0

I've been going thru the Over-the-Air profile delivery implementation.

In the section titled "Creating a Profile Server for Over-The-Air Enrollment and Configuration", in phase 3: Device Configuration on page 25, it talks about delivering the final encrypted bundle - the one that should silently be added to the device.

However, I'm confused by the following:

configuration = configuration_payload(req, encrypted_profile.to_der)

The next paragraph says the payload resembles the profile service payload, the one with the UDID, VERSION, etc. Then it states "The only difference is the payload its carries".

What is the format of this payload/configuration bundle. In particular, where does the encrypted bundle go within it? - using the based64 challenge section?

Thanks for any help on this. It's difficult to determine what the format is here (what are the elements of the corresponding config bundle plist) but it looks like the encrypted bundle is wrapped by the signed one. To reiterate, it is not clear what the format of the wrapper config bundle is.

user1107330
  • 1
  • 1

1 Answers1

1

The Apple document you are referring to has an attached companion file which contains complete ruby script with reference implementation. The code for the function you are asking for:

def configuration_payload(request, encrypted_content)
    payload = general_payload()
    payload['PayloadIdentifier'] = "com.acme.intranet"
    payload['PayloadType'] = "Configuration" # do not modify

    # strings that show up in UI, customisable
    payload['PayloadDisplayName'] = "Encrypted Config"
    payload['PayloadDescription'] = "Access to the ACME Intranet"
    payload['PayloadExpirationDate'] = Date.today # expire today, for demo purposes

    payload['EncryptedPayloadContent'] = StringIO.new(encrypted_content)
    Plist::Emit.dump(payload)
end
pwgr
  • 11
  • 1