Add Apple Provisioning profile

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

4 files changed, 381 insertions, 1 deletions

diff --git a/apps/dav/lib/Provisioning/Apple/AppleProvisioningNode.php b/apps/dav/lib/Provisioning/Apple/AppleProvisioningNode.php
new file mode 100644
index 00000000000..adc28c83429
--- /dev/null
+++ b/apps/dav/lib/Provisioning/Apple/AppleProvisioningNode.php
@@ -0,0 +1,91 @@
+<?php
+/**
+ * @copyright 2018, Georg Ehrke <oc.list@georgehrke.com>
+ *
+ * @author Georg Ehrke <oc.list@georgehrke.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\DAV\Provisioning\Apple;
+
+use OCP\AppFramework\Utility\ITimeFactory;
+use Sabre\DAV\Exception\Forbidden;
+use Sabre\DAV\INode;
+use Sabre\DAV\IProperties;
+use Sabre\DAV\PropPatch;
+
+class AppleProvisioningNode implements INode, IProperties {
+
+	const FILENAME = 'apple-provisioning.mobileconfig';
+
+	protected $timeFactory;
+
+	/**
+	 * @param ITimeFactory $timeFactory
+	 */
+	public function __construct(ITimeFactory $timeFactory) {
+		$this->timeFactory = $timeFactory;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getName() {
+		return self::FILENAME;
+	}
+
+
+	public function setName($name) {
+		throw new Forbidden('Renaming ' . self::FILENAME . ' is forbidden');
+	}
+
+	/**
+	 * @return null
+	 */
+	public function getLastModified() {
+		return null;
+	}
+
+	/**
+	 * @throws Forbidden
+	 */
+	public function delete() {
+		throw new Forbidden(self::FILENAME . ' may not be deleted.');
+	}
+
+	/**
+	 * @param array $properties
+	 * @return array
+	 */
+	public function getProperties($properties) {
+		$datetime = $this->timeFactory->getDateTime();
+
+		return [
+			'{DAV:}getcontentlength' => 42,
+			'{DAV:}getlastmodified' => $datetime->format(\DateTime::RFC2822),
+		];
+	}
+
+	/**
+	 * @param PropPatch $propPatch
+	 * @throws Forbidden
+	 */
+	public function propPatch(PropPatch $propPatch) {
+		throw new Forbidden(self::FILENAME . '\'s properties may not be altered.');
+	}
+}
diff --git a/apps/dav/lib/Provisioning/Apple/AppleProvisioningPlugin.php b/apps/dav/lib/Provisioning/Apple/AppleProvisioningPlugin.php
new file mode 100644
index 00000000000..d996f72c160
--- /dev/null
+++ b/apps/dav/lib/Provisioning/Apple/AppleProvisioningPlugin.php
@@ -0,0 +1,269 @@
+<?php
+/**
+ * @copyright 2018, Georg Ehrke <oc.list@georgehrke.com>
+ *
+ * @author Georg Ehrke <oc.list@georgehrke.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\DAV\Provisioning\Apple;
+
+use OCA\Theming\ThemingDefaults;
+use OCP\IL10N;
+use OCP\IRequest;
+use OCP\IURLGenerator;
+use OCP\IUserSession;
+use Sabre\DAV\Server;
+use Sabre\DAV\ServerPlugin;
+use Sabre\DAV\UUIDUtil;
+use Sabre\HTTP\RequestInterface;
+use Sabre\HTTP\ResponseInterface;
+
+class AppleProvisioningPlugin extends ServerPlugin {
+
+	/**
+	 * @var Server
+	 */
+	protected $server;
+
+	/**
+	 * @var IURLGenerator
+	 */
+	protected $urlGenerator;
+
+	/**
+	 * @var IUserSession
+	 */
+	protected $userSession;
+
+	/**
+	 * @var ThemingDefaults
+	 */
+	protected $themingDefaults;
+
+	/**
+	 * @var IRequest
+	 */
+	protected $request;
+
+	/**
+	 * @var IL10N
+	 */
+	protected $l10n;
+
+	/**
+	 * @var \closure
+	 */
+	protected $uuidClosure;
+
+	/**
+	 * AppleProvisioningPlugin constructor.
+	 *
+	 * @param IUserSession $userSession
+	 * @param IURLGenerator $urlGenerator
+	 * @param ThemingDefaults $themingDefaults
+	 * @param IRequest $request
+	 * @param IL10N $l10n
+	 * @param \closure $uuidClosure
+	 */
+	public function __construct(IUserSession $userSession, IURLGenerator $urlGenerator,
+								ThemingDefaults $themingDefaults, IRequest $request,
+								IL10N $l10n, \closure $uuidClosure) {
+		$this->userSession = $userSession;
+		$this->urlGenerator = $urlGenerator;
+		$this->themingDefaults = $themingDefaults;
+		$this->request = $request;
+		$this->l10n = $l10n;
+		$this->uuidClosure = $uuidClosure;
+	}
+
+	/**
+	 * @param Server $server
+	 */
+	public function initialize(Server $server) {
+		$this->server = $server;
+		$this->server->on('method:GET', [$this, 'httpGet'], 90);
+	}
+
+	/**
+	 * @param RequestInterface $request
+	 * @param ResponseInterface $response
+	 * @return boolean
+	 */
+	public function httpGet(RequestInterface $request, ResponseInterface $response):bool {
+		if ($request->getPath() !== 'provisioning/' . AppleProvisioningNode::FILENAME) {
+			return true;
+		}
+
+		$user = $this->userSession->getUser();
+		if (!$user) {
+			return true;
+		}
+
+		$serverProtocol = $this->request->getServerProtocol();
+		$useSSL = ($serverProtocol === 'https');
+
+		if (!$useSSL) {
+			$response->setStatus(200);
+			$response->setHeader('Content-Type', 'text/plain; charset=utf-8');
+			$response->setBody($this->l10n->t('Your %s needs to be configured to use HTTPS in order to use CalDAV and CardDAV with iOS/macOS.', [$this->themingDefaults->getName()]));
+
+			return false;
+		}
+
+		$absoluteURL = $request->getAbsoluteUrl();
+		$parsedUrl = parse_url($absoluteURL);
+		if (isset($parsedUrl['port'])) {
+			$serverPort = (int) $parsedUrl['port'];
+		} else {
+			$serverPort = 443;
+		}
+		$server_url = $parsedUrl['host'];
+
+		$description = $this->themingDefaults->getName();
+		$userId = $user->getUID();
+
+		$reverseDomain = implode('.', array_reverse(explode('.', $parsedUrl['host'])));
+
+		$caldavUUID = call_user_func($this->uuidClosure);
+		$carddavUUID = call_user_func($this->uuidClosure);
+		$profileUUID = call_user_func($this->uuidClosure);
+
+		$caldavIdentifier = $reverseDomain . '.' . $caldavUUID;
+		$carddavIdentifier = $reverseDomain . '.' . $carddavUUID;
+		$profileIdentifier = $reverseDomain . '.' . $profileUUID;
+
+		$caldavDescription = $this->l10n->t('Configures a CalDAV account');
+		$caldavDisplayname = $description . ' CalDAV';
+		$carddavDescription = $this->l10n->t('Configures a CardDAV account');
+		$carddavDisplayname = $description . ' CardDAV';
+
+		$filename = $userId . '-' . AppleProvisioningNode::FILENAME;
+
+		$xmlSkeleton = $this->getTemplate();
+		$body = vsprintf($xmlSkeleton, array_map(function($v) {
+				return \htmlspecialchars($v, ENT_XML1, 'UTF-8');
+			}, [
+				$description,
+				$server_url,
+				$userId,
+				$serverPort,
+				$caldavDescription,
+				$caldavDisplayname,
+				$caldavIdentifier,
+				$caldavUUID,
+				$description,
+				$server_url,
+				$userId,
+				$serverPort,
+				$carddavDescription,
+				$carddavDisplayname,
+				$carddavIdentifier,
+				$carddavUUID,
+				$description,
+				$profileIdentifier,
+				$profileUUID
+			]
+		));
+
+		$response->setStatus(200);
+		$response->setHeader('Content-Disposition', 'attachment; filename="' . $filename . '"');
+		$response->setHeader('Content-Type', 'application/xml; charset=utf-8');
+		$response->setBody($body);
+
+		return false;
+	}
+
+	/**
+	 * @return string
+	 */
+	private function getTemplate():string {
+		return <<<EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>CalDAVAccountDescription</key>
+			<string>%s</string>
+			<key>CalDAVHostName</key>
+			<string>%s</string>
+			<key>CalDAVUsername</key>
+			<string>%s</string>
+			<key>CalDAVUseSSL</key>
+			<true/>
+			<key>CalDAVPort</key>
+			<integer>%s</integer>
+			<key>PayloadDescription</key>
+			<string>%s</string>
+			<key>PayloadDisplayName</key>
+			<string>%s</string>
+			<key>PayloadIdentifier</key>
+			<string>%s</string>
+			<key>PayloadType</key>
+			<string>com.apple.caldav.account</string>
+			<key>PayloadUUID</key>
+			<string>%s</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+		</dict>
+		<dict>
+			<key>CardDAVAccountDescription</key>
+			<string>%s</string>
+			<key>CardDAVHostName</key>
+			<string>%s</string>
+			<key>CardDAVUsername</key>
+			<string>%s</string>
+			<key>CardDAVUseSSL</key>
+			<true/>
+			<key>CardDAVPort</key>
+			<integer>%s</integer>
+			<key>PayloadDescription</key>
+			<string>%s</string>
+			<key>PayloadDisplayName</key>
+			<string>%s</string>
+			<key>PayloadIdentifier</key>
+			<string>%s</string>
+			<key>PayloadType</key>
+			<string>com.apple.carddav.account</string>
+			<key>PayloadUUID</key>
+			<string>%s</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+		</dict>
+	</array>
+	<key>PayloadDisplayName</key>
+	<string>%s</string>
+	<key>PayloadIdentifier</key>
+	<string>%s</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>%s</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
+
+EOF;
+	}
+}
diff --git a/apps/dav/lib/RootCollection.php b/apps/dav/lib/RootCollection.php
index adf9d7b99c7..9ad1ea5221e 100644
--- a/apps/dav/lib/RootCollection.php
+++ b/apps/dav/lib/RootCollection.php
@@ -35,7 +35,9 @@ use OCA\DAV\Connector\Sabre\Principal;
 use OCA\DAV\DAV\GroupPrincipalBackend;
 use OCA\DAV\DAV\SystemPrincipalBackend;
 use OCA\DAV\CalDAV\Principal\Collection;
+use OCA\DAV\Provisioning\Apple\AppleProvisioningNode;
 use OCA\DAV\Upload\CleanupService;
+use OCP\AppFramework\Utility\ITimeFactory;
 use Sabre\DAV\SimpleCollection;
 
