nthf / javapns

Automatically exported from code.google.com/p/javapns
0 stars 0 forks source link

DerInputStream.getLength(): lengthTag=127, too big. #14

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
hi,

   when i call send notification method i get the following error.Plz help 
what is going wrong.

Original issue reported on code.google.com by preetipa...@gmail.com on 15 Apr 2010 at 1:25

GoogleCodeExporter commented 9 years ago
plz suggest on the above...

Original comment by preetipa...@gmail.com on 16 Apr 2010 at 5:11

GoogleCodeExporter commented 9 years ago
Code snippet is required to give any insight.

Original comment by idbill.p...@gmail.com on 16 Apr 2010 at 4:54

GoogleCodeExporter commented 9 years ago
thanks for the reply...
i am using the code mentioned below

<%

try {
    PayLoad payLoad = new PayLoad();

    payLoad.addAlert("Test");
    payLoad.addBadge(45);
    payLoad.addSound("default");

    PushNotificationManager pushManager = PushNotificationManager.getInstance();
    pushManager.addDevice
("iPhone", "ec31d584f63d53bb7d9b3ea26b2a0716073a1f11ea26d9d3e93ccb78c2bb8d9c");
    System.out.println("Initializing connectiong with APNS...");

    // Connect to APNs
    pushManager.initializeConnection
("gateway.sandbox.push.apple.com",2195,"C:/idrivecer/PushCertificates.p12", 
"password
",SSLConnectionHelper.KEYSTORE_TYPE_PKCS12);

    Device client = pushManager.getDevice("iPhone");

    System.out.println("Client is..."+client.getId()+"nd token is"+client.getToken
());
    System.out.println("payLoad is..."+payLoad);
    // Send Push
    System.out.println("Sending push notification...");

    pushManager.sendNotification(client, payLoad);
    //pushManager.stopConnection();
 }
 catch (Exception e) {
    System.out.println(e.getMessage());
     e.printStackTrace();
 }

the connection initialization happens succesfully but when it comes to send 
notification method it throws the error as DerInputStream.getLength(): 
lengthTag=127, too big. 

plz advice where i am wrong

Original comment by preetipa...@gmail.com on 19 Apr 2010 at 7:53

GoogleCodeExporter commented 9 years ago
Your code looks fine. My guess is your cert is bad.

How did you create the cert:
 C:/idrivecer/PushCertificates.p12 

Did you follow the steps under 'Export Certificate from Keychain' at:
http://code.google.com/p/javapns/wiki/GetAPNSCertificate

(for using openssl and not Keychain) read:
http://www.developers-life.com/apple-push-notification.html

Have you enabled SSL logging as per:
http://code.google.com/p/javapns/wiki/Tips

Original comment by idbill.p...@gmail.com on 19 Apr 2010 at 4:55

GoogleCodeExporter commented 9 years ago
hi,

  I have got one doubt if the problem is with cert then it should give me problem 
during connection initialization but why it throws error during sendig 
notification....

Original comment by preetipa...@gmail.com on 20 Apr 2010 at 5:22

GoogleCodeExporter commented 9 years ago
Maybe if you tried the source version. It has several updates in relation to 
the certs. 
(I'm unable to change the download link.)

Original comment by idbill.p...@gmail.com on 20 Apr 2010 at 4:28

GoogleCodeExporter commented 9 years ago
I have the same issue. Up to now, I don't know how to fix it. Export cert & 
private
key to a p12 file, then :

        PushNotificationManager pushManager = null;
        PayLoad simplePayLoad = new PayLoad();
        try {
            simplePayLoad.addAlert("My alert message");
            simplePayLoad.addBadge(45);
            simplePayLoad.addSound("default");

             // Get PushNotification Instance
             pushManager = PushNotificationManager.getInstance();

             // Link iPhone's UDID (64-char device token) to a stringName
             pushManager.addDevice("iPhone", clientToken );

