DerInputStream.getLength(): lengthTag=127, too big. about javapns HOT 67 CLOSED

plz suggest on the above...

Code snippet is required to give any insight.

thanks for the reply...
i am using the code mentioned below

<%

try {
    PayLoad payLoad = new PayLoad();

    payLoad.addAlert("Test");
    payLoad.addBadge(45);
    payLoad.addSound("default");


    PushNotificationManager pushManager = PushNotificationManager.getInstance();
    pushManager.addDevice
("iPhone", "ec31d584f63d53bb7d9b3ea26b2a0716073a1f11ea26d9d3e93ccb78c2bb8d9c");
    System.out.println("Initializing connectiong with APNS...");



    // Connect to APNs
    pushManager.initializeConnection
("gateway.sandbox.push.apple.com",2195,"C:/idrivecer/PushCertificates.p12", 
"password
",SSLConnectionHelper.KEYSTORE_TYPE_PKCS12);

    Device client = pushManager.getDevice("iPhone");

    System.out.println("Client is..."+client.getId()+"nd token is"+client.getToken
());
    System.out.println("payLoad is..."+payLoad);
    // Send Push
    System.out.println("Sending push notification...");

    pushManager.sendNotification(client, payLoad);
    //pushManager.stopConnection();
 }
 catch (Exception e) {
    System.out.println(e.getMessage());
     e.printStackTrace();
 }

the connection initialization happens succesfully but when it comes to send 
notification method it throws the error as DerInputStream.getLength(): 
lengthTag=127, too big. 

plz advice where i am wrong

Your code looks fine. My guess is your cert is bad.

How did you create the cert:
 C:/idrivecer/PushCertificates.p12 

Did you follow the steps under 'Export Certificate from Keychain' at:
http://code.google.com/p/javapns/wiki/GetAPNSCertificate

(for using openssl and not Keychain) read:
http://www.developers-life.com/apple-push-notification.html

Have you enabled SSL logging as per:
http://code.google.com/p/javapns/wiki/Tips

hi,

  I have got one doubt if the problem is with cert then it should give me problem 
during connection initialization but why it throws error during sendig 
notification....

Maybe if you tried the source version. It has several updates in relation to 
the certs. 
(I'm unable to change the download link.)

I have the same issue. Up to now, I don't know how to fix it. Export cert & 
private
key to a p12 file, then :

        PushNotificationManager pushManager = null;
        PayLoad simplePayLoad = new PayLoad();
        try {
            simplePayLoad.addAlert("My alert message");
            simplePayLoad.addBadge(45);
            simplePayLoad.addSound("default");

             // Get PushNotification Instance
             pushManager = PushNotificationManager.getInstance();

             // Link iPhone's UDID (64-char device token) to a stringName
             pushManager.addDevice("iPhone", clientToken );

            // Get iPhone client
             Device client = pushManager.getDevice( "iPhone" );


            pushManager.initializeConnection(pushUrl, pushPort, certName, "password",
SSLConnectionHelper.KEYSTORE_TYPE_PKCS12);

            pushManager.sendNotification(client, simplePayLoad);    

            // close connection 
             pushManager.stopConnection(); 
             pushManager.removeDevice( "iPhone" );
             pushManager = null;

        } catch(Exception e) {
                } 

Error message :
- DerInputStream.getLength(): lengthTag=127, too big.
java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.
    at sun.security.util.DerInputStream.getLength(DerInputStream.java:530)
    at sun.security.util.DerValue.init(DerValue.java:346)
    at sun.security.util.DerValue.<init>(DerValue.java:302)
    at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1198)
    at java.security.KeyStore.load(KeyStore.java:1150)
    at javapns.back.SSLConnectionHelper.getSSLSocket(SSLConnectionHelper.java:101)
    at
javapns.back.PushNotificationManager.sendNotification(PushNotificationManager.ja
va:144)

Ok, it sounds like you don't have the apple cert. The source code solves the 
issue of fetching the apple cert. 
Otherwise, you'll have to follow the following instructions to get the apple 
cert: (I haven't done this in a long 
while... just get the latest code.)
----
To get the keystore working... (Since the apple cert is only fetched once, it 
seemed like a setup issue... but 
that can be written into the java code once it is verified that all is working 
properly.)

