【iMessage Apple group sending technology open source original】

【Apple mass iMessage Apple push】The album recommends two versions of Development and Production APS_DEVELINMENT.CER SSL certificate files

【iMessage Frequent Sending Software Apple Group Sending Technology Open Source Original】

When APNs sends a notification to an offline device, APNs stores the notification (for a certain period of time) and delivers it to the device when the device comes online. ("IOEthernetInterface"); kr = IOServiceGetMatchingServices(kIOMasterPortDefault, matchDict,

Apple has disabled the SSL3.0 connection method on the server side due to bug reasons. Currently only TLS connections are supported.

Then connect again, this time using our SSL certificate and private key to configure a secure connection:

1. If the machine corresponding to the deviceToken is offline on the APNS server when pushing, Apple will retain the push information for "a period of time." When the machine comes back online, push information to the machine. If the machine is offline for a long time, Apple will discard the message. This "period of time" does not explicitly say how long it lasts, and it is not known whether Apple has dynamically adjusted this time under different circumstances, so it is impossible to predict the impact of this time on the information loss situation.

2. For continuous push, for offline devices, Apple will always only store the latest message, and the previous message will be discarded.

3． When there are multiple push tasks, Apple recommends using a single connection to send continuously instead of repeatedly switching connections, otherwise it will be rejected by Apple as a D-O-S attack. If there are multiple servers, they can connect to APNS concurrently and allocate push tasks, so that the tasks can be performed more efficiently.

4． When sending multiple push tasks, if one of them uses the wrong deviceToken, the connection will be disconnected, causing the subsequent push tasks to stop executing. Apple regularly notifies the provider of the invalid deviceToken list through a service called "The Feedback Service". How to use this service is detailed in Apple's official documentation. There is an attached link below. import uuid

mac_address = uuid.UUID(int=uuid.getnode()).hex[-12:].upper()

mac_address = '-'.join([mac_address[i:i+2] for i in range(0, 11, 2)])

print(mac_address) The apns device token corresponding to the Development and Production versions is different. The former is obtained under the mobileprovision of develop. The latter is obtained from production's mobileprovision.

The two versions of Development and Production can share an App ID (not recommended. When sharing, you must delete the app on the device before each debugging, and repackage and generate it. And sharing the app ID will often make you crazy. If you go in the morning, it will be gone in the afternoon. . So not recommended), but you cannot share a mobileprovision, so you need to generate a separate Distribution certificate for the production version.

Note: The Distribution version cannot be debugged on the device!

The code signs of the Development and Production versions are different. The former is iPhone Developer and the latter is iPhone Distribution. Detail can't be mistaken. function checkGit (str, logMsg) {

if (!(

 ['error', 'failed', 'git rebase --abort', 'git rebase --continue'].every(item => str.indexOf(item) === -1)

)) {

 fs.writeFileSync(logFile, logMsg)

 process.exit()

}

}

Both Development Push SSLCertificate and Production Push SSL Certificate have expiration dates. The Development Push SSL Certificate is valid for about four months (later it seems to have been changed to one year), while the ProductionPush SSL Certificate is valid for one year. It is necessary to pay attention to generating a new certificate before expiration to avoid affecting use. The official website can set two at the same time. When the first one is about to expire, generate the second one, then replace the server certificate, and delete the first certificate setting after the second one has been used for a week without problems.

openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in apns-dev-cert.p12

openssl pkcs12 -nocerts -out apns-dev-key.pem -in apns-dev-cert.p12

openssl rsa -in apns-dev-key.pem -out apns-dev-key-noenc.pem

cat apns-dev-cert.pem apns-dev-key-noenc.pem > apns-dev.pem

Generate an Apple Push Notification SSL license on your Mac:

1. Log in to the iPhone Developer Connection Portal and click App IDs

2. Create an App ID without using wildcards. Wildcard IDs cannot be used with push notification services. For example, our iPhone program ID looks like this: AB123346CD.

3. Click "Configure" next to the App ID and press the button to generate Push Notification License. Follow the steps guided by the "leader" to generate a signature and upload it, and finally download the generated license. This step is also covered in Apple documentation.

4. Introduce your aps_developer_identity.cer into Keychain by double-clicking the .cer file.

5. Start Keychain Assistant on your Mac, and then select the Certificates category when logging in to keychain. You will see an expandable option "Apple Development Push Services"

6. Expand this option and right-click on “Apple Development Push Services” > Export “Apple Development Push Services ID123”. Save as apns-dev-cert.p12 file.

7. Expand "Apple Development Push Services" and perform the same operations on "Private Key" and save it as apns-dev-key.p12 file.

8. These files need to be converted to PEM format through terminal commands:

openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in apns-dev-cert.p12

1. Convert the pem to obtain the key:

openssl pkcs12 -nocerts -out apns-dev-key.pem -in apns-dev-cert.p12

1. If you want to remove the password, either disable it or execute it when exporting/converting:

openssl rsa -in apns-dev-key.pem -out apns-dev-key-noenc.pem

1. Finally, you need to break down the key and license files into the apns-dev.pem file. This file is required when connecting to APNS:

cat apns-dev-cert.pem apns-dev-key-noenc.pem > apns-dev.pem

Save this file with a name that's easy to remember and you'll probably need to use it later. The above steps are also suitable for generating product licenses.

Ways to check whether the certificate is accurate:

Connected to gateway.sandbox.push-apple.com.akadns.net.

Escape character is ‘^]’

It will attempt to send a regular, unencrypted connection to the APNS service. If you see the above response, it means that your MAC can reach APNS. Press Ctrl+C to close the connection. If you get an error message, then you need to make sure your firewall allows port 2195.