            // Get iPhone client
             Device client = pushManager.getDevice( "iPhone" );

            pushManager.initializeConnection(pushUrl, pushPort, certName, "password",
SSLConnectionHelper.KEYSTORE_TYPE_PKCS12);

            pushManager.sendNotification(client, simplePayLoad);    

            // close connection 
             pushManager.stopConnection(); 
             pushManager.removeDevice( "iPhone" );
             pushManager = null;

        } catch(Exception e) {
                } 

Error message :
- DerInputStream.getLength(): lengthTag=127, too big.
java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.
    at sun.security.util.DerInputStream.getLength(DerInputStream.java:530)
    at sun.security.util.DerValue.init(DerValue.java:346)
    at sun.security.util.DerValue.<init>(DerValue.java:302)
    at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1198)
    at java.security.KeyStore.load(KeyStore.java:1150)
    at javapns.back.SSLConnectionHelper.getSSLSocket(SSLConnectionHelper.java:101)
    at
javapns.back.PushNotificationManager.sendNotification(PushNotificationManager.ja
va:144)

Original comment by fwu2...@gmail.com on 20 Apr 2010 at 7:10

GoogleCodeExporter commented 9 years ago
Ok, it sounds like you don't have the apple cert. The source code solves the 
issue of fetching the apple cert. 
Otherwise, you'll have to follow the following instructions to get the apple 
cert: (I haven't done this in a long 
while... just get the latest code.)
----
To get the keystore working... (Since the apple cert is only fetched once, it 
seemed like a setup issue... but 
that can be written into the java code once it is verified that all is working 
properly.)

Do the following

Download IntallCert?: http://blogs.sun.com/andreas/resource/InstallCert.java

Compile it: javac InstallCert.java

Run it: java InstallCert feedback.push.apple.com:2196 select 1

Rename it: mv jssecacerts apple.keystore

change the password: keytool -storepasswd -keystore apple.keystore -new 
[your_cert_passwd] -storepasswd 
changeit

put the apple.keystore where the java code is expecting it. (see your java 
error logs)

This makes the keystore password match YOUR cert password (in other words, when 
I said the keystore 
password was changeit, I was incorrect).
---

But like I said, before... get the latest code and this is a non-issue.

Bill

Original comment by idbill.p...@gmail.com on 20 Apr 2010 at 7:28

GoogleCodeExporter commented 9 years ago
You mentioned :
java InstallCert feedback.push.apple.com:2196 select 1

How about for 
gateway.sandbox.push.apple.com ?
java InstallCert gateway.sandbox.push.apple.com:2195 select 1 is correct?

Thanks a lot!

Frank

Original comment by fwu2...@gmail.com on 20 Apr 2010 at 8:03

GoogleCodeExporter commented 9 years ago
try:
java InstallCert gateway.sandbox.push.apple.com:2195

then... when asked to select something...enter:
1

Original comment by idbill.p...@gmail.com on 20 Apr 2010 at 8:05

GoogleCodeExporter commented 9 years ago
In your VM arguements, if you add: (as per the Tips wiki page)
-Djavax.net.debug=all

Do you get:

main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, certificate_revoked
main, called closeSocket()
main, Exception while waiting for close javax.net.ssl.SSLHandshakeException: 
Received fatal alert: 
certificate_revoked
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal 
alert: certificate_revoked
main, called close()
main, called closeInternal(true)

or something else?

Original comment by idbill.p...@gmail.com on 20 Apr 2010 at 8:06

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
Google is your friend:
http://www.drh-consultancy.demon.co.uk/pkcs12faq.html

I've updated the download... try the new jar.

Original comment by idbill.p...@gmail.com on 20 Apr 2010 at 8:28

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
I don't understand.

What methods are changed? what is the error?

It should be backward compatible.

