Introduction to the
The MDM Server does not directly push a command to APNs. However, the Server sends a specific command to APNs to wake up the device. The device will initiate a request based on the ServerURL of the installed configuration file to report its current status. Only devices whose status is Idle receive Server commands.
As shown in the figure:
Therefore, completing an instruction push goes through the following process:
- 1. The server establishes a connection with APNs and sends data.
- 2. When the device receives the APNs push message, the device actively connects to the server and reports that its status is idle
- 3. The server receives the status information from the device and sends an operation command
- 4. The device receives and executes the command and returns data
- 5. The server responds that the query is complete and the connection is closed.
The following takes the DeviceInformation query instruction DeviceInformation as an example to further analyze each process.
This command is used to query device information
- The MDM Server establishes a connection with APNs and sends a fixed instruction that reads as follows.
token=8c20addf006e09842376d9066fda4147800bc98755eb0430027a1a2f94442418
payload=
{
"aps":
{
"sound":"default.caf"
},
"mdm":"EC0B1F96-5160-424C-A9DE-754A454E424B"
}
Copy the code
Here, we need the p12 format certificate we got earlier, which is similar to that of APP. The token is the token in TokenUpdate, and the MDM is PushMagic, which must be present every time a push is made. Therefore, according to the content, messages pushed by Sever and APNs are basically fixed, which is different from message push of APP. The main purpose of this message is to inform the device that the MDM Server is about to send you a command, so please connect to the Server.
- When receiving APNs push messages, the device proactively connects to the Server
After receiving a message from APNs, initiate a request to the ServerURL (that is, the value of the ServerURL field) through the configuration file. Reports its current status to the Server to see if it is idle.
<? xml version="1.0" encoding="UTF-8"? > <! DOCTYPE plist PUBLIC"- / / / / DTD PLIST Apple 1.0 / / EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0"> <dict> <key>Status</key> <string>Idle</string> <key>UDID</key> <string>233deb277d03bd4aaf91108390c7d*</string> </dict> </plist>Copy the code
It can be seen from the above that each request or response has a UDID to mark the device, and the value of Status represents the current Status of the device. A status value has the following states:
Status value | Description |
---|---|
Acknowledged | Everything is fine. The device responds to commands correctly |
Error | There is an error |
CommandFormatError | Instruction format error |
Idle | Equipment idle |
NotNow | The device receives the command but cannot execute it immediately and then requests the server again |
Under normal circumstances, most of the two states are Acknowledged and Idle.
- The Server received the status information from the device. Procedure
After receiving the device status information, determine whether it is idle and send instructions only when it is idle. Send the command to query device information:
<? xml version="1.0" encoding="UTF-8"? > <! DOCTYPE plist PUBLIC"- / / Apple Computer / / DTD PLIST / 1.0 / EN""http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Command</key>
<dict>
<key>RequestType</key>
<string>DeviceInformation</string>
<key>Queries</key>
<array>
<string>ModelName</string>
<string>Model</string>
<string>BatteryLevel</string>
<string>DeviceCapacity</string>
<string>AvailableDeviceCapacity</string>
<string>OSVersion</string>
<string>SerialNumber</string>
<string>IMEI</string>
<string>ICCID</string>
<string>MEID</string>
<string>IsSupervised</string>
<string>IsDeviceLocatorServiceEnabled</string>
<string>IsActivationLockEnabled</string>
<string>IsCloudBackupEnabled</string>
<string>WiFiMAC</string>
<string>BluetoothMAC</string>
</array>
</dict>
<key>CommandUUID</key>
<string>f04997b8-aae2-44de-8c8d-8fb838000d0c</string>
</dict>
</plist>
Copy the code
When a Server sends a Command operation, it must contain Command and CommandUUID
The Command must have a RequestType representing the specific Command operation + the operation parameters related to the Command. The preceding command is used to query device information. The array of Queries represents the key of the content to be queried.
CommandUUID indicates that the command ID, when equipment response command operation, Sever can this which is to determine the order, and then do the corresponding data processing.
