Merge pull request #99 from u5surf/support_a_pem_with_passphrase

issue-98 support a pem with pass phrase

CONFIGURATION.md

@@ -28,6 +28,7 @@ The configuration for Gaurun has some sections. The example is [here](conf/gauru
 |enabled               |bool  |On/Off for push notication to APNs                    |true      |                               |
 |pem_cert_path         |string|certification file path for APNs                      |          |                               |
 |pem_key_path          |string|secret key file path for APNs                         |          |                               |
+|pem_key_passphrase    |string|secret key file pass phrase for APNs                  |          |                               |
 |sandbox               |bool  |On/Off for sandbox environment                        |true      |                               |
 |retry_max             |int   |maximum retry count for push notication to APNs       |1         |                               |
 |timeout               |int   |timeout for push notification to APNs                 |5         |                               |

cmd/gaurun_recover/gaurun_recover.go

@@ -138,6 +138,7 @@ func main() {
 	APNSClient, err = gaurun.NewApnsClientHttp2(
 		gaurun.ConfGaurun.Ios.PemCertPath,
 		gaurun.ConfGaurun.Ios.PemKeyPath,
+		gaurun.ConfGaurun.Ios.PemKeyPassphrase,
 	)
 	if err != nil {
 		gaurun.LogSetupFatal(err)

gaurun/apns_http2.go

@@ -2,7 +2,11 @@ package gaurun
 
 import (
 	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
+	"encoding/pem"
+	"fmt"
+	"io/ioutil"
 	"net"
 	"net/http"
 	"time"
@@ -37,8 +41,8 @@ func NewTransportHttp2(cert tls.Certificate) (*http.Transport, error) {
 	return transport, nil
 }
 
-func NewApnsClientHttp2(certPath, keyPath string) (*http.Client, error) {
-	cert, err := tls.LoadX509KeyPair(certPath, keyPath)
+func NewApnsClientHttp2(certPath, keyPath, keyPassphrase string) (*http.Client, error) {
+	cert, err := loadX509KeyPairWithPassword(certPath, keyPath, keyPassphrase)
 	if err != nil {
 		return nil, err
 	}
@@ -54,6 +58,34 @@ func NewApnsClientHttp2(certPath, keyPath string) (*http.Client, error) {
 	}, nil
 }
 
+func loadX509KeyPairWithPassword(certPath, keyPath, keyPassphrase string) (tls.Certificate, error) {
+	keyPEMBlock, err := ioutil.ReadFile(keyPath)
+	if err != nil {
+		return tls.Certificate{}, err
+	}
+	if keyPassphrase != "" {
+		pemBlock, _ := pem.Decode(keyPEMBlock)
+		if !x509.IsEncryptedPEMBlock(pemBlock) {
+			err = fmt.Errorf("%s is not encrypted. passphrase is not required", keyPath)
+			return tls.Certificate{}, err
+		}
+		keyPEMBlock, err = x509.DecryptPEMBlock(pemBlock, []byte(keyPassphrase))
+		if err != nil {
+			return tls.Certificate{}, err
+		}
+		keyPEMBlock = pem.EncodeToMemory(&pem.Block{Type: pemBlock.Type, Bytes: keyPEMBlock})
+	}
+	certPEMBlock, err := ioutil.ReadFile(certPath)
+	if err != nil {
+		return tls.Certificate{}, err
+	}
+	cert, err := tls.X509KeyPair(certPEMBlock, keyPEMBlock)
+	if err != nil {
+		return tls.Certificate{}, err
+	}
+	return cert, nil
+}
+
 func NewApnsServiceHttp2(client *http.Client) *push.Service {
 	var host string
 	if ConfGaurun.Ios.Sandbox {

gaurun/client.go

@@ -61,6 +61,7 @@ func InitAPNSClient() error {
 	APNSClient, err = NewApnsClientHttp2(
 		ConfGaurun.Ios.PemCertPath,
 		ConfGaurun.Ios.PemKeyPath,
+		ConfGaurun.Ios.PemKeyPassphrase,
 	)
 	if err != nil {
 		return err

gaurun/conf.go

@@ -41,6 +41,7 @@ type SectionIos struct {
 	Enabled          bool   `toml:"enabled"`
 	PemCertPath      string `toml:"pem_cert_path"`
 	PemKeyPath       string `toml:"pem_key_path"`
+	PemKeyPassphrase string `toml:"pem_key_passphrase"`
 	Sandbox          bool   `toml:"sandbox"`
 	RetryMax         int    `toml:"retry_max"`
 	Timeout          int    `toml:"timeout"`