How to configure the APNS.Certificate in the arm template

问题

I am using the following azuredeploy.json file for setting up the notification hub on the Azure cloud.

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "Gcm.GoogleApiKey": {
            "type": "string",
            "metadata": {
                "description": "Google Cloud Messaging API Key"
            },
            "defaultValue": "AIzaSyAyp9MernKgMS3wFNM3yNWByiP-TaGrqEg"
        },
        "APNS.Certificate": {
            "type": "string",
            "metadata": {
                "description": "A certificate (in base 64 format) provided by Apple on the iOS Provisioning Portal"
            },
            "defaultValue": ""
        },
        "APNS.certificateKey": {
            "type": "string",
            "metadata": {
                "description": "The Certificate Key provided by the iOS Provisioning Portal when registering the application"
            },
            "defaultValue": "ce469bf21dfa7b9d595d4999bfaca8a94ea47e46"
        },
        "APNS.endpoint": {
            "type": "string",
            "metadata": {
                "description": "The APNS endpoint to which our service connects. This is one of two values: gateway.sandbox.push.apple.com for the sandbox endpoint or gateway.push.apple.com, for the production endpoint. Any other value is invalid."
            },
            "allowedValues": [
                "gateway.sandbox.push.apple.com",
                "gateway.push.apple.com"
            ],
            "defaultValue": "gateway.push.apple.com"
        }
    },
    "variables": {
        "hubVersion": "[providers('Microsoft.NotificationHubs', 'namespaces').apiVersions[0]]",
        "notificationHubNamespace": "[concat('hubv2', uniqueString(resourceGroup().id))]",
        "notificationHubName": "notificationhub"
    },
    "resources": [
        {
            "name": "[variables('NotificationHubNamespace')]",
            "location": "[resourceGroup().location]",
            "type": "Microsoft.NotificationHubs/namespaces",
            "apiVersion": "[variables('hubVersion')]",
            "comments": "Notification hub namespace",
            "properties": {
                "namespaceType": "NotificationHub"
            },
            "resources": [
                {
                    "name": "[concat(variables('NotificationHubNamespace'),'/',variables('NotificationHubName'))]",
                    "location": "[resourceGroup().location]",
                    "type": "Microsoft.NotificationHubs/namespaces/notificationHubs",
                    "apiVersion": "[variables('hubVersion')]",
                    "properties": {
                        "GcmCredential": {
                            "properties": {
                                "googleApiKey": "[parameters('Gcm.GoogleApiKey')]",
                                "gcmEndpoint": "https://android.googleapis.com/gcm/send"
                            }
                        }
                    },
                    "dependsOn": [
                        "[variables('NotificationHubNamespace')]"
                    ]
                }
            ]
        }
    ],
    "outputs": {
    }
}

Now I tried to set up the apple push notification service also using the following snippet:

"apnsCredential": {
              "properties": {
                "apnsCertificate": "[parameters('APNS.Certificate')]",
                "certificateKey": "[parameters('APNS.certificateKey')]",
                "endpoint": " gateway.sandbox.push.apple.com or gateway.push.apple.com",
              }
            }

With the above changes, I executed the Deploy-AzureResourceGroup.ps1 using powershell command prompt and on executing it I am getting an error with message 'Bad Request'

Can anyone help me to fix this issue.

回答1:

Add the proper APNS.Certificate and APNS.certificateKey. It is failing on trying to verify your details, hence the bad request. You need a base 64 formatted APNS.Certificate.

APNS.Certificate:

This is the Apple Push Notification certificate in base 64 string-format.

You can use PowerShell to convert the certificate like this (then copie the key from the output file ‘MyPushCert.txt’ and use it.):

$fileContentBytes = get-content ‘Apple_Certificate.p12’ -Encoding Byte

[System.Convert]::ToBase64String($fileContentBytes) | Out-File ‘MyPushCert.txt’

APNS.certificateKey:

This is the password you specified when you exported the certificate.(The password you created on Apple at the time of creating the cert.)

回答2:

It's impossible to know exactly what caused this without knowing more about your environment/setup. According to this post, one possible issue could be how strong your password is:

After a few hours of pulling my hair out and not getting anything beyond “Bad Request”, I finally thought to use a password stronger than “pass@word1”. I’ll be darned, it worked. Not only that, but provisioning with Azure Resource Manager is asynchronous, so your scripts finish a heck of a lot sooner than they used to because VMs provision in parallel.

The post recommends going through Troubleshooting common Azure deployment errors with Azure Resource Manager.

回答3:

I'm not sure you should be dynamically setting the apiVersion for your templates. They vary depending on what you are deploying.