Do the following

Download IntallCert?: http://blogs.sun.com/andreas/resource/InstallCert.java

Compile it: javac InstallCert.java

Run it: java InstallCert feedback.push.apple.com:2196 select 1

Rename it: mv jssecacerts apple.keystore

change the password: keytool -storepasswd -keystore apple.keystore -new 
[your_cert_passwd] -storepasswd 
changeit

put the apple.keystore where the java code is expecting it. (see your java 
error logs)

This makes the keystore password match YOUR cert password (in other words, when 
I said the keystore 
password was changeit, I was incorrect).
---

But like I said, before... get the latest code and this is a non-issue.

Bill

You mentioned :
java InstallCert feedback.push.apple.com:2196 select 1

How about for 
gateway.sandbox.push.apple.com ?
java InstallCert gateway.sandbox.push.apple.com:2195 select 1 is correct?

Thanks a lot!

Frank

try:
java InstallCert gateway.sandbox.push.apple.com:2195

then... when asked to select something...enter:
1

In your VM arguements, if you add: (as per the Tips wiki page)
-Djavax.net.debug=all

Do you get:

main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, certificate_revoked
main, called closeSocket()
main, Exception while waiting for close javax.net.ssl.SSLHandshakeException: 
Received fatal alert: 
certificate_revoked
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal 
alert: certificate_revoked
main, called close()
main, called closeInternal(true)

or something else?

[deleted comment]

Google is your friend:
http://www.drh-consultancy.demon.co.uk/pkcs12faq.html

I've updated the download... try the new jar.

[deleted comment]

[deleted comment]

I don't understand.

What methods are changed? what is the error?

It should be backward compatible.

Bill

I can convert jssecacerts to .cer/.pem(gateway.sandbox.push.apple.com-1), but I 
can
not convert jssecacerts to .p12. 
But .p12 is neccessary for your method as below:
pushManager.initializeConnection(pushUrl, pushPort, "certName.p12", "password",
SSLConnectionHelper.KEYSTORE_TYPE_PKCS12);

Could you put a new method that can use .pem please?

How can I do.

Thanks

Frank

the jssecacerts should only have the push.apple certs. It is a keystore used by 
Java.

The cert.p12 is something else. The cert.p12 has the public and private keys of 
your certificate.

The keystore is accessed implicitly by java, but the cert is provided to the 
pushManager.

Rename jssecacerts: 
mv jssecacerts apple.keystore

change the password: keytool -storepasswd -keystore apple.keystore -new 
[your_cert_passwd] -storepasswd 
changeit

put the apple.keystore where the java code is expecting it. (see your java 
error logs)

but... I don't believe any of this needs to happen with the new jar.

I copy apple.keystore to both /jre/lib/security and /cert.
And add the following code:
System.setProperty("javax.net.ssl.trustStore","/cert/apple.keystore");
System.setProperty("javax.net.ssl.trustStorePassword","mypassowrd");

I still get the errors as below:
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, certificate_unknown
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal 
alert:
certificate_unknown
- Attempt to send Notification failed and beyond the maximum number of attempts 
permitted
- Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1584)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:866)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl
.java:1030)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)ma
in,
called close()
main, called closeInternal(true)


By the way, the new jar includes some feedback functions, could you add a simple
sample to your wiki please?

Many thanks

Frank

What happens when (using the new jar) you don't do any of the jssacert steps 
and remove:

System.setProperty("javax.net.ssl.trustStore","/cert/apple.keystore");
System.setProperty("javax.net.ssl.trustStorePassword","mypassowrd");

[deleted comment]

Your certificate (.p12), does it include the public & private key?

How did you create the p12 cert?

> main, RECV TLSv1 ALERT:  fatal, certificate_unknown

It would appear to me, that your certificate cannot be found or is missing the 
private key.

The .p12 was exported from Keychain including development cert and private key 
for
iPhone.

I don't know if I should generate each special .p12 for each special gateway?
cert1.p12 for gateway.sandbox.push.apple.com
cert2.p12 for gateway.push.apple.com
cert3.p12 for feedback.sandbox.push.apple.com
cert4.p12 for feedback.push.apple.com

Thanks

Frank

Just forget about the certs for the *.push.apple.com. Don't import them, don't 
add them..
They are handled by the new jar.

