NewService API, simplify certificate loading and pushpackage signing APIs. (#47)

* NewService API extracts topic from cert
* pushpackage: use TLS cert for signing simplifying API for signing and certificate loading
* push: reorganize code, light refactoring

Author: nathany

README.md

@@ -70,21 +70,16 @@ func main() {
 	password := ""
 	deviceToken := "c2732227a1d8021cfaf781d71fb2f908c61f5861079a00954a5453f1d0281433"
 
-	cert, key, err := certificate.Load(filename, password)
+	cert, err := certificate.Load(filename, password)
 	if err != nil {
 		log.Fatal(err)
 	}
 
-	client, err := push.NewClient(certificate.TLS(cert, key))
+	service, err := push.NewService(push.Development, cert)
 	if err != nil {
 		log.Fatal(err)
 	}
 
-	service := push.Service{
-		Client: client,
-		Host:   push.Development,
-	}
-
 	p := payload.APS{
 		Alert: payload.Alert{Body: "Hello HTTP/2"},
 		Badge: badge.New(42),
@@ -96,6 +91,7 @@ func main() {
 	}
 }
 ```
+
 #### Headers
 
 You can specify an ID, expiration, priority, and other parameters via the Headers struct.
@@ -145,7 +141,7 @@ Whether you use Push or PushBytes, the underlying HTTP/2 connection to APNS will
 
 #### Error responses
 
-Push and PushBytes may return an `error`. It could be an error the JSON encoding or HTTP request, or it could be a `push.Error` which contains the response from Apple. To access the Reason and Status code, you must convert the `error` to a `push.Error` as follows:
+Push and PushBytes may return an `error`. It could be an error the JSON encoding or HTTP request, or it could be a `push.Error` which contains the response from Apple. To access the Reason and HTTP Status code, you must convert the `error` to a `push.Error` as follows:
 