 class RootCollection extends SimpleCollection {
@@ -130,6 +132,9 @@ class RootCollection extends SimpleCollection {
 		$avatarCollection = new Avatars\RootCollection($userPrincipalBackend, 'principals/users');
 		$avatarCollection->disableListing = $disableListing;
 
+		$appleProvisioning = new AppleProvisioningNode(
+			\OC::$server->query(ITimeFactory::class));
+
 		$children = [
 				new SimpleCollection('principals', [
 						$userPrincipals,
@@ -151,7 +156,10 @@ class RootCollection extends SimpleCollection {
 				$systemTagRelationsCollection,
 				$commentsCollection,
 				$uploadCollection,
-				$avatarCollection
+				$avatarCollection,
+				new SimpleCollection('provisioning', [
+					$appleProvisioning
+				])
 		];
 
 		parent::__construct('root', $children);
diff --git a/apps/dav/lib/Server.php b/apps/dav/lib/Server.php
index c2c903fa198..5335db98fce 100644
--- a/apps/dav/lib/Server.php
+++ b/apps/dav/lib/Server.php
@@ -55,6 +55,7 @@ use OCA\DAV\Connector\Sabre\QuotaPlugin;
 use OCA\DAV\Files\BrowserErrorPagePlugin;
 use OCA\DAV\Connector\Sabre\AnonymousOptionsPlugin;
 use OCA\DAV\Files\LazySearchBackend;
+use OCA\DAV\Provisioning\Apple\AppleProvisioningPlugin;
 use OCA\DAV\SystemTag\SystemTagPlugin;
 use OCA\DAV\Upload\ChunkingPlugin;
 use OCP\IRequest;
@@ -62,6 +63,7 @@ use OCP\SabrePluginEvent;
 use Sabre\CardDAV\VCFExportPlugin;
 use Sabre\DAV\Auth\Plugin;
 use OCA\DAV\Connector\Sabre\TagsPlugin;
+use Sabre\DAV\UUIDUtil;
 use SearchDAV\DAV\SearchPlugin;
 use OCA\DAV\AppInfo\PluginManager;
 
@@ -281,6 +283,16 @@ class Server {
 					\OC::$server->getConfig(),
 					\OC::$server->query(BirthdayService::class)
 				));
+				$this->server->addPlugin(new AppleProvisioningPlugin(
+					\OC::$server->getUserSession(),
+					\OC::$server->getURLGenerator(),
+					\OC::$server->getThemingDefaults(),
+					\OC::$server->getRequest(),
+					\OC::$server->getL10N('dav'),
+					function() {
+						return UUIDUtil::getUUID();
+					}
+				));
 			}
 
 			// register plugins from apps