When in keychain it isn' entirely clear that you have to select both the public 
& private key when you export 
them. I've had other people miss the private key.

Have you created a stand alone java file that just sends a test message to a 
target phone? This is most useful 
in troubleshooting. (Remember the apple dev certs only last a few months, so 
you'll swapping keys fairly often 
and your product certificate is different from the dev (sandbox) certificates.)

[deleted comment]

Are you trying to use both the java-apns and php-apns libs with the same certs?

Otherwise, it seems like it would be easier export both the private and public 
keys in the export in item 6/7 
and stop. Since this will give you what you want.

It appears that the keystore cannot import .pem files directly, but you have to 
do the following:
http://www.agentbob.info/agentbob/79-AB.html

FYI, I didn't right any of the SSL stuff, so I don't fully comprehend what it 
is doing.

[deleted comment]

The new cert (.p12) can only include cert and private key. It is impossible to
include public key.

Thanks

Frank

For new cert (.p12). failed at 
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, certificate_unknown
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal 
alert:
certificate_unknown
- Attempt to send Notification failed and beyond the maximum number of attempts 
permitted
- Received fatal alert: certificate_unknown
main, called close()
main, called closeInternal(true)

    at java.io.OutputStream.write(OutputStream.java:58)
    at javapns.back.PushNotificationManager.sendNotification(Unknown Source)

Frank

I'm confused. 

When you submit the csr to apple you are sending them a 'request' encoded by 
your private key. They use their private key to 'sign' the 
request and return it to you as a 'signed key'.

So when you import the 'signed key' into KeyChain it should be added to your 
private key. The 'Certificate' should now show with a 2 
included items. The Public (shared) key, and your private key. It will not be 
possible to decode the shared key without the private key, which 
is why both need to be exported together.

So, select both items, then go to the file menu and select export.

If the csr was created on another machine, then the private key will need to be 
copied from there. If you don't have access to the original 
private key, then the signed csr is useless.

So, as I understand it, the 'cert' is a generic term which implies the 
inclusion of the public key.

The last comment is described fully on page 26-27 of the 
RemoteNotificationPG.pdf

http://developer.apple.com/iphone/library/documentation/NetworkingInternet/Conce
ptual/RemoteNotifications
PG/RemoteNotificationsPG.pdf

Hi,

   I used the new jar(1.6) but still i am not able to send the notification.it 
always throughs the sam error(java.io.IOException: DerInputStream.getLength(): 
lengthTag=127, too big.).

  I have created the certificate from my Mac machine using the documents provided in 
the wiki.
   As in the document it clearly mentioned that use the certificate file and the 
private key to export it to p12 format and i followed the same then what can be 
the 
reason of fail.

  i will try exporting the public and the private key to p12 format as said by u and 
let u know the result.

plz guide me as i am struck here with the certificate.

Regards,
preeti ranjan

[deleted comment]

preetiparida:

You got the same issue as mine. If you get a success, please let me know asap.
And give some your feedbacks here.

Thanks

Frank

Where are you on this?

I thought your certificate was expired.

In the debugging do you see your certificate being loaded? Do you see the apple 
cert?

When I run it I get the following: (The key is to myhereme registered by Jason)

<code>test$ java -Djavax.net.debug=all -cp "/home/idbill/test/*" 
com.planx.push.Push
***
found key for : jason
chain [0] = [
[
  Version: V3
  Subject: C=US, CN=Apple Production Push Services: PN9UYY823D:PQ5ALUQ4LG, 
UID=com.myhereme.hereme
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  SunPKCS11-Solaris RSA public key, 2048 bits (id 136678664, session object)
  modulus: 
27172763159952640456477629207234953770535661082716201702660480000050164736808335
03680
61323217298963601268872002474195286422068564281690901751795750510993770592993851
19062
341405284559724507616921...98887908213648397800147100700463163087453333567946474
9592375
027778747370583661500848320483276165124520484688440406598365695063217907533709
  public exponent: 65537
  Validity: [From: Fri Oct 23 13:32:00 PDT 2009,
               To: Sat Oct 23 13:32:00 PDT 2010]
  Issuer: CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple Worldwide Developer 
Relations, O=Apple Inc., C=US
  SerialNumber: [    62d4bdbe 87182a6f]
</code>

