Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certificate should contain "push" keyword #46

Open
rohitsahay2000 opened this issue Jun 20, 2018 · 9 comments
Open

Certificate should contain "push" keyword #46

rohitsahay2000 opened this issue Jun 20, 2018 · 9 comments

Comments

@rohitsahay2000
Copy link

Hi,
The apns cert that we are using to send notification doesn't contain"push" keyword for CN. You have a check present for "push" keyword while validating the certificate and there are many others where you check specific strings to be present in the apns cert.

Due to this issue we are not able send notifications because cert validation fails. Please help what we can do here.
@judepereira
Copy link
Member

judepereira commented Jun 21, 2018 via email

@rohitsahay2000
Copy link
Author

rohitsahay2000 commented Jun 21, 2018
edited
Loading

That's not the point. All sensitive information is masked out. Why the strings are hardcoded ?

` if (!cn.toLowerCase().contains("push")) {
throw new CertificateException("Not a push certificate - " + cn);
}

    if (production && cn.toLowerCase().contains("apple development ios push services")) {
        throw new CertificateEnvironmentMismatchException("Invalid environment for this certificate");
    } else if (!production && cn.toLowerCase().contains("apple production ios push services")) {
        throw new CertificateEnvironmentMismatchException("Invalid environment for this certificate");
    }

`

The certs need not contain the strings that are hardcoded in the cert validation which is being done.

@rohitsahay2000
Copy link
Author

rohitsahay2000 commented Jun 21, 2018
edited
Loading

CN is like this: CN=APSP:0226d278-d925-4044-af07-a346da05e2c5/C=IN

As you can see this doesn't contain any strings against which validation is being done. For example: "push", "apple development ios push services","apple production ios push services". Please let us know what we can do to get this working. Would be a great help!!

@judepereira
Copy link
Member

@rohitsahay2000 Until now, all the certificates issued by Apple have contained those strings. It validates the certificate and ensures that you don't accidentally try to use your developer certificate (which has happened many times in the past).

I'll issue a new certificate for APNs tomorrow and check the CN on it.

@rohitsahay2000
Copy link
Author

@judepereira : Did you check? Have we removed the hardcoding?

@drunkendaddy
Copy link

any update on this?

I just downloaded a production certificate and it has CN=Apple Development IOS Push Services: myBunldleId

I doubled checked. It is the production certificate and it has development in it.

@chanoo
Copy link

chanoo commented May 22, 2019
edited
Loading 

java.security.cert.CertificateException: Not a push certificate - VoIP Services: com.test.app
	at com.clevertap.apns.CertificateUtils.validateCertificate(CertificateUtils.java:135)
	at com.clevertap.apns.clients.SyncOkHttpApnsClient.<init>(SyncOkHttpApnsClient.java:131)
	at com.clevertap.apns.clients.AsyncOkHttpApnsClient.<init>(AsyncOkHttpApnsClient.java:72)
	at com.clevertap.apns.clients.ApnsClientBuilder.build(ApnsClientBuilder.java:170)

VoIP Push certification not working...

@thanhly thanhly mentioned this issue May 13, 2020
Open
@nthung82
Copy link

hi
I am facing with is bug
how to slove it?

@DziubaR
Copy link

DziubaR commented Mar 15, 2021

It would be great to be able to change behavior with some boolean flag. (include verifying or not)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@judepereira @chanoo @nthung82 @drunkendaddy @rohitsahay2000 @DziubaR