I'm new to this. I generated Certificate Signing Request as in here. Then I used that certificate file which is in .p12 format to establish a connection to Apple push notification server via java-apns. Here is the code that I have used.
ApnsService service =
APNS.newService()
.withCert("/home/ApplePush/apple.p12", "abc")
.withProductionDestination()
.build();
service.testConnection();
But when I run this code it gives me following esception.
"Exception in thread "main" com.notnoop.exceptions.NetworkIOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure".
What is the wrong I have done?
Hi I have had the exact same problem. Like you, I have followed raywenderlinch tutorial and used java-apns library in the backend to communicate with APNS. The certificates thing in the tutorial are focused for php and they are doing something with .pem files which is not needed for java-apns invocation.
I was feeding java-apns with the first .p12 certificate that you create at the beginning of the tutorial. And that was my mistake. What you need to do is generate the .p12 from the certificate generated by apple (aps_developer_identity.cer). Double-click on it and in the keystore manager mac app export as .p12 use some password and try to connect with java-apns using this .p12 and password.
Of course everything related to provisioning portal explained in the ray tutorial must be done correctly.
Thats what has solved my sslHandShakeException. I dont know if you are having the exact same problem but hope it is and this information could help you.
This can happen if you use the wrong cert, i.e. the one under "Certificates" in the provisioning portal as opposed to the one that you request specifically for a given app's notifications. Under "App IDs"-> (the specific app you want) -> Configure, check "Enable for Apple Push Notification service", then click the "Configure" button for either Dev or Prod. This will take you through the process of requesting a certificate for this specific app's push notifications.
Related
I've got an Android App trying to send HTTPS Requests to a server having a Symantec Class 3 Secure Server CA - G4 signed certificate.
When trying to send a request via the apache http library (I guess this is also true for other HTTP clients) an exception stating "No peer certificate" is thrown. The same requests to the same servers on iOS work fine and even if I connect to the server in chrome, running on the same Android device I'm testing on, it says the certificate is perfectly fine.
Now I heard that Google dropped trust for some Symantec certificates, but as far as I know only the ones with a 1024 bit key. The one in question is signed with a 2048 bit key. And Chrome also accepts it!
I also found this article [1] saying that I need to import the complete keychain as BouncyCastle keystore. The problem here is, that every user specifies the url to their own server, managing their own certificates.
So my question is: Is anybody familiar with this problem and knows a workaround? I found endless of guides showing me how to turn of certificate validation for a request ... but that won't be a solution working for me.
[1] http://blog.antoine.li/2010/10/22/android-trusting-ssl-certificates/
The problem I actually had was that the server required SNI (Server Name Indication) support on the HTTP client. Androids version of the apache http library does not support SNI. So I had to write my own SSLSocketFactory supporting it.
I'm facing an issue with Google Calendar Push Notifications. First I'd like to explain my scenario.
I'm trying to develop a java application to be integrated in a platform that handles sensors and actuators. The goal of this application is to use Google Calendar APIs and Push Notifications to follow a certain kind of events. My first "architecture" that I chose is the following ( I'm open to suggestions and criticism given my young experience as developper ;-) :
A simple Tomcat Servlet which will be the final webhook for Google Servers (A);
A java class that implements a simple Server-Client Socket (B);
A java class that uses Google Calendar API and receive push messages through one of its methods (C);
The logic (maybe not so efficient) behind this structure is that Google Servers send notifications to my Tomcat webhook, which at the same time is the client of my Socket channel. When it receives pushes, it does its job and warns the Socket Server. The latter, thanks to a static object, invokes a method of C. This class will use Google APIs to check what's happened.
First and mandatory resource to study is: https://developers.google.com/google-apps/calendar/v3/push
I've been able to complete Step 1: Verify that you own the domain using Webmaster Tools and add correctly my domain for push notifications as indicated in Step 2: Register your domain These two steps lead me to my first question:
Does Google check whether the listed domains have valid SSL certificates during these two steps?
My domain is something like "domain.com" and the full URL to reach the webhook is hhttps://ab.domain.com/app/notifications. There is a very important note in Google documentation:
Note that the Google Calendar API will be able to send notifications to this >HTTPS address only if there is a valid SSL certificate installed on your web >server. Invalid certificates include:
Self-signed certificates.
Certificates signed by an untrusted source.
Certificates that have been revoked.
Certificates that have a subject that doesn't match the target
hostname.
First thing first, I've configured Tomcat to enable SSL and so HTTPS following the official documentation: tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html . Now I can access tomcat and my servlet through https.