Then there are 8 'Certificate Extensions' listed

then:
<code>***
adding as trusted cert:
  Subject: C=US, CN=Apple Production Push Services: PN9UYY823D:PQ5ALUQ4LG, 
UID=com.myhereme.hereme
  Issuer:  CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple Worldwide Developer 
Relations, O=Apple Inc., C=US
  Algorithm: RSA; Serial number: 0x62d4bdbe87182a6f
  Valid from Fri Oct 23 13:32:00 PDT 2009 until Sat Oct 23 13:32:00 PDT 2010

trustStore is: /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is : 
init truststore</code>
and then ~66 'added trusted cert' entries...

then:
<code>trigger seeding of SecureRandom
done seeding SecureRandom
Connection initialized...
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1255176213 bytes = { 43, 218, 216, 61, 149, 133, 249, 86, 
86, 4, 204, 7, 102, 8, 203, 
28, 189, 203, 14, 85, 235, 78, 81, 89, 7, 140, 127, 223 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, 
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, 
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, 
SSL_DHE_DSS_WITH_DES_CBC_SHA, 
SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, 
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, 
secp192r1, secp224r1, sect233k1, 
sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, 
sect571k1, sect571r1, 
secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, 
secp224k1, sect239k1, 
secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***</code>

a bunch of hex code.. then:
<code>*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=gateway.push.apple.com, OU=Internet Services, O=Apple Inc, L="Cupertino ", ST=CALIFORNIA, 
C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5</code>

(Looks like the apple cert expires May 4th)
11 items are processed, then: 
<code>***
Found trusted certificate:</code>

8 more items...then:
<code>*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: C=US, CN=Apple Production Push Services: PN9UYY823D:PQ5ALUQ4LG, 
UID=com.myhereme.hereme
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5</code>

~12 lines of hex
<code>*** ClientKeyExchange, RSA PreMasterSecret, TLSv1</code>
a lot more hex
<code>*** CertificateVerify</code>
~24 lines of  hex
<code>*** Finished</code>
ending with:
<code>main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT:  warning, description = close_notify
Padded plaintext before ENCRYPTION:  len = 18
0000: 01 00 3C AA AD 01 36 EB   3D 6F DC 03 C0 DD EF CC  ..<...6.=o......
0010: 9B 78                                              .x
main, WRITE: TLSv1 Alert, length = 18
[Raw write]: length = 23
0000: 15 03 01 00 12 1B 15 92   D0 DF 8B 38 23 65 AA 20  ...........8#e. 
0010: FC 5B 4E 45 A9 F7 E1                               .[NE...</code>

Check out the 'WorkingExample' Wiki page.

I've run this on a 2 machines that have not previously run this code, and they 
ran fine.

I run at JDK.1.5.13. It doesn't work!

Almost same as your debug information except the following :

adding as trusted cert:
  Subject: CN=gateway.sandbox.push.apple.com, OU=ISSE, O=Apple Inc, L="Cupertino ",
ST=CALIFORNIA, C=US
  Issuer:  CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
O=Entrust.net, C=US
  Algorithm: RSA; Serial number: 0x469e81c1
  Valid from Fri Feb 27 18:34:55 EST 2009 until Tue Apr 27 20:04:53 EDT 2010
......

main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, certificate_unknown
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal 
alert:
certificate_unknown
- Attempt to send Notification failed and beyond the maximum number of attempts 
permitted
- Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1584)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:866)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl
.java:1030)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)main,
called close()
main, called closeInternal(true)

Thanks

Frank

In JDK 1.6, I run your WorkingExample. It failed at 
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, certificate_unknown
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal 
alert:
certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1694)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:939)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl
.java:1120)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
    at java.io.OutputStream.write(OutputStream.java:58)
    at javapns.back.PushNotificationManager.sendNotification(Unknown Source)
    at mytest.push.main(push.java:50)

Thanks

Frank

Requirement is :
    * commons-lang-2.4.jar
    * commons-io-1.4.jar
    * bcprov-jdk16-145.jar
    * log4j-1.2.15.jar 

Besides those, Jackson is necessary?

