Java 使用自行开发的MDM注册iOS设备？_Java_Ios_Iphone_Mdm

Java 使用自行开发的MDM注册iOS设备？

java ios iphone

Java 使用自行开发的MDM注册iOS设备？,java,ios,iphone,mdm,Java,Ios,Iphone,Mdm,我正在尝试开发一个非常简单的概念验证iOS MDM，它将允许OTA注册iOS设备。这并不意味着要更换手机或其他东西。这实际上只是一个学习练习。我正在用Java开发代码，使用JAX-RS开发RESTful服务端点此时，我可以从iOS中获取一个URL（），该URL将返回注册响应以启动设备注册过程。返回的响应如下所示： <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Inc//DTD P

我正在尝试开发一个非常简单的概念验证iOS MDM，它将允许OTA注册iOS设备。这并不意味着要更换手机或其他东西。这实际上只是一个学习练习。我正在用Java开发代码，使用JAX-RS开发RESTful服务端点

此时，我可以从iOS中获取一个URL（），该URL将返回注册响应以启动设备注册过程。返回的响应如下所示：

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Inc//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>PayloadContent</key>
        <dict>
            <key>URL</key>
            <string>https://myhost/profile</string>
            <key>DeviceAttributes</key>
            <array>
                <string>UDID</string>
                <string>IMEI</string>
                <string>ICCID</string>
                <string>VERSION</string>
                <string>PRODUCT</string>
            </array>
            <key>Challenge</key>
            <string>MySuperSecureChallenge</string>
        </dict>
        <key>PayloadOrganization</key>
        <string>Example Inc.</string>
        <key>PayloadDisplayName</key>
        <string>Profile Service</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadUUID</key>
        <string>fdb376e5-b5bb-4d8c-829e-e90865f990c9</string>
        <key>PayloadIdentifier</key>
        <string>com.example.mobileconfig.profile-service</string>
        <key>PayloadDescription</key>
        <string>Enter device into the Example Inc encrypted profile service</string>
        <key>PayloadType</key>
        <string>Profile Service</string>
    </dict>
</plist>

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>CHALLENGE</key>
        <string>MySuperSecureChallenge</string>
        <key>IMEI</key>
        <string>__MY_IMEI__</string>
        <key>PRODUCT</key>
        <string>iPhone10,4</string>
        <key>UDID</key>
        <string>__MY_UDID__</string>
        <key>VERSION</key>
        <string>15B202</string>
    </dict>
</plist>

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Inc//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadType</key>
        <string>Configuration</string>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>PayloadContent</key>
                <dict>
                    <key>Challenge</key>
                    <string>MyChallengeGoesHere</string>
                </dict>
                <key>PayloadDescription</key>
                <string>Provides device encryption identity</string>
                <key>PayloadUUID</key>
                <string>fd8a6b9e-0fed-406f-9571-8ec98722b713</string>
                <key>PayloadType</key>
                <string>com.apple.security.pkcs12</string>
                <key>PayloadDisplayName</key>
                <string>Cert Test</string>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadOrganization</key>
                <string>Example, Inc.</string>
                <key>PayloadIdentifier</key>
                <string>com.example.profileservice.webclip</string>
                <key>PayloadContent</key>
                <string>__MY_BASE64_ENCODED_PKCS12_CERT__</string>
                <key>Password</key>
                <string>__MY_CERT_PASSWORD__</string>
            </dict>
        </array>
    </dict>
</plist>

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Inc//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadType</key>
        <string>Configuration</string>
        <key>PayloadUUID</key>
            <string>9f93912b-5fd2-4455-99fd-13b9a47b4581</string>
            <key>PayloadIdentifier</key>
            <string>org.example.mymdm</string>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>PayloadType</key>
                <string>com.apple.security.pkcs12</string>
                <key>PayloadUUID</key>
                <string>f78c5002-3907-4f67-b631-d41c44283628</string>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadIdentifier</key>
                <string>com.mymdm.cert</string>
                <key>Password</key>
                <string>__MY_CERT_PASSWORD__</string>
                <key>PayloadContent</key>
                <data>__MY_BASE64_ENCODED_P12__</data>
              </dict>
          </array>
    </dict>
</plist>

