Java APNS Certificate Error with “DerInputStream.getLength(): lengthTag=109, too big.”
When I try to using java APNS to send the push notification to iOS, I got this error message:
com.notnoop.exceptions.InvalidSSLConfig: java.io.IOException: D
-
I had the same problem but my solution will help you only if you are using maven.
Maven resource filtering (that let's you include variables in your resource files) can mess up your binaries - and certificates are especially sensitive to modification.
In general, binary content shouldn't be filtered. But I couldn't just simply disable resource filtering because I have some .properties files that include variables. So the solution was to exclude .p12 files from filtering.
<build> [...] <resources> <resource> <directory>src/main/resources</directory> <filtering>true</filtering> <excludes> <exclude>**/*.p12</exclude> </excludes> </resource> <resource> <directory>src/main/resources</directory> <filtering>false</filtering> <includes> <include>**/*.p12</include> </includes> </resource> </resources> [...] </build>More about maven resource filtering: http://maven.apache.org/plugins/maven-resources-plugin/examples/filter.html
讨论(0) -
If you use maven, this is probably occurring because of the Maven filtering in your whole resources folder. I've tried Zsolt Safrany solution above and did not work. However, reading the documentation he shared, I've found this:
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> <version>3.0.1</version> <configuration> <nonFilteredFileExtensions> <nonFilteredFileExtension>p12</nonFilteredFileExtension> </nonFilteredFileExtensions> </configuration> </plugin>Which excludes binary extensions (or any extension you want) from being filtered.
讨论(0) -
Delete keystoreType line
I don't know WHY this works. But if I have this line in my
server.xml..keystoreType="PKCS12"...then Tomcat will NOT start and give me the
DerInputStream.getLength(): lengthTag=109, too bigerror instead.But if I DELETE that line then Tomcat will start nicely. No idea why that works. Feels dirty.
讨论(0) -
In my case I found that something accidentally changed
javax.net.ssl.trustStoresystem property. SSL debug property-Djavax.net.debug=ssl:trustmanagerhelped me a lot with investigation.讨论(0) -
This occurs because the system thinks you are trying to read a different type of keystore and not JKS. You will need to specify that the file is JKS or convert it to the other format.
I see that you have already tried converting to .p12. If you did this correctly, perhaps there is some other default format. I recommend finding out how to specify JKS instead.
讨论(0) -
I had this problem and figured out the problem is the
truststore.p12is actually inJKSor corrupted.The
keytoolcommand to test the truststore for PKCS12 compliance is:keytool.exe -keystore truststore.p12 -storepass passwordText -list -storetype pkcs12 keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.I was able to correct this by doing forced JKS to PKCS12 conversion.
With the following instruction:
keytool.exe -importkeystore -srckeystore truststore.jks -destkeystore truststore1.p12 -srcstoretype JKS -deststoretype PKCS12Than successful test would provide something like:
keytool.exe -keystore truststore.p12 -storepass passwordText -list -storetype pkcs12 Keystore type: PKCS12 Keystore provider: SunJSSE Your keystore contains 3 entries certificates-4, 9 Jul, 2019, trustedCertEntry, Certificate fingerprint (SHA1): CF:E3:01:1F:A3:30:C5:B1:B9:2B:C5:28:1B:8C:66:71:EA:B8:67:0D certificates-3, 9 Jul, 2019, trustedCertEntry, Certificate fingerprint (SHA1): 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18 certificates-2, 9 Jul, 2019, trustedCertEntry, Certificate fingerprint (SHA1): FA:5F:98:E8:02:2E:81:05:DB:DF:24:48:65:6A:E5:76:C1:31:CB:28讨论(0)
加载中...
- 热议问题