sshcheung / javapns

Automatically exported from code.google.com/p/javapns
0 stars 0 forks source link

library does not work with IBM JRE because of "Sunx509" SSL Algorithm #41

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
When Using an IBM JRE, we get an exception : 
java.security.NoSuchAlgorithmException: sunx509 TrustManagerFactory not 
available
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:158)
        at javax.net.ssl.TrustManagerFactory.getInstance(TrustManagerFactory.java:20)
        at javapns.back.SSLConnectionHelper.getFeedbackSSLSocketFactory(Unknown Source)
        at javapns.back.SSLConnectionHelper.getFeedbackSSLSocket(Unknown Source)
        at javapns.back.FeedbackServiceManager.getDevices(Unknown Source)

Problem seems to be in SSLConnectionHelper :
    private static final String ALGORITHM = "sunx509";

This Algorithm is only present in Sun JRE.

If possible, could you please implement a more configurable way to provide the 
algorithm (see  
http://download.oracle.com/javase/1.5.0/docs/api/javax/net/ssl/KeyManagerFactory
.html) ?

For example :
    private static final String ALGORITHM = ((Security.getProperty("ssl.KeyManagerFactory.algorithm") == null)? "sunx509" : Security.getProperty("ssl.KeyManagerFactory.algorithm"));

Thanks

Original issue reported on code.google.com by david.la...@gmail.com on 19 Jan 2011 at 2:57

GoogleCodeExporter commented 8 years ago
Sorry, I didn't see Issue 39 ...

Original comment by david.la...@gmail.com on 19 Jan 2011 at 2:58

GoogleCodeExporter commented 8 years ago
I added the suggested code.

Try the testing version 1.6.4 in the downloads section and let me know how it 
goes.

Original comment by idbill.p...@gmail.com on 19 Jan 2011 at 10:19

GoogleCodeExporter commented 8 years ago
So sorry to be annoying here (I'm the one who submitted the issue #39)

But there are quite a few deployments live yet on the IBM WebSphere 6.X
It runs on JVM 1.5 yet.
Will you please apply a fix for the java 1.5?

Many thanks

Original comment by asalab...@gmail.com on 20 Jan 2011 at 8:52

GoogleCodeExporter commented 8 years ago
Done

Original comment by idbill.p...@gmail.com on 20 Jan 2011 at 5:40

GoogleCodeExporter commented 8 years ago
Hi~

I have an error with IBM JDK 1.5.

*JVM INFO
==================
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build pwi32pdev-20070426a)
IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Windows XP x86-32 
j9vmwi3223-20070426 (JIT enabled)
J9VM - 20070420_12448_lHdSMR
JIT  - 20070419_1806_r8
GC   - 200704_19)
JCL  - 20070423
==================

* ERROR
==================
12:11:29.953 [main] ERROR c.n.a.i.ApnsFeedbackConnection - Couldn't get 
feedback connection
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: 
com.ibm.jsse2.util.h: End user tried to act as a CA
        at com.notnoop.apns.internal.Utilities.parseFeedbackStreamRaw(Utilities.java:201) ~[javapns2.jar:na]
        at com.notnoop.apns.internal.Utilities.parseFeedbackStream(Utilities.java:211) ~[javapns2.jar:na]
        at com.notnoop.apns.internal.ApnsFeedbackConnection.getInactiveDevicesImpl(ApnsFeedbackConnection.java:87) ~[javapns2.jar:na]
        at com.notnoop.apns.internal.ApnsFeedbackConnection.getInactiveDevices(ApnsFeedbackConnection.java:67) ~[javapns2.jar:na]
        at com.notnoop.apns.internal.AbstractApnsService.getInactiveDevices(AbstractApnsService.java:99) [javapns2.jar:na]
        at my.test.APNSTest.main(APNSTest.java:34) [javapns2.jar:na]
Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: End user 
tried to act as a CA
        at com.ibm.jsse2.n.a(n.java:15) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.jc.a(jc.java:171) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.db.a(db.java:129) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.db.a(db.java:333) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.eb.a(eb.java:145) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.eb.a(eb.java:274) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.db.m(db.java:330) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.db.a(db.java:149) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.jc.a(jc.java:450) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.jc.g(jc.java:115) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.jc.a(jc.java:347) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.e.read(e.java:13) ~[na:5.0 build_20070313]
        at java.io.DataInputStream.readFully(DataInputStream.java:202) ~[na:1.5.0]
        at java.io.DataInputStream.readInt(DataInputStream.java:380) ~[na:1.5.0]
        at com.notnoop.apns.internal.Utilities.parseFeedbackStreamRaw(Utilities.java:192) ~[javapns2.jar:na]
        ... 5 common frames omitted
Caused by: com.ibm.jsse2.util.h: End user tried to act as a CA
        at com.ibm.jsse2.util.g.a(g.java:121) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.util.g.a(g.java:10) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.util.g.b(g.java:26) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.util.e.a(e.java:19) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.yb.checkServerTrusted(yb.java:58) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.hb.checkServerTrusted(hb.java:10) ~[na:5.0 build_20070313]
        at com.ibm.jsse2.eb.a(eb.java:102) ~[na:5.0 build_20070313]
        ... 15 common frames omitted
==================

Help me.. please~

Thanks.

Original comment by honeyc...@gmail.com on 26 Jan 2011 at 3:27

GoogleCodeExporter commented 8 years ago
Did you see:
https://www-304.ibm.com/support/docview.wss?uid=swg21426286

can you verify your cert is 'certificate extension labeled "CA"'

also check:
http://www.mqseries.net/phpBB2/viewtopic.php?t=49364

Original comment by idbill.p...@gmail.com on 26 Jan 2011 at 4:05

GoogleCodeExporter commented 8 years ago
Thanks for your answer.

I don't know that my cert is 'certificate extension labeled "CA"'.

Can I know how to verify my cert?

Original comment by honeyc...@gmail.com on 26 Jan 2011 at 8:08

GoogleCodeExporter commented 8 years ago
The easy way... is to visit the link I sent you (it has lots of info).

Otherwise... you'll need OpenSSL.

http://www.tech-recipes.com/rx/447/view-the-details-of-a-certificate-signing-req
uest-with-openssl/
http://mediakey.dk/~cc/view-x509-certificate-details/

http://wiki.samat.org/CheatSheet/OpenSSL

Original comment by idbill.p...@gmail.com on 26 Jan 2011 at 5:55

GoogleCodeExporter commented 8 years ago
Apparently, this is a bug in IBM JDK 1.5.
IBM JDK 1.6 is OK with Apple's certificate.

Original comment by pde...@gmail.com on 30 Jan 2011 at 8:03

GoogleCodeExporter commented 8 years ago
I'm trying to run this on WebSphere 6.1.  So, is the solution to upgrade to WAS 
7 so that I can run it against a 1.6 JDK?

If I can't upgrade to WAS 7 and must use WAS 6.1, is it then impossible to do 
APNS push notifications?

Original comment by dle...@gmail.com on 24 Mar 2011 at 12:47

GoogleCodeExporter commented 8 years ago
I solved it!
use IbmPKIX trust manager.

http://academicwritingtips.org/component/k2/item/899-entrust.html?tmpl=component
&print=1

Original comment by lyungjo...@gmail.com on 11 Apr 2011 at 5:15

GoogleCodeExporter commented 8 years ago
Closing as fixed, as per previous comments confirming the issue was resolved.

Original comment by sype...@gmail.com on 7 Sep 2011 at 3:42