Frank

Requirement is :
    * commons-lang-2.4.jar
    * commons-io-1.4.jar
    * bcprov-jdk16-145.jar
    * log4j-1.2.15.jar 

Besides those, Jackson is necessary?

Frank

It is good that the gateway.sandbox.push.apple.com cert is being loaded.

You say 'I run at JDK.1.5.13.'

Does that mean you are running this in Java1.5 ? 

The Bouncy Castle library is for 1.6  I just fixed the bouncyCastle link on the 
requirements page:
http://www.bouncycastle.org/latest_releases.html

The libraries I'm using are:
-rw-r--r--  1 idbill  idbill     1846 Apr 23 08:22 Feedback.class
-rw-r--r--  1 idbill  idbill     1258 Apr 23 08:22 Feedback.java
-rw-r--r--  1 idbill  idbill     2285 Apr 23 08:28 Push.class
-rw-r--r--  1 idbill  idbill     1943 Apr 23 08:28 Push.java
-rw-r--r--@ 1 idbill  idbill  1663318 Apr 23 08:23 bcprov-jdk16-145.jar
-rw-r--r--  1 idbill  idbill   109043 Apr 23 08:22 commons-io-1.4.jar
-rw-r--r--  1 idbill  idbill   261809 Apr 23 08:22 commons-lang-2.4.jar
-rw-r--r--  1 idbill  idbill    52639 Apr 23 08:26 javapns1.6.jar
-rw-r--r--@ 1 idbill  idbill   391834 Apr 23 08:22 log4j-1.2.15.jar
-rw-r--r--  1 idbill  idbill      936 Apr 23 08:22 log4j.properties

My certificates look like:
# ls -l
-rw-r--r--   1 idbill  wheel     6132 Apr 21 09:26 production_cert.p12
-rw-r--r--   1 idbill  wheel     6144 Apr 22 09:43 development_cert.p12

# file *.p12
/tmp/production_cert.p12:                      data
/tmp/development_cert.p12: data

sorry, the bcprov size is wrong... should be:
-rw-r--r--@ 1 idbill  idbill  1719483 Jan 10 20:22 bcprov-jdk16-145.jar

the one previously listed is for jdk1.5 

I uploaded a javapns.jar to the downloads for jdk1.5, but I'm unable to test it.

Bill

I change to JDK 1.6 and all test environment is as same as yours including 
certificates.
But I still failed at the same reason. If your API can give more details, I may 
track
this issue.

main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, certificate_unknown
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal 
alert:
certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1694)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:939)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl
.java:1120)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
    at java.io.OutputStream.write(OutputStream.java:58)
    at javapns.back.PushNotificationManager.sendNotification(Unknown Source)
    at mytest.push.main(push.java:50)

Why???
at javapns.back.PushNotificationManager.sendNotification(Unknown Source)???

Thanks

Frank

By the way, I tested in Windows.

I copy the certificate to linux, and check it :
-rw-r--r-- 1 root  devmobile 6188 Apr 21 15:01 Certificates.p12

Frank

my log4j.properties: 

log4j.rootLogger=debug,stdout

### direct log messages to stdout ###
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
# Pattern to output the caller's file name and line number.
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=[%d]:[%-5p]:[%c] - %m%n

### direct log messages to logfile
log4j.appender.logfile=org.apache.log4j.FileAppender
log4j.appender.logfile.File=javapns.log
log4j.appender.logfile.Append=true
# Pattern to output the caller's file name and line number.
log4j.appender.logfile.layout=org.apache.log4j.PatternLayout
log4j.appender.logfile.layout.ConversionPattern=[%d]:[%-5p]:[%c] - %m%n

#Custom Logging settings
#The pattern to follow to log by class or package is 
log4j.logger.{com.towers...package or class name}={debug, info, error, fatal}
log4j.logger.org.apache=error

### log package activity
log4j.logger.com.javapns=debug

so the output for the test app is:

$ java6 -cp 
"/Users/idbill/Desktop/apns_test/:/Users/idbill/Desktop/apns_test/*" Push
Setting up Push notification
[2010-04-23 11:12:26,901]:[DEBUG]:[javapns.back.DeviceFactory] - Adding badge 
[66]
Payload setup successfull.
{"aps":{"badge":66}}
[2010-04-23 11:12:26,904]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Adding Token 
[2ed202ac08ea9033665d853a3dc8bc4c5e78f7c6cf8d55910df290567037dcc4] to Device 
[iPhone]
[2010-04-23 11:12:26,906]:[DEBUG]:[javapns.back.DeviceFactory] - Get 
DeviceFactory Instance
[2010-04-23 11:12:26,907]:[DEBUG]:[javapns.back.DeviceFactory] - Adding Token 
[2ed202ac08ea9033665d853a3dc8bc4c5e78f7c6cf8d55910df290567037dcc4] to 
Device [iPhone]
iPhone UDID taken.
[2010-04-23 11:12:26,915]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Getting Token from Device [iPhone]
[2010-04-23 11:12:26,916]:[DEBUG]:[javapns.back.DeviceFactory] - Get 
DeviceFactory Instance
[2010-04-23 11:12:26,916]:[DEBUG]:[javapns.back.DeviceFactory] - Getting Token 
from Device [iPhone]
Token: 2ed202ac08ea9033665d853a3dc8bc4c5e78f7c6cf8d55910df290567037dcc4
[2010-04-23 11:12:26,916]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Getting Token from Device [iPhone]
[2010-04-23 11:12:26,916]:[DEBUG]:[javapns.back.DeviceFactory] - Get 
DeviceFactory Instance
[2010-04-23 11:12:26,916]:[DEBUG]:[javapns.back.DeviceFactory] - Getting Token 
from Device [iPhone]
Client setup successfull.
[2010-04-23 11:12:26,916]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Initializing Connection to Host: [gateway.push.apple.com] Port: [2195] with 
KeyStorePath 
[/tmp/HereMePushProd.p12]/[PKCS12]
[2010-04-23 11:12:27,290]:[DEBUG]:[javapns.back.SSLConnectionHelper] - 
Instantiate SSLConnectionHelper with Path to Keystore
[2010-04-23 11:12:27,816]:[DEBUG]:[javapns.back.SSLConnectionHelper] - Creating 
SSLSocketFactory
[2010-04-23 11:12:28,090]:[DEBUG]:[javapns.back.SSLConnectionHelper] - 
Returning Push SSLSocketFactory
[2010-04-23 11:12:28,091]:[DEBUG]:[javapns.back.SSLConnectionHelper] - 
Returning Push SSLSocket
Connection initialized...
[2010-04-23 11:12:29,217]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Building Raw message from deviceToken and payload
[2010-04-23 11:12:29,217]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Attempting to send Notification [{"aps":{"badge":66}}]
[2010-04-23 11:12:29,648]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Notification sent
Message sent!
# of attempts: 3
[2010-04-23 11:12:29,648]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Closing connection
done

I've run this on OS 10.5.8 and Linux (CentOS 5) and OpenSolaris 200906.

Was your cert.p12 created on windows? 
If not, maybe it is getting munged in the transfer to windows?

cert.p12 was created in MAC.
It should be created in MAC, not in Linux.

Is it necessary getting munged in the transfer to windows?

Frank

I don't know the reason, windows or other reasons? 
But I guess your code sometimes can not work well for .p12.

trigger seeding of SecureRandom
done seeding SecureRandom
[2010-04-23 14:51:26,531]:[DEBUG]:[javapns.back.SSLConnectionHelper] - 
Returning Push
SSLSocketFactory
[2010-04-23 14:51:26,531]:[DEBUG]:[javapns.back.SSLConnectionHelper] - 
Returning Push
SSLSocket
Connection initialized...
[2010-04-23 14:51:27,203]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Building
Raw message from deviceToken and payload
[2010-04-23 14:51:27,203]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Attempting
to send Notification [{"aps":{"badge":66}}]
%% No cached client session
*** ClientHello, TLSv1
.................
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, certificate_unknown
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal 
alert:
certificate_unknown
[2010-04-23 14:51:27,656]:[INFO ]:[javapns.back.PushNotificationManager] - 
Attempt
failed... trying again
main, called close()
main, called closeInternal(true)
[2010-04-23 14:51:27,656]:[DEBUG]:[javapns.back.SSLConnectionHelper] - 
Returning Push
SSLSocketFactory
[2010-04-23 14:51:27,656]:[DEBUG]:[javapns.back.SSLConnectionHelper] - 
Returning Push
SSLSocket
[2010-04-23 14:51:27,718]:[DEBUG]:[javapns.back.PushNotificationManager] - 
Attempting
to send Notification [{"aps":{"badge":66}}]
......
Repert 3 times