See Best Practices:

Avoid using a parameter or variable for the API version for a resource type. Resource properties and values can vary by version number. IntelliSense in a code editor cannot determine the correct schema when the API version is set to a parameter or variable. Instead, hard-code the API version in the template.

The correct apiVersion for notification hubs appears to be 2015-04-01: https://github.com/Azure/azure-resource-manager-schemas/blob/master/schemas/2015-04-01/Microsoft.NotificationHubs.json

回答4:

I had to use PowerShell to resolve this problem. Partially the idea was taken from here: https://docs.microsoft.com/en-us/azure/notification-hubs/notification-hubs-deploy-and-manage-powershell

Below is the script, which tested locally and is working. Microsoft.Azure.NotificationHubs -Version 1.0.9 used. We adopted it for VSTS Release as one of the PowerShell tasks/steps after Notification Hub has been created with ARM template.

Login-AzureRmAccount
Select-AzureRmSubscription -SubscriptionName my-subscription-here

Write-Host "Begin process..."

try
{
    # Make sure to reference the latest version of Microsoft.Azure.NotificationHubs.dll
    Write-Host "Adding the [Microsoft.Azure.NotificationHubs.dll] assembly to the script...";
    $scriptPath = Split-Path (Get-Variable MyInvocation -Scope 0).Value.MyCommand.Path;
    $packagesFolder = $scriptPath + "\packs";
    Write-Host $packagesFolder;
    $assembly = Get-ChildItem $packagesFolder -Include "Microsoft.Azure.NotificationHubs.dll" -Recurse;
    write-Host $assembly.FullName;
    Add-Type -Path $assembly.FullName;

    Write-Host "The [Microsoft.Azure.NotificationHubs.dll] assembly has been successfully added to the script.";

    # Create requered variables
    $HubNamespace = "hub-namespace";
    $HubName = "hub-name";
    $ResourceGroup = "resource-group";

    $GcmApiKey = "api key here";
    # Possible values: gateway.push.apple.com, gateway.sandbox.push.apple.com
    $ApnsEndpoint = "gateway.push.apple.com";
    # A certificate (in base 64 format) provided by Apple on the iOS Provisioning Portal
    $ApnsCertificate = "base 64 certificate here";
    $ApnsCertificateKey = "certificate key/password here";

    $GcmCredential = New-Object -TypeName Microsoft.Azure.NotificationHubs.GcmCredential -ArgumentList $GcmApiKey;
    $ApnsCredential = New-Object -TypeName Microsoft.Azure.NotificationHubs.ApnsCredential;
    $ApnsCredential.Endpoint = $ApnsEndpoint;
    $ApnsCredential.ApnsCertificate = $ApnsCertificate;
    $ApnsCredential.CertificateKey = $ApnsCertificateKey;

    # Query the namespace
    $FoundNamespaces = Get-AzureRmNotificationHubsNamespace -Namespace $HubNamespace -ResourceGroup $ResourceGroup

    # Check if the namespace already exists
    if ($FoundNamespaces -and $FoundNamespaces.Length -eq 1)
    {
        $CurrentNamespace = $FoundNamespaces[0];
        Write-Host "The namespace [$HubNamespace] in the [$($CurrentNamespace.Location)] region was found.";

        $HubListKeys = Get-AzureRmNotificationHubListKeys -Namespace $HubNamespace -ResourceGroup $ResourceGroup -NotificationHub $HubName -AuthorizationRule DefaultFullSharedAccessSignature;
        # Check to see if the Notification Hub exists
        if ($HubListKeys)
        {
            # Create the NamespaceManager object used to update the notification hub
            Write-Host "Creating a NamespaceManager object for the [$HubNamespace] namespace...";
            $NamespaceManager = [Microsoft.Azure.NotificationHubs.NamespaceManager]::CreateFromConnectionString($HubListKeys.PrimaryConnectionString);
            Write-Host "NamespaceManager object for the [$HubNamespace] namespace has been successfully created.";

            # Update notification hub with new details
            Write-Host "The [$Path] notification hub already exists in the [$HubNamespace] namespace."  ;
            $NHDescription = $NamespaceManager.GetNotificationHub($HubName);
            $NHDescription.GcmCredential = $GcmCredential;
            $NHDescription.ApnsCredential = $ApnsCredential;
            $NHDescription = $NamespaceManager.UpdateNotificationHub($NHDescription);
            Write-Host "The [$HubName] notification hub was updated";
        }
        else
        {
            Write-Host "The [$HubName] notification hub does not exist."
        }
    }
    else
    {
        Write-Host "The [$HubNamespace] namespace does not exist."
    }
}
catch [System.Exception]
{
    Write-Error($_.Exception.Message)
}

Hope that helps someone.

来源：https://stackoverflow.com/questions/40842783/how-to-configure-the-apns-certificate-in-the-arm-template