我的问题是：现在怎么办？？我发现（来自苹果）展示了如何进行SCEP注册。然而，我不想为这个简单的概念证明做SCEP。在这个阶段我还有什么可以回报的吗？如果是这样，响应应该包含什么内容和外观？我还没有找到任何文档说明如果我不使用SCEP，我的

/profile

端点应该返回什么，所以我有点卡住了

更新：我在网上找到一些资源，这些资源暗示我需要使用SCEP或在有效负载中提供PKCS#12格式的证书。因此，我更新了

/profile

的返回值，如下所示：

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Inc//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>PayloadContent</key>
        <dict>
            <key>URL</key>
            <string>https://myhost/profile</string>
            <key>DeviceAttributes</key>
            <array>
                <string>UDID</string>
                <string>IMEI</string>
                <string>ICCID</string>
                <string>VERSION</string>
                <string>PRODUCT</string>
            </array>
            <key>Challenge</key>
            <string>MySuperSecureChallenge</string>
        </dict>
        <key>PayloadOrganization</key>
        <string>Example Inc.</string>
        <key>PayloadDisplayName</key>
        <string>Profile Service</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadUUID</key>
        <string>fdb376e5-b5bb-4d8c-829e-e90865f990c9</string>
        <key>PayloadIdentifier</key>
        <string>com.example.mobileconfig.profile-service</string>
        <key>PayloadDescription</key>
        <string>Enter device into the Example Inc encrypted profile service</string>
        <key>PayloadType</key>
        <string>Profile Service</string>
    </dict>
</plist>

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>CHALLENGE</key>
        <string>MySuperSecureChallenge</string>
        <key>IMEI</key>
        <string>__MY_IMEI__</string>
        <key>PRODUCT</key>
        <string>iPhone10,4</string>
        <key>UDID</key>
        <string>__MY_UDID__</string>
        <key>VERSION</key>
        <string>15B202</string>
    </dict>
</plist>

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Inc//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadType</key>
        <string>Configuration</string>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>PayloadContent</key>
                <dict>
                    <key>Challenge</key>
                    <string>MyChallengeGoesHere</string>
                </dict>
                <key>PayloadDescription</key>
                <string>Provides device encryption identity</string>
                <key>PayloadUUID</key>
                <string>fd8a6b9e-0fed-406f-9571-8ec98722b713</string>
                <key>PayloadType</key>
                <string>com.apple.security.pkcs12</string>
                <key>PayloadDisplayName</key>
                <string>Cert Test</string>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadOrganization</key>
                <string>Example, Inc.</string>
                <key>PayloadIdentifier</key>
                <string>com.example.profileservice.webclip</string>
                <key>PayloadContent</key>
                <string>__MY_BASE64_ENCODED_PKCS12_CERT__</string>
                <key>Password</key>
                <string>__MY_CERT_PASSWORD__</string>
            </dict>
        </array>
    </dict>
</plist>

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Inc//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadType</key>
        <string>Configuration</string>
        <key>PayloadUUID</key>
            <string>9f93912b-5fd2-4455-99fd-13b9a47b4581</string>
            <key>PayloadIdentifier</key>
            <string>org.example.mymdm</string>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>PayloadType</key>
                <string>com.apple.security.pkcs12</string>
                <key>PayloadUUID</key>
                <string>f78c5002-3907-4f67-b631-d41c44283628</string>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadIdentifier</key>
                <string>com.mymdm.cert</string>
                <key>Password</key>
                <string>__MY_CERT_PASSWORD__</string>
                <key>PayloadContent</key>
                <data>__MY_BASE64_ENCODED_P12__</data>
              </dict>
          </array>
    </dict>
</plist>


付费版本
1.
有效载荷类型
配置
付费内容
付费内容
挑战
我的挑战者在这里
有效负载描述
提供设备加密标识
PayloadUUID
fd8a6b9e-0fed-406f-9571-8ec98722b713
有效载荷类型
com.apple.security.pkcs12
PayloadDisplayName
证书测试
付费版本
1.
付费组织
例如，公司。
有效载荷标识符
com.example.profileservice.webclip
付费内容
__MY_BASE64_ENCODED_PKCS12_证书__
密码
__我的证书密码__

