Skip to content

Improve comments and README.md. #81

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 8, 2021
Merged

Improve comments and README.md. #81

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ tags
*.p12
*.key
certs
certs.bak
*.env

# Ignore binary
Expand All @@ -57,5 +58,7 @@ node_modules
index.html

# Ignore config.json
cmd/renew_apple_cert/convert_cert/config/**
cmd/renew_apple_cert/convert_cert/config.json
cmd/renew_apple_cert/create_csr/config.json
cmd/renew_apple_cert/create_csr/config/**
cmd/renew_apple_cert/create_csr/config.json
10 changes: 5 additions & 5 deletions cmd/renew_apple_cert/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Automate steps for certificate creation or renewal for apple push notification s

### Result:
2 scripts, 2 manual steps:
1. scripted creation of CSR via create_csr.go
1. scripted creation of CSR via create_csr/main.go
2. manual upload of generated `certs/csr/*.csr` file
3. manual download of signed `aps.cer` file from apple portal
4. scripted extraction + conversion from `aps.cer` to `certs/converted/*_priv.pem` to be then usable for mattermost-push-proxy
Expand All @@ -17,16 +17,16 @@ Automate steps for certificate creation or renewal for apple push notification s
### Prerequisites:
```bash
$ openssl version
OpenSSL 1.1.1 11 Sep 2018
OpenSSL 1.1.1f 31 Mar 2020
```

### Steps
1. `$ cd cmd/renew_apple_cert/create_csr`
2. `$ cp config.sample.json config.json`
3. Fill in input information in `config.json`
4. `$ go run create_csr.go`
3. Fill in input information in `config/config.json`
4. `$ go run .`
5. Follow https://developers.mattermost.com/contribute/mobile/push-notifications/ios/ to upload the Certificate Signing Request *.csr generated by the script
6. Download the `aps.cer` from the apple portal and put it in `certs/downloaded/aps.cer`\
7. `$ cd ../convert_cert`
8. `$ go run convert_certificate.go`
8. `$ go run .`
9. Use `certs/converted/*_priv.pem` in the push proxy configuration as described [here](https://developers.mattermost.com/contribute/mobile/push-notifications/service/#set-up-mattermost-push-notification-service-to-send-ios-push-notifications)
13 changes: 8 additions & 5 deletions cmd/renew_apple_cert/convert_cert/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ func createDirs(dir string) error {
}

func convertCerToPem(dirDownloaded, dirConverted string) error {
// openssl x509 -inform=der -in=certs/downloaded/aps.cer -outform=pem -out=certs/converted/aps.pem
// openssl x509 -inform=der -in=certs/mattermost/downloaded/aps.cer -outform=pem -out=certs/mattermost/converted/aps.pem
cmd := exec.Command("openssl", "x509",
"-inform=der",
"-in="+path.Join(dirDownloaded, apsCer),
Expand All @@ -94,7 +94,7 @@ func convertCerToPem(dirDownloaded, dirConverted string) error {
}

func convertPemToP12(dirCSR, dirConverted, app string) error {
// openssl pkcs12 -export -inkey=certs/csr/mattermost.key -in=certs/converted/aps.pem -out=certs/converted/aps.p12 -clcerts -passout=pass:
// openssl pkcs12 -export -inkey=certs/mattermost/csr/mattermost.key -in=certs/mattermost/converted/aps.pem -out=certs/mattermost/converted/aps.p12 -clcerts -passout=pass:
cmd := exec.Command("openssl", "pkcs12",
"-export",
"-inkey="+path.Join(dirCSR, app+".key"),
Expand All @@ -111,7 +111,7 @@ func convertPemToP12(dirCSR, dirConverted, app string) error {
}

func extractPrivateKey(dirConverted, app string) error {
// openssl pkcs12 -in=certs/converted/aps.p12 -out=certs/converted/classic_priv.pem -nodes -clcerts -passin=pass:
// openssl pkcs12 -in=certs/mattermost/converted/aps.p12 -out=certs/mattermost/mattermost/converted/classic_priv.pem -nodes -clcerts -passin=pass:
cmd := exec.Command("openssl", "pkcs12",
"-in="+path.Join(dirConverted, apsP12),
"-out="+path.Join(dirConverted, app+"_priv.pem"),
Expand All @@ -127,7 +127,7 @@ func extractPrivateKey(dirConverted, app string) error {
}

func verify(dirConverted, app, gateway string) error {
// openssl s_client -connect=gateway.push.apple.com:2195 -cert=certs/converted/aps.pem -key=certs/converted/classic_priv.pem
// openssl s_client -connect=gateway.push.apple.com:2195 -cert=certs/mattermost/mattermost/converted/aps.pem -key=certs/mattermost/mattermost/converted/classic_priv.pem
cmd := exec.Command("openssl", "s_client",
"-connect="+gateway,
"-cert="+path.Join(dirConverted, apsPem),
Expand All @@ -145,6 +145,9 @@ func execCommand(cmd *exec.Cmd) error {
if err != nil {
return fmt.Errorf("%s: %w", string(buf), err)
}
log.Printf("Result: %s\n" + string(buf))
if len(buf) == 0 {
return nil
}
log.Printf("Result: %s\n", string(buf))
return nil
}