i have a data service hosted in azure from which i am sending notification to iphone but while establishing connection with apns i am getting following error
"A call to SSPI failed. The message received was unexpected or badly formatted." i also refered following links for the same error but still getting the error
apple push notification with APNS sharp and
C# iPhone push server?
try
{
using (TcpClient client = new TcpClient())
{
try
{
client.Connect("gateway.sandbox.push.apple.com", 2195);
Logging("TSSLProDi :Connected to Apple");
}
catch (Exception ex)
{
Logging("TSSLProDi :" + ex.Message + "-IE-" + ex.InnerException);
}
using (NetworkStream networkStream = client.GetStream())
{
Logging("TSSLProDi :Client connected.");
X509Certificate clientCertificate = new X509Certificate(System.IO.Path.Combine(AppDomain.CurrentDomain.BaseDirectory + #"startup\certname.pfx"), "mycertpassword");
X509CertificateCollection clientCertificateCollection = new X509CertificateCollection(new X509Certificate[1] { clientCertificate });
// Create an SSL stream that will close the client's stream.
SslStream sslStream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback(validateServerCertificate),
null
);
try
{
sslStream.AuthenticateAsClient("gateway.sandbox.push.apple.com", clientCertificateCollection, System.Security.Authentication.SslProtocols.Default, false);
Logging("TSSLProDi :slStreamAuthenticated");
}
catch (AuthenticationException ex)
{
Logging("TSSLProDi :" + "Exception: " + ex.Message.ToString());
if (ex.InnerException != null)
{
Logging("Inner exception: " + ex.InnerException.Message.ToString());
}
Logging("TSSLProDi :" + "Authentication failed - closing the connection.");
client.Close();
return;
}
}
}
}
catch (Exception ex)
{
Logging("TSSLProCert :" + ex.Message + "-IE-" + ex.InnerException);
}
i have installed the needed certificates on VM also.
one warning i am getting on iphone developer_identity certificate which i got from apple is that "Windows does not have enough information to verify this certificate" is there is some thing wrong with my iphone certificate. please help me i am stuck
got the solution i have just changed X509Certificate to X509Certificate2 and X509CertificateCollection to X509Certificate2Collection
I suggest you follow the steps in this tutorial to create a p12 file from you developer certificate.
http://help.adobe.com/en_US/as3/iphone/WS144092a96ffef7cc-371badff126abc17b1f-7fff.html
It's also important that you register this file in windows. This is as simple as double-clicking the file after you've generated it. Don't forget to update the call to the X509Certificate constructor afterwards.
The tutorial works equally well on Windows, but you might have to download an OpenSSL client which can be found here:
http://gnuwin32.sourceforge.net/packages/openssl.htm.
I do not know if this will be helpful after 3 years, but I leave the answer for iOS8.
Apple has changed the server security and right on the line you mention, you have to change from SSL to TLS:
Original code:
_apnsStream.AuthenticateAsClient(host,certificates,System.Security.Authentication.SslProtocols.Ssl3, false);
New code:
_apnsStream.AuthenticateAsClient(host,certificates,System.Security.Authentication.SslProtocols.Tls, false);
I hope this information is helpful to someone.
Someone commented this in the GIT forum
Little late, but who knows if it helps somebody... I made a big mistake with the certificate, and installed the .CER I downloaded from Apple Developer Site... I know... my fault, but it could happen if you're as dumb as I am :-P
When you download the .CER, you have to import it into your keychain and then EXPORT the certificate INCLUDING the private key... that will generate a .P12 certificate, and THAT is the one you have to install in the Windows machine. Once I installed the .P12 in the LocalMachine/Personal store, the authentication worked just fine for me.
I got same problem, I use .p12 certificate file instead of .pfx and use moon-apns to send notification, the problem been solved.
Donwnload Moon-APNS code here: https://github.com/arashnorouzi/Moon-APNS
Try this :
SslStream sslStream = new SslStream(client.GetStream(), false);
Related
I have been issued a certificate that is stored on a SafeNet eToken. The public key is saved in a database on each user account. I use the code below to find a certificate on an eToken using the thumbprint. I then use the private key to generate a digital signature. It works perfectly when I run my code on my PC using IISExpress. However, when I publish the application to a server on IIS the application fails to find the certificate and therefore is unable to get the private key to sign.