Bill

Original comment by idbill.p...@gmail.com on 20 Apr 2010 at 8:41

GoogleCodeExporter commented 9 years ago
I can convert jssecacerts to .cer/.pem(gateway.sandbox.push.apple.com-1), but I 
can
not convert jssecacerts to .p12. 
But .p12 is neccessary for your method as below:
pushManager.initializeConnection(pushUrl, pushPort, "certName.p12", "password",
SSLConnectionHelper.KEYSTORE_TYPE_PKCS12);

Could you put a new method that can use .pem please?

How can I do.

Thanks

Frank

Original comment by fwu2...@gmail.com on 20 Apr 2010 at 9:20

GoogleCodeExporter commented 9 years ago
the jssecacerts should only have the push.apple certs. It is a keystore used by 
Java.

The cert.p12 is something else. The cert.p12 has the public and private keys of 
your certificate.

The keystore is accessed implicitly by java, but the cert is provided to the 
pushManager.

Rename jssecacerts: 
mv jssecacerts apple.keystore

change the password: keytool -storepasswd -keystore apple.keystore -new 
[your_cert_passwd] -storepasswd 
changeit

put the apple.keystore where the java code is expecting it. (see your java 
error logs)

but... I don't believe any of this needs to happen with the new jar.

Original comment by idbill.p...@gmail.com on 20 Apr 2010 at 9:34

GoogleCodeExporter commented 9 years ago
I copy apple.keystore to both /jre/lib/security and /cert.
And add the following code:
System.setProperty("javax.net.ssl.trustStore","/cert/apple.keystore");
System.setProperty("javax.net.ssl.trustStorePassword","mypassowrd");

I still get the errors as below:
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, certificate_unknown
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal 
alert:
certificate_unknown
- Attempt to send Notification failed and beyond the maximum number of attempts 
permitted
- Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1584)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:866)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl
.java:1030)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)ma
in,
called close()
main, called closeInternal(true)

By the way, the new jar includes some feedback functions, could you add a simple
sample to your wiki please?

Many thanks

Frank

Original comment by fwu2...@gmail.com on 21 Apr 2010 at 2:18

GoogleCodeExporter commented 9 years ago
What happens when (using the new jar) you don't do any of the jssacert steps 
and remove:

System.setProperty("javax.net.ssl.trustStore","/cert/apple.keystore");
System.setProperty("javax.net.ssl.trustStorePassword","mypassowrd");

Original comment by idbill.p...@gmail.com on 21 Apr 2010 at 4:08

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
Your certificate (.p12), does it include the public & private key?

How did you create the p12 cert?

Original comment by idbill.p...@gmail.com on 21 Apr 2010 at 5:09

GoogleCodeExporter commented 9 years ago
> main, RECV TLSv1 ALERT:  fatal, certificate_unknown

It would appear to me, that your certificate cannot be found or is missing the 
private key.

Original comment by idbill.p...@gmail.com on 21 Apr 2010 at 5:15

GoogleCodeExporter commented 9 years ago
The .p12 was exported from Keychain including development cert and private key 
for
iPhone.

I don't know if I should generate each special .p12 for each special gateway?
cert1.p12 for gateway.sandbox.push.apple.com
cert2.p12 for gateway.push.apple.com
cert3.p12 for feedback.sandbox.push.apple.com
cert4.p12 for feedback.push.apple.com

Thanks

Frank

Original comment by fwu2...@gmail.com on 21 Apr 2010 at 5:24

GoogleCodeExporter commented 9 years ago
Just forget about the certs for the *.push.apple.com. Don't import them, don't 
add them..
They are handled by the new jar.

When in keychain it isn' entirely clear that you have to select both the public 
& private key when you export 
them. I've had other people miss the private key.

Have you created a stand alone java file that just sends a test message to a 
target phone? This is most useful 
in troubleshooting. (Remember the apple dev certs only last a few months, so 
you'll swapping keys fairly often 
and your product certificate is different from the dev (sandbox) certificates.)

Original comment by idbill.p...@gmail.com on 21 Apr 2010 at 5:29

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
Are you trying to use both the java-apns and php-apns libs with the same certs?

