This is the rough equivalent of
openssl smime -sign
-signer cert.crt
-inkey cert.key
-certfile intermediate.pem
-nodetach
-outform der
-in mdm.mobileconfig
-out mdm-signed.mobileconfig
sign(
data=b'abc123',
certificate=cryptography.x509.load_pem_x509_certificate(...)
ca=[
cryptography.x509.load_pem_x509_certificate(...) for .. in ...
]
key=cryptography.hazmat.primitives.serialization.load_pem_private_key(...)
)