I can send notification without any error but I don't get anything on my device. I tried a lot of solutions and I don't know what else I can do.
The certificat and token works in PHP...
Configuration : Java 1.8, Tomcat 7, Javapns 2.2
Thanks
Code
BasicConfigurator.configure();
URL res = getClass().getClassLoader().getResource("KeyNotification/certificat.p12");
File f = new File(res.getFile());
List<PushedNotification> notifications = Push.combined("message", 10, "", f.getAbsolutePath(), "password", false, token);
for (PushedNotification notification : notifications) {
if (notification.isSuccessful()) {
System.out.println("Push notification sent successfully to: " + notification.getDevice().getToken());
} else {
String invalidToken = notification.getDevice().getToken();
Exception theProblem = notification.getException();
theProblem.printStackTrace();
/* If the problem was an error-response packet returned by Apple, get it */
ResponsePacket theErrorResponse = notification.getResponse();
if (theErrorResponse != null) {
System.out.println(theErrorResponse.getMessage());
}
}
}
Log
0 [http-bio-8080-exec-21] DEBUG javapns.communication.ConnectionToAppleServer - Creating SSLSocketFactory
3 [http-bio-8080-exec-21] DEBUG javapns.communication.ConnectionToAppleServer - Creating SSLSocket to feedback.sandbox.push.apple.com:2196
1189 [http-bio-8080-exec-21] DEBUG javapns.feedback.FeedbackServiceManager - Found: [0]
1194 [http-bio-8080-exec-21] DEBUG javapns.notification.Payload - Adding alert [message]
1194 [http-bio-8080-exec-21] DEBUG javapns.notification.Payload - Adding badge [10]
1194 [http-bio-8080-exec-21] DEBUG javapns.notification.Payload - Adding sound []
1199 [http-bio-8080-exec-21] DEBUG javapns.communication.ConnectionToAppleServer - Creating SSLSocketFactory
1201 [http-bio-8080-exec-21] DEBUG javapns.communication.ConnectionToAppleServer - Creating SSLSocket to gateway.sandbox.push.apple.com:2195
1444 [http-bio-8080-exec-21] DEBUG javapns.notification.PushNotificationManager - Initialized Connection to Host: [gateway.sandbox.push.apple.com] Port: [2195]: 1e816c94[SSL_NULL_WITH_NULL_NULL: Socket[addr=gateway.sandbox.push.apple.com/17.110.227.35,port=2195,localport=63887]]
1447 [http-bio-8080-exec-21] DEBUG javapns.notification.PushNotificationManager - Building Raw message from deviceToken and payload
1447 [http-bio-8080-exec-21] DEBUG javapns.notification.PushNotificationManager - Built raw message ID 1 of total length 98
1447 [http-bio-8080-exec-21] DEBUG javapns.notification.PushNotificationManager - Attempting to send notification: {"aps":{"badge":10,"alert":"message","sound":""}}
1447 [http-bio-8080-exec-21] DEBUG javapns.notification.PushNotificationManager - to device: 1d8e0488958b92297923884508bf3714835f3581101ede9d3155ded0d8241c3e
2315 [http-bio-8080-exec-21] DEBUG javapns.notification.PushNotificationManager - Flushing
2315 [http-bio-8080-exec-21] DEBUG javapns.notification.PushNotificationManager - At this point, the entire 98-bytes message has been streamed out successfully through the SSL connection
2315 [http-bio-8080-exec-21] DEBUG javapns.notification.PushNotificationManager - Notification sent on first attempt
2315 [http-bio-8080-exec-21] DEBUG javapns.notification.PushNotificationManager - Reading responses
7321 [http-bio-8080-exec-21] DEBUG javapns.notification.PushNotificationManager - Closing connection
Push notification sent successfully to: 1d8e0488958b92297923884508bf3714835f3581101ede9d3155ded0d8241c3e
I solved my problem , the certificate was not compatible !
