0

所以这是 iOS SCEP 的 rails gem,这个库代码有示例以及使用 webrick 和 sinatra 运行的示例,我为公用名(CN)localhost 创建了自签名 SSL 证书,我可以在我的机器上访问这个项目但无法访问使用我的机器公共 IP 地址。

使用终端(在示例项目中)我像 $ruby application.rb 一样运行

application.rb 代码如下

require 'rubygems'
require 'sinatra'
require 'ios-cert-enrollment'

require 'sinatra/base'
require 'webrick'
require 'webrick/https'
require 'openssl'

IOSCertEnrollment.configure do |config|
  config.ssl_certificate_path = "./ssl_cert/server.crt"
  config.ssl_key_path = "./ssl_cert/server.key"
  config.base_url = "192.168.100.48"
  config.identifier = "192.168.100.48"
  config.display_name = "iOS Enrollment Server"
  config.organization = "Nolan Brown"
end

webrick_options = {
        :Port               => 3001,
        :Logger             => WEBrick::Log::new($stderr, WEBrick::Log::DEBUG),
        :DocumentRoot       => "/ruby/htdocs",
        :DoNotReverseLookup => false,
        :SSLEnable          => true,
        :SSLVerifyClient    => OpenSSL::SSL::VERIFY_NONE,
        :SSLCertificate     => IOSCertEnrollment::SSL.certificate,
        :SSLPrivateKey      => IOSCertEnrollment::SSL.key,
        :SSLCertName        => [ [ "CN",WEBrick::Utils::getservername ] ]
}

class MyServer < Sinatra::Base

  get '/' do
    '<a href="/enroll">Enroll</a>'
  end

  get '/enroll' do 
    signed_certificate = IOSCertEnrollment::Profile.new("/profile").service().sign()

    ## Send
    content_type signed_certificate.mime_type
    signed_certificate.certificate  

  end

  post '/profile' do  
    p7sign = IOSCertEnrollment::Sign.verify_response(request.body.read)
    if IOSCertEnrollment::Sign.verify_signer(p7sign)

      profile = IOSCertEnrollment::Profile.new()
      profile.icon = File.open(File.expand_path('<PATH TO YOUR ICON>', __FILE__))
      profile.display_name = "iOS Enrollment Server"
      profile.description = "Easy access to web"
      profile.label = "iOS Enrollment"
      profile.url = "<URL FOR WEBCLIP>"
      encrypted_profile = profile.webclip().encrypt(p7sign.certificates)
      signed_profile = profile.configuration(encrypted_profile.certificate).sign()

    else
      # Get returned device attributes
      device_attributes = IOSCertEnrollment::Device.parse(p7sign)  

      # "UDID", 
      # "VERSION",
      # "PRODUCT",          
      # "DEVICE_NAME",
      # "MAC_ADDRESS_EN0",
      # "IMEI",
      # "ICCID"

      ## Validation
      profile = IOSCertEnrollment::Profile.new("/scep")
      signed_profile = profile.encrypted_service().sign()

    end
    ## Send 
    content_type signed_profile.mime_type
    signed_profile.certificate

  end

  get '/scep' do
    case params['operation']
    when "GetCACert"
      registration_authority = IOSCertEnrollment::Sign.registration_authority
      content_type registration_authority.mime_type
      registration_authority.certificate

    when "GetCACaps" 
      content_type "text/plain"
      IOSCertEnrollment::Sign.certificate_authority_caps
    else
      "Invalid Action"
    end
  end

  post '/scep' do
    if params['operation'] == "PKIOperation"
      signed_pki = IOSCertEnrollment::Sign.sign_PKI(request.body.read)

      content_type signed_pki.mime_type
      signed_pki.certificate

    else
      "Invalid Action"
    end
  end      
end

Rack::Handler::WEBrick.run MyServer, webrick_options

注意-application.rb 代码与该库的示例项目中给出的一样,我唯一要更改/放置的是 SSL 库路径。

我的问题是——

1) 是否可以使用 localhost 测试 SCEP?

2)如果可能,我如何使用 IP 地址访问 localhost

4

1 回答 1

0

第二个问题的答案:

添加192.168.100.48 you-perfect-domain.local/etc/hosts可以共享 Wi-Fi 到 iOS 设备的设备上的文件。

you-perfect-domain.local:3001在 iOS 设备浏览器上打开

我希望它会奏效。

于 2019-10-12T14:32:31.510 回答