Closed GoogleCodeExporter closed 8 years ago
Indeed, the documented requirements indicates that there are problems with SSL
connections under Java 7.
Original comment by sype...@gmail.com
on 7 Feb 2013 at 4:02
Yes, I have read the documentation. However since both Java 5 and 6 reached EOL
and therefore, in the best of worlds, shouldn't be used, I raised this issue to
see if anyone did come up with a solution to this problem. Anyone?
Original comment by johannes...@gmail.com
on 8 Feb 2013 at 5:44
Original comment by sype...@gmail.com
on 1 Mar 2013 at 5:17
I'd like to voice my support for Java 7 support. Basically you can run javapns
on Google App Engine since they now support Sockets / SSL, as long as you:
1) Remove META-INF/MANIFEST.MF from the BouncyCastle
2) Deploy your project with Java6 appcfg.sh -A {appid} --use_java6 update ./war
But Google are removing Java 6 support soon, so for this to keep working it
would be great to sort out this issue.
Original comment by j...@jameslow.com
on 23 Apr 2013 at 1:00
I'm going to keep debugging to try and figure out a fix, but I'm not an SSL or
sockets expert, so others may habe more luck.
Original comment by j...@jameslow.com
on 23 Apr 2013 at 1:01
I recompiled javapns exposing the original exception. A more complete stack
trace is:
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1943)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1059)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:685)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:111)
at java.io.OutputStream.write(OutputStream.java:75)
at javapns.notification.PushNotificationManager.sendNotification(PushNotificationManager.java:402)
at javapns.notification.PushNotificationManager.sendNotification(PushNotificationManager.java:350)
at javapns.notification.PushNotificationManager.sendNotification(PushNotificationManager.java:320)
at javapns.Push.sendPayload(Push.java:177)
at javapns.Push.alert(Push.java:47)
Original comment by j...@jameslow.com
on 23 Apr 2013 at 2:37
Ah... this is an explicitly known difference between Java 6 and Java 7, see the
SSL note here:
http://www.oracle.com/technetwork/java/javase/compatibility-417013.html
Original comment by j...@jameslow.com
on 23 Apr 2013 at 2:41
Sorry for all the comments, but want to keep sharing what I've discovered. I
set the sun.security.ssl.allowUnsafeRenegotiation=true when running in Java 7
as mentioned in the above link but it still through the same exception, so
maybe its something else.
Original comment by j...@jameslow.com
on 23 Apr 2013 at 2:56
GOT IT WORKING!!! :)
After a day of Googling SSL issues and Java 7, I finally came across this
article:
http://blog.palominolabs.com/2011/10/18/java-2-way-tlsssl-client-certificates-an
d-pkcs12-vs-jks-keystores/
It basically talks about issues with Java's handling of .p12 files, so I
thought I'd give it a shot and just convert the .p12 to a .jks and give it a
try:
keytool -importkeystore -destkeystore CERTIFICATES.jks -srckeystore
CERTIFICATES.p12 -srcstoretype PKCS12
I've written up everything I had to do to get JavaPNS working on Google App
Engine on my blog:
http://jameslow.com/2013/04/24/iphone-push-notifications-with-javapns-on-google-
app-engine/
Original comment by j...@jameslow.com
on 24 Apr 2013 at 12:38
Sorry one more quick note. I had to use keytool from Java 6 to covert the .p12
to .jks. Using keytool from Java 7 creates an invalid .jks file.
Original comment by j...@jameslow.com
on 24 Apr 2013 at 12:55
[deleted comment]
thx. jameslow
I solved this issue. here is my solution.
first change p12 file to jks file in JDK6 environment by using keytool. james
mentioned it above.
but it may still not work.
you have to unzip entire javaPNS source code and fix it little bit.
change source to
this(keystore, password, ConnectionToAppleServer.KEYSTORE_TYPE_JKS, production);
in JavaPNS_2.2_complete\src\javapns\feedback\AppleFeedbackServerBasicImpl.java
and
JavaPNS_2.2_complete\src\javapns\notification\AppleNotificationServerBasicImpl.j
ava
and run method!
Push.alert(message, keystore.jks , password, true or false , devices)
it all works in JUNIT and TOMCAT (JDK 7,Junit, windows7 64, linux64)
Original comment by SongH...@gmail.com
on 7 Aug 2013 at 2:25
Yep, you have to edit the JavaPNS if you want to use the basic methods. My blog
post explains how to instantiate the JavaPNS classes from scratch, and if you
do that you can configure it to use JKS instead of P12,
Glad you got it working!
Original comment by j...@jameslow.com
on 7 Aug 2013 at 2:32
A simple solution is
Convert .p12 into .jks with Java6 keytool as discribed above.
But then simply use Java7!!! keytool to convert the .jks back into .p12 format
with this command:
keytool -importkeystore -srckeystore CERTIFICATES.jks -srcstoretype JKS
-deststoretype PKCS12 -destkeystore CERTIFICATES.p12
The new .p12 Keystore works with Java7 and Java6 and you don’t have to change
the JavaPNS codebase.
Original comment by thomasp...@googlemail.com
on 18 Nov 2013 at 11:06
@thomasp thanks. You saved my day.
Original comment by ashishgp...@gmail.com
on 21 Nov 2013 at 12:47
[deleted comment]
@thomasp clever, didn't think of that one!
Original comment by j...@jameslow.com
on 21 Nov 2013 at 1:45
Just to be sure, there is no other way to get it working with Java7 than using
the Java6 keytool to convert the p12 file?
Original comment by sanderbe...@gmail.com
on 17 Dec 2013 at 9:24
In jdk 1.7 and using p12, javapns works well only when the passwd length of p12
file must be greater than or equal 6. otherwise, the following error happens:
[[1] not transmitted to token 595d8..725bf
javapns.communication.exceptions.InvalidCertificateChainException: Invalid
certificate chain (Received fatal alert: certificate_unknown)! Verify that the
keystore you provided was produced according to specs...]
Original comment by xinqian...@gmail.com
on 18 Jan 2014 at 5:25
I have tried converting .p12 file into .jks file and again reconverting into
.p12 file and tried to run in java 1.7 environment but I got the same error as
follows:
[1] not transmitted to token 2b99e..99a7f
javapns.communication.exceptions.InvalidCertificateChainException: Invalid
certificate chain (Received fatal alert: certificate_unknown)! Verify that the
keystore you provided was produced according to specs...
any help will be appreciate.
Original comment by sudhakar...@gmail.com
on 22 Sep 2014 at 8:26
In r398 (trunk), added the ability to customize the default keystore type using
a system property (javapns.communication.keystoreType), which can be set to
"PKCS12", "JKS", or any type supported by the JVM. Also, BouncyCastle was
removed in an earlier revision, so that takes care of that unwanted dependency.
Original comment by sype...@gmail.com
on 13 Oct 2014 at 2:49
Original issue reported on code.google.com by
johannes...@gmail.com
on 7 Feb 2013 at 3:33