The command line to create the certificate (aps_development.pem is downloaded from Apple, myprivatekey.p12 is exported from my app private key in the "Keychain Access") :
openssl x509 -in aps_development.cer -inform DER -out aps_development.pem -outform PEM
openssl pkcs12 -nocerts -in myprivatekey.p12 -out myprivatekey.pem
openssl pkcs12 -export -inkey myprivatekey.pem -in aps_development.pem -out cert_dev.p12
Related
I'm trying to use the AWS SDK for Java v2 to upload a file to S3 and have the upload integrity checked using the SHA256 trailing checksum. My code works fine to upload the file if the checksumAlgorithm(ChecksumAlorithm.SHA256) property of PutObjectRequest is not present but when it is included the uploaded file has additional characters at its start and is truncated at the end.
Here's the code I'm using:
byte[] smallJsonBytes = getObjectFile("UploadTest\\smallFile.txt");
PutObjectRequest putOb = PutObjectRequest.builder()
.bucket(credsProvider.getS3Bucketname())
.key(s3Key)
**.checksumAlgorithm(ChecksumAlgorithm.SHA256)**
.build();
PutObjectResponse response = this.myS3Client.putObject(putOb, RequestBody.fromBytes(smallJsonBytes));
Below is the debug output when the checksumAlgorithm property is included. You can see the AWS SDK is generating a trailing checksum as expected but, as noted already, the uploaded file is corrupted: You can see the insertion of the string "14" in the debug output and this string appears at the beginning of the uploaded file. Additionally, the uploaded file is truncated.
Clearly from the debug output there is a problem with the evaluation of the file's content length.
I've tried specifying the contentLength directly on the PutObjectRequest (as per documentation - .contentLength(long length)), and also tried converting smallJsonBytes to a ByteArrayInputStream and specifying the contentLength in the RequestBody.fromInputStream, both with the same result.
14:56:56.150 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "x-amz-content-sha256: STREAMING-UNSIGNED-PAYLOAD-TRAILER[\r][\n]"
14:56:56.150 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "X-Amz-Date: 20230216T215655Z[\r][\n]"
14:56:56.150 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "x-amz-decoded-content-length: 20[\r][\n]"
14:56:56.150 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "x-amz-sdk-checksum-algorithm: SHA256[\r][\n]"
14:56:56.150 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "x-amz-trailer: x-amz-checksum-sha256[\r][\n]"
14:56:56.150 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Content-Length: 99[\r][\n]"
14:56:56.150 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
14:56:56.150 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "[\r][\n]"
14:56:56.206 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "HTTP/1.1 100 Continue[\r][\n]"
14:56:56.206 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[\r][\n]"
14:56:56.211 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 100 Continue
14:56:56.211 [main] DEBUG software.amazon.awssdk.core.internal.io.SdkLengthAwareInputStream - Specified InputStream length of 20 has been reached. Returning EOF.
14:56:56.213 [main] DEBUG software.amazon.awssdk.core.internal.io.SdkLengthAwareInputStream - Specified InputStream length of 20 has been reached. Returning EOF.
14:56:56.216 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "14[\r][\n]"
14:56:56.217 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Nothing much in here[\r][\n]"
14:56:56.217 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "0[\r][\n]"
14:56:56.217 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "x-amz-checksum-sha256:BthkalBn8SFAnEAFIWr2vtfO0h+TEdX/vOH+iZqKJ4k=[\r][\n]"
14:56:56.217 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "[\r][\n]"
14:56:56.389 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "HTTP/1.1 200 OK[\r][\n]"
I created a working WebSocket server with async_tungstenite and async_std.
I now want to add SSL using async_native_tls.
If I understood correctly, this crates provides a function accept which takes a TcpStream, handles the TLS handshake and provides a TlsStream<TcpStream> which should behave like a TcpStream but handles the encryption and decryption behind the scene.
To test the server, I created a self-signed certificate.
Based on that, here is how the code handling new TCP connections evolved:
async fn accept_connection(stream: TcpStream, addr: SocketAddr) {
//Websocket stream
let accept_resut = async_tungstenite::accept_async(stream).await;
if let Err(err) = accept_resut {
println!(
"Error while trying to accept websocket: {}",
err.to_string()
);
panic!(err);
}
println!("New web socket: {}", addr);
}
async fn accept_connection(stream: TcpStream, addr: SocketAddr) {
//Open tls certificate !should be done one time and not for each connection!
