cfgprofiles

package module
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 15, 2023 License: Unlicense Imports: 7 Imported by: 2

README

Structs and helpers for working with Apple Configuration Profiles in go.

Package cfgprofiles provides structs and helpers for working with Apple Configuration Profiles in go.

Go Reference

Note: marshaling and unmarshaling are dependent on the https://github.com/groob/plist package.

Example unmarshaling (parsing):

b, _ := ioutil.ReadFile("profile.mobileconfig")
p := &cfgprofiles.Profile{}
_ := plist.Unmarshal(b, p)
fmt.Println(p.PayloadIdentifier)
// returns: "com.my.profile.id"

Example marshaling:

p := cfgprofiles.NewProfile("com.my.profile.id")
pld := cfgprofiles.NewCertificatePKCS1Payload("com.my.profile.id.payload")
cert, _ := x509.ParseCertificate(certBytes)
pld.PayloadContent = cert.Raw
p.AddPayload(pld)
b, _ := plist.Marshal(p)
fmt.Println(string(b))
// returns "<?xml version="1.0" encod [...] <key>PayloadContent</key><data>MIIEPjCCAy [...]"

Documentation

Overview

Package cfgprofiles provides structs and helpers for working with Apple Configuration Profiles in go. Note that marshaling and unmarshaling are dependent on the https://github.com/groob/plist package.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ACMECertificatePayload added in v0.4.0 

type ACMECertificatePayload struct {
	Payload
	AllowAllAppsAccess bool            `plist:",omitempty"`
	Attest             bool            `plist:",omitempty"`
	ClientIdentifier   string          `plist:",omitempty"`
	DirectoryURL       string          `plist:",omitempty"`
	ExtendedKeyUsage   []string        `plist:",omitempty"`
	HardwareBound      bool            `plist:",omitempty"`
	KeySize            int             `plist:",omitempty"`
	KeyIsExtractable   *bool           `plist:",omitempty"` // default true
	KeyType            string          `plist:",omitempty"` // Possible values: RSA, ECSECPrimeRandom
	Subject            [][][]string    `plist:",omitempty"` // Example: [ [ ["C", "US"] ], [ ["O", "Apple Inc."] ], ..., [ [ "1.2.5.3", "bar" ] ] ]
	UsageFlags         int             `plist:",omitempty"`
	SubjectAltName     *SubjectAltName `plist:",omitempty"`
}

ACMECertificatePayload represents the "com.apple.security.acme" PayloadType. See https://developer.apple.com/documentation/devicemanagement/acmecertificate

func NewACMECertificatePayload added in v0.4.0 

func NewACMECertificatePayload(i string) *ACMECertificatePayload

NewACMECertificatePayload creates a new payload with identifier i

type CertificatePKCS1Payload 

type CertificatePKCS1Payload struct {
	Payload
	PayloadCertificateFileName string `plist:",omitempty"`
	PayloadContent             []byte
}

CertificatePKCS1Payload represents the "com.apple.security.pkcs1" PayloadType. See https://developer.apple.com/documentation/devicemanagement/certificatepkcs1

func NewCertificatePKCS1Payload 

func NewCertificatePKCS1Payload(i string) *CertificatePKCS1Payload

NewCertificatePKCS1Payload creates a new payload with identifier i

type MDMPayload 

type MDMPayload struct {
	Payload
	IdentityCertificateUUID           string
	Topic                             string
	ServerURL                         string
	ServerCapabilities                []string `plist:",omitempty"`
	SignMessage                       bool     `plist:",omitempty"`
	CheckInURL                        string   `plist:",omitempty"`
	CheckOutWhenRemoved               bool     `plist:",omitempty"`
	AccessRights                      int
	UseDevelopmentAPNS                bool     `plist:",omitempty"`
	ServerURLPinningCertificateUUIDs  []string `plist:",omitempty"`
	CheckInURLPinningCertificateUUIDs []string `plist:",omitempty"`
	PinningRevocationCheckRequired    bool     `plist:",omitempty"`
}

MDMPayload represents the "com.apple.mdm" PayloadType. See https://developer.apple.com/documentation/devicemanagement/mdm

func NewMDMPayload 

func NewMDMPayload(i string) *MDMPayload

NewMDMPayload creates a new payload with identifier i

type Payload 

type Payload struct {
	PayloadDescription  string `plist:",omitempty"`
	PayloadDisplayName  string `plist:",omitempty"`
	PayloadIdentifier   string
	PayloadOrganization string `plist:",omitempty"`
	PayloadUUID         string
	PayloadType         string
	PayloadVersion      int
}

Payload contains payload keys common to all payloads. Including profiles. See https://developer.apple.com/documentation/devicemanagement/configuring_multiple_devices_using_profiles#3234127

func CommonPayload 

func CommonPayload(i interface{}) *Payload

CommonPayload returns the common Payload struct of a profile payload i or returns nil.

