• ios设备mdm的实现过程


     一)配置IIS加密连接,ios系统升级7.1后已经无法使用http进行企业内部署,为了满足mdm的加密需求以及大厅的初始化安装需要进行生成自签名证书

    1)配置MIME
    cer application/x-x509-ca-cert
    .mobileconfig application/x-apple-aspen-config

    2)brew install go (如果无法link成功请运行brew prune )
    go get github.com/deckarep/EasyCert
    export GOPATH=$HOME/go
    export PATH=$PATH:$GOPATH/bin
    使用附件中的go文件替换src下的源文件,修改certName和hostName为发证单位和服务器信息(区分域名和IP地址)
    go build EasyCert
    easycert


    3)mmc导入信任根节点myCA.cer(使用自签名的话后面IPCU中要导入根证书)
    IIS导入server.pfx,设置证书,设置绑定(要重启)
    下载IPCU,使用myCA.cer作为描述文件的证书,client.pfx作为mdm的验证证书

    二)配置MDM

    1)新建一个文件夹,然后拷贝上一步生成的server.req ,server.pfx,server.key 到该文件夹,使用server.req向developercenter请求msr证书,下载获得的证书文件mdm.cer

    openssl x509 -inform der -in mdm.cer -out mdm.pem

    openssl genrsa -des3 -out customerPrivateKey.pem 2048
    openssl req -new -key customerPrivateKey.pem -out customer.csr -subj '/C=CN/ST=BeiJing/L=BeiJing/CN=10.18.3.33'
    openssl req -inform pem -outform der -in customer.csr -out customer.der

    2)从git下载mdmvendor生成plist.然后去苹果网站生成证书

    python mdm_vendor_sign.py --csr customer.csr --key server.key --mdm mdm.cer

    下载pem文件重命名(MDMYTHT.pem)
    查看证书信息信息
    openssl x509 -noout -in mdmYTHT.pem -issuer -subject -dates
    将UID拷贝出来,这个是MDM中的Topic信息( com.apple.mgmt.External.e617f289-3be5-4df7-90fa-5ec8f75d8c98)

    3)导出发送MDM信息的证书文件


    openssl rsa -in customerPrivateKey.pem -out PlainKey.pem
    cat MDMYTHT.pem PlainKey.pem > PlainCert.pem
    openssl pkcs12 -export -out mdmapnscertificate.pfx -inkey PlainKey.pem -in MDMYTHT.pem

    mdmapnscertificate.pfx作为推送证书在PushSharp中使用

    三)iis配置接收PUT

    <system.webServer>
    		<validation validateIntegratedModeConfiguration="false" />
    		<modules>
          <remove name="WebDAVModule" />
          <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler" />
    			<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler" />
    			<add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" preCondition="managedHandler" />
    		</modules>
        <handlers accessPolicy="Read, Write, Execute, Script">
          <remove name="StaticFile" />
          <remove name="SimpleHandlerFactory-ISAPI-2.0" />
          <remove name="WebDAV" />
          <remove name="SimpleHandlerFactory-Integrated-4.0" />
          <remove name="SimpleHandlerFactory-Integrated" />
          <add name="SimpleHandlerFactory-Integrated" path="*.ashx" verb="GET,HEAD,POST,DEBUG,PUT,DELETE" type="System.Web.UI.SimpleHandlerFactory" resourceType="Unspecified" requireAccess="Write" preCondition="integratedMode" />
          <add name="SimpleHandlerFactory-Integrated-4.0" path="*.ashx" verb="GET,HEAD,POST,DEBUG,PUT,DELETE" type="System.Web.UI.SimpleHandlerFactory" resourceType="Unspecified" requireAccess="Write" preCondition="integratedMode,runtimeVersionv4.0" />
          <add name="SimpleHandlerFactory-ISAPI-2.0" path="*.ashx" verb="GET,HEAD,POST,DEBUG,PUT,DELETE" modules="IsapiModule" scriptProcessor="%windir%Microsoft.NETFrameworkv2.0.50727aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" preCondition="classicMode,runtimeVersionv2.0,bitness32" responseBufferLimit="0" />
          <add name="StaticFile" path="*" verb="GET,HEAD,POST,DEBUG,PUT,DELETE" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" />
          <add name="FileRequest" path="*.pdf,*doc,*docx,*.pptx,*.ppt,*.pps" verb="*" modules="IsapiModule" scriptProcessor="%windir%Microsoft.NETFramework64v4.0.30319aspnet_isapi.dll" resourceType="File" preCondition="classicMode,runtimeVersionv4.0,bitness64" />
    			<add name="Telerik_Web_UI_WebResource_axd" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" />
    			<add name="Telerik_Web_UI_DialogHandler_aspx" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" />
    			<add name="Elmah" path="elmah.axd" verb="POST,GET,HEAD" type="Elmah.ErrorLogPageFactory, Elmah" preCondition="integratedMode" />
    		</handlers>
        <security>
          <authorization>
            <remove users="*" roles="" verbs="" />
            <add accessType="Allow" users="*" verbs="GET,HEAD,POST,PUT,DELETE,DEBUG" />
          </authorization>
        </security>
    		<staticContent>
    			<!--<mimeMap fileExtension=".gw2" mimeType="application/octet-stream"/>
          <mimeMap fileExtension=".svg" mimeType="image/svg-xml"/>-->
    		</staticContent>
    		<directoryBrowse showFlags="Extension" />
            <httpErrors errorMode="Detailed" />
    	</system.webServer>
    	
