From 5a421cabf1d6ee7b16c3a79dae4dc95c0a9b6c69 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 25 Sep 2023 13:29:50 -0600
Subject: [PATCH 1/2] 1.0.6 multi ssid and non-exportable macos certs

---
 scripts/automation/Radius/Changelog.md             | 14 ++++++++++++++
 scripts/automation/Radius/Config.ps1               |  6 +++---
 .../Functions/Public/Distribute-UserCerts.ps1      |  8 ++++----
 3 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/scripts/automation/Radius/Changelog.md b/scripts/automation/Radius/Changelog.md
index 9042b4258..892edc42d 100644
--- a/scripts/automation/Radius/Changelog.md
+++ b/scripts/automation/Radius/Changelog.md
@@ -1,5 +1,19 @@
 ## 1.0.5
 
+Release Date: September 25, 2023
+
+#### RELEASE NOTES
+
+```
+Certificates distributed to macOS device are now imported using the -x flag to prevent them from being exported.
+```
+
+#### Bug Fixes:
+
+- For users with multiple SSIDs where one SSID has a space in the name, previous versions of the script could not account for this. This version addresses this change by passing text with a ';' delimiter rather than a space.
+
+## 1.0.5
+
 Release Date: July 20, 2023
 
 #### RELEASE NOTES
diff --git a/scripts/automation/Radius/Config.ps1 b/scripts/automation/Radius/Config.ps1
index a141a4064..6b4d943fc 100644
--- a/scripts/automation/Radius/Config.ps1
+++ b/scripts/automation/Radius/Config.ps1
@@ -9,8 +9,8 @@ $JCUSERCERTPASS = 'secret1234!'
 # USER CERT Validity Length (days)
 $JCUSERCERTVALIDITY = 90
 # List Of Radius Network SSID(s)
-# For Multiple SSIDs enter as a single string seperated by spaces ex:
-# "CorpNetwork_Denver CorpNetwork_Boulder"
+# For Multiple SSIDs enter as a single string seperated by a semicolon  ex:
+# "CorpNetwork_Denver;CorpNetwork_Boulder;CorpNetwork_Boulder 5G;Guest Network"
 $NETWORKSSID = "YOUR_SSID"
 # OpenSSLBinary by default this is (openssl)
 # NOTE: If openssl does not work, try using the full path to the openssl file
@@ -37,7 +37,7 @@ $CertType = "UsernameCn"
 # Do not modify below
 ################################################################################
 
-$UserAgent_ModuleVersion = '1.0.5'
+$UserAgent_ModuleVersion = '1.0.6'
 $UserAgent_ModuleName = 'PasswordlessRadiusConfig'
 #Build the UserAgent string
 $UserAgent_ModuleName = "JumpCloud_$($UserAgent_ModuleName).PowerShellModule"
diff --git a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
index 7957c83f1..c2d698df3 100644
--- a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
@@ -163,7 +163,7 @@ if [[ `$currentUser ==  $($user.localUsername) ]]; then
     fi
 
     if [[ `$import == true ]]; then
-        /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security import /tmp/$($user.userName)-client-signed.pfx -k /Users/$($user.localUsername)/Library/Keychains/login.keychain -P $JCUSERCERTPASS -T "/System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient"
+        /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security import /tmp/$($user.userName)-client-signed.pfx -x -k /Users/$($user.localUsername)/Library/Keychains/login.keychain -P $JCUSERCERTPASS -T "/System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient"
         if [[ `$? -eq 0 ]]; then
             echo "Import Success"
             # get the SHA hash of the newly imported cert
@@ -181,8 +181,9 @@ if [[ `$currentUser ==  $($user.localUsername) ]]; then
     fi
 
     # check if the cert secruity preference is set:
-    for i in `${networkSsid[@]}; do
-        echo "begin sertting network SSID: `$i security certificate"
+    IFS=';' read -ra network <<< "`$networkSsid"
+    for i in "`${network[@]}"; do
+        echo "begin setting network SSID: `$i"
         if /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security get-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"; then
             echo "it was already set"
         else
@@ -196,7 +197,6 @@ if [[ `$currentUser ==  $($user.localUsername) ]]; then
         fi
     done
 
-
     # print results
     echo "################## Cert Install Results ##################"
     echo "Installed Cert SN: `$installedCertSN"

From 51878de49899fb57f9a41c97de151a40d41dc39b Mon Sep 17 00:00:00 2001
From: Joe Workman <54448601+jworkmanjc@users.noreply.github.com>
Date: Tue, 26 Sep 2023 10:19:35 -0600
Subject: [PATCH 2/2] Update scripts/automation/Radius/Changelog.md

---
 scripts/automation/Radius/Changelog.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Changelog.md b/scripts/automation/Radius/Changelog.md
index 892edc42d..102653a21 100644
--- a/scripts/automation/Radius/Changelog.md
+++ b/scripts/automation/Radius/Changelog.md
@@ -1,4 +1,4 @@
-## 1.0.5
+## 1.0.6
 
 Release Date: September 25, 2023