Thanks

Frank

So what did you change? (for future reference)

I know in years past, there have been issues moving files between windows and 
the rest of the world.

IFAIK...
Unixes and Windows and Old Macs (pre-OS X) all used different carriage returns.

Also, being a data file, there may be an issue with Endian-ness.

Bill

How many types of iPhone certificate are there?

Via keyChain, we got iPhone development certificate, but I don't know if 
iPhone development certificate is the same as iPhone push notification service
certificate?
iPhone development certificate =? iPhone push notification service certificate?

Thanks

Frank

I am not a Team Admin... according the to the APNS docs:
http://developer.apple.com/iphone/library/documentation/NetworkingInternet/Conce
ptual/RemoteNotificatio
nsPG/ProvisioningDevelopment/ProvisioningDevelopment.html#//apple_ref/doc/uid/TP
40008194-CH104-
SW1

(PDF: page 25-26)
In the iPhone Developer Program, each member on a development team has one of 
three roles: team agent, 
team admin, and team member. The roles differ in relation to iPhone development 
certificates and provisioning  
profiles. The team agent is the only person on the team who can create 
Development (Sandbox) SSLcertificates 
and Distribution (Production) SSLcertificates. The team admin and the team 
agent can both create both  
Development and Distribution provisioning profiles.

(PDF: page 26 gives the steps to creating the SSL Cert and keys)

Even as a 'Team member', the 'App ID' screen indicates whether APNS is enabled 
for a given provisioning 
profile. So... it would appear that the development certificate is part of the 
App ID cert. 

The project I'm involved with, there is a separate cert for dev & production... 
which the above seems to indicate 
that is not the norm.

Bill

I got a success!
The following points should be paid attention to:

(1) iPhone development certificate != iPhone push notification service 
certificate
    There are a lot of iPhone certificates such as :
    * development
    * push server
    * game
(2) When you create your SSL push service Certificate (Apple), please ensure 
that 
    Enable for Apple Push Notification service is checked.

Thanks a lot!

Frank 

I've updated the [GetAPNSCertificate] wiki page with your comments.

hi frank,

   can u please send me the steps required to create the certificate from a mac
machine...Even i have created the certificate file from my mac machine but no 
luck
yet...please guide me...

Thanks,
preeti 

Hi, Preeti :

Please check http://appnotify.com/developer/getting-started-push

Frank

Hey folks I need some guidance as I am getting java.net.ConnectException: 
Connection
timed out: connect. I am being waited for 8 - 9 seconds before I see this 
execption,
can any body throw some light on the issue.

import javapns.back.PushNotificationManager; 
 import javapns.back.SSLConnectionHelper; 
 import javapns.data.Device; 
import javapns.data.PayLoad; 
 public class Test { 
     // APNs Server Host & port 
     private static final String HOST = "gateway.sandbox.push.apple.com"; 
     private static final int PORT = 2195; 
     // Badge 
     private static final int BADGE = 66; 
     // iPhone's UDID (64-char device token) 
     private static String iPhoneId = "f4201f5d8278fe39545349d0868a24a3b60ed732"; 
     private static String certificate = "D:/certificate/NewAPNS_Certificate.p12"; 

    private static String passwd = "sat123"; 
 public static void main( String[] args ) throws Exception {System.out.println(
"Setting up Push notification" ); 
        try { 

