topic", "identity", "password" }
+
+  let(:mdm_payload) { double IOSConfigProfile::MDMPayload }
+  let(:security_payload) { double IOSConfigProfile::SecurityPayload }
+
+  before do
+    allow(IOSConfigProfile::MDMPayload).to receive(:new).and_return mdm_payload
+    allow(IOSConfigProfile::SecurityPayload).to receive(:new).and_return security_payload
+  end
+
+  it "has two payloads" do
+    expect(subject["PayloadContent"]).to eq([mdm_payload, security_payload])
+    expect(subject["PayloadType"]).to eq "Configuration"
+  end
+end

data/spec/device/device_information_payload_spec.rb

@@ -0,0 +1,28 @@
+require "spec_helper"
+
+describe IOSConfigProfile::DeviceInformationPayload do
+  let(:queries) do
+    %w[
+      UDID Languages Locales DeviceID OrganizationInfo iTunesStoreAccountIsActive iTunesStoreAccountHash
+      DeviceName OSVersion BuildVersion ModelName Model ProductName SerialNumber
+      DeviceCapacity AvailableDeviceCapacity BatteryLevel CellularTechnology IMEI
+      MEID ModemFirmwareVersion IsSupervised IsDeviceLocatorServiceEnabled
+      IsActivationLockEnabled IsDoNotDisturbInEffect DeviceID EASDeviceIdentifier
+      ICCID BluetoothMAC WiFiMAC EthernetMACs CurrentCarrierNetwork SIMCarrierNetwork
+      SubscriberCarrierNetwork CarrierSettingsVersion PhoneNumber VoiceRoamingEnabled
+      DataRoamingEnabled IsRoaming PersonalHotspotEnabled SubscriberMCC SubscriberMNC
+      CurrentMCC CurrentMNC
+    ]
+  end
+
+  let(:device_information_payload_attributes) do
+    {
+      "Queries" => queries,
+      "RequestType" => "DeviceInformation",
+    }
+  end
+
+  subject { IOSConfigProfile::DeviceInformationPayload.new }
+
+  it { is_expected.to eq(device_information_payload_attributes) }
+end

data/spec/device/enrollment_payload_spec.rb

@@ -0,0 +1,18 @@
+require "spec_helper"
+
+describe IOSConfigProfile::EnrollmentPayload do
+  subject { IOSConfigProfile::EnrollmentPayload.new "https://example.com", "topic", "identity", "password" }
+
+  let(:mdm_payload) { double IOSConfigProfile::MDMPayload }
+  let(:security_payload) { double IOSConfigProfile::SecurityPayload }
+
+  before do
+    allow(IOSConfigProfile::MDMPayload).to receive(:new).and_return mdm_payload
+    allow(IOSConfigProfile::SecurityPayload).to receive(:new).and_return security_payload
+  end
+
+  it { is_expected.to eq([security_payload, mdm_payload]) }
+  it "can be turned into encrypted payload" do
+    subject.to_encrypted_payload
+  end
+end