Created
April 29, 2024 22:35
-
-
Save jessepeterson/01fde5aa97acadfdeb451606573b9aa7 to your computer and use it in GitHub Desktop.
micromdm save apple signer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/mdm/enroll/transport_http.go b/mdm/enroll/transport_http.go | |
| index 043a3e6..78a6fee 100644 | |
| --- a/mdm/enroll/transport_http.go | |
| +++ b/mdm/enroll/transport_http.go | |
| @@ -3,8 +3,10 @@ package enroll | |
| import ( | |
| "context" | |
| "errors" | |
| + "fmt" | |
| "io/ioutil" | |
| "net/http" | |
| + "os" | |
| "github.com/micromdm/micromdm/pkg/crypto" | |
| @@ -77,9 +79,10 @@ func (v verifier) decodeMDMEnrollRequest(_ context.Context, r *http.Request) (in | |
| if signer == nil { | |
| return nil, errors.New("invalid CMS signer during enrollment") | |
| } | |
| + os.WriteFile("/tmp/apple_signer.der", signer.Raw, 0644) | |
| err = crypto.VerifyFromAppleDeviceCA(signer) | |
| if err != nil { | |
| - return nil, errors.New("unauthorized enrollment client: not signed by Apple Device CA") | |
| + return nil, fmt.Errorf("unauthorized enrollment client: not signed by Apple Device CA: %w", err) | |
| } | |
| var request depEnrollmentRequest | |
| if err := plist.Unmarshal(p7.Content, &request); err != nil { |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment