coosamatt / javapns

javapns
0 stars 0 forks source link

Blank keystore password causes exception #38

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Execute sendEvents with pushManager initialized with "" or null as the 
password
2. You get:

- for "" - java.io.IOException: failed to decrypt safe contents entry: 
java.lang.ArithmeticException: / by zero

- for null - java.lang.NullPointerException
    at javapns.back.SSLConnectionHelper.<init>(Unknown Source)

What is the expected output? What do you see instead?
I hope to connect to APNS with a certificate that has no password.

What version of the product are you using? On what operating system?
v1.6.2 JDK 1.5, Windows XP

Please provide any additional information below.

Original issue reported on code.google.com by lech.mig...@gmail.com on 7 Jan 2011 at 3:03

GoogleCodeExporter commented 8 years ago
How did you create a APNS Cert without a password?

I was not aware that the Apple Developer Website would allow that to happen.

Original comment by idbill.p...@gmail.com on 9 Jan 2011 at 11:58

GoogleCodeExporter commented 8 years ago
Unfortunately I am not the one who created the certificate, so I have no clue 
how this was achieved ;-) 

Still I've just checked with openssl that the certificate has no password set, 
so it seems that this is doable...

Original comment by lech.mig...@gmail.com on 11 Jan 2011 at 11:22

GoogleCodeExporter commented 8 years ago
Try download version 165 and let me know how it goes.

Original comment by idbill.p...@gmail.com on 19 Jan 2011 at 10:29

GoogleCodeExporter commented 8 years ago
I also got this error. Version 165 is not available in the jar downloads page.

Original comment by aaron...@gmail.com on 3 Jun 2011 at 7:57

GoogleCodeExporter commented 8 years ago
Could you try with 2.0 and let us know if the issue is fixed?  Thanks!

Original comment by sype...@gmail.com on 9 Sep 2011 at 7:06

GoogleCodeExporter commented 8 years ago
Closing this issue as fixed in 1.6.9 and 2.0.

Original comment by sype...@gmail.com on 14 Sep 2011 at 7:18

GoogleCodeExporter commented 8 years ago
Same problem with 1.6.9 jdk1.6 version.

Please report corrections done yesterday on 1.6.9 JDK1.5 version to 1.6.9 JDK1.6

Original comment by mellouli...@gmail.com on 15 Sep 2011 at 2:59

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
Note: version 1.6.9 was released almost two months ago.  My comment above 
(fixed in 1.6.9) simply reflected idbill's previous comment and code changes. 
Only version 2.0 has been updated recently.

After reviewing the code for 1.6.9 (same for 2.0), it seems that the "no 
password" situation, however odd it is, is indeed supported.  You need to pass 
null for the password to the SSLConnectionHelper constructor for this to be 
supported.

Could you try a null password and write back with the results?  If it still 
doesn't work, please provide a stack trace as well as the code you wrote that 
creates the SSLConnectionHelper.   Thanks!

Original comment by sype...@gmail.com on 15 Sep 2011 at 4:31

GoogleCodeExporter commented 8 years ago
got this in 2.0

Full stack trace for "" password:

java.io.IOException: failed to decrypt safe contents entry: 
java.lang.ArithmeticException: / by zero
    at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1277)
    at java.security.KeyStore.load(KeyStore.java:1185)
    at javapns.communication.KeystoreManager.loadKeystore(KeystoreManager.java:56)
    at javapns.communication.KeystoreManager.loadKeystore(KeystoreManager.java:28)
    at javapns.communication.ConnectionToAppleServer.<init>(ConnectionToAppleServer.java:58)
    at javapns.notification.ConnectionToNotificationServer.<init>(ConnectionToNotificationServer.java:17)
    at javapns.notification.PushNotificationManager.initializeConnection(PushNotificationManager.java:94)
    at javapns.Push.payload(Push.java:119)
    at javapns.Push.alert(Push.java:36)
    at iphoneapnjava.IPhoneAPNjava.main(IPhoneAPNjava.java:41)
Caused by: java.lang.ArithmeticException: / by zero
    at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
    at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
    at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
    at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
    at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineInit(DashoA13*..)
    at javax.crypto.Cipher.a(DashoA13*..)
    at javax.crypto.Cipher.a(DashoA13*..)
    at javax.crypto.Cipher.init(DashoA13*..)
    at javax.crypto.Cipher.init(DashoA13*..)
    at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1273)
    ... 9 more

Full stack trace for null password:

java.lang.NullPointerException
    at javapns.communication.ConnectionToAppleServer.createSSLSocketFactoryWithTrustManagers(ConnectionToAppleServer.java:91)
    at javapns.communication.ConnectionToAppleServer.createSSLSocketFactory(ConnectionToAppleServer.java:121)
    at javapns.communication.ConnectionToAppleServer.getSSLSocketFactory(ConnectionToAppleServer.java:126)
    at javapns.communication.ConnectionToAppleServer.getSSLSocket(ConnectionToAppleServer.java:138)
    at javapns.notification.PushNotificationManager.initializeConnection(PushNotificationManager.java:95)
    at javapns.Push.payload(Push.java:119)
    at javapns.Push.alert(Push.java:36)
    at iphoneapnjava.IPhoneAPNjava.main(IPhoneAPNjava.java:41)

I have the same problem as topic creator (have p12 certificate and only know 
that password was empty)..

