Shell script which makes ck.pem file for iOS push notification automatically :)

pushNotifCertificate.sh

# Check option
isUsePassword=0
isDev=0
while getopts pd OPT
do
  case $OPT in
    p)
      isUsePassword=1 ;;
    d)
      isDev=1 ;;
    \?)
      exit 1
  esac
done

shift `expr $OPTIND - 1`

# Check arguments
if [ $# -ne 2 ]; then
  echo "[Error]: 2 arguments are necessary."
  echo "[Help]: ./pushCertificate.sh [-d (Sandbox)(option)] [-p (With password)(option)] [aps.cer file] [private_key.p12 file]"
  exit 1
fi

# Make certificate

certificate=$1
privateKey=$2

fileName="ck.pem"
certPem="PushNotifCert.pem"
privateKeyPem="PushNotifKey.pem"
publicKeyPem="PushNotifPubKey.pem"
pemPassword="1111"

openssl x509 -in $certificate -inform der -out $certPem || exit 1

if [ $isUsePassword = 1 ]; then
  echo "Alter $privateKey to PrivateKey.pem file..."
  openssl pkcs12 -nocerts -out $privateKeyPem -in $privateKey
  if [ $? = 1 ]; then
    echo "[Error]: Invalid password."
    [ -e $certPem ] && rm $certPem
    [ -e $privateKeyPem ] && rm $privateKeyPem
    exit 1
  fi
  cat $certPem $privateKeyPem > $fileName
  echo "Created certificate file!"
else
  printf "Enter Password:"
  read password

  expect -c "
  log_user 0
  set timeout 1
  spawn openssl pkcs12 -nocerts -out $privateKeyPem -in $privateKey
  expect \"Password:\"
  send \"${password}\n\"
  expect \"Mac verify error: invalid password?\" {
    exit 1
  }
  "

  if [ $? = 1 ]; then
    echo "[Error]: Invalid password."
    [ -e $certPem ] && rm $certPem
    [ -e $privateKeyPem ] && rm $privateKeyPem
    exit 1
  fi

  printf "Alter $privateKey to PrivateKey.pem file..."
  expect -c "
  log_user 0
  spawn openssl pkcs12 -nocerts -out $privateKeyPem -in $privateKey
  expect \"Password:\"
  send \"${password}\n\"
  expect \"Enter PEM pass phrase:\"
  send \"${pemPassword}\n\"
  expect \"Verifying - Enter PEM pass phrase:\"
  send \"${pemPassword}\n\"
  expect \"Mac verify error: invalid password?\"
  exit 1
  "

  # echo "Remove password of PrivateKey.pem"
  expect -c "
  log_user 0
  set timeout 1
  spawn openssl rsa -in $privateKeyPem -out $publicKeyPem
  expect \"${privateKeyPem}:\"
  send \"${pemPassword}\n\"
  expect \"Mac verify error: invalid password?\"
  exit 1
  "

  if [ $? = 0 ]; then
    echo "[Error]: Invalid password."
    [ -e $certPem ] && rm $certPem
    [ -e $privateKeyPem ] && rm $privateKeyPem
    [ -e $publicKeyPem ] && rm $publicKeyPem
    exit 1
  fi

  echo "done"

  printf "Create certificate file..."
  cat $certPem $publicKeyPem > $fileName
  rm $privateKeyPem
  mv $publicKeyPem $privateKeyPem
  echo "done"
fi

# Test
if [ $isDev = 1 ]; then
  server="gateway.sandbox.push.apple.com:2195"
else
  server="gateway.push.apple.com:2195"
fi
printf "Connection test..."
expect -c "
log_user 0
set timeout 0.5
spawn openssl s_client -connect $server -cert $certPem -key $privateKeyPem
expect -timeout 10 \"CONNECTED\"
expect -timeout 10 \"Verify return code: 0 (ok)\"
expect \"closed\" {
  exit 1
}
exit 0
"

if [ $? = 1 ]; then
  echo "[NG]"
  rm $certPem
  rm $privateKeyPem
  rm $fileName
  exit 1
fi

echo "[OK]"

rm $certPem
rm $privateKeyPem

echo "Completed!!"


############################
<< HOW_TO_USE
Usage:
$ ./pushCertificate.sh aps.cer privateKey.p12
Enter Password:  <- Enter privateKey.p12's password. "That's it!!"
...(create)...
...(test)...
Completed!!
$
Option:
-d
  Use 'gateway.sandbox.push.apple.com:2195' to connection test.
  (default: gateway.push.apple.com:2195)
  $ ./pushCertificate.sh -d aps_dev.cer privateKey.p12
-p
  Set password to ck.pem
  $ ./pushCertificate.sh -p aps.cer privateKey.p12
HOW_TO_USE