func NewPayload 

func NewPayload(t, i string) *Payload

NewPayload creates a new 'raw' payload with a random UUID, type t and identifier i.

type Profile 

type Profile struct {
	Payload
	PayloadContent           []payloadWrapper
	PayloadExpirationDate    *time.Time        `plist:",omitempty"`
	PayloadRemovalDisallowed bool              `plist:",omitempty"`
	PayloadScope             string            `plist:",omitempty"`
	PayloadDate              *time.Time        `plist:",omitempty"`
	DurationUntilRemoval     float32           `plist:",omitempty"`
	ConsentText              map[string]string `plist:",omitempty"`
	EncryptedPayloadContent  []byte            `plist:",omitempty"`
	HasRemovalPasscode       bool              `plist:",omitempty"`
	IsEncrypted              bool              `plist:",omitempty"`
	RemovalDate              *time.Time        `plist:",omitempty"`
	TargetDeviceType         int               `plist:",omitempty"`
}

Profile represents an Apple Configuration Profile. See https://developer.apple.com/documentation/devicemanagement/toplevel

func NewProfile 

func NewProfile(i string) *Profile

NewProfile creates a new Configuration Profile struct with identifier i

func (*Profile) ACMECertificatePayloads added in v0.4.0 

func (p *Profile) ACMECertificatePayloads() (plds []*ACMECertificatePayload)

ACMECertificatePayloads returns a slice of all payloads of that type

func (*Profile) AddPayload 

func (p *Profile) AddPayload(pld interface{})

AddPayload adds a payload struct to the profile. Properly wraps the type for correct property list marshalling.

func (*Profile) CertificatePKCS1Payloads 

func (p *Profile) CertificatePKCS1Payloads() (plds []*CertificatePKCS1Payload)

CertificatePKCS1Payloads returns a slice of all payloads of that type

func (*Profile) MDMPayloads 

func (p *Profile) MDMPayloads() (plds []*MDMPayload)

MDMPayloads returns a slice of all payloads of that type

func (*Profile) SCEPPayloads 

func (p *Profile) SCEPPayloads() (plds []*SCEPPayload)

SCEPPayloads returns a slice of all payloads of that type

func (*Profile) UnknownPayloads 

func (p *Profile) UnknownPayloads() (plds []*Payload)

UnknownPayloads returns a slice of profile payloads not matched to specific payload structs.

type SCEPPayload 

type SCEPPayload struct {
	Payload
	PayloadContent SCEPPayloadContent
}

SCEPPayload represents the "com.apple.security.scep" PayloadType. See https://developer.apple.com/documentation/devicemanagement/scep

func NewSCEPPayload 

func NewSCEPPayload(i string) *SCEPPayload

NewSCEPPayload creates a new payload with identifier i

type SCEPPayloadContent 

type SCEPPayloadContent struct {
	URL                string
	Name               string          `plist:",omitempty"`
	Subject            [][][]string    `plist:",omitempty"`
	Challenge          string          `plist:",omitempty"`
	KeySize            int             `plist:"Keysize,omitempty"`
	KeyType            string          `plist:"Key Type,omitempty"`
	KeyUsage           int             `plist:"Key Usage,omitempty"`
	Retries            int             `plist:",omitempty"`
	RetryDelay         int             `plist:",omitempty"`
	CAFingerprint      []byte          `plist:",omitempty"`
	AllowAllAppsAccess bool            `plist:",omitempty"`
	KeyIsExtractable   *bool           `plist:",omitempty"` // default true
	SubjectAltName     *SubjectAltName `plist:",omitempty"`
}

SCEPPayloadContent represents the PayloadContent of the SCEPPayload See https://developer.apple.com/documentation/devicemanagement/scep/payloadcontent

type SubjectAltName added in v0.4.0 

type SubjectAltName struct {
	DNSNames    multiString `plist:"dNSName,omitempty"`
	NTPrincipal string      `plist:"ntPrincipalName,omitempty"`
	RFC822Names multiString `plist:"rfc822Name,omitempty"`
	URIs        multiString `plist:"uniformResourceIdentifier,omitempty"`
}

SubjectAltName contains the Subject Alternative Name details. See https://developer.apple.com/documentation/devicemanagement/acmecertificate/subjectaltname

For SCEP, this is mentioned about the number of entries: You can specify a single string or an array of strings for each key, except for the ntPrincipalName, which can only be a single string. The values you specify depend on the CA you're using but might include DNS name, URL, or email values. The assumption is the same is true for ACME.

Single key/string example:

<key>SubjectAltName</key> <dict> <key>dNSName</key> <string>site.example.com</string> </dict>

Example for key with multiple strings:

<dict> <key>dNSName</key> <string>site.example.com</string> <key>rfc822Name</key> <array> <string>alice@example.com</string> <string>bob@example.com</string> </array> </dict>

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.