             // Setup up a simple message 
             PayLoad aPayload = new PayLoad(); 
             aPayload.addBadge( BADGE ); 
             aPayload.addAlert("Hello! you have a new OVD Email");
             System.out.println( "Payload setup successfull." ); 
             System.out.println ( aPayload ); 
             // Get PushNotification Instance 
             PushNotificationManager pushManager =
PushNotificationManager.getInstance(); 
             // Link iPhone's UDID (64-char device token) to a stringName 
             pushManager.addDevice("iPhone", iPhoneId); 
             System.out.println( "iPhone UDID taken." ); 
             System.out.println( "Token: " + pushManager.getDevice( "iPhone"
).getToken() ); 
             // Get iPhone client 
             Device client = pushManager.getDevice( "iPhone" ); 
             System.out.println( "Client setup successfull." ); 
             // Initialize connection
             pushManager.initializeConnection( HOST, PORT, certificate, passwd,
SSLConnectionHelper.KEYSTORE_TYPE_PKCS12); 
             System.out.println( "Connection initialized..." ); 
             // Send message 
             pushManager.sendNotification( client, aPayload ); 
             System.out.println( "Message sent!" ); 
             System.out.println( "# of attempts: " + pushManager.getRetryAttempts() ); 
             pushManager.stopConnection(); 
             System.out.println( "done" ); 
         } catch (Exception e) { 
             e.printStackTrace(); 
         } 
     } 
 }

java.net.ConnectException: Connection timed out: connect
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
    at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
    at java.net.Socket.connect(Socket.java:519)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:550)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:353)
    at
com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryI
mpl.java:71)
    at javapns.back.SSLConnectionHelper.getSSLSocket(Unknown Source)
    at javapns.back.PushNotificationManager.initializeConnection(Unknown Source)
    at Test.main(Test.java:36)

Connection timed out...

What happens when you type this in your shell:
telnet gateway.sandbox.push.apple.com 2195

?

Hi there,

I'm running at jdk 1.5 and it doesn't work (see the error below). Running 
exactly the
same thing at jdk 1.6 works fine.

java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.
        at com.ibm.security.util.DerInputStream.getLength(Unknown Source)
        at com.ibm.security.util.DerInputStream.getLength(Unknown Source)
        at com.ibm.security.util.DerValue.<init>(Unknown Source)
        at com.ibm.security.util.DerInputStream.getDerValue(Unknown Source)
        at com.ibm.security.pkcsutil.PKCSDerObject.decode(Unknown Source)
        at com.ibm.security.pkcs12.AuthenticatedSafe.<init>(Unknown Source)
        at com.ibm.security.pkcs12.BasicPFX.verifyMac(Unknown Source)
        at com.ibm.security.pkcs12.PFX.verifyMac(Unknown Source)
        at com.ibm.crypto.provider.PKCS12KeyStore.engineLoad(Unknown Source)

I'm using the following libraries:

javapns-jdk1.5-v1.6.jar
log4j-1.2.8.jar
commons-io-1.4.jar
commons-lang-2.5.jar
bcprov-jdk15-145.jar

I followed the instruction on Comment 8, but no success either.

Has someone managed to run this at 1.5 at all?

Thanks,
Daniel

The error appears to relate to the certificate. Are you sure the java 1.5 
version is able to load the certificate?

I was able to send notifications using the same code on the WorkingExample Wiki 
page with Java 1.5 and the 
Java1.5 jars.

If you step thru the code where does it stop?

Bill

Hi Bill,

See attached the output of loading the certificate. 

Likewise the WorkingExample works fine for me as long as I use Java 1.6, not 
1.5 though.

Thanks,
Daniel

Hi Bill,

Have you seen anything wrong on the loading?

Thanks,
Regards
Daniel

Why are you including the jsacert install output?

Are you using an old version of the apns lib?
"Pre-1.6 version of importing Apple SSL Cert into Keystore"

note, this doesn't mean JAVA version, but apns version.

Bill

no feedback...closing

I got a success!
The following points should be paid attention to:

(1) iPhone development certificate != iPhone push notification service 
certificate
    There are a lot of iPhone certificates such as :
    * development
    * push server
    * game
(2) When you create your SSL push service Certificate (Apple), please ensure 
that 
    Enable for Apple Push Notification service is checked.

Thanks a lot!

Frank 


Thanks Frank It worked for me too.

compile action cause p12 file bad