let file = File::open("identity.pfx").await.unwrap();
let acceptor_result = TlsAcceptor::new(file, "glacon").await;
if let Err(err) = acceptor_result {
println!("Error while opening certificate: {}", err.to_string());
panic!(err);
}
let acceptor = acceptor_result.unwrap();
//Get a stream where tls is handled
let tls_stream_result = acceptor.accept(stream).await;
if let Err(err) = tls_stream_result {
println!("Error during tls handshake: {}", err.to_string());
panic!(err);
}
let tls_stream = tls_stream_result.unwrap();
//Websocket stream
let accept_resut = async_tungstenite::accept_async(tls_stream).await;
if let Err(err) = accept_resut {
println!(
"Error while trying to accept websocket: {}",
err.to_string()
);
panic!(err);
}
println!("New web socket: {}", addr);
}
With this implementation, I now call from a webpage
const sock = new WebSocket('wss://localhost:8020');
This results in the error:
Error while trying to accept websocket:
IO error: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../ssl/record/rec_layer_s3.c:1543:SSL alert number 42
thread 'async-std/runtime' panicked at 'Box<Any>', src/main.rs:57:9
It seems like the handshake was successful as the error does not occur during the acceptor.accept. The error states that the certificate is not valid so here is how I created my self-signed certificate.
The openssl version is 1.1.1f
# Create a key
openssl req -nodes -new -key server.key -out server.csr
# Create the self-signed certificate
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# Convert the certificate to pfx format
openssl pkcs12 -export -out identity.pfx -inkey server.key -in server.crt
I thought that this problem had to do with security feature from the browser as the "SSL alert number 42" seems to come from the client. I tried to disable this option in Firefox settings
Query OCSP responder servers to confirm the current validity of certificates
I also tried to add my server.crt to the Authorities of the certificate manager.
Neither of these worked.
The problem came from the security features of Firefox.
Firefox detects that the certificate is not signed by an authority and sends back an error.
It seems like adding the certificate to the known authorities does not work.
To avoid this issue, I found this thread which indicates that an exception should be added for the address and port of your development Websocket server.
Go to Settings > Certificates > View Certificates > Servers > Add Exception...
Type in your local server (for me localhost:8020).
Add exception.
Unable to send logs to a syslog-ng docker container using TLS (6514)
Logs are being transmitted successfully not using TLS on port 601.
305ef6ab4973 syslog-ng[1]: Syslog connection accepted; fd='14', client='AF_INET(172.17.0.3:35362)', local='AF_INET(0.0.0.0:6514)'
305ef6ab4973 syslog-ng[1]: SSL error while reading stream; tls_error='SSL routines:tls_process_client_certificate:peer did not return a certificate', location='/etc/syslog-ng/syslog-ng.conf:35:9'
305ef6ab4973 syslog-ng[1]: I/O error occurred while reading; fd='14', error='Connection reset by peer (104)'
305ef6ab4973 syslog-ng[1]: Syslog connection closed; fd='14', client='AF_INET(172.17.0.3:35362)', local='AF_INET(0.0.0.0:6514)'
environment setup: Debian 9 VM, docker, latest syslog-ng.
