Add supervised configuration profile installs #472
Conversation
There was a problem hiding this comment.
- In general, please just reply with
doneto each CR comment so it's easier for us to review how you resolved each issue (we'll "Resolve" it when its done). - Don't include additional commits such as "fix cr comments". Simply ammend these changes into the previous commit so the git log would look clearer after merge (we use it to generate the changelog)
| @@ -54,6 +69,10 @@ def get_profile_list(self) -> Mapping: | |||
| def install_profile(self, payload: bytes) -> None: | |||
| self._send_recv({'RequestType': 'InstallProfile', 'Payload': payload}) | |||
|
|
|||
| def install_profile_silent(self, profile: bytes, pkcs12Bytes: bytes, password: str) -> None: | |||
There was a problem hiding this comment.
pkcs12Bytes is also a non-PEP8 naming convention.
zner0L
force-pushed
the
feature/install_profile_silent
branch
from
2064644 to
2ae47c4
Compare
| signed_challenge = PKCS7SignatureBuilder().set_data(escalate_response['Challenge']).add_signer(decrypted_p12.cert.certificate, decrypted_p12.key, hashes.SHA256()).sign(Encoding.DER, []) | ||
| self._send_recv({'RequestType': 'EscalateResponse', 'SignedRequest': signed_challenge}) | ||
| self._send_recv({'RequestType': 'ProceedWithKeybagMigration'}) | ||
| except TypeError as e: |
There was a problem hiding this comment.
Because you suggested it here: #472 (comment)
But I think I misunderstood you, the type error was raised by escalate_response.get('Challenge') and now that I changed it to index-access, I should catch an IndexError, shouldn’t I?
There was a problem hiding this comment.
Since you changed it to access Challenge with [] it will not raise TypeError but KeyError.
More than that - It seems like you are pretty sure Challenge will always exist in escalate_response - if this is the case you can remove the try except completely
zner0L
force-pushed
the
feature/install_profile_silent
branch
from
2ae47c4 to
90fb33a
Compare
| decrypted_p12 = load_pkcs12(pkcs12, password.encode('utf-8')) | ||
|
|
||
| escalate_response = self._send_recv({'RequestType': 'Escalate', 'SupervisorCertificate': decrypted_p12.cert.certificate.public_bytes(Encoding.DER)}) | ||
| signed_challenge = PKCS7SignatureBuilder().set_data(escalate_response['Challenge']).add_signer(decrypted_p12.cert.certificate, decrypted_p12.key, hashes.SHA256()).sign(Encoding.DER, []) |
There was a problem hiding this comment.
Can you please limit your line length according to PEP8?
There was a problem hiding this comment.
I ran autopep8 on both files now. I am sorry you had to critique the code style so much, I didn’t realize you were enforcing a code style standard and I am switching back and forth from JavaScript right now. Thanks for your patience!
zner0L
force-pushed
the
feature/install_profile_silent
branch
from
90fb33a to
de619c5
Compare
| def get_stored_profile(self, purpose: Purpose = Purpose.PostSetupInstallation) -> Mapping: | ||
| return self._send_recv({'RequestType': 'GetStoredProfile', 'Purpose': purpose.value}) | ||
|
|
||
| def store_profile(self, profile_data: bytes, purpose: Purpose = Purpose.PostSetupInstallation) -> None: | ||
| self._send_recv({'RequestType': 'StoreProfile', 'ProfileData': profile_data, 'Purpose': purpose.value}) |
There was a problem hiding this comment.
Sorry for telling it too late, but we use 120 characters line length so no need to change these lines
There was a problem hiding this comment.
Ah, no worries. I know myself how hard it is to maintain an open source project and keep track of all the unwritten contributing rules (or writing them down for that matter). Thank you for keeping this project running!
I should have fixed all the code style issue now.
There was a problem hiding this comment.
Thank you for your contribution! It is really appreciated!
zner0L
force-pushed
the
feature/install_profile_silent
branch
from
de619c5 to
0dfbcbd
Compare
zner0L
force-pushed
the
feature/install_profile_silent
branch
from
0dfbcbd to
bd10b65
Compare
I am trying to install configuration profiles without user interaction, mainly to install and certificate authorities automatically. In my research (tweaselORG/appstraction#44 (comment)), I stumbled over device supervision and noticed your library was missing that functionality. However, https://github.com/danielpaulus/go-ios managed to implement it, so using their research, I implemented the
InstallProfileSilentrequest intopymobiledevice3.This way, you can now install configuration profiles on the device silently, if the device has been supervised and you have access to the supervising certificate and key. If you don’t want to reset your device, but have jailbroken it, you can also refer to the linked issue for how to set up supervision.
I tested this on iOS 16.4.1 on an iPhone X.