APNS details

Source: Internet
Author: User
Tags key string ssl certificate ssl connection

We recommend that you call registerForRemoteNotificationTypes every time the program starts to obtain the device-related tokens instead of caching the tokens.

This is because if the user reinstalls iOS or the user changes the device and restores the program to back up to a new device, the token value will be different.


When iOS receives a remote message,

If the application isn' t running in the foreground, iOS will process the message. For example, a box is displayed and a red number is displayed on the application icon.
Then, if you click the dialog box to enter the program, iOS starts the program and calls application: didfinishlaunchingwitexceptions and uses the payload of the Remote Message to transmit parameters.
If the user directly clicks the app icon to enter the program, iOS will start the program and call application: didfinishlaunchingwitexceptions, but no information about remote messages will be sent.

If the application is running in the foreground, application: didReceiveRemoteNotification is called.

The IOS device persistently connects to APNs to receive remote messages.

The provider sends a message to APNs and then sends the message to the target IOS device. (This transmission is unidirectional .)
The message contains two parts: Device token and payload.

Feedback service --
Sometimes APNs sends a message to a program (bundle identifier) on a device (token) but the device does not have this program. After multiple times, APNs notifies the provider, a feedback service is connected through it ).
The feedback service maintains a list of invalid devices for each program. The provider should obtain this list to stop sending remote messages to a program destined for these devices to APNs.

APNs security architecture --
The provider needs a valid certificate to connect to APNs (This certificate has the Bundle identifier information of the target program ).
After connecting to APNs, the message sent by the provider to APNs carries the device token (the target program connects to the provider and sends the token). APNs then finds the target device, then, check that the target program on the target device receives the pushed certificate. APNs verifies that the message sent to the target program on the target device is valid.

Note: Remote messages are unreliable.

---------------------------------------- ▲Provider -------------------------------------------
Payload --
Up to 256 bytes.

Localized alert:
Eg: "alert": {"loc-key": "GAME_PLAY_REQUEST_FORMAT", "loc-args": ["Jenna", "Frank"]},
The localized strings in the package are as follows:
"GAME_PLAY_REQUEST_FORMAT" = "% @ and % @ have invited you to play Monopoly ";
In this way, the character string that shows alert is:
"Jenna and Frank have invited you to play Monopoly"

A complete example of JSON Payload (it is recommended to remove white spaces for performance)
"Aps ":
"Alert": "Message received ed from Bob ",
"Badge": 5,
"Sound": "bingbong. aiff"
"MyCustomData": ["bang", "bang, bang, bang"],
"MyCustomData2": 42

---------------------------------------- ▲Deployment -------------------------------------------
To deploy the provider client/server program, you need an SSL certificate from Apple. The provider certificate.
The provider certificate corresponds to a specific iOS Application (Bundle identifier ).
At the same time, the provider certificate is divided into development and testing and product versions, corresponding to two APNs environments:
Sandbox (Development): Available for simulator testing. The address is gateway.sandbox.push.apple.com: TCP 2195.
Production (Distribution): gateway.push.apple.com: TCP 2195
At The same time, provision profile also corresponds to two versions: Development and Distribution. (the Distribution provision profile is a requirement for submitting your application to The App Store .)

In xcode, you can check the iOS application environment: check the code-signing identity in the compilation options. If the "iPhone Developer: Firstname Lastname" certificate matches the provisioning profile, it indicates the sandbox environment. If the "iPhone Distribution: Companyname" certificate matches the provision profile, it indicates the production environment. It would be a good idea to configure the certificate of the code-signing identity option based on release and debug respectively.

Note: Although the SSL certificate (that is, the provider certificate) is not placed in the providion profile of the iOS application, whether the ios application supports Remote Message push depends on the profile, profile contains the developer certificate, device ID, application ID (Bundle identifier), "whether to push" (configured when the certificate is configured on the Apple Developer website), and other information. (The provisioning profile is a collection of assets that associates developers of an application and their devices with an authorized development team and enables those devices to be used for testing. the profile contains certificates, device identifiers, the application's bundle ID, and all entitlement, including <aps-environment> .)
Open in text *. mobileprovision, which is similar to the xml format. <key> Entitlements </key> contains <key> aps-environment </key>, which indicates that remote message pushing is supported, <key> aps-environment </key> <string> indicates whether to debug or release the version (corresponding to the Sandbox environment and the Production environment ).

● Install the certificate to the server
You should install the SSL certificate and private key on the server where your provider program runs.
The procedure is as follows:
0. Key string for installing the certificate to mac.
1. Open the key string and click my certificate bar on the left panel.
2. Find the SSL certificate and expand to view the certificate and private key.
3. Select the certificate and private key, and export it as "personal information Interchange File"-that is, the file with the extension p12.
4. It is recommended that the provider server program use Ruby and Perl languages to conveniently process certificates in "personal information interchange files. On mac, open the terminal and enter the following command to convert the certificate to a format that is easy to communicate:
Openssl pkcs12-in CertificateName. p12-out CertificateName. pem-nodes
5. Copy the pem file to the server and install it to a proper location.

---------------------------------------- ▲Provider and APNs connection ----------------------------------------
● What do providers need before connecting to APNs?
The connection interfaces provided by APNs are binary, streaming TCP socket, and asynchronous.
The Production environment is through gateway.push.apple.com: 2195, and the Development environment is gateway.sandbox.push.apple.com: 2195.
Provider can establish multiple connections with APNs. Each user must use TLS (or SSL) to establish a secure channel. The SSL certificate is required (that is, the SSL certificate used by the provider to connect to APNs ).
Note to establish a TLS session with APNs, you must install the Entrust Secure CA root certificate on the provider server. Moa OS X is installed by default. If it is not installed on other systems, you can download the installation root certificate from the website of Entrust SSL Certificates at http://www.entrust.net.

● Message sending binary interface and message packet format
The message must be in the network byte order (that is, the large tail order). The payload part of the message cannot exceed 256 bytes and cannot end with '\ 0.

For The message format, see The "The Binary Interface and Notification Formats" section.

● The Feedback Service
The feedback service contains a list of devices corresponding to an iOS application (devices are identified by device tokens in binary format ). -- These devices cannot receive messages from APNs for various reasons.
The Provider should regularly query this list and make corresponding processing, for example, stop sending messages to these devices.

The provider accesses the feedback server through a binary interface similar to sending messages.
The Production environment uses feedback.push.apple.com: 2196 to establish a connection, and the Development uses feedback.sandbox.push.apple.com: 2196.

The feedback service and the send message are different service interfaces (but both belong to APNs). Their connection methods are the same as those for sending messages. You also need to establish an SSL connection through the certificate. After the connection, you do not need to send any command to directly start reading the stream until it has been read, and then the provider will parse the data to be read.

Data is composed of multiple such formats:
| Four-byte time | 2-byte token | 32-byte device token |
About "four-byte time": the Provider needs to determine whether the iOS application of the corresponding device has re-sent the device token obtained by the registration push message like the provider after the time. If the device does not exist, it is deemed that the device has expired and you need to stop sending messages to the device. If yes, the device has expired, but is now valid, but the feedback service has not yet had time to refresh the list.

APNS details

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.