Which certificate should be used on app Server for waking iOS app using Pushkit and APNS?

Question

I am using Websocket in my iOS app for data transfer. But, since sometimes when the app is suspended in the background, the socket breaks. In that case, I use Voip push to iOS app to wake app up.

//called on appDidFinishLaunching
//register for voip notifications

PKPushRegistry *voipRegistry = [[PKPushRegistry alloc] initWithQueue:dispatch_get_main_queue()];

voipRegistry.desiredPushTypes = [NSSet setWithObject:PKPushTypeVoIP];
voipRegistry.delegate = self;


//delegate methods for `PushKit`
#pragma mark - PushKit Delegate Methods

    - (void)pushRegistry:(PKPushRegistry *)registry didUpdatePushCredentials:(PKPushCredentials *)pushCredentials forType:(PKPushType)type {
        self.myDeviceToken = [[[[pushCredentials token] description] stringByTrimmingCharactersInSet:[NSCharacterSet characterSetWithCharactersInString:@"<>"]] stringByReplacingOccurrencesOfString:@" " withString:@""];
        NSLog(@"voip token: %@", self.myDeviceToken);
    }

    - (void)pushRegistry:(PKPushRegistry *)registry didReceiveIncomingPushWithPayload:(PKPushPayload *)payload forType:(PKPushType)type {

        if (![self socketIsConnected]) {
            [self reconnectSocket];
        }
    }

I send the token received from didUpdatePushCredentials in my Login API request to my app server.

I have the following doubts in my mind and seeking answers for them.

1. Does PushKit require both the APNS certificate and Voip certificate? or just one of them and which one and why?
2. If it requires both the certificates, do I need to keep both the certificates on the app server for sending success pushes to my app?
3. Which certificate should be used on the server side to push notification which would invoke "didReceiveIncomingPushWithPayload" from server side?

Please find below the code on server side :

private ApnsService getService(String appId) {

    synchronized (APP_ID_2_SERVICE_MAP) {

        ApnsService service = APP_ID_2_SERVICE_MAP.get(appId);

        if (service == null) {

            InputStream certificate = getCertificateInputStream(appId);

            if (certificate == null) {

                String errorMessage = "APNS appId unsupported: " + appId;

                LOGGER.error(errorMessage);

                throw new ATRuntimeException(errorMessage);

            }

            boolean useProd = useAPNSProductionDestination();

            if (useProd) {

                LOGGER.info("Using APNS production environment for app " + appId);

                service = APNS.newService().withCert(certificate, CERTIFICATE_PASSWORD).withProductionDestination()

                        .build();

            } else {

                LOGGER.info("Using APNS sandbox environment for app " + appId);

                service = APNS.newService().withCert(certificate, CERTIFICATE_PASSWORD).withSandboxDestination()

                        .build();

            }

            APP_ID_2_SERVICE_MAP.put(appId, service);

        }

        return service;

    }

}

I did following implementation and it failed : 1. Created APNS SSL Service Certificate Sandbox + Production. 2. Sent token received in didUpdatePushCredentials to server. 3. Server used APNS Certificate to send the push. But failed since it could not find any corresponding certificate.

So I am failing at the combination of token to be sent to server and the certificate that would be used on the server to send the push.

Answer 1

It seems like, You're confused about APNS and PushKit

You need to refer the below image first.

.

It clearly states:

Establish connectivity between your notification server, the Apple Push Notification service sandbox, and production environments to deliver remote notifications to your app. When utilizing HTTP/2, the same certificate can be used to deliver app notifications, update ClockKit complication data, and alert background VoIP apps of incoming activity. A separate certificate is required for each app you distribute.

That's means single certificate worked for both.

Question: 1

Does PushKit require both the APNS certificate and VOIP certificate? or just one of them and which one and why?

• The common certificate worked for both.

Question: 2

If it requires both the certificates, do I need to keep both the certificates on the app server for sending success pushes to my app?

• Now, No meaning of this question.

Update: 1

It seems like an issue related to the certificate path. Leave it as of now, You can use below php script use to trigger notification

Push.php

<?php

// Put your device token here (without spaces):


$deviceToken = '1234567890123456789';
//


// Put your private key's passphrase here:
$passphrase = 'ProjectName';

// Put your alert message here:
$message = 'My first silent push notification!';



$ctx = stream_context_create();
stream_context_set_option($ctx, 'ssl', 'local_cert', 'PemFileName.pem');
stream_context_set_option($ctx, 'ssl', 'passphrase', $passphrase);

// Open a connection to the APNS server
$fp = stream_socket_client(
//  'ssl://gateway.push.apple.com:2195', $err,
'ssl://gateway.sandbox.push.apple.com:2195', $err,
$errstr, 60, STREAM_CLIENT_CONNECT|STREAM_CLIENT_PERSISTENT, $ctx);

if (!$fp)
exit("Failed to connect: $err $errstr" . PHP_EOL);

echo 'Connected to APNS' . PHP_EOL;

// Create the payload body

$body['aps'] = array(
'content-available'=> 1,
'alert' => $message,
'sound' => 'default',
'badge' => 0,
);



// Encode the payload as JSON

$payload = json_encode($body);

// Build the binary notification
$msg = chr(0) . pack('n', 32) . pack('H*', $deviceToken) . pack('n', strlen($payload)) . $payload;

// Send it to the server
$result = fwrite($fp, $msg, strlen($msg));

if (!$result)
echo 'Message not delivered' . PHP_EOL;
else
echo 'Message successfully delivered' . PHP_EOL;

// Close the connection to the server
fclose($fp);

You can trigger push by using php push.php command