我正在将此值返回给客户端，但当我在iOS设备上单击“安装”时，会出现一个错误，提示：

配置文件安装失败无法连接到服务器建立

现在，我知道通信不是问题，因为我在日志和调试器中看到了到

/profile

的连接。我还缺什么吗？配置文件是否需要数字签名？如果是，是什么格式？我应该使用哪个证书来签名？

经过多次尝试和错误，我终于找到了此配置文件的问题所在。我缺少几个参数：

PayloadIdentifier

和

PayloadUUID

。此外，包含我的base64编码证书的

PayloadContent

参数的值应该是

数据

，而不是

字符串

。因此，我的新个人资料如下所示：

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Inc//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>PayloadContent</key>
        <dict>
            <key>URL</key>
            <string>https://myhost/profile</string>
            <key>DeviceAttributes</key>
            <array>
                <string>UDID</string>
                <string>IMEI</string>
                <string>ICCID</string>
                <string>VERSION</string>
                <string>PRODUCT</string>
            </array>
            <key>Challenge</key>
            <string>MySuperSecureChallenge</string>
        </dict>
        <key>PayloadOrganization</key>
        <string>Example Inc.</string>
        <key>PayloadDisplayName</key>
        <string>Profile Service</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadUUID</key>
        <string>fdb376e5-b5bb-4d8c-829e-e90865f990c9</string>
        <key>PayloadIdentifier</key>
        <string>com.example.mobileconfig.profile-service</string>
        <key>PayloadDescription</key>
        <string>Enter device into the Example Inc encrypted profile service</string>
        <key>PayloadType</key>
        <string>Profile Service</string>
    </dict>
</plist>

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>CHALLENGE</key>
        <string>MySuperSecureChallenge</string>
        <key>IMEI</key>
        <string>__MY_IMEI__</string>
        <key>PRODUCT</key>
        <string>iPhone10,4</string>
        <key>UDID</key>
        <string>__MY_UDID__</string>
        <key>VERSION</key>
        <string>15B202</string>
    </dict>
</plist>

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Inc//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadType</key>
        <string>Configuration</string>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>PayloadContent</key>
                <dict>
                    <key>Challenge</key>
                    <string>MyChallengeGoesHere</string>
                </dict>
                <key>PayloadDescription</key>
                <string>Provides device encryption identity</string>
                <key>PayloadUUID</key>
                <string>fd8a6b9e-0fed-406f-9571-8ec98722b713</string>
                <key>PayloadType</key>
                <string>com.apple.security.pkcs12</string>
                <key>PayloadDisplayName</key>
                <string>Cert Test</string>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadOrganization</key>
                <string>Example, Inc.</string>
                <key>PayloadIdentifier</key>
                <string>com.example.profileservice.webclip</string>
                <key>PayloadContent</key>
                <string>__MY_BASE64_ENCODED_PKCS12_CERT__</string>
                <key>Password</key>
                <string>__MY_CERT_PASSWORD__</string>
            </dict>
        </array>
    </dict>
</plist>

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Inc//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadType</key>
        <string>Configuration</string>
        <key>PayloadUUID</key>
            <string>9f93912b-5fd2-4455-99fd-13b9a47b4581</string>
            <key>PayloadIdentifier</key>
            <string>org.example.mymdm</string>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>PayloadType</key>
                <string>com.apple.security.pkcs12</string>
                <key>PayloadUUID</key>
                <string>f78c5002-3907-4f67-b631-d41c44283628</string>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadIdentifier</key>
                <string>com.mymdm.cert</string>
                <key>Password</key>
                <string>__MY_CERT_PASSWORD__</string>
                <key>PayloadContent</key>
                <data>__MY_BASE64_ENCODED_P12__</data>
              </dict>
          </array>
    </dict>
</plist>


付费版本
1.
有效载荷类型
配置
PayloadUUID
9f93912b-5fd2-4455-99fd-13b9a47b4581
有效载荷标识符
org.example.mymdm
付费内容
有效载荷类型
com.apple.security.pkcs12
PayloadUUID
f78c5002-3907-4f67-b631-d41c44283628
付费版本
1.
有效载荷标识符
com.mymdm.cert
密码
__我的证书密码__
付费内容
__MY_BASE64_ENCODED_P12__