File Coverage

blib/lib/Config/Apple/Profile/Payload/Certificate.pm

Criterion	Covered	Total	%
statement	21	21	100.0
branch			n/a
condition			n/a
subroutine	7	7	100.0
pod			n/a
total	28	28	100.0

line	stmt	sub	time	code
1				# This is the code for Config::Apple::Profile::Payload::Certificate.
2				# For Copyright, please see the bottom of the file.
3
4				package Config::Apple::Profile::Payload::Certificate;
5
6	1	1	6052	use 5.14.4;
	1		5
	1		43
7	1	1	6	use strict;
	1		3
	1		39
8	1	1	7	use warnings FATAL => 'all';
	1		2
	1		48
9	1	1	6	use base qw(Config::Apple::Profile::Payload::Common);
	1		2
	1		127
10
11				our $VERSION = '0.55';
12
13	1	1	5	use Readonly;
	1		2
	1		47
14	1	1	6	use Config::Apple::Profile::Payload::Common;
	1		1
	1		19
15	1	1	5	use Config::Apple::Profile::Payload::Types qw(:all);
	1		1
	1		331
16
17				=encoding utf8
18
19				=head1 NAME
20
21				Config::Apple::Profile::Payload::Certificate - Base class for the four
22				different Certificate payload types.
23
24				=head1 DESCRIPTION
25
26				This class I implements the Certificate payload. This payload
27				is used to send certificates, and certificate-key pairs, to a device.
28
29				This payload is typically used early in the provisioning process, in order to
30				load a non-standard certificate authority (or intermediate certificate) onto the
31				device. In addition, this payload can be used to load a user's private key and
32				public certificate onto the phone, so that it can be used for email (using
33				S/MIME) and web (client certificate) authentication.
34
35				This payload may be used to hold root certificates or intermediate certificates.
36				The OS will examine the certificate when you try to install it, in order to
37				determine what type of certificate is being installed.
38
39				B Installing a certificate does not automatically make it trusted! In
40				order for the OS to trust a certificate, the entire chain (from a root cert
41				down) must be present. Eveb if the root already exists on the device, you may
42				still need to install an intermediate certificate.
43
44				B As per L, starting with iOS 5,
45				if a certificate chain includes a cert that uses MD5 hashing, then that cert,
46				I, will be untrusted. You should only ever use
47				certificates with SHA signatures, and preferably SHA-256 or better.
48
49				B Typically, you will B use this module directly! Apple defines
50				four different types of certificate payloads, each with a different identifier.
51				Please use one of the L
52				subclasses.
53
54
55				=head1 PAYLOAD KEYS
56
57				All of the payload keys defined in L
58				are used by this payload.
59
60				This payload has the following additional keys:
61
62				=head2 C
63
64				I
65
66				The name of the certificate file. As far as the author knows, this isn't really
67				used for anything, but you never know!
68
69				=head2 C
70
71				This is where the actual certificate goes. The contents may be text (as in a
72				PEM-format certificate), or binary (as in a DER-format certificate).
73
74				As a reminder, this key takes binary data, even if that data happens to be
75				text. You do not need to worry about the encoding.
76
77				B iOS does not trust certificates that use MD5 as the signature
78				method. Such certificates can be installed, but they will not be trusted, and
79				will cause the user to see warnings.
80
81				B Certificates with 1024-bit RSA keys are rapidly becoming untrusted
82				by browsers. Such certificates can be installed, but they are quickly going the
83				way of MD5 certificates (see the warning above).
84
85				B Certificates with SHA-1 signatures are going to start losing trust
86				in many browsers starting in 2016. Plan ahead by minting new certificates with
87				SHA-256 signatures!
88
89				=cut
90
91				Readonly our %payloadKeys => (
92				# Bring in the common keys...
93				%Config::Apple::Profile::Payload::Common::payloadKeys,
94
95				# ... and define our own!
96				'PayloadCertificateFileName' => {
97				type => $ProfileString,
98				description => "The certificate's filename.",
99				optional => 1,
100				},
101				'PayloadContent' => {
102				type => $ProfileData,
103				description => "The certificate's contents, in binary form.",
104				},
105				); # End of %payloadKeys
106
107
108
109				=head1 ACKNOWLEDGEMENTS
110
111				Refer to L for acknowledgements.
112
113				=head1 AUTHOR
114
115				A. Karl Kornel, C<< >>
116
117				=head1 COPYRIGHT AND LICENSE
118
119				Copyright © 2014 A. Karl Kornel.
120
121				This program is free software; you can redistribute it and/or modify it
122				under the terms of either: the GNU General Public License as published
123				by the Free Software Foundation; or the Artistic License.
124
125				See L for more information.
126
127				=cut
128
129				1;