Original comment by poloz.i...@gmail.com on 13 Oct 2011 at 9:02

GoogleCodeExporter commented 8 years ago
I will take a look.    But how did you manage to create a keystore without a 
password?

Original comment by sype...@gmail.com on 13 Oct 2011 at 11:48

GoogleCodeExporter commented 8 years ago
thanks alot!

I do not know, because some another guy has created this sertificate earlier. I 
just have C# implementation of exe-file (and sources) that takes as arguments 
token, message and path to the keystore and sends notification. It works fine 
for me, but I need to do java implementation for it. I have looked to the 
sources and here is how they are sending notification:

        public NotificationService(bool sandbox, string p12File, string p12FilePassword, int connections, bool syncSendMode)
        {
            this.SendRetries = 1;
            closing = false;
            disposing = false;
            if (syncSendMode){
                syncSendEvent = new System.Threading.ManualResetEvent(false);
            }
            Host = sandbox ? hostSandbox : hostProduction;
            Port = 2195;
            P12File = p12File;
            P12FilePassword = p12FilePassword;
            DistributionType = NotificationServiceDistributionType.Sequential;
            Connections = connections;
        }

(this is a methid from "JdSoft.Apple.Apns.Notifications")

In test I have an example where they creating class like this:

NotificationService reference = new NotificationService(true, certificatePath, 
string.Empty, 1, true);
...

so, the 3rd param is password and it is emty sturing. And this is works for me. 
Just trying to send notification with the same p12-file and ampty string as a 
password using  apns_2.0 and got this exceptions.((

  Push.alert("message", pathToCert, "", true, "token");

Very appreciate you help! Thanks.

Original comment by poloz.i...@gmail.com on 13 Oct 2011 at 12:24

GoogleCodeExporter commented 8 years ago
Re-opening the issue, as the library is now having trouble elsewhere with blank 
passwords.

Original comment by sype...@gmail.com on 13 Oct 2011 at 8:34

GoogleCodeExporter commented 8 years ago
Interesting... according to Java Bug ID 6415637, this is an old known bug in 
the Java platform that doesn't appear to have ever been fixed:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6415637

Continuing investigation...

Original comment by sype...@gmail.com on 13 Oct 2011 at 8:54

GoogleCodeExporter commented 8 years ago
After some investigation, I cannot find a single example on the web in which a 
blank password has worked successfully with a PKCS12 file read by Java.  I can 
find a number of fix requests for this, but so far blank passwords simply do 
not seem to be supported by the Java platform.  I even found a report which 
suggests that empty passwords in PKCS12 files are in violation of the specs and 
should not be allowed in the first place (making it less surprising to 
experience trouble trying to read keystores with blank passwords).

Relevant references:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6415637
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6879539
http://rt.openssl.org/Ticket/Display.html?id=1497&user=guest&pass=guest

I have made some improvements in the source code to better handle the 
"not-quite-self-explanatory" exception thrown by Java 
(java.lang.ArithmeticException: / by zero) when trying to use a blank password, 
and also when using a null password which caused the library to throw a 
NullPointerException (but even after fixing this, Java still cannot load the 
keystore because of the same Arithmetic error). 

Until we can find some working example where Java can load a keystore that has 
no password, I have modified the library so that a nice 
InvalidKeystorePasswordException is thrown.

Since the problem appears to be in the Java platform and not in JavaPNS, I 
think this issue can be closed as WontFix, and can be reopened later if the bug 
is eventually fixed in Java (but its 5 years old...).  I'll wait and see if 
anyone has further comments on this issue before closing.

Original comment by sype...@gmail.com on 13 Oct 2011 at 9:40

GoogleCodeExporter commented 8 years ago
To make it work for me it seems I need to create another certificate with some 
password. Will try to do this. And also will ask some guys how did they created 
keystore without any password.
Thanks for you time!

Original comment by poloz.i...@gmail.com on 14 Oct 2011 at 7:06

GoogleCodeExporter commented 8 years ago
BTW, I have found solution for me - just changed the password for sertificate I 
have! And it's work for me! This is solution for topic creator. Thanks, 
sype...@gmail.com, for this library!

Original comment by poloz.i...@gmail.com on 14 Oct 2011 at 2:55

GoogleCodeExporter commented 8 years ago
Thanks for the quick feedback!

Closing as WontFix for the reasons stated in comment 15.

Original comment by sype...@gmail.com on 14 Oct 2011 at 2:59

GoogleCodeExporter commented 8 years ago
UPDATE:  bug in Java platform was apparently fixed in a recent release: 
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6879539

Original comment by sype...@gmail.com on 2 Jul 2012 at 9:00