Otherwise, it seems like it would be easier export both the private and public 
keys in the export in item 6/7 
and stop. Since this will give you what you want.

It appears that the keystore cannot import .pem files directly, but you have to 
do the following:
http://www.agentbob.info/agentbob/79-AB.html

FYI, I didn't right any of the SSL stuff, so I don't fully comprehend what it 
is doing.

Original comment by idbill.p...@gmail.com on 21 Apr 2010 at 9:02

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
The new cert (.p12) can only include cert and private key. It is impossible to
include public key.

Thanks

Frank

Original comment by fwu2...@gmail.com on 21 Apr 2010 at 9:14

GoogleCodeExporter commented 9 years ago
For new cert (.p12). failed at 
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, certificate_unknown
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal 
alert:
certificate_unknown
- Attempt to send Notification failed and beyond the maximum number of attempts 
permitted
- Received fatal alert: certificate_unknown
main, called close()
main, called closeInternal(true)

    at java.io.OutputStream.write(OutputStream.java:58)
    at javapns.back.PushNotificationManager.sendNotification(Unknown Source)

Frank

Original comment by fwu2...@gmail.com on 21 Apr 2010 at 9:16

GoogleCodeExporter commented 9 years ago
I'm confused. 

When you submit the csr to apple you are sending them a 'request' encoded by 
your private key. They use their private key to 'sign' the 
request and return it to you as a 'signed key'.

So when you import the 'signed key' into KeyChain it should be added to your 
private key. The 'Certificate' should now show with a 2 
included items. The Public (shared) key, and your private key. It will not be 
possible to decode the shared key without the private key, which 
is why both need to be exported together.

So, select both items, then go to the file menu and select export.

If the csr was created on another machine, then the private key will need to be 
copied from there. If you don't have access to the original 
private key, then the signed csr is useless.

So, as I understand it, the 'cert' is a generic term which implies the 
inclusion of the public key.

Original comment by idbill.p...@gmail.com on 21 Apr 2010 at 10:16

GoogleCodeExporter commented 9 years ago
The last comment is described fully on page 26-27 of the 
RemoteNotificationPG.pdf

http://developer.apple.com/iphone/library/documentation/NetworkingInternet/Conce
ptual/RemoteNotifications
PG/RemoteNotificationsPG.pdf

Original comment by idbill.p...@gmail.com on 21 Apr 2010 at 10:24

GoogleCodeExporter commented 9 years ago
Hi,

   I used the new jar(1.6) but still i am not able to send the notification.it 
always throughs the sam error(java.io.IOException: DerInputStream.getLength(): 
lengthTag=127, too big.).

  I have created the certificate from my Mac machine using the documents provided in 
the wiki.
   As in the document it clearly mentioned that use the certificate file and the 
private key to export it to p12 format and i followed the same then what can be 
the 
reason of fail.

  i will try exporting the public and the private key to p12 format as said by u and 
let u know the result.

plz guide me as i am struck here with the certificate.

Regards,
preeti ranjan

Original comment by preetipa...@gmail.com on 22 Apr 2010 at 6:43

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
preetiparida:

You got the same issue as mine. If you get a success, please let me know asap.
And give some your feedbacks here.

Thanks

Frank

Original comment by fwu2...@gmail.com on 22 Apr 2010 at 4:08

GoogleCodeExporter commented 9 years ago
Where are you on this?

I thought your certificate was expired.

In the debugging do you see your certificate being loaded? Do you see the apple 
cert?

