1 files changed, 15 insertions, 8 deletions

diff --git a/src/lockdown.c b/src/lockdown.c
index c0ea645..2b0ab89 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -890,7 +890,13 @@ static lockdownd_error_t generate_pair_record_plist(const char *udid, char* syst
         key_data_t host_cert = { NULL, 0 };
         key_data_t root_cert = { NULL, 0 };
 
-        ret = lockdownd_gen_pair_cert_for_udid(udid, public_key, &device_cert, &host_cert, &root_cert);
+        userpref_error_t uret = userpref_device_record_get_certs_as_pem(udid, &root_cert, &host_cert, &device_cert);
+        if ((uret == USERPREF_E_SUCCESS) && (root_cert.size > 0) && (host_cert.size > 0) && (device_cert.size > 0)) {
+                ret = LOCKDOWN_E_SUCCESS;
+        }
+
+        if (ret != LOCKDOWN_E_SUCCESS)
+                ret = lockdownd_gen_pair_cert_for_udid(udid, public_key, &device_cert, &host_cert, &root_cert);
         if (ret != LOCKDOWN_E_SUCCESS) {
                 return ret;
         }
@@ -1059,6 +1065,12 @@ static lockdownd_error_t lockdownd_do_pair(lockdownd_client_t client, lockdownd_
                                                 plist_free(escrow_bag);
                                                 escrow_bag = NULL;
                                         }
+
+                                        /* store DeviceCertificate upon successful pairing */
+                                        plist_t devcrt = plist_dict_get_item(dict_record, USERPREF_DEVICE_CERTIFICATE_KEY);
+                                        if (devcrt && plist_get_node_type(devcrt) == PLIST_DATA) {
+                                                userpref_device_record_set_value(client->udid, USERPREF_DEVICE_CERTIFICATE_KEY, plist_copy(devcrt));
+                                        }
                                 }
                         }
                 } else {
@@ -1366,7 +1378,7 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t
                         key_data_t pem_root_cert = { NULL, 0 };
                         key_data_t pem_host_cert = { NULL, 0 };
 
-                        uret = userpref_device_record_get_certs_as_pem(udid, &pem_root_cert, &pem_host_cert);
+                        uret = userpref_device_record_get_certs_as_pem(udid, &pem_root_cert, &pem_host_cert, NULL);
                         if (USERPREF_E_SUCCESS == uret) {
                                 /* copy buffer for output */
                                 membp = BIO_new(BIO_s_mem());
@@ -1505,7 +1517,7 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t
                                         gnutls_datum_t pem_root_cert = { NULL, 0 };
                                         gnutls_datum_t pem_host_cert = { NULL, 0 };
 
-                                        uret = userpref_device_record_get_certs_as_pem(udid, &pem_root_cert, &pem_host_cert);
+                                        uret = userpref_device_record_get_certs_as_pem(udid, &pem_root_cert, &pem_host_cert, NULL);
 
                                         if (USERPREF_E_SUCCESS == uret) {
                                                 /* copy buffer for output */
@@ -1560,11 +1572,6 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t
 
         gnutls_free(der_pub_key.data);
 #endif
-        /* save device cert in config */
-        if (odevice_cert->size) {
-                userpref_device_record_set_value(udid, USERPREF_DEVICE_CERTIFICATE_KEY, plist_new_data((char*)odevice_cert->data, (uint64_t)odevice_cert->size));
-        }
-
         return ret;
 }