Intermediate Certificate Param

[dezinezync]

Apple's WWDR certificate recently expired. : https://developer.apple.com/support/certificates/expiration/
Apple has hosted a new certificate here : https://www.apple.com/certificateauthority/

As per Apple's recommendation

If you were using the openssl_pkcs7_sign function to sign your push package with only your web push certificate, you should pass the path to the renewed intermediate for the extra certificates parameter.

However, the module didn't have the provision to supply this extra param. This PR implements it and allows for optionally passing the required extra param.

var cert = fs.readFileSync('cert.pem')
var key = fs.readFileSync('key.pem')
var intermediate = fs.readFileSync('AppleWWDRCA.pem')

var zipBuffer = pushLib.generatePackage(
    websiteJson, // The object from before / your own website.json object 
    iconsPath, // Folder containing the iconset 
    cert, // Certificate 
    key, // Private Key 
    intermediate //WWDR CA
)

To convert Apple's cer to pem:

openssl x509 -inform der -in AppleWWDRCA.cer -out AppleWWDRCA.pem

The changes have been tested on our production servers and confirmed working. Apple sometimes throws the 'Extracting push notification package failed' error, but it doesn't seem to be the module's issue as retrying works.

[kobim]

Actually, there's no need to add this code if you embed the WWDRCA into your web push certificate (you put it below your certificate in the PEM). Any reason not to do so? (either way, the intermediate is embedded to the package)

[dezinezync]

I tried that and Apple>s service always responsded with:

unable to verify the signature.

If I understand you correctly, what you're suggesting is:

cat cert.pem wwdrca.pem > chain.pem

[kobim]

Exactly (this is how we used it before).
Did you make sure the certificate is valid? (openssl x509 -in chain.pem -text -noout)

[dezinezync]

That's odd. I tried swapping the positions as well but still gave verification errors. Let me try again on a bare new server come Monday and I'll post back with results.