When I run it I get the following: (The key is to myhereme registered by Jason)

<code>test$ java -Djavax.net.debug=all -cp "/home/idbill/test/*" 
com.planx.push.Push
***
found key for : jason
chain [0] = [
[
  Version: V3
  Subject: C=US, CN=Apple Production Push Services: PN9UYY823D:PQ5ALUQ4LG, 
UID=com.myhereme.hereme
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  SunPKCS11-Solaris RSA public key, 2048 bits (id 136678664, session object)
  modulus: 
27172763159952640456477629207234953770535661082716201702660480000050164736808335
03680
61323217298963601268872002474195286422068564281690901751795750510993770592993851
19062
341405284559724507616921...98887908213648397800147100700463163087453333567946474
9592375
027778747370583661500848320483276165124520484688440406598365695063217907533709
  public exponent: 65537
  Validity: [From: Fri Oct 23 13:32:00 PDT 2009,
               To: Sat Oct 23 13:32:00 PDT 2010]
  Issuer: CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple Worldwide Developer 
Relations, O=Apple Inc., C=US
  SerialNumber: [    62d4bdbe 87182a6f]
</code>

Then there are 8 'Certificate Extensions' listed

then:
<code>***
adding as trusted cert:
  Subject: C=US, CN=Apple Production Push Services: PN9UYY823D:PQ5ALUQ4LG, 
UID=com.myhereme.hereme
  Issuer:  CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple Worldwide Developer 
Relations, O=Apple Inc., C=US
  Algorithm: RSA; Serial number: 0x62d4bdbe87182a6f
  Valid from Fri Oct 23 13:32:00 PDT 2009 until Sat Oct 23 13:32:00 PDT 2010

trustStore is: /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is : 
init truststore</code>
and then ~66 'added trusted cert' entries...

then:
<code>trigger seeding of SecureRandom
done seeding SecureRandom
Connection initialized...
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1255176213 bytes = { 43, 218, 216, 61, 149, 133, 249, 86, 
86, 4, 204, 7, 102, 8, 203, 
28, 189, 203, 14, 85, 235, 78, 81, 89, 7, 140, 127, 223 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, 
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, 
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, 
SSL_DHE_DSS_WITH_DES_CBC_SHA, 
SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, 
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, 
secp192r1, secp224r1, sect233k1, 
sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, 
sect571k1, sect571r1, 
secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, 
secp224k1, sect239k1, 
secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***</code>

a bunch of hex code.. then:
<code>*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=gateway.push.apple.com, OU=Internet Services, O=Apple Inc, L="Cupertino ", ST=CALIFORNIA, 
C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5</code>

(Looks like the apple cert expires May 4th)
11 items are processed, then: 
<code>***
Found trusted certificate:</code>

8 more items...then:
<code>*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: C=US, CN=Apple Production Push Services: PN9UYY823D:PQ5ALUQ4LG, 
UID=com.myhereme.hereme
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5</code>

~12 lines of hex
<code>*** ClientKeyExchange, RSA PreMasterSecret, TLSv1</code>
a lot more hex
<code>*** CertificateVerify</code>
~24 lines of  hex
<code>*** Finished</code>
ending with:
<code>main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT:  warning, description = close_notify
Padded plaintext before ENCRYPTION:  len = 18
0000: 01 00 3C AA AD 01 36 EB   3D 6F DC 03 C0 DD EF CC  ..<...6.=o......
0010: 9B 78                                              .x
main, WRITE: TLSv1 Alert, length = 18
[Raw write]: length = 23
0000: 15 03 01 00 12 1B 15 92   D0 DF 8B 38 23 65 AA 20  ...........8#e. 
0010: FC 5B 4E 45 A9 F7 E1                               .[NE...</code>

Original comment by idbill.p...@gmail.com on 22 Apr 2010 at 4:36

GoogleCodeExporter commented 9 years ago
Check out the 'WorkingExample' Wiki page.

I've run this on a 2 machines that have not previously run this code, and they 
ran fine.

Original comment by idbill.p...@gmail.com on 22 Apr 2010 at 5:14

GoogleCodeExporter commented 9 years ago
I run at JDK.1.5.13. It doesn't work!