syslog-ng version
root#305ef6ab4973:/etc/syslog-ng# syslog-ng --version
syslog-ng 3 (3.21.1)
Config version: 3.21
Installer-Version: 3.21.1
Revision: 3.21.1-1
Compile-Date: May 3 2019 09:11:19
Module-Directory: /usr/lib/syslog-ng/3.21
Module-Path: /usr/lib/syslog-ng/3.21
Include-Path: /usr/share/syslog-ng/include
Available-Modules: cryptofuncs,kvformat,tfgetent,add-contextual-data,afsql,afuser,xml,riemann,json-plugin,geoip-plugin,redis,pacctformat,afamqp,pseudofile,hook-commands,examples,stardate,geoip2-plugin,tags-parser,system-source,graphite,date,kafka,snmptrapd-parser,confgen,afprog,basicfuncs,afsmtp,http,linux-kmsg-format,map-value-pairs,appmodel,disk-buffer,affile,afsocket,afstomp,afmongodb,csvparser,mod-java,syslogformat,cef,mod-python,sdjournal,dbparser
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: on
Enable-Systemd: on
generated syslog msgs with loggen on port 601 non-tls
root#e41017b55dfa:loggen --stream 172.17.0.2 601
count=1816, rate = 915.72 msg/sec
count=2274, rate = 914.78 msg/sec
count=2732, rate = 914.93 msg/sec
logs are written in the log file for 601 conn
sudo tail -n 10 syslog-ng/logs/syslog-ng/tcp_601.log
Jul 21 10:35:11 ip-172-17-0-3 prg00000[1234]: seq: 0000004294, thread: 0000, runid: 1563705308, stamp: 2019-07-21T10:35:11 PADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADD
Jul 21 10:35:11 ip-172-17-0-3 prg00000[1234]: seq: 0000004295, thread: 0000, runid: 1563705308, stamp: 2019-07-21T10:35:11 PADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADD
Jul 21 10:35:11 ip-172-17-0-3 prg00000[1234]: seq: 0000004296, thread: 0000, runid: 1563705308, stamp: 2019-07-21T10:35:11 PADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADD
syslog messages log (601 conn)
Jul 21 10:39:14 305ef6ab4973 syslog-ng[1]: Syslog connection accepted; fd='18', client='AF_INET(****)', local='AF_INET(0.0.0.0:601)'
Jul 21 10:39:44 305ef6ab4973 syslog-ng[1]: Syslog connection closed; fd='18', client='AF_INET(****)', local='AF_INET(0.0.0.0:601)'
When I'm using TLS, I'm receiving the following error
client-side:
root#e41017b55dfa:#loggen --use-ssl 172.17.0.2 6514
error [loggen_helper.c:open_ssl_connection:247] SSL connect failed
139771316958976:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1407:SSL alert number 40
error [ssl_plugin.c:active_thread_func:313] can not connect to 172.17.0.2:6514 (0x5566c837e800)
Total runtime = 0.500195, count = 0
server-side:
305ef6ab4973 syslog-ng[1]: Syslog connection accepted; fd='14', client='AF_INET(172.17.0.3:35362)', local='AF_INET(0.0.0.0:6514)'
305ef6ab4973 syslog-ng[1]: SSL error while reading stream; tls_error='SSL routines:tls_process_client_certificate:peer did not return a certificate', location='/etc/syslog-ng/syslog-ng.conf:35:9'
305ef6ab4973 syslog-ng[1]: I/O error occurred while reading; fd='14', error='Connection reset by peer (104)'
305ef6ab4973 syslog-ng[1]: Syslog connection closed; fd='14', client='AF_INET(172.17.0.3:35362)', local='AF_INET(0.0.0.0:6514)'
conn test using openssl
root#e41017b55dfa:/etc/syslog-ng# openssl s_client -connect 172.17.0.2:6514
CONNECTED(00000003)
depth=1 C = IL, ST = ***, L = ***, O = ***, OU = IT, CN = *** Syslog CA, emailAddress = ***#***.com
verify return:1
depth=0 C = IL, ST = ***, L = ***, O = ***, OU = IT, CN = 172.17.0.2
verify return:1
140233519988800:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1407:SSL alert number 40
---
Certificate chain
0 s:/C=IL/ST=***/L=***/O=***/OU=IT/CN=172.17.0.2
i:/C=IL/ST=***/L=***/O=***/OU=IT/CN=*** Syslog CA/emailAddress=***#***.com
1 s:/C=IL/ST=***/L=***/O=***/OU=IT/CN=*** Syslog CA/emailAddress=***#***.com
i:/C=IL/ST=***/L=***/O=***/OU=IT/CN=*** Syslog CA/emailAddress=***#***.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID7TCCAtWgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMCSUwx
ETAPBgNVBAgMCFRlbCBBdml2MREwDwYDVQQHDAhUZWwgQXZpdjEOMAwGA1UECgwF
QXJtaXMxCzAJBgNVBAsMAklUMRgwFgYDVQQDDA9Bcm1pcyBTeXNsb2cgQ0ExJTAj
BgkqhkiG9w0BCQEWFm9tcmkudHNhYmFyaUBhcm1pcy5jb20wHhcNMTkwNzE4MTAx
MzQ3WhcNMjAwNzE3MTAxMzQ3WjBlMQswCQYDVQQGEwJJTDERMA8GA1UECAwIVGVs
IEF2aXYxETAPBgNVBAcMCFRlbCBBdml2MQ4wDAