Documentation ¶
Overview ¶
Package cfgprofiles provides structs and helpers for working with Apple Configuration Profiles in go. Note that marshaling and unmarshaling are dependent on the https://github.com/groob/plist package.
Index ¶
- type ACMECertificatePayload
- type CertificatePKCS1Payload
- type MDMPayload
- type Payload
- type Profile
- func (p *Profile) ACMECertificatePayloads() (plds []*ACMECertificatePayload)
- func (p *Profile) AddPayload(pld interface{})
- func (p *Profile) CertificatePKCS1Payloads() (plds []*CertificatePKCS1Payload)
- func (p *Profile) MDMPayloads() (plds []*MDMPayload)
- func (p *Profile) SCEPPayloads() (plds []*SCEPPayload)
- func (p *Profile) UnknownPayloads() (plds []*Payload)
- type SCEPPayload
- type SCEPPayloadContent
- type SubjectAltName
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ACMECertificatePayload ¶ added in v0.4.0
type ACMECertificatePayload struct { Payload AllowAllAppsAccess bool `plist:",omitempty"` Attest bool `plist:",omitempty"` ClientIdentifier string `plist:",omitempty"` DirectoryURL string `plist:",omitempty"` ExtendedKeyUsage []string `plist:",omitempty"` HardwareBound bool `plist:",omitempty"` KeySize int `plist:",omitempty"` KeyIsExtractable *bool `plist:",omitempty"` // default true KeyType string `plist:",omitempty"` // Possible values: RSA, ECSECPrimeRandom Subject [][][]string `plist:",omitempty"` // Example: [ [ ["C", "US"] ], [ ["O", "Apple Inc."] ], ..., [ [ "1.2.5.3", "bar" ] ] ] UsageFlags int `plist:",omitempty"` SubjectAltName *SubjectAltName `plist:",omitempty"` }
ACMECertificatePayload represents the "com.apple.security.acme" PayloadType. See https://developer.apple.com/documentation/devicemanagement/acmecertificate
func NewACMECertificatePayload ¶ added in v0.4.0
func NewACMECertificatePayload(i string) *ACMECertificatePayload
NewACMECertificatePayload creates a new payload with identifier i
type CertificatePKCS1Payload ¶
type CertificatePKCS1Payload struct { Payload PayloadCertificateFileName string `plist:",omitempty"` PayloadContent []byte }
CertificatePKCS1Payload represents the "com.apple.security.pkcs1" PayloadType. See https://developer.apple.com/documentation/devicemanagement/certificatepkcs1
func NewCertificatePKCS1Payload ¶
func NewCertificatePKCS1Payload(i string) *CertificatePKCS1Payload
NewCertificatePKCS1Payload creates a new payload with identifier i
type MDMPayload ¶
type MDMPayload struct { Payload IdentityCertificateUUID string Topic string ServerURL string ServerCapabilities []string `plist:",omitempty"` SignMessage bool `plist:",omitempty"` CheckInURL string `plist:",omitempty"` CheckOutWhenRemoved bool `plist:",omitempty"` AccessRights int UseDevelopmentAPNS bool `plist:",omitempty"` ServerURLPinningCertificateUUIDs []string `plist:",omitempty"` CheckInURLPinningCertificateUUIDs []string `plist:",omitempty"` PinningRevocationCheckRequired bool `plist:",omitempty"` }
MDMPayload represents the "com.apple.mdm" PayloadType. See https://developer.apple.com/documentation/devicemanagement/mdm
func NewMDMPayload ¶
func NewMDMPayload(i string) *MDMPayload
NewMDMPayload creates a new payload with identifier i
type Payload ¶
type Payload struct { PayloadDescription string `plist:",omitempty"` PayloadDisplayName string `plist:",omitempty"` PayloadIdentifier string PayloadOrganization string `plist:",omitempty"` PayloadUUID string PayloadType string PayloadVersion int }
Payload contains payload keys common to all payloads. Including profiles. See https://developer.apple.com/documentation/devicemanagement/configuring_multiple_devices_using_profiles#3234127
func CommonPayload ¶
func CommonPayload(i interface{}) *Payload
CommonPayload returns the common Payload struct of a profile payload i or returns nil.
func NewPayload ¶
NewPayload creates a new 'raw' payload with a random UUID, type t and identifier i.
type Profile ¶
type Profile struct { Payload PayloadContent []payloadWrapper PayloadExpirationDate *time.Time `plist:",omitempty"` PayloadRemovalDisallowed bool `plist:",omitempty"` PayloadScope string `plist:",omitempty"` PayloadDate *time.Time `plist:",omitempty"` DurationUntilRemoval float32 `plist:",omitempty"` ConsentText map[string]string `plist:",omitempty"` EncryptedPayloadContent []byte `plist:",omitempty"` HasRemovalPasscode bool `plist:",omitempty"` IsEncrypted bool `plist:",omitempty"` RemovalDate *time.Time `plist:",omitempty"` TargetDeviceType int `plist:",omitempty"` }
Profile represents an Apple Configuration Profile. See https://developer.apple.com/documentation/devicemanagement/toplevel
func NewProfile ¶
NewProfile creates a new Configuration Profile struct with identifier i
func (*Profile) ACMECertificatePayloads ¶ added in v0.4.0
func (p *Profile) ACMECertificatePayloads() (plds []*ACMECertificatePayload)
ACMECertificatePayloads returns a slice of all payloads of that type
func (*Profile) AddPayload ¶
func (p *Profile) AddPayload(pld interface{})
AddPayload adds a payload struct to the profile. Properly wraps the type for correct property list marshalling.
func (*Profile) CertificatePKCS1Payloads ¶
func (p *Profile) CertificatePKCS1Payloads() (plds []*CertificatePKCS1Payload)
CertificatePKCS1Payloads returns a slice of all payloads of that type
func (*Profile) MDMPayloads ¶
func (p *Profile) MDMPayloads() (plds []*MDMPayload)
MDMPayloads returns a slice of all payloads of that type
func (*Profile) SCEPPayloads ¶
func (p *Profile) SCEPPayloads() (plds []*SCEPPayload)
SCEPPayloads returns a slice of all payloads of that type
func (*Profile) UnknownPayloads ¶
UnknownPayloads returns a slice of profile payloads not matched to specific payload structs.
type SCEPPayload ¶
type SCEPPayload struct { Payload PayloadContent SCEPPayloadContent }
SCEPPayload represents the "com.apple.security.scep" PayloadType. See https://developer.apple.com/documentation/devicemanagement/scep
func NewSCEPPayload ¶
func NewSCEPPayload(i string) *SCEPPayload
NewSCEPPayload creates a new payload with identifier i
type SCEPPayloadContent ¶
type SCEPPayloadContent struct { URL string Name string `plist:",omitempty"` Subject [][][]string `plist:",omitempty"` Challenge string `plist:",omitempty"` KeySize int `plist:"Keysize,omitempty"` KeyType string `plist:"Key Type,omitempty"` KeyUsage int `plist:"Key Usage,omitempty"` Retries int `plist:",omitempty"` RetryDelay int `plist:",omitempty"` CAFingerprint []byte `plist:",omitempty"` AllowAllAppsAccess bool `plist:",omitempty"` KeyIsExtractable *bool `plist:",omitempty"` // default true SubjectAltName *SubjectAltName `plist:",omitempty"` }
SCEPPayloadContent represents the PayloadContent of the SCEPPayload See https://developer.apple.com/documentation/devicemanagement/scep/payloadcontent
type SubjectAltName ¶ added in v0.4.0
type SubjectAltName struct { DNSNames multiString `plist:"dNSName,omitempty"` NTPrincipal string `plist:"ntPrincipalName,omitempty"` RFC822Names multiString `plist:"rfc822Name,omitempty"` URIs multiString `plist:"uniformResourceIdentifier,omitempty"` }
SubjectAltName contains the Subject Alternative Name details. See https://developer.apple.com/documentation/devicemanagement/acmecertificate/subjectaltname
For SCEP, this is mentioned about the number of entries: You can specify a single string or an array of strings for each key, except for the ntPrincipalName, which can only be a single string. The values you specify depend on the CA you're using but might include DNS name, URL, or email values. The assumption is the same is true for ACME.
Single key/string example:
<key>SubjectAltName</key> <dict> <key>dNSName</key> <string>site.example.com</string> </dict>
Example for key with multiple strings:
<dict> <key>dNSName</key> <string>site.example.com</string> <key>rfc822Name</key> <array> <string>alice@example.com</string> <string>bob@example.com</string> </array> </dict>