Blank keystore password causes exception about javapns HOT 19 CLOSED

How did you create a APNS Cert without a password?

I was not aware that the Apple Developer Website would allow that to happen.

Unfortunately I am not the one who created the certificate, so I have no clue 
how this was achieved ;-) 

Still I've just checked with openssl that the certificate has no password set, 
so it seems that this is doable...

Try download version 165 and let me know how it goes.

I also got this error. Version 165 is not available in the jar downloads page.

Could you try with 2.0 and let us know if the issue is fixed?  Thanks!

Closing this issue as fixed in 1.6.9 and 2.0.

Same problem with 1.6.9 jdk1.6 version.

Please report corrections done yesterday on 1.6.9 JDK1.5 version to 1.6.9 JDK1.6

[deleted comment]

Note: version 1.6.9 was released almost two months ago.  My comment above 
(fixed in 1.6.9) simply reflected idbill's previous comment and code changes. 
Only version 2.0 has been updated recently.

After reviewing the code for 1.6.9 (same for 2.0), it seems that the "no 
password" situation, however odd it is, is indeed supported.  You need to pass 
null for the password to the SSLConnectionHelper constructor for this to be 
supported.

Could you try a null password and write back with the results?  If it still 
doesn't work, please provide a stack trace as well as the code you wrote that 
creates the SSLConnectionHelper.   Thanks!

got this in 2.0

Full stack trace for "" password:

java.io.IOException: failed to decrypt safe contents entry: 
java.lang.ArithmeticException: / by zero
    at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1277)
    at java.security.KeyStore.load(KeyStore.java:1185)
    at javapns.communication.KeystoreManager.loadKeystore(KeystoreManager.java:56)
    at javapns.communication.KeystoreManager.loadKeystore(KeystoreManager.java:28)
    at javapns.communication.ConnectionToAppleServer.<init>(ConnectionToAppleServer.java:58)
    at javapns.notification.ConnectionToNotificationServer.<init>(ConnectionToNotificationServer.java:17)
    at javapns.notification.PushNotificationManager.initializeConnection(PushNotificationManager.java:94)
    at javapns.Push.payload(Push.java:119)
    at javapns.Push.alert(Push.java:36)
    at iphoneapnjava.IPhoneAPNjava.main(IPhoneAPNjava.java:41)
Caused by: java.lang.ArithmeticException: / by zero
    at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
    at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
    at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
    at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
    at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineInit(DashoA13*..)
    at javax.crypto.Cipher.a(DashoA13*..)
    at javax.crypto.Cipher.a(DashoA13*..)
    at javax.crypto.Cipher.init(DashoA13*..)
    at javax.crypto.Cipher.init(DashoA13*..)
    at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1273)
    ... 9 more


Full stack trace for null password:

java.lang.NullPointerException
    at javapns.communication.ConnectionToAppleServer.createSSLSocketFactoryWithTrustManagers(ConnectionToAppleServer.java:91)
    at javapns.communication.ConnectionToAppleServer.createSSLSocketFactory(ConnectionToAppleServer.java:121)
    at javapns.communication.ConnectionToAppleServer.getSSLSocketFactory(ConnectionToAppleServer.java:126)
    at javapns.communication.ConnectionToAppleServer.getSSLSocket(ConnectionToAppleServer.java:138)
    at javapns.notification.PushNotificationManager.initializeConnection(PushNotificationManager.java:95)
    at javapns.Push.payload(Push.java:119)
    at javapns.Push.alert(Push.java:36)
    at iphoneapnjava.IPhoneAPNjava.main(IPhoneAPNjava.java:41)

I have the same problem as topic creator (have p12 certificate and only know 
that password was empty)..

I will take a look.    But how did you manage to create a keystore without a 
password?

thanks alot!

I do not know, because some another guy has created this sertificate earlier. I 
just have C# implementation of exe-file (and sources) that takes as arguments 
token, message and path to the keystore and sends notification. It works fine 
for me, but I need to do java implementation for it. I have looked to the 
sources and here is how they are sending notification:

        public NotificationService(bool sandbox, string p12File, string p12FilePassword, int connections, bool syncSendMode)
        {
            this.SendRetries = 1;
            closing = false;
            disposing = false;
            if (syncSendMode){
                syncSendEvent = new System.Threading.ManualResetEvent(false);
            }
            Host = sandbox ? hostSandbox : hostProduction;
            Port = 2195;
            P12File = p12File;
            P12FilePassword = p12FilePassword;
            DistributionType = NotificationServiceDistributionType.Sequential;
            Connections = connections;
        }

(this is a methid from "JdSoft.Apple.Apns.Notifications")

In test I have an example where they creating class like this:

NotificationService reference = new NotificationService(true, certificatePath, 
string.Empty, 1, true);
...

so, the 3rd param is password and it is emty sturing. And this is works for me. 
Just trying to send notification with the same p12-file and ampty string as a 
password using  apns_2.0 and got this exceptions.((


  Push.alert("message", pathToCert, "", true, "token");

Very appreciate you help! Thanks.

Re-opening the issue, as the library is now having trouble elsewhere with blank 
passwords.

Interesting... according to Java Bug ID 6415637, this is an old known bug in 
the Java platform that doesn't appear to have ever been fixed:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6415637

Continuing investigation...

After some investigation, I cannot find a single example on the web in which a 
blank password has worked successfully with a PKCS12 file read by Java.  I can 
find a number of fix requests for this, but so far blank passwords simply do 
not seem to be supported by the Java platform.  I even found a report which 
suggests that empty passwords in PKCS12 files are in violation of the specs and 
should not be allowed in the first place (making it less surprising to 
experience trouble trying to read keystores with blank passwords).

Relevant references:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6415637
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6879539
http://rt.openssl.org/Ticket/Display.html?id=1497&user=guest&pass=guest

I have made some improvements in the source code to better handle the 
"not-quite-self-explanatory" exception thrown by Java 
(java.lang.ArithmeticException: / by zero) when trying to use a blank password, 
and also when using a null password which caused the library to throw a 
NullPointerException (but even after fixing this, Java still cannot load the 
keystore because of the same Arithmetic error). 

Until we can find some working example where Java can load a keystore that has 
no password, I have modified the library so that a nice 
InvalidKeystorePasswordException is thrown.

Since the problem appears to be in the Java platform and not in JavaPNS, I 
think this issue can be closed as WontFix, and can be reopened later if the bug 
is eventually fixed in Java (but its 5 years old...).  I'll wait and see if 
anyone has further comments on this issue before closing.

To make it work for me it seems I need to create another certificate with some 
password. Will try to do this. And also will ask some guys how did they created 
keystore without any password.
Thanks for you time!

BTW, I have found solution for me - just changed the password for sertificate I 
have! And it's work for me! This is solution for topic creator. Thanks, 
[email protected], for this library!

Thanks for the quick feedback!

Closing as WontFix for the reasons stated in comment 15.

UPDATE:  bug in Java platform was apparently fixed in a recent release: 
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6879539