Created
March 28, 2016 13:25
-
-
Save makeev/34c0976fb8171422a6fa to your computer and use it in GitHub Desktop.
Creating a PKCS #7 detached signature of the manifest file for safari push package in python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import M2Crypto | |
| def main(): | |
| manifest_path = 'path/to/manifest.json' | |
| signature_path = 'path/to/signature' | |
| # to convert .cer to .pem | |
| # openssl x509 -inform der -in certificate.cer -out certificate.pem | |
| # to combine certificate and key | |
| # cat PushChatCert.pem PushChatKey.pem > ck.pem | |
| # or load key and cert from different files | |
| # signer.load_key('key.pem', 'cert.pem', lambda x: 'swordfish') | |
| ck = 'certificate/and/key/file/ck.pem' | |
| inter_cert = 'AppleWWDRCA.pem' # apple WWDR intermeditate certificate | |
| password = "private key password" | |
| signer = M2Crypto.SMIME.SMIME() | |
| signer.load_key(ck, None, lambda x: password) | |
| # https://developer.apple.com/support/certificates/expiration/ | |
| intermideate_cert = M2Crypto.X509.load_cert(inter_cert) | |
| stack = M2Crypto.X509.X509_Stack() | |
| stack.push(intermideate_cert) | |
| signer.set_x509_stack(stack) | |
| data_bio = M2Crypto.BIO.openfile(manifest_path) | |
| p7 = signer.sign(data_bio, flags=M2Crypto.SMIME.PKCS7_BINARY | M2Crypto.SMIME.PKCS7_DETACHED) | |
| out = M2Crypto.BIO.MemoryBuffer() | |
| p7.write_der(out) | |
| signature = out.getvalue() | |
| f = open(signature_path, 'w+') | |
| f.write(signature) | |
| f.close() | |
| if __name__ == "__main__": | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment