带有“DerInputStream.getLength(): lengthTag=109,太大”的 Java APNS 证书错误。
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23126282/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Java APNS Certificate Error with "DerInputStream.getLength(): lengthTag=109, too big."
提问by user3479640
When I try to using java APNS to send the push notification to iOS, I got this error message:
当我尝试使用 java APNS 向 iOS 发送推送通知时,我收到以下错误消息:
com.notnoop.exceptions.InvalidSSLConfig: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
com.notnoop.exceptions.InvalidSSLConfig: java.io.IOException: DerInputStream.getLength(): lengthTag=109,太大了。
I already try converting the certificate to Personal Information Exchange (.p12) also getting the same error. Anyone know to problem and how to resolve it?
我已经尝试将证书转换为个人信息交换 (.p12) 也得到同样的错误。任何人都知道问题以及如何解决?
Here are my java code:
这是我的Java代码:
ApnsService service =
APNS.newService()
.withCert("src/net/notification/ck.jks", "******")
.withSandboxDestination()
.build();
String payload = APNS.newPayload().alertBody(record.getSendMsg()).build();
String token = record.getToken();
service.push(token, payload);
Thanks.
谢谢。
采纳答案by Zsolt Safrany
I had the same problem but my solution will help you only if you are using maven.
我遇到了同样的问题,但我的解决方案只有在您使用maven时才会对您有所帮助。
Maven resource filtering (that let's you include variables in your resource files) can mess up your binaries - and certificates are especially sensitive to modification.
Maven 资源过滤(让您在资源文件中包含变量)可能会弄乱您的二进制文件 - 并且证书对修改特别敏感。
In general, binary content shouldn't be filtered. But I couldn't just simply disable resource filtering because I have some .properties files that include variables. So the solution was to exclude .p12 files from filtering.
通常,不应过滤二进制内容。但我不能简单地禁用资源过滤,因为我有一些包含变量的 .properties 文件。所以解决方案是从过滤中排除 .p12 文件。
<build>
[...]
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
<excludes>
<exclude>**/*.p12</exclude>
</excludes>
</resource>
<resource>
<directory>src/main/resources</directory>
<filtering>false</filtering>
<includes>
<include>**/*.p12</include>
</includes>
</resource>
</resources>
[...]
</build>
More about maven resource filtering: http://maven.apache.org/plugins/maven-resources-plugin/examples/filter.html
更多关于 maven 资源过滤:http: //maven.apache.org/plugins/maven-resources-plugin/examples/filter.html
回答by user3251514
This occurs because the system thinks you are trying to read a different type of keystore and not JKS. You will need to specify that the file is JKS or convert it to the other format.
发生这种情况是因为系统认为您正在尝试读取不同类型的密钥库而不是 JKS。您需要指定文件是 JKS 或将其转换为其他格式。
I see that you have already tried converting to .p12. If you did this correctly, perhaps there is some other default format. I recommend finding out how to specify JKS instead.
我看到您已经尝试转换为 .p12。如果您正确执行此操作,则可能还有其他一些默认格式。我建议找出如何指定 JKS。
回答by alevilla86
If you use maven, this is probably occurring because of the Maven filtering in your whole resources folder. I've tried Zsolt Safrany solution above and did not work. However, reading the documentation he shared, I've found this:
如果您使用 Maven,这可能是由于整个资源文件夹中的 Maven 过滤而发生的。我已经尝试了上面的 Zsolt Safrany 解决方案,但没有奏效。但是,阅读他分享的文档后,我发现了这一点:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>3.0.1</version>
<configuration>
<nonFilteredFileExtensions>
<nonFilteredFileExtension>p12</nonFilteredFileExtension>
</nonFilteredFileExtensions>
</configuration>
</plugin>
Which excludes binary extensions (or any extension you want) from being filtered.
这排除了二进制扩展(或任何你想要的扩展)被过滤。
回答by bedla.czech
In my case I found that something accidentally changed javax.net.ssl.trustStoresystem property.
SSL debug property -Djavax.net.debug=ssl:trustmanagerhelped me a lot with investigation.
就我而言,我发现某些东西意外更改了javax.net.ssl.trustStore系统属性。SSL 调试属性-Djavax.net.debug=ssl:trustmanager对我的调查有很大帮助。
回答by Dudi Boy
I had this problem and figured out the problem is the truststore.p12is actually in JKSor corrupted.
我遇到了这个问题,并发现问题truststore.p12是实际存在JKS或已损坏。
The keytoolcommand to test the truststore for PKCS12 compliance is:
keytool测试信任库是否符合 PKCS12的命令是:
keytool.exe -keystore truststore.p12 -storepass passwordText -list -storetype pkcs12
keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
I was able to correct this by doing forced JKS to PKCS12 conversion.
我能够通过强制 JKS 到 PKCS12 转换来纠正这个问题。
With the following instruction:
使用以下指令:
keytool.exe -importkeystore -srckeystore truststore.jks -destkeystore truststore1.p12 -srcstoretype JKS -deststoretype PKCS12
Than successful test would provide something like:
比成功的测试将提供以下内容:
keytool.exe -keystore truststore.p12 -storepass passwordText -list -storetype pkcs12
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 3 entries
certificates-4, 9 Jul, 2019, trustedCertEntry,
Certificate fingerprint (SHA1): CF:E3:01:1F:A3:30:C5:B1:B9:2B:C5:28:1B:8C:66:71:EA:B8:67:0D
certificates-3, 9 Jul, 2019, trustedCertEntry,
Certificate fingerprint (SHA1): 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18
certificates-2, 9 Jul, 2019, trustedCertEntry,
Certificate fingerprint (SHA1): FA:5F:98:E8:02:2E:81:05:DB:DF:24:48:65:6A:E5:76:C1:31:CB:28
回答by StackzOfZtuff
Delete keystoreType line
删除 keystoreType 行
I don't know WHY this works. But if I have this line in my server.xml..
我不知道为什么这有效。但是如果我的server.xml..
keystoreType="PKCS12"
...then Tomcat will NOT start and give me the DerInputStream.getLength(): lengthTag=109, too bigerror instead.
...然后 Tomcat 将不会启动,DerInputStream.getLength(): lengthTag=109, too big而是给我错误。
But if I DELETE that line then Tomcat will start nicely. No idea why that works. Feels dirty.
但是如果我删除该行,那么 Tomcat 将很好地启动。不知道为什么会这样。感觉脏。
