SSL

Incoming

  • dehydrated - letsencrypt/acme client implemented as a shell-script – just add water https://dehydrated.de
  • getssl - obtain free SSL certificates from letsencrypt ACME server Suitable for automating the process on remote servers.
  • acme.sh - A pure Unix shell script implementing ACME client protocol https://acme.sh

Check SSL certificate expiration

Source

1
openssl x509 -enddate -noout -in file.pem

Convert p12 to pem file (Useful for APN certificates)

1
openssl pkcs12 -in apns-dev-cert.p12 -out apns-dev-cert.pem -nodes -clcerts

How to test pem key

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
import json
import logging
import os
import socket
import ssl
import struct
import sys
import time
import uuid
import argparse

APNS_HOST = 'gateway.push.apple.com'
APNS_HOST_SANDBOX = 'gateway.sandbox.push.apple.com'
APNS_PORT = 2195

APNS_ERRORS = {
    1:'Processing error',
    2:'Missing device token',
    3:'missing topic',
    4:'missing payload',
    5:'invalid token size',
    6:'invalid topic size',
    7:'invalid payload size',
    8:'invalid token',
    255:'Unknown'
}

def push(cert_path, device, sandbox):
    if not os.path.exists(cert_path):
        logging.error("Invalid certificate path: %s" % cert_path)
        sys.exit(1)

    device = device.decode('hex')
    expiry = time.time() + 3600

    try:
        sock = ssl.wrap_socket(
            socket.socket(socket.AF_INET, socket.SOCK_STREAM),
            certfile=cert_path
        )
        host = APNS_HOST_SANDBOX if sandbox else APNS_HOST
        sock.connect((host, APNS_PORT))
        sock.settimeout(1)
    except Exception as e:
        logging.error("Failed to connect: %s" % e)
        sys.exit(1)

    logging.info("Connected to APNS\n")

    for ident in range(1,4):
        logging.info("Sending %d of 3 push notifications" % ident)

        payload = json.dumps({
            'aps': {
                'alert': 'Push Test %d: %s' % (ident, str(uuid.uuid4())[:8])
            }
        })

        items = [1, ident, expiry, 32, device, len(payload), payload]

        try:
            sent = sock.write(struct.pack('!BIIH32sH%ds'%len(payload), *items))
            if sent:
                logging.info("Message sent\n")
            else:
                logging.error("Unable to send message\n")
        except socket.error as e:
            logging.error("Socket write error: %s", e)

        # If there was an error sending, we will get a response on socket
        try:
            response = sock.read(6)
            command, status, failed_ident = struct.unpack('!BBI',response[:6])
            logging.info("APNS Error: %s\n", APNS_ERRORS.get(status))
            sys.exit(1)
        except socket.timeout:
            pass
        except ssl.SSLError:
            pass

    sock.close()

if __name__ == '__main__':
    parser = argparse.ArgumentParser(description="Send test APNS notifications to device using cert")
    parser.add_argument("certificate", help="Push certificate")
    parser.add_argument("device_id", help="Device ID")
    parser.add_argument("-s", "--sandbox", action="store_true", help="Use APNS sandbox environment")
    args = parser.parse_args()

    logging.basicConfig(level=logging.INFO)
    push(args.certificate, args.device_id, args.sandbox)
    logging.info("Complete\n")

Articles

Comments

⬆︎TOP