Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry Push Development

Reply
Contributor
ysm821205
Posts: 12
Registered: ‎11-09-2010
My Device: Not Specified

While I'm testing push service, i got "CertificateExpiredException"

I found the source code for server from the below URL:

http://supportforums.blackberry.com/t5/BlackBerry-Push-Development/Push-API-sample-code-needed/td-p/...

And I slightly changed the code for  the evaluation credentail I got from RIM.

When I try to run the code, I got the below error message.

 

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:198)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529)
	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:465)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.jav...
	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
	at com.skcc.TestPush2.pushMessage(TestPush2.java:76)
	at com.skcc.TestPush2.main(TestPush2.java:123)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
	at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:291)
	at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:265)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:186)
	at sun.security.validator.Validator.validate(Validator.java:218)
	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1053)
	... 13 more
Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
	at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:328)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
	at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
	at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:277)
	... 20 more
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sun Nov 21 01:24:38 KST 2010
	at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
	at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:570)
	at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:157)
	at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:109)
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:117)
	... 24 more

 

I also tried to access the URL ( https://pushapi.eval.blackberry.com/ ). And IE Browser also indicates Certificate Error. I don't know what to do.

Could somebody tell me how to figure out this problem?

The below is the my source code.

Thank you,

 

Simon Yang

 

 

 

 

 

package com.skcc;
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TimeZone;
import java.util.Vector;
import javax.net.ssl.HttpsURLConnection;


public class TestPush2 {
	private static String _appid = "1151-1an3c0rr9hh70R4k27";
	private static String _spacers = "YSMmPsbVQo0a68eIL3OAxnm";
	//private static String _auth = "Basic MTE1MS0xYW4zYzBycjloaDcwUjRrMjc6a3JqdWg4SjI="; // Replace <base64token> with your userid:password encode, http://bit.ly/diYQUr enter APPID:PASS and encode
	//private static String _auth = "Basic <base64token>"; // Replace <base64token> with your userid:password encode, http://bit.ly/diYQUr enter APPID:PASS and encode
	//private static String _auth = "eXNtODIxMjA1OkdzaW1vbjgyP0c=";
	//private static String _auth = "VGVzdFB1c2gyOmtyanVoOEoy";
	//private static String _auth = "MTE1MS0xYW4zYzBycjloaDcwUjRrMjc6a3JqdWg4SjI=";
	//private static String _auth = "1151-1an3c0rr9hh70R4k27:krjuh8J2";
	private static String _auth = "MTE1MS0xYW4zYzBycjloaDcwUjRrMjc6a3JqdWg4SjI=";
	
	
	
	//private static String _pushurl = "https://pushapi.eval.blackberry.com/mss/PD_pushRequest";
	private static String _pushurl = "https://pushapi.eval.blackberry.com/";
	
	private static String _uagent = "Hallgren Networks BB Push Server/1.0";
	private static boolean _output = true;

	public static boolean pushMessage(Vector<String> pins, String msg) {
		if (pins.isEmpty())
			return false;
		if (msg.equals(""))
			return false;

		String pushid = "" + System.currentTimeMillis();
		String delivebefore = getDeliveryTime();
		StringBuffer dataToSend = new StringBuffer();
		dataToSend.append("--" + _spacers + "\r\n");
		dataToSend.append("Content-Type: application/xml; charset=UTF-8\r\n\r\n");
		dataToSend.append("<?xml version=\"1.0\"?>\r\n");
		dataToSend.append("<!DOCTYPE pap PUBLIC \"-//WAPFORUM//DTD PAP 2.1//EN\" \"http://www.openmobilealliance.org/tech/DTD/pap_2.1.dtd\">\r\n");
		dataToSend.append("<pap>\r\n");
		dataToSend.append("<push-message push-id=\"" + pushid + "@rim.com\" ");
		//dataToSend.append("deliver-before-timestamp=\"" + delivebefore + "\" ");
		dataToSend.append("source-reference=\"" + _appid + "\">");
		for (int i = 0; i < pins.size(); ++i)
			dataToSend.append("<address address-value=\"" + pins.elementAt(i) + "\"/>");
		dataToSend.append("<quality-of-service delivery-method=\"unconfirmed\"/>\r\n");
		dataToSend.append("</push-message>\r\n");
		dataToSend.append("</pap>\r\n");
		dataToSend.append("--" + _spacers + "\r\n");
		dataToSend.append("Content-Type: text/plain\r\n");
		dataToSend.append("Push-Message-ID: " + pushid + "\r\n");
		dataToSend.append("\r\n");
		dataToSend.append(msg + "\r\n");
		dataToSend.append("--" + _spacers + "--");
		printer("-------------------------------------------------------------------");
		printer(dataToSend.toString());
		printer("-------------------------------------------------------------------");

		URL url;
		HttpsURLConnection connection = null;
		try {
			url = new URL(_pushurl);
			connection = (HttpsURLConnection) url.openConnection();
			connection.setRequestMethod("POST");
			connection.setRequestProperty("Content-Type", "multipart/related; boundary=" + _spacers + "; type=application/xml");
			connection.setRequestProperty("User-Agent", _uagent);
			connection.setRequestProperty("Authorization", _auth);
			connection.setDoInput(true);
			connection.setDoOutput(true);