I am new to cryptography and this could be the reason I am facing this issue. I am seeking your help:
Below is my code that works on IISExpress
public static X509Certificate2 GetCertificateFromStore(string thumbprint)
{
X509Store store = new X509Store(StoreName.My);
try
{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
if (currentCerts.Count > 0)
{
X509Certificate2Collection signingCert = currentCerts.Find(X509FindType.FindByThumbprint, thumbprint, true);
if (signingCert.Count > 0)
return signingCert[0];
}
return null;
}
finally
{
store.Close();
}
}
Our security team who issue me the certificate on the eToken told me to try installing the SafeNet drivers on the server which I did but has not resolved the issue. I have also tried that goes through all possible store locations and store names searching for the certificate but still not able to find the certificate
I'm working on a Unity project that is reliyng on fetching data from a web API I set up on a public webserver. The server is currently set to self-signed ssl and requires the client to send certification to be able to read the data, if the client fails to send the cert the website returns with "403 forbidden".
I've tested this in the browser and postman and everything works fine.
I've also tested the exact same function in a pure visual studio project and it worked like a charm.
However, when I try this function in Unity I am met with the WebException "The request timed out
".
The way I'm currently doing it is via a WebClient, with an overrided method of WebRequest:
private void Connect()
{
ServicePointManager.CheckCertificateRevocationList = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
ServicePointManager.ServerCertificateValidationCallback += ignoreCertCallback;
ServicePointManager.Expect100Continue = true;
using (var wc = new CertificateWebClient())
{
try
{
var responseBytes = wc.DownloadString(url);
Debug.Log(responseBytes);
Debug.Log(wc.ResponseHeaders);
}
catch (WebException e)
{
Debug.Log(e.ToString());
}
}
}
Override of WebRequest:
protected override WebRequest GetWebRequest(Uri address)
{
HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(address);
X509Certificate2 certificate = new X509Certificate2(#"C:\temp\ClientCert.pfx", "password");
request.ServerCertificateValidationCallback = delegate (System.Object obj, X509Certificate X509certificate, X509Chain chain, System.Net.Security.SslPolicyErrors errors)
{
return true;
};
Debug.Log(request.RequestUri);
(request as HttpWebRequest).ClientCertificates.Add(certificate);
request.Timeout = 2000;
return request;
}
Important to note is that I've tried the exact same functions inside of Unity with the "client.badssl.com" and their cert, and that also worked like a charm, returning the correct error codes when no cert is sent and everything and If I turn off client certification on my website, everything also works like charm...
From What I understand, It might be Mono that might be the problem as the certification is self-signed and not from a verified CA... But i've not been able to find a workaround... so any help would be great
What are your BG settings? I mean: is it on AWS? Express/NodeJS? WebGL? I am facing the same issue but when testing locally it works like a charm
I would suggest: to check if it is an infrastructure problem you might want to create a certificate for your domain (eg 'goodboy.mytest.io") that is certified from some free SSL providers (I can say LetsEncrypt just for testing) and launch a local server that's using that certificate, then go in your "hosts" file (depending on OS that you are currently running) and mock your localhost as "goodboy.mytest.io", so you can check if connecting to that domain everything goes fine without additional layers (usually placed between connection "bouncing" on web)
I'm following up this too
I am trying to implement Digital certificate validity utility using java. I can able to read the certification information(subjectDN, Issure info, validitity..etc) if the certificate in .cert,.cer but can't able to read certificate information from .p7b and .p12 certificate format. I have used the BouncyCastle security provider to read .p7b and .p12 certificate content but not able to get with that security provider might be i was missing on this. I am referring online resources to get some idea on this but not get guideline for this.Could you please someone give suggestion on this.
I suggest if you're looking for validity of the certificate from p12, it can be done as below :
try {
Security.addProvider(new BouncyCastleProvider());
KeyStore keyStore = KeyStore.getInstance("pkcs12");
InputStream input = new FileInputStream("pathToYourP12");
keyStore.load(input, "password");
certFromKeyStore = (X509Certificate)keyStore.getCertificate("keyStoreAllias");
certFromKeyStore.checkValidity();
}
catch(Exception e)
{
// catch exception like if no valid p12 existing at the location, invalid password, or any other exception should get catch properly.
}
I have a strange problem with a custom portlet on Liferay 7 to solve:
MailService.sendMail is working from MY COMPUTER with google smtp and a personal account: this means that the code is working...
On my HOST SERVER sending emails with the final-smtp works correctly: I tried both root and liferay user with telnet final-smtp port.
On the Liferay server on HOST SERVER, send e-mails works correctly: if I forget the password, Liferay send me the e-mail.
But ... if I try to send email with my portlet from Liferay on HOST SERVER it doesn't work without any error. I'm using Liferay MailService.sendMail. I post the code but it works (on MY COMPUTER).