Almost same as your debug information except the following :

adding as trusted cert:
  Subject: CN=gateway.sandbox.push.apple.com, OU=ISSE, O=Apple Inc, L="Cupertino ",
ST=CALIFORNIA, C=US
  Issuer:  CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
O=Entrust.net, C=US
  Algorithm: RSA; Serial number: 0x469e81c1
  Valid from Fri Feb 27 18:34:55 EST 2009 until Tue Apr 27 20:04:53 EDT 2010
......

main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, certificate_unknown
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal 
alert:
certificate_unknown
- Attempt to send Notification failed and beyond the maximum number of attempts 
permitted
- Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1584)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:866)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl
.java:1030)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)main,
called close()
main, called closeInternal(true)

Thanks

Frank

Original comment by fwu2...@gmail.com on 23 Apr 2010 at 2:19

GoogleCodeExporter commented 9 years ago
In JDK 1.6, I run your WorkingExample. It failed at 
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, certificate_unknown
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal 
alert:
certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1694)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:939)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl
.java:1120)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
    at java.io.OutputStream.write(OutputStream.java:58)
    at javapns.back.PushNotificationManager.sendNotification(Unknown Source)
    at mytest.push.main(push.java:50)

Thanks

Frank

Original comment by fwu2...@gmail.com on 23 Apr 2010 at 3:19

GoogleCodeExporter commented 9 years ago
Requirement is :
    * commons-lang-2.4.jar
    * commons-io-1.4.jar
    * bcprov-jdk16-145.jar
    * log4j-1.2.15.jar 

Besides those, Jackson is necessary?

Frank

Original comment by fwu2...@gmail.com on 23 Apr 2010 at 3:49

GoogleCodeExporter commented 9 years ago
Requirement is :
    * commons-lang-2.4.jar
    * commons-io-1.4.jar
    * bcprov-jdk16-145.jar
    * log4j-1.2.15.jar 

Besides those, Jackson is necessary?

Frank

Original comment by fwu2...@gmail.com on 23 Apr 2010 at 3:50

GoogleCodeExporter commented 9 years ago
It is good that the gateway.sandbox.push.apple.com cert is being loaded.

You say 'I run at JDK.1.5.13.'

Does that mean you are running this in Java1.5 ? 

The Bouncy Castle library is for 1.6  I just fixed the bouncyCastle link on the 
requirements page:
http://www.bouncycastle.org/latest_releases.html

The libraries I'm using are:
-rw-r--r--  1 idbill  idbill     1846 Apr 23 08:22 Feedback.class
-rw-r--r--  1 idbill  idbill     1258 Apr 23 08:22 Feedback.java
-rw-r--r--  1 idbill  idbill     2285 Apr 23 08:28 Push.class
-rw-r--r--  1 idbill  idbill     1943 Apr 23 08:28 Push.java
-rw-r--r--@ 1 idbill  idbill  1663318 Apr 23 08:23 bcprov-jdk16-145.jar
-rw-r--r--  1 idbill  idbill   109043 Apr 23 08:22 commons-io-1.4.jar
-rw-r--r--  1 idbill  idbill   261809 Apr 23 08:22 commons-lang-2.4.jar
-rw-r--r--  1 idbill  idbill    52639 Apr 23 08:26 javapns1.6.jar
-rw-r--r--@ 1 idbill  idbill   391834 Apr 23 08:22 log4j-1.2.15.jar
-rw-r--r--  1 idbill  idbill      936 Apr 23 08:22 log4j.properties

My certificates look like:
# ls -l
-rw-r--r--   1 idbill  wheel     6132 Apr 21 09:26 production_cert.p12
-rw-r--r--   1 idbill  wheel     6144 Apr 22 09:43 development_cert.p12

# file *.p12
/tmp/production_cert.p12:                      data
/tmp/development_cert.p12: data

Original comment by idbill.p...@gmail.com on 23 Apr 2010 at 3:53

GoogleCodeExporter commented 9 years ago
sorry, the bcprov size is wrong... should be:
-rw-r--r--@ 1 idbill  idbill  1719483 Jan 10 20:22 bcprov-jdk16-145.jar

the one previously listed is for jdk1.5 

I uploaded a javapns.jar to the downloads for jdk1.5, but I'm unable to test it.

