这对我来说是一个全新的概念,所以我在黑暗中拍摄。
To create the signature file, make a PKCS #7 detached signature of the manifest file, using the private key associated with your signing certificate. Include the WWDR intermediate certificate as part of the signature. You can download this certificate from Apple’s website. Write the signature to the file signature at the top level of the pass package. Include the date and time that the pass was signed using the S/MIME signing-time attribute.
To create the signature file, make a PKCS #7 detached signature of the manifest file
我将使用 openssl_pkcs7_sign
使用标志 PKCS7_DETACHED
的函数。
using the private key associated with your signing certificate.
我将使用我的 ssl cert.pem
文件的位置作为 signcert
参数和 cert.key
的位置文件作为 privkey
参数。
Include the WWDR intermediate certificate as part of the signature.
我将在 extracerts
参数中包含 WWDR 证书的路径
Include the date and time that the pass was signed using the S/MIME signing-time attribute.
我将包含一个数组,其中包含一个键 signing-time
和 headers 的值类似于
参数。2015-05-03 10:40:00
private function createSignature($dir)
{
$cert = '/etc/ssl/cert.pem';
$key = '/etc/ssl/private/cert.key';
$wwdr = '/location/of/apple/wwdr/cert.cer';
$headers = [
'signing-time' => (new DateTime())->format('o-m-d H:i:s'),
];
return openssl_pkcs7_sign("$dir/manifest.json", "$dir/signature", $cert, $key, $headers, PKCS7_DETACHED, $wwdr);
}
我在 openssl_pkcs7_sign
函数的文档示例中注意到文件的 一些 位置以 file://
为前缀>。这是为什么呢?
Certificates.p12
,无需密码openssl pkcs12 -in Certificates.p12 -clcerts -nokeys -out pass_cert.pem -passin pass:
生成证书openssl pkcs12 -in Certificates.p12 -nocerts -out pass_key.pem -passin pass: -passout pass:YourPassword
生成 key wwdr.pem
创建分离签名的函数:
public function createSignature()
{
$cert = "file://location/of/pass_cert.pem";
$key = "file://location/of/pass_key.pem";
$wwdr = "/location/of/wwdr.pem";
openssl_pkcs7_sign("/location/of/manifest.json", "/location/of/signature",
$cert, [$key, 'YourPassword'], [], PKCS7_BINARY | PKCS7_DETACHED, $wwdr);
// convert pem to der
$signature = file_get_contents("/location/of/signature");
$begin = 'filename="smime.p7s"';
$end = '------';
$signature = substr($signature, strpos($signature, $begin) + strlen($begin));
$signature = substr($signature, 0, strpos($signature, $end));
$signature = trim($signature);
$signature = base64_decode($signature);
file_put_contents("/location/of/signature", $signature);
}
引用资料:
关于php - 使用 PHP 为 Apple Wallet 通行证创建 PKCS #7 分离签名,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37010864/
欢迎光临 OStack程序员社区-中国程序员成长平台 (https://ostack.cn/) | Powered by Discuz! X3.4 |