I get the service in this way:
#Reference(unbind = "-")
protected void setMailService(MailService mailService) {
_mailService = mailService;
}
And the calling code is in the following:
InternetAddress fromAddress = null;
String newsletterPrefix = null;
InternetAddress toAddress = null;
try {
String smtpUser = PropsUtil.get(
"newsletter.send.mail.smtp.user");
String smtpToUser = PropsUtil.get(
"newsletter.send.mail.smtp.to.user");
if (Validator.isNotNull(smtpUser)) {
fromAddress = new InternetAddress(smtpUser);
}
if (Validator.isNotNull(smtpToUser)) {
toAddress = new InternetAddress(smtpToUser);
}
}
catch (Exception e) {
_log.error(e, e);
result = false;
}
MailMessage mailMessage = new MailMessage(
fromAddress, toAddress, subject, body, true);
mailMessage.setBCC(addressList);
_mailService.sendEmail(mailMessage);
There could be several reasons behind this, some not even code related.
I see you are using this code for a newsletter, which suggests you are using a smtp service that is meant for this.
It could be that your server is in fact sending the email, with success, but the smtp server is simply blocking, rejecting or marking to resend later. Moreover, that server might be configured to not send an error message, or sending an error message in the form of a successful delivery, but the data contains the error.
I would start checking you mail server configuration, and the accounts permissions, then its logs.
Also, you might consider using plugins for mass mail delivery, like this one: https://www.e-systems.tech/blog/-/blogs/connecting-liferay-to-mailgun
Few things you can do to debug this problem:
Make sure you are deploying the intended code on HOST machine. (Silly suggestion, but many times this is the problem.)
Try to set following package's Log level to ALL/DEBUG to see if it shows any problem in logs.com.liferay.mail.service
I am trying to connect to gmail using SMACK API through XMPP server. but getting the
error : SASL authentication failed using mechanism PLAIN
you can check a glimpse of code. I got it from net only
ConnectionConfiguration connConfig = new ConnectionConfiguration("talk.google.com", 5222, "gmail.com");
connection = new XMPPConnection(connConfig);
connection.connect();
SASLAuthentication.supportSASLMechanism("PLAIN", 0);
I checked in the smack debug window. it says in XML :
< invalid-authzid />
I am already having account on gmail and my gtalk is also running.
You need to set the authentication before you connect viz
SASLAuthentication.supportSASLMechanism("PLAIN", 0);
must appear before connection.connect().
See my blog.
ConnectionConfiguration cc = new ConnectionConfiguration(
"vietnam.agilemobile.com", 5222, vietnam.agilemobile.com");
XMPPConnection connection = new XMPPConnection(cc);
try {
SASLAuthentication.supportSASLMechanism("PLAIN", 0);
connection.connect();
Log.e("LOGIN", "" + 111);
// You have to put this code before you login
Log.e("LOGIN", "" + 222);
// You have to specify your gmail addres WITH #gmail.com at the end
connection.login("nemodo", "123456", "resource");
Log.e("LOGIN", "" + 333);
// See if you are authenticated
System.out.println(connection.isAuthenticated());
} catch (XMPPException e1) {
e1.printStackTrace();
}
I also get this mistake, but i can not work.
For anyone looking for possible solutions to this many years after this was originally asked and answered, I recently was able to get past this authentication error by explicitly setting the authzid value on the XMPPTCPConnectionConfiguration.
I was running into an issue where my connection configuration worked fine for some client XMPP servers, but not for others, even though they were all using SASL PLAIN authentication. After some troubleshooting, I learned that the ones that were failing were expecting an authzid value. After adjusting my code to set this, it works in both the environments that were working before, as well as the environments that were failing.
Here is how I am building my connection configuration:
XMPPTCPConnectionConfiguration.builder()
.setHost(XMPP_DOMAIN)
.setXmppDomain(XMPP_DOMAIN)
.setPort(XMPP_PORT)
.setCompressionEnabled(true) // optional, not all servers will support this
.setUsernameAndPassword(XMPP_USER, XMPP_PASSWORD)
.setResource(XMPP_RESOURCE)
.setAuthzid(JidCreate.entityBareFrom(String.format("%s#%s", XMPP_USER, XMPP_DOMAIN))) // <-- this was the change I needed
.build();
Specifically I needed to add this line:
.setAuthzid(JidCreate.entityBareFrom(String.format("%s#%s", XMPP_USER, XMPP_DOMAIN)))