Bill

Original comment by idbill.p...@gmail.com on 23 Apr 2010 at 4:16

GoogleCodeExporter commented 9 years ago
I change to JDK 1.6 and all test environment is as same as yours including 
certificates.
But I still failed at the same reason. If your API can give more details, I may 
track
this issue.

main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, certificate_unknown
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal 
alert:
certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1694)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:939)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl
.java:1120)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
    at java.io.OutputStream.write(OutputStream.java:58)
    at javapns.back.PushNotificationManager.sendNotification(Unknown Source)
    at mytest.push.main(push.java:50)

Why???
at javapns.back.PushNotificationManager.sendNotification(Unknown Source)???

Thanks

Frank

Original comment by fwu2...@gmail.com on 23 Apr 2010 at 6:07

GoogleCodeExporter commented 9 years ago
By the way, I tested in Windows.

I copy the certificate to linux, and check it :
-rw-r--r-- 1 root  devmobile 6188 Apr 21 15:01 Certificates.p12

Frank

Original comment by fwu2...@gmail.com on 23 Apr 2010 at 6:10

GoogleCodeExporter commented 9 years ago
my log4j.properties: 

log4j.rootLogger=debug,stdout

### direct log messages to stdout ###
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
# Pattern to output the caller's file name and line number.
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=[%d]:[%-5p]:[%c] - %m%n

### direct log messages to logfile
log4j.appender.logfile=org.apache.log4j.FileAppender
log4j.appender.logfile.File=javapns.log
log4j.appender.logfile.Append=true
# Pattern to output the caller's file name and line number.
log4j.appender.logfile.layout=org.apache.log4j.PatternLayout
log4j.appender.logfile.layout.ConversionPattern=[%d]:[%-5p]:[%c] - %m%n

#Custom Logging settings
#The pattern to follow to log by class or package is 
log4j.logger.{com.towers...package or class name}={debug, info, error, fatal}
log4j.logger.org.apache=error

### log package activity
log4j.logger.com.javapns=debug

so the output for the test app is:

$ java6 -cp 
"/Users/idbill/Desktop/apns_test/:/Users/idbill/Desktop/apns_test/*" Push
Setting up Push notification
[2010-04-23 11:12:26,901]:[DEBUG]:[javapns.back.DeviceFactory] - Adding badge 
[66]
Payload setup successfull.
{"aps":{"badge":66}}
[2010-04-23 11:12:26,904]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Adding Token 
[2ed202ac08ea9033665d853a3dc8bc4c5e78f7c6cf8d55910df290567037dcc4] to Device 
[iPhone]
[2010-04-23 11:12:26,906]:[DEBUG]:[javapns.back.DeviceFactory] - Get 
DeviceFactory Instance
[2010-04-23 11:12:26,907]:[DEBUG]:[javapns.back.DeviceFactory] - Adding Token 
[2ed202ac08ea9033665d853a3dc8bc4c5e78f7c6cf8d55910df290567037dcc4] to 
Device [iPhone]
iPhone UDID taken.
[2010-04-23 11:12:26,915]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Getting Token from Device [iPhone]
[2010-04-23 11:12:26,916]:[DEBUG]:[javapns.back.DeviceFactory] - Get 
DeviceFactory Instance
[2010-04-23 11:12:26,916]:[DEBUG]:[javapns.back.DeviceFactory] - Getting Token 
from Device [iPhone]
Token: 2ed202ac08ea9033665d853a3dc8bc4c5e78f7c6cf8d55910df290567037dcc4
[2010-04-23 11:12:26,916]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Getting Token from Device [iPhone]
[2010-04-23 11:12:26,916]:[DEBUG]:[javapns.back.DeviceFactory] - Get 
DeviceFactory Instance
[2010-04-23 11:12:26,916]:[DEBUG]:[javapns.back.DeviceFactory] - Getting Token 
from Device [iPhone]
Client setup successfull.
[2010-04-23 11:12:26,916]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Initializing Connection to Host: [gateway.push.apple.com] Port: [2195] with 
KeyStorePath 
[/tmp/HereMePushProd.p12]/[PKCS12]
[2010-04-23 11:12:27,290]:[DEBUG]:[javapns.back.SSLConnectionHelper] - 
Instantiate SSLConnectionHelper with Path to Keystore
[2010-04-23 11:12:27,816]:[DEBUG]:[javapns.back.SSLConnectionHelper] - Creating 
SSLSocketFactory
[2010-04-23 11:12:28,090]:[DEBUG]:[javapns.back.SSLConnectionHelper] - 
Returning Push SSLSocketFactory
[2010-04-23 11:12:28,091]:[DEBUG]:[javapns.back.SSLConnectionHelper] - 
Returning Push SSLSocket
Connection initialized...
[2010-04-23 11:12:29,217]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Building Raw message from deviceToken and payload
[2010-04-23 11:12:29,217]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Attempting to send Notification [{"aps":{"badge":66}}]
[2010-04-23 11:12:29,648]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Notification sent
Message sent!
# of attempts: 3
[2010-04-23 11:12:29,648]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Closing connection
done

