[aerogear-dev] iOS Passphrases for UPS

Bruno Oliveira bruno at abstractj.org
Mon Mar 10 18:38:30 EDT 2014 

Ahoy, answers inline.

--  
abstractj

On March 10, 2014 at 6:01:33 PM, Matthias Wessendorf (matzew at apache.org) wrote:
> Ahoy!
>  
>  
> On Mon, Mar 10, 2014 at 9:49 PM, Bruno Oliveira wrote:
>  
> > Good morning guys, for this issue
> > https://issues.jboss.org/browse/AGPUSH-358. I was revisiting the whole
> > UPS code and thinking about include two fields for iOSVariant class: skey
> > (secret key) and pKey (public key). What's the idea?
> >
> > 1. Each application has its own key pair
> >
>  
> each of the PushApplication constructs/objects on the UPS ?

Yes if that makes sense to the others like Android variants. And no if we just want to use it with iOSVariant, into this case that would apply only for iOS applications.

>  
>  
> > 2. Before the addition of the iOS variant, the client sends a request
> > asking for the public keys
> >
>  
> "the client" ? Is that the AdminUI (or the relevant HTTP Rest code), when
> someone clicks "Add new Variant” ?

Whatever REST consumer we have or the service.

>  
>  
>  
> > 3. The server sends an HTTP response with the public key for encryption
> > 4. The client make use of the public key to encrypt the certificate + the
> > passphrase
> > 5. Server stores it encrypted
> > 6. When necessary to send push messages, the server make use of the
> > private key to decrypt that data and send fancy messages.
> >
>  
> Now, when a (JavaEE) application is sending a request for push messages to
> the UPS (which than internally makes use of the private key to decrypt that
> data and send fancy messages to Apple), the HTTP RestEndpoint requires a
> new argument (the public key) to be allowed to submit these "requests” ?

On the client side, after the public key retrieval you don’t need to add new parameters. As Sebastien mentioned it would remain unchanged.

Currently:

curl -3 -v -b cookies.txt -c cookies.txt
  -i -H "Accept: application/json" -H "Content-type: multipart/form-data"
  -F "certificate=@/Users/matzew/Desktop/MyProdCert.p12"
  -F "passphrase=TopSecret"
  -F "production=true"  // make sure you have Production certificate and Provisioning Profile

  -X POST https://SERVER:PORT/CONTEXT/rest/applications/{pushApplicationID}/iOS


Proposed:


curl -3 -v -b cookies.txt -c cookies.txt
  -i -H "Accept: application/json" -H "Content-type: multipart/form-data"
  -F "certificate=@/Users/matzew/Desktop/encrypted-cert.blah"
  -F “passphrase=schwarzenegger"
  -F "production=true"  // make sure you have Production certificate and Provisioning Profile

  -X POST https://SERVER:PORT/CONTEXT/rest/applications/{pushApplicationID}/iOS

Where encrypted-cert.blah and “Schwarzenegger” are encrypted data.

Makes sense?

>  
>  
> >
> > Does it make sense to you?
> >
>  
> Somewhat - not sure I fully understood :)
>  
>  
> >
> > --
> > abstractj
> >
> > JBoss, a division of Red Hat
> >
> >
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>  
>  
>  
>  
> --
> Matthias Wessendorf
>  
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

More information about the aerogear-dev mailing list