Unpacking a PKCS7 payload from an iOS device (MDM enrollment)
Problem
I'm trying to build a MDM server, given ruby code by Apple is :
p7sign = OpenSSL::PKCS7::PKCS7.new(req.body)
store = OpenSSL::X509::Store.new
p7sign.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)
signers = p7sign.signers
I have this very basic NodeJS code to receive & store the POST payload :
exports.profile = function(req, res) {
var queryData = "";
req.on('data', function(chunk) {
queryData += chunk;
});
req.on('end', function() {
fs.writeFileSync('out.p7s', queryData);
});
res.send('1');
};
However the given file : https://dl.dropbox.com/u/2310128/ios-mdm.p7s
Can't seems to be recognized by openssl at all!!
openssl pkcs7 -in req.p7s -inform DER -print_certs
Is returning :
unable to load PKCS7 object
140735186985436:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
Any idea what could go wrong here? Is there some extra padding I should remove? Is the given file not PKCS7 at all?
Request headers :
{ host: '192.168.22.39:3000',
'accept-encoding': 'gzip, deflate',
'content-type': 'application/pkcs7-signature',
'accept-language': 'fr-fr',
cookie: 'connect.sid=s%3Andcjz5pGCdb1AYXhNG8Us5mh.5szK2X1cOpnih9X5kCbqTUdpv8EyJRwNHl4VC6M5Gwk',
accept: '*/*',
'content-length': '3564',
connection: 'keep-alive',
'user-agent': 'Profile/1.0' }
Thanks!!
Problem courtesy of: Olivier
Solution
I had to use Buffer.concat
to correctly append binary buffers & make it work.
Solution courtesy of: Olivier
Discussion
View additional discussion.