Original comment by idbill.p...@gmail.com on 23 Apr 2010 at 6:13

GoogleCodeExporter commented 9 years ago
I've run this on OS 10.5.8 and Linux (CentOS 5) and OpenSolaris 200906.

Was your cert.p12 created on windows? 
If not, maybe it is getting munged in the transfer to windows?

Original comment by idbill.p...@gmail.com on 23 Apr 2010 at 6:18

GoogleCodeExporter commented 9 years ago
cert.p12 was created in MAC.
It should be created in MAC, not in Linux.

Is it necessary getting munged in the transfer to windows?

Frank

Original comment by fwu2...@gmail.com on 23 Apr 2010 at 6:49

GoogleCodeExporter commented 9 years ago
I don't know the reason, windows or other reasons? 
But I guess your code sometimes can not work well for .p12.

trigger seeding of SecureRandom
done seeding SecureRandom
[2010-04-23 14:51:26,531]:[DEBUG]:[javapns.back.SSLConnectionHelper] - 
Returning Push
SSLSocketFactory
[2010-04-23 14:51:26,531]:[DEBUG]:[javapns.back.SSLConnectionHelper] - 
Returning Push
SSLSocket
Connection initialized...
[2010-04-23 14:51:27,203]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Building
Raw message from deviceToken and payload
[2010-04-23 14:51:27,203]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Attempting
to send Notification [{"aps":{"badge":66}}]
%% No cached client session
*** ClientHello, TLSv1
.................
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, certificate_unknown
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal 
alert:
certificate_unknown
[2010-04-23 14:51:27,656]:[INFO ]:[javapns.back.PushNotificationManager] - 
Attempt
failed... trying again
main, called close()
main, called closeInternal(true)
[2010-04-23 14:51:27,656]:[DEBUG]:[javapns.back.SSLConnectionHelper] - 
Returning Push
SSLSocketFactory
[2010-04-23 14:51:27,656]:[DEBUG]:[javapns.back.SSLConnectionHelper] - 
Returning Push
SSLSocket
[2010-04-23 14:51:27,718]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Attempting
to send Notification [{"aps":{"badge":66}}]
......
Repert 3 times

Thanks

Frank

Original comment by fwu2...@gmail.com on 23 Apr 2010 at 6:59

GoogleCodeExporter commented 9 years ago
So what did you change? (for future reference)

I know in years past, there have been issues moving files between windows and 
the rest of the world.

IFAIK...
Unixes and Windows and Old Macs (pre-OS X) all used different carriage returns.

Also, being a data file, there may be an issue with Endian-ness.

Bill

Original comment by idbill.p...@gmail.com on 23 Apr 2010 at 7:09