- After receiving the command, the device returns the corresponding data according to the specified key
<! DOCTYPE plist PUBLIC"- / / / / DTD PLIST Apple 1.0 / / EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0"> <dict> <key>CommandUUID</key> <string>f04997b8-aae2-44de-8c8d-8fb838000d0c</string> <key>QueryResponses</key> <dict> < key > AvailableDeviceCapacity < / key > < real > 19.606937408447266 < / real > < key > BatteryLevel < / key > < real > 0.56000000238418579 < / real > < key > BluetoothMAC < / key > < string > 6 c: 70-9 f: 2 b: 2 sons with < / string > < key > DeviceCapacity < / key > <real>26.413677215576172</real> <key>ICCID</key> <string>8986 0113 7231 0048 6168</string> <key>IMEI</key> <string>35 884805 093285 4</string> <key>IsActivationLockEnabled</key> <false />
<key>IsCloudBackupEnabled</key>
<false />
<key>IsDeviceLocatorServiceEnabled</key>
<false />
<key>IsSupervised</key>
<false />
<key>MEID</key>
<string>35884805093285</string>
<key>Model</key>
<string>ME824CH</string>
<key>ModelName</key>
<string>iPad</string>
<key>OSVersion</key>
<string>9.2.1</string>
<key>SerialNumber</key>
<string>F4KMG0FSFLMM</string>
<key>WiFiMAC</key>
<string>6c:70:9f:2b:46:71</string>
</dict>
<key>Status</key>
<string>Acknowledged</string>
<key>UDID</key>
<string>233deb277d03bd4aaf91108390c7d9fe2c49c8be</string>
</dict>
</plist>
Copy the code
- The server responds, if more operations are required, continue sending the command; otherwise, nothing is returned. The operation is complete and the connection is disconnected.
HTTP/1.1 200 OK Server: apache-coyote /1.1 Content-Length: 0 Date: Wed, 26 Apr 2017 07:34:00 GMTCopy the code
Other Operation Commands
- Query the installed applications of the device
<? xml version="1.0" encoding="UTF-8"? > <! DOCTYPE plist PUBLIC"- / / Apple Computer / / DTD PLIST / 1.0 / EN""http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0"><dict>
<key>Command</key>
<dict>
<key>RequestType</key>
<string>InstalledApplicationList</string>
</dict>
<key>CommandUUID</key>
<string>149e4fd2-0267-4da2-9b58-bf94282dcdb4</string>
</dict>
</plist>
Copy the code
- Device lock screen command
<? xml version="1.0" encoding="UTF-8"? > <! DOCTYPE plist PUBLIC"- / / Apple Computer / / DTD PLIST / 1.0 / EN""http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Command</key>
<dict>
<key>RequestType</key>
<string>DeviceLock</string>
</dict>
<key>CommandUUID</key>
<string>07a6c20e-5e35-4f79-8680-10dee8460099</string>
</dict>
</plist>
Copy the code
- Clear password command
<? xml version="1.0" encoding="UTF-8"? > <! DOCTYPE plist PUBLIC"- / / Apple Computer / / DTD PLIST / 1.0 / EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0"> <dict> <key>Command</key> <dict> <key>RequestType</key> <string>ClearPasscode</string> <key>UnlockToken</key> <data> // Base64 encoded string (UnlockToken field value obtained in TokenUpdate) </data> </dict> <key>CommandUUID</key> <string></string> </dict> </plist>Copy the code
Command request and response formats
- Command request format
<? xml version="1.0" encoding="UTF-8"? > <! DOCTYPE plist PUBLIC"- / / Apple Computer / / DTD PLIST / 1.0 / EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0"> <dict> <key>Command</key> <dict> <key>RequestType</key> <string> Command name </string>... Other fields or parameters (optional), additional key </dict> <key>CommandUUID</key> <string></string> </dict> </plist>Copy the code
- Command response format
<plist version="1.0">
<dict>
<key>CommandUUID</key>
<string>CommandUUID</string>
<key>Status</key>
<string>Acknowledged</string>
<key>UDID</key>
<string>[device UUID]</string>
</dict>
</plist>
Copy the code
Requests and responses from the device are almost fixed, and the only things we can do are requests and responses from the Server.
Reference:
1, the MDM agreement the official document – Mobile Device Management Protocol Reference developer.apple.com/library/con…
2, Configuration description file reference – the Configuration Profile Referencedeveloper.apple.com/library/con…