APNS证书.pem

Question

我正在尝试为苹果推送通知创建服务器端连接。首先，我要求用户(可能是一个ios )提供苹果提供的.cer和.p12文件，以使其成为.pem文件。

下面是.pem证书创建。

$dir =  $this->directory.'/certificates';
$password = 'a_user_password';
$certificate = $dir.'/certificate.cer';
$key_password =  $dir.'/key.p12';

exec('openssl x509 -inform der -in '.$certificate.' -out '.$dir.'/certificate.pem');
exec('openssl pkcs12 -nocerts -out '.$dir.'/key.pem -in '.$key_password.' -passout pass:'.$password.' -passin pass:'.$password);

$filename = $key_password;
$results = array();
$worked = openssl_pkcs12_read(file_get_contents($filename), $results, $obj->password);
if($worked) {
   $current = file_get_contents($dir.'/key.pem');
   $current .= $results['pkey'];
   file_put_contents($dir.'/key.pem', $current);
} else {
   echo openssl_error_string();
}
exec('cat '.$dir.'/certificate.pem '.$dir.'/key.pem > '.$dir.'/apns_certificate.pem');

到现在为止还好。我已经通过以下命令行测试了上面生成的apns_certificate.pem在apple上是否成功：

s_client -connect gateway.sandbox.push.apple.com:2195 -cert certificate.pem -key key.pem

但是，当我试图通过PHP连接apns时，我不能。下面是我尝试过的最后一个php代码，我已经看到，对于其他人来说，它是有效的：

$this->certificate = ROOT.'/certificates/apns_certificate.pem';
$this->socket = 'ssl://gateway.push.apple.com:2195';
if (!file_exists($this->certificate)) {
        $this->error = 'Certificate file not found';
        return false;
    }

    $this->stream_context = stream_context_create();
    $this->stream_options = array(
        'ssl' => array(
            'local_cert' => $this->certificate,
            'passphrase' => 'a_user_password', //same with the one used in my previous code
        )
    );
    $success = stream_context_set_option($this->stream_context, $this->stream_options);
    if ($success == false) {
        $this->error = 'Secure connection failed';
        return false;
    }

    $this->socket_client = stream_socket_client($this->socket, $con_error, $con_error_string, $this->timeout, STREAM_CLIENT_CONNECT, $this->stream_context);

    if ($this->socket_client === false) {
        $this->error = $con_error_string;
        return false;
    } else {
        return true;
    }

上面的代码返回一个错误:警告: stream_socket_client()：SSL操作失败，代码1。OpenSSL错误消息:OpenSSL:14094416:ssl routines:SSL3_READ_BYTES:sslv3警报证书未知警告: stream_socket_client()：无法连接到ssl://gateway.ush.apple.com:2195

提前感谢您的帮助！

Answer 1

以上代码是正确的。认证.p12出现了错误。此外，我还将.p12转换文件的exec更改为：

exec('openssl pkcs12 -out '.$dir.'/key.pem -in '.$key_password.' -passout pass:'.$password.' -passin pass:'.$password.' -nodes');