			DataOutputStream wr = new DataOutputStream(connection.getOutputStream());
			wr.writeBytes(dataToSend.toString());
			wr.flush();
			wr.close();
			BufferedReader rd = new BufferedReader(new InputStreamReader(connection.getInputStream()));
			StringBuilder sb = new StringBuilder();
			String line = null;
			while ((line = rd.readLine()) != null) {
				sb.append(line + '\n');
			}
			printer(connection.getResponseCode() + " | " + connection.getResponseMessage());
			printer(sb.toString());
			if (sb.toString().contains("code=\"1001\""))
				return true;
			return false;
		} catch (Exception e) {
			e.printStackTrace();
			printer(e.getMessage());
			return false;
		} finally {
			if (connection != null) {
				connection.disconnect();
			}
		}

	}

	public static String getDeliveryTime() {
		Date now = new Date(System.currentTimeMillis() + 300000);
		SimpleDateFormat d = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
		d.setTimeZone(TimeZone.getTimeZone("GMT"));
		return d.format(now);
	}

	private static void printer(Object response) {
		if (_output)
			System.out.println(response);
	}
	
	public static void main(String[] args) {
		Vector<String> v = new Vector<String>();
		v.add("22B7207A%3A7778/TYPE=USER@rim.net");
		/*
		v.add("87654321");
		v.add("12345678");
		v.add("87654321");
		*/
		if (pushMessage(v, "message"))
			System.out.println("Sent Ok");
		else {
			System.out.println("Returned False");
		}
		/////////////////////////// Or send to all 
		Vector<String> v1 = new Vector<String>();
		v1.add("push_all");
		if (pushMessage(v, "message"))
			System.out.println("Sent Ok");
		else {
			System.out.println("Returned False");
		}
		
	}
	
}

 

Contributor
sitay1
Posts: 19
Registered: ‎10-11-2010
My Device: All

Re: While I'm testing push service, i got "CertificateExpiredException"

I'm getting a different exception:

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

 

it seems also related to the certificate of the eval push service. i have contacted rim support hopefully they can resolve it soon.

 

Contributor
ysm821205
Posts: 12
Registered: ‎11-09-2010
My Device: Not Specified

Re: While I'm testing push service, i got "CertificateExpiredException"

[ Edited ]

After I changed the local time on my computer manually, I got "OK" response for push request. But i still don't get the message on the device. I don't which one was wrong: server-side or client-side. I used HTTPPushDemo source from the push service manual for client-side.

New Contributor
chrisjBitheads
Posts: 7
Registered: ‎11-22-2010
My Device: Not Specified

Re: While I'm testing push service, i got "CertificateExpiredException"

Going to the server with a regular browser, the certificate on the push eval server has expired...(As of Nov. 20th)...

 

Issued on: 10/6/2009

Expiresd on: 11/20/2010

 

expiredCert.PNG

 

Chris

New Contributor
gautamz
Posts: 9
Registered: ‎11-22-2010
My Device: Not Specified

Re: While I'm testing push service, i got "CertificateExpiredException"

Were you able to get notifications before this?  We're seeing the same issues - but while the push from the server was working before the eval cert expired - the device would never get any messages.

Retired
psapra
Posts: 74
Registered: ‎07-22-2008
My Device: BlackBerry Z10

Re: While I'm testing push service, i got "CertificateExpiredException"

This problem has now been resolved on our side.  

 

Thanks,

Pratik Sapra

BlackBerry Development Advisor

Thanks,
Pratik Sapra
Gaming & Apps Consultant
Developer Relations
@pratiksapra
New Contributor
gautamz
Posts: 9
Registered: ‎11-22-2010
My Device: Not Specified

Re: While I'm testing push service, i got "CertificateExpiredException"

add the cert to they keystore to resolve this.

Contributor
ysm821205
Posts: 12
Registered: ‎11-09-2010
My Device: Not Specified

Re: While I'm testing push service, i got "CertificateExpiredException"

[ Edited ]

 Although I add cer to keystore using the following command and import certificate in IE, I'm still getting the Certificate Error, it says it is untrusted certificate.

 

keytool -import -trustcacerts -alias BB -file Desktop/BB.cer -keystore keystore.jks

 

How did you figure out this?

Please direct me in the right way.

Thanks

 

 

certificate.jpg

 

Contributor
ysm821205
Posts: 12
Registered: ‎11-09-2010
My Device: Not Specified

Re: While I'm testing push service, i got "CertificateExpiredException"

I followed the instruction in the below URL, and I figured it out.

http://blogs.sun.com/andreas/entry/no_more_unable_to_find

 

But I'm still wondering about what i did.

when i try with the URL (https://pushapi.eval.blackberry.com/mss/PD_pushRequest), i got the below response.

<?xml version="1.0"?>
<!DOCTYPE pap PUBLIC "-//WAPFORUM//DTD PAP 2.1//EN" "http://www.openmobilealliance.org/tech/DTD/pap_2.1.dtd"><pap><push-response push-id="1290474679406@rim.com" sender-address="http://pushapi.eval.blackberry.com/mss/PD_pushRequest" sender-name="RIM Push-Data Service" reply-time="2010-11-23T01:11:29Z"><response-result code="1001" desc="The request has been accepted for processing."></response-result></push-response></pap>

 

 

But when I try with the URL(https://pushapi.eval.blackberry.com) which I supposed to use from RIM evaluation credential, i got nothing for response.

somebody has same issue with me??

Developer
idonen
Posts: 43
Registered: ‎10-03-2008
My Device: Not Specified

Re: While I'm testing push service, i got "CertificateExpiredException"

Still getting a problem with the certificate. The exception from the server side says "Could not establish trust relationship for the SSL/TLS secure channel." If I try to bring up http://pushapi.eval.blackberry.com from a web browser on the server it tells me "This certificate cannot be verified up to a trusted certification authority."

 

Any ideas?