Class: Device_Chromebook
Source Location: /devices/chromebook/chromebook.php
Class Device_Chromebook
Class Overview
This is the main implementation class of the module
The name of the class must the the 'Device_' followed by the name of the module file (without the '.php' extension), so in this case the file is "TestModule.php" and the class is Device_TestModule. The class MUST define the constructor method and one additional public method: writeInstaller(). All other methods and properties should be private. This example sets zipInstaller method to protected, so that it can be seen in the documentation. It is important to understand how the device module fits into the whole picture, so here is s short descrption. An external caller (for instance GUI::generateInstaller()) creates the module device instance and prepares its environment for a given user profile by calling DeviceConfig::setup() method. this will: - create the temporary directory and save its path as $this->FPATH
- process the CA certificates and store results in $this->attributes['internal:CAs'][0]
$this->attributes['internal:CAs'][0] is an array of processed CA certificates
a processed certifincate is an array
'pem' points to pem feromat certificate
'der' points to der format certificate
'md5' points to md5 fingerprint
'sha1' points to sha1 fingerprint
'name' points to the certificate subject
'root' can be 1 for self-signed certificate or 0 otherwise
- save the info_file (if exists) and put the name in $this->attributes['internal:info_file_name'][0]
Finally, the module DeviceConfig::writeInstaller is called and the returned path name is used for user download.
Located in /devices/chromebook/chromebook.php [line 73]
DeviceConfig
|
--Device_Chromebook
Author(s):
Information Tags:
|
Methods
|
Inherited Properties, Constants, and Methods
Method Summary
Device_Chromebook |
__construct() |
Constructs a Device object. |
Methods
Device_Chromebook __construct(
string
$device
)
|
|
Constructs a Device object.
It is CRUTCIAL that the constructor sets $this->supportedEapMethods to an array of methods available for the particular device.
$this->supportedEapMethods = array(EAP::$PEAP_MSCHAP2, EAP::$TTLS_PAP, EAP::$TTLS_MSCHAP2, EAP::$TLS);
debug(4, "This device supports the following EAP methods: ");
debug(4, $this->supportedEapMethods);
}
Parameters:
string |
$device: |
a pointer to a device module, which must be an index of one of the devices defined in the Devices array in devices.php. |
API Tags:
Information Tags:
Final: | not to be redefined |
Redefinition of:
- DeviceConfig::__construct()
- device module constructor should be defined by each module, but if it is not, then here is a default one
string writeDeviceInfo(
)
|
|
prepare module desctiption and usage information
$out = "<p>";
$out .= _("This installer is an example only. It produces a zip file containig the IdP certificates, info and logo files (if such have been defined by the IdP administrator) and a dump of all available attributes.");
return $out;
}
API Tags:
Return: | HTML text to be displayed in the information window |
Access: | public |
Redefinition of:
- DeviceConfig::writeDeviceInfo()
- prepare usage information for the installer every device module should override this method
prepare a ONC file
debug(4, "Chromebook Installer start\n");
// we don't do per-user encrypted containers
$json_array = array();
$json_array["Type"] = "UnencryptedConfiguration";
foreach ($this->attributes['internal:CAs'][0] as $ca) {
$ca_refs[] = "{" . $ca['uuid'] . "}";
}
// construct outer id, if anonymity is desired
if (isset ($this->attributes['internal:use_anon_outer']) && $this->attributes['internal:use_anon_outer'][0] == "1" && isset ($this->attributes['internal:realm'])) {
$outer_id = "@" . $this->attributes['internal:realm'][0];
if (isset ($this->attributes['internal:anon_local_value']))
$outer_id = $this->attributes['internal:anon_local_value'][0] . $outer_id;
}
else {
$outer_id = 0;
}
// define networks
foreach ($this->attributes['internal:SSID'] as $ssid => $cryptolevel) {
$network_uuid = uuid($prefix, $ssid);
// ONC has its own enums, and guess what, they don't always match
if ($eap_prettyprint["OUTER"] == "PEAP" && $eap_prettyprint["INNER"] == "MSCHAPV2")
$eap_prettyprint["INNER"] = "EAP-MSCHAPv2";
if ($eap_prettyprint["OUTER"] == "TTLS" && $eap_prettyprint["INNER"] == "MSCHAPV2")
$eap_prettyprint["INNER"] = "MSCHAPv2";
if ($eap_prettyprint["OUTER"] == "TLS")
$eap_prettyprint["OUTER"] = "EAP-TLS";
// define EAP properties
$eaparray = array(
"Outer" => $eap_prettyprint["OUTER"],
"SaveCredentials" => true,
"ServerCARefs" => $ca_refs, // maybe takes just one CA?
"UseSystemCAs" => false,
);
// according to the ONC spec, we should be allowed to set this, but it makes the import fail :-(
// if ($eap_prettyprint["OUTER"] != "EAP-TLS")
// $eaparray["Inner"] = $eap_prettyprint["INNER"];
if ($outer_id)
$eaparray["AnonymousIdentity"] = "$outer_id";
$json_array["NetworkConfigurations"][] = array(
"GUID" => $network_uuid,
"Name" => "$ssid",
"Type" => "WiFi",
"WiFi" => array(
"AutoConnect" => true,
"EAP" => $eaparray,
"HiddenSSID" => false,
"SSID" => $ssid,
"Security" => "WPA-EAP",
),
"ProxySettings" => array("Type" => "WPAD"),
);
};
// are we also configuring wired?
$network_uuid = "{" . uuid($prefix, "wired-dot1x-ethernet") . "}";
$json_array["NetworkConfigurations"][] = array(
"GUID" => $network_uuid,
"Name" => "eduroam configuration (wired network)",
"Type" => "Ethernet",
"Ethernet" => array(
"Authentication" => "8021X",
"EAP" => $eaparray,
),
"ProxySettings" => array("Type" => "WPAD"),
);
};
// define CA certificates
foreach ($this->attributes['internal:CAs'][0] as $ca) {
// strip -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
$ca_sanitized = substr($ca['pem'], 27, strlen($ca['pem']) - 27 - 25);
// remove \n
$json_array["Certificates"][] = array("GUID" => "{" . $ca['uuid'] . "}", "Type" => "Authority", "X509" => $ca_sanitized);
}
$output_json = json_encode($json_array, JSON_PRETTY_PRINT);
$xml_f = fopen('installer_profile', 'w');
// if ($this->sign) {
// $o = system($this->sign . " installer_profile '$e' > /dev/null");
// if ($o === FALSE)
// debug(2, "Signing the mobileconfig installer $e FAILED!\n");
// } else
rename("installer_profile", $e);
textdomain($dom);
return $e;
}
API Tags:
Return: | installer path name |
Access: | public |
Redefinition of:
- DeviceConfig::writeInstaller()
- placeholder for the main device method
|
|