The problem is that I can't receive "correctly" the push notifications. By using a browser plugin for simulating Http/Https request I can reach easily my Tomcat webhook and this one warns correctly my Java application. Therefore , since I can almost exclude problems about the Socket channel, I'm focusing on the communication between Google Servers and my Tomcat webhook.
I'm using Wireshark to see the incoming traffic from Google through the port 8443 (https for Tomcat). Obviously is encrypted, so I can't check a lot, but many packets are marked as PSH(push). However they seem to have a payload, which according to Google doc,they shouldn't because push notifications are just packets with headers info.
So my very first doubt is about the certificate. I don't have one, therefore I'm using this trial one from Verisign.com (which by the way is suggested in the Tomcat documentation for enabling SSL)
The very second doubt is about the validation and registration procedure. Even though I've managed to do it and Google is accepting the domain ab.domain.com/app/notifications as webhook, I don't have tools to prove that everything is correct.
I've found the following post in Stackoverflow: "Unable to receive push notification for Google calender", "Calendar push notification to java app engine backend servlet", "Google Calendar Push Notification watch command" I've already verified the differents answers and suggestions and nothing changed.
What am I missing ? Thanks a lot, I would be grateful for any tip, hint, answer, pointer :-)
If you're trying to debug a webhook, either for mechanics (i.e. proper setup on the sender side) or correctness (examining the post payload) try using RequestBin. If possible, register both a RequestBin URL along with your intended destination URL. RequestBin will give you full visibility of what the payload is, as well as give you assurances that you've set things up properly on the sender (Google) side.
You will need a valid SSL ceritificate. Self-signed is not allowed.
So what i would like is a secure connection between my phone (java) and my raspberry pi.
I already made a custom server with the help of autobahn wich is on my github (i can't post more link...).
And i don't understand why the client doesn't need any keys or anything to connect to the server.
I followed the readme here in order to create my key there (i know that i should not share them, but i will recreate my own keys when the project will be finished).
And i've found that for the Java-websocket module it needs some keystore to run. And i think that having a storepass and keypass like this in a .java is not secure at all, isn't it ?
what java need is the certificate to confirm the validity of the autosigned key.
the python client trust automatically all certificate.
Here is the server : https://github.com/flyingrub/SSWOD
And here the server : https://github.com/flyingrub/SecureKey
I want to write an application which takes application id and certificate of my client's app registered in APNS server and tries to push a notification to the concrete device in his name. I should recieve the data from my client in JSON form. The problem is I can't make him to send me a certificate in JSON.
I would like to use this method call later:
Push.alert("Hello World!", "keystore.p12", "keystore_password", false, "Your token");
Is there a way to do this without .cer file? Can client of mine send me just some text information to fill in place of "keystore.p12", "keystore_password"?
You cannot use push notifications through apple without a certificate. You should get the certificate from your client through some secure means and not through a service that is part of your app. A certificate, such s this, has a private key and should be guarded as it can be used to impersonate your server. If your client will not give you the certificate, either a development cert or a production cert, and you need to continue working on his project, you should create an entirely different app id for testing and when you get to a point where you are distributing to your client, change to the app id of you client.
I'm trying to get OAuth through SoundCloud set up, but I'm having tremendous trouble. My newest issue is this:
I have the user login through a popup window which is connected to SoundCloud. It gives me a back a code once the user logs in. This is all working; however, the next step is failing for me. Once I have the code, I run this snippet of Java code:
URI redir = new URI("http://localhost:9000/auth/soundcloudcapturetoken");
ApiWrapper api = new ApiWrapper(SC_CLIENT_ID, SC_CLIENT_SECRET, redir, null, Env.SANDBOX);
Token authToken = api.authorizationCode(code);
Java fails on the api.authorizationCode(code) line with this error:
SSLPeerUnverifiedException occured : peer not authenticated
I snooped around online, and stumbled upon this post: http://davidjb.com/blog/2012/02/java-http-request-fails-with-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated
It suggested that I add the two mentioned certs to my java cacerts file(s). I added the two certificates to both my jdk and jre, but my app still fails with the same error. Is there something I am missing here?
As a side note, I am currently using this api to access SoundCloud: https://github.com/soundcloud/java-api-wrapper
SoundCloud dev here.
Are you trying to use the sandbox (i.e. connecting to https://api.sandbox-soundcloud.com) ? If so, I was trying to reproduce your issue and just realised that our certificate for that host expired, we are deploying a new certificate as we speak, really sorry about that.
Also, you can find help from SoundCloud engineers in our mailing list: http://bit.ly/yqcubH