 ```go
 if e, ok := err.(*push.Error); ok {
@@ -167,7 +163,7 @@ pkg := pushpackage.New(w)
 pkg.EncodeJSON("website.json", website)
 pkg.File("icon.iconset/icon_128x128@2x.png", "static/icon_128x128@2x.png")
 // other icons... (required)
-if err := pkg.Sign(cert, privateKey, nil); err != nil {
+if err := pkg.Sign(cert, nil); err != nil {
 	log.Fatal(err)
 }
 ```

certificate/cert.go

@@ -3,7 +3,6 @@
 package certificate
 
 import (
-	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
@@ -19,40 +18,31 @@ var (
 )
 
 // Load a .p12 certificate from disk.
-func Load(filename, password string) (*x509.Certificate, *rsa.PrivateKey, error) {
+func Load(filename, password string) (tls.Certificate, error) {
 	p12, err := ioutil.ReadFile(filename)
 	if err != nil {
-		return nil, nil, fmt.Errorf("Unable to load %s: %v", filename, err)
+		return tls.Certificate{}, fmt.Errorf("Unable to load %s: %v", filename, err)
 	}
 	return Decode(p12, password)
 }
 
 // Decode and verify an in memory .p12 certificate (DER binary format).
-func Decode(p12 []byte, password string) (*x509.Certificate, *rsa.PrivateKey, error) {
+func Decode(p12 []byte, password string) (tls.Certificate, error) {
 	// decode an x509.Certificate to verify
 	privateKey, cert, err := pkcs12.Decode(p12, password)
 	if err != nil {
-		return nil, nil, err
+		return tls.Certificate{}, err
 	}
 	if err := verify(cert); err != nil {
-		return nil, nil, err
+		return tls.Certificate{}, err
 	}
 
-	// assert that private key is RSA
-	priv, ok := privateKey.(*rsa.PrivateKey)
-	if !ok {
-		return nil, nil, errors.New("expected RSA private key type")
-	}
-	return cert, priv, nil
-}
-
-// TLS wraps an x509 certificate as a tls.Certificate.
-func TLS(cert *x509.Certificate, privateKey *rsa.PrivateKey) tls.Certificate {
+	// wraps x509 certificate as a tls.Certificate:
 	return tls.Certificate{
 		Certificate: [][]byte{cert.Raw},
 		PrivateKey:  privateKey,
 		Leaf:        cert,
-	}
+	}, nil
 }
 
 // verify checks if a certificate has expired

certificate/cert_test.go

@@ -9,7 +9,7 @@ import (
 func TestValidCert(t *testing.T) {
 	const name = "../testdata/cert.p12"
 
-	_, _, err := certificate.Load(name, "")
+	_, err := certificate.Load(name, "")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -19,14 +19,14 @@ func TestExpiredCert(t *testing.T) {
 	// TODO: figure out how to test certificate loading and validation in CI
 	const name = "../cert-expired.p12"
 
-	_, _, err := certificate.Load(name, "")
+	_, err := certificate.Load(name, "")
 	if err != certificate.ErrExpired {
 		t.Fatal("Expected expired cert error, got", err)
 	}
 }
 
 func TestMissingFile(t *testing.T) {
-	_, _, err := certificate.Load("hide-and-seek.p12", "")
+	_, err := certificate.Load("hide-and-seek.p12", "")
 	if err == nil {
 		t.Fatal("Expected file not found, got", err)
 	}

example/push/main.go

@@ -19,20 +19,15 @@ func main() {
 	flag.StringVar(&environment, "e", "development", "Environment")
 	flag.Parse()
 
-	cert, key, err := certificate.Load(filename, password)
+	cert, err := certificate.Load(filename, password)
 	if err != nil {
 		log.Fatal(err)
 	}
 
-	client, err := push.NewClient(certificate.TLS(cert, key))
+	service, err := push.NewService(push.Development, cert)
 	if err != nil {
 		log.Fatal(err)
 	}
-
-	service := push.Service{
-		Client: client,
-		Host:   push.Development,
-	}
 	if environment == "production" {
 		service.Host = push.Production
 	}

example/wallet/main.go

@@ -33,7 +33,7 @@ func main() {
 	flag.StringVar(&intermediate, "i", "", "Path to WWDR intermediate .cer file")
 	flag.Parse()
 
-	cert, privateKey, err := certificate.Load(filename, password)
+	cert, err := certificate.Load(filename, password)
 	failIfError(err)
 
 	wwdr, err := loadWWDR(intermediate)
@@ -60,6 +60,6 @@ func main() {
 		pkg.File(name, "./Event.pass/"+name)
 	}
 
-	err = pkg.Sign(cert, privateKey, wwdr)
+	err = pkg.Sign(cert, wwdr)
 	failIfError(err)
 }

example/website/main.go

@@ -1,8 +1,7 @@
 package main
 
 import (
-	"crypto/rsa"
-	"crypto/x509"
+	"crypto/tls"
 	"encoding/json"
 	"flag"
 	"html/template"
@@ -22,19 +21,18 @@ var (
 	website = pushpackage.Website{
 		Name:            "Buford",
 		PushID:          "web.com.github.RobotsAndPencils.buford",
-		AllowedDomains:  []string{"https://9aea51d1.ngrok.io"},
-		URLFormatString: `https://9aea51d1.ngrok.io/click?q=%@`,
+		AllowedDomains:  []string{"https://e31340d3.ngrok.io"},
+		URLFormatString: `https://e31340d3.ngrok.io/click?q=%@`,
 		// AuthenticationToken identifies the user (16+ characters)
 		AuthenticationToken: "19f8d7a6e9fb8a7f6d9330dabe",
-		WebServiceURL:       "https://9aea51d1.ngrok.io",
+		WebServiceURL:       "https://e31340d3.ngrok.io",
 	}
 
-	// Cert and private key for signing push packages.
-	cert       *x509.Certificate
-	privateKey *rsa.PrivateKey
+	// Cert for signing push packages.
+	cert tls.Certificate
 
 	// Service and device token to send push notifications.
-	service     push.Service
+	service     *push.Service
 	deviceToken string
 
 	templates = template.Must(template.ParseFiles("index.html", "request.html"))
@@ -85,7 +83,7 @@ func pushPackagesHandler(w http.ResponseWriter, r *http.Request) {
 	pkg.File("icon.iconset/icon_32x32.png", "../../testdata/gopher.png")
 	pkg.File("icon.iconset/icon_16x16@2x.png", "../../testdata/gopher.png")
 	pkg.File("icon.iconset/icon_16x16.png", "../../testdata/gopher.png")
-	if err := pkg.Sign(cert, privateKey, nil); err != nil {
+	if err := pkg.Sign(cert, nil); err != nil {
 		log.Fatal(err)
 	}
 }
@@ -137,21 +135,16 @@ func main() {
 	flag.Parse()
 
 	var err error
-	cert, privateKey, err = certificate.Load(filename, password)
+	cert, err = certificate.Load(filename, password)
 	if err != nil {
 		log.Fatal(err)
 	}
 
-	client, err := push.NewClient(certificate.TLS(cert, privateKey))
+	service, err = push.NewService(push.Production, cert)
 	if err != nil {
 		log.Fatal(err)
 	}
 
-	service = push.Service{
-		Client: client,
-		Host:   push.Production,
-	}
-
 	r := mux.NewRouter()
 	r.HandleFunc("/", indexHandler).Methods("GET")
 	r.HandleFunc("/request", requestPermissionHandler)