    

      

    四)获取设备Checkin的信息(如果要区分设备,需要建立页面接收用户输入的名称然后修改chekcin地址并生成mobieconfig文件供下载,使用自签名证书的话无法给改文件签名)

     StreamReader stream = new StreamReader(context.Request.InputStream);
            string x = stream.ReadToEnd();
            string xml = HttpUtility.UrlDecode(x);
            Console.WriteLine(xml);
            var result = (Dictionary<string, object>)PlistCS.Plist.readPlistSource(xml);
            if (result["MessageType"].ToString() == "Authenticate")
            {
                XbModel.XNOAEntities xnoa = new XbModel.XNOAEntities();
                var udid = result["UDID"].ToString();
                XbModel.MdmData mdmdata = xnoa.MdmData.FirstOrDefault(xx => xx.UDID == udid);
                if (mdmdata == null)
                {
                    mdmdata = new XbModel.MdmData();
                    mdmdata.UDID = result["UDID"].ToString();
                    mdmdata.Topic = result["Topic"].ToString();
                    xnoa.MdmData.Add(mdmdata);
                    xnoa.SaveChanges();
                }
                context.Response.Clear();
                context.Response.ContentType = "text/xml";
                context.Response.Write(APSP.Common.FileHelper.ReadFile(context.Server.MapPath("~/ForMobile/blank.plist")));
                context.Response.End();
            }
            if (result["MessageType"].ToString() == "TokenUpdate")
            {
                XbModel.XNOAEntities xnoa = new XbModel.XNOAEntities();
                var udid=result["UDID"].ToString();
                XbModel.MdmData mdmdata = xnoa.MdmData.FirstOrDefault(xx => xx.UDID ==udid );
                if (mdmdata != null)
                {
                    mdmdata.PushMagic = result["PushMagic"].ToString();
                    mdmdata.Token = (byte[])result["Token"];
                    mdmdata.UnlockToken = (byte[])result["UnlockToken"];
                    xnoa.SaveChanges();
                }
                context.Response.Clear();
                context.Response.StatusCode = 200;
                context.Response.End();
            } 
    

      

    五)推送MDM信息

    var xnoa = new XNOAEntities();
    
                var appleCert = File.ReadAllBytes(@"mdmpush.pfx");
    
                var appleset = new ApplePushChannelSettings(true, appleCert, "******", true);
    
                var push = new ApplePushService(appleset);
    
    
                push.OnNotificationFailed += new PushSharp.Core.NotificationFailedDelegate(push_OnNotificationFailed);
                push.OnNotificationSent += (sender, notification1) => Console.WriteLine("NOTIFICATION Send: " + ((AppleNotification)notification1).DeviceToken);
                push.OnNotificationRequeue += (sender, e) => Console.WriteLine("REQUEUE: " + ((AppleNotification)e.Notification).Identifier);
                push.OnServiceException += new PushSharp.Core.ServiceExceptionDelegate(push_OnServiceException);
                foreach (var mdmcommand in xnoa.MdmCommand.Where(x => x.CommandStatus == "-1"))
                {
                    String pushMagicString = mdmcommand.PushMagic;
    
                    String token = mdmcommand.Token;// BitConverter.ToString(mdmdata.Token).Replace("-", string.Empty);
                    Console.WriteLine("Device Token length is: " + token.Length);
                    Console.WriteLine("DeviceToken is: " + token);
                    Console.WriteLine("PushMagic is: " + pushMagicString);
                    var notification = new AppleNotification(token, new AppleNotificationPayload()).WithCustomItem("mdm", mdmcommand.PushMagic);
                    Console.WriteLine(notification.ToString());
                    push.QueueNotification(notification);
    
                }
    
    
    
                Console.WriteLine("Waiting for Queue to Finish...");
    
                //Stop and wait for the queues to drains
                push.Stop(true);
    
                Console.WriteLine("Queue Finished, press return to exit...");
    

      

      


  • 相关阅读:
    多重网格法简介(Multi Grid)
    数值分析方法库
    离散外微积分(DEC:Discrete Exterior Calculus)基础
    楔积(Wedge Procut)
    牛顿迭代法(Newton's Method)
    四元素还是向量?
    曲率(Curvature)
    共变导数(Covariant Derivative)
    正定矩阵(Positive-definite Matrix)
    散度(Divergence)和旋度(Curl)
  • 原文地址:https://www.cnblogs.com/sdhjl2000/p/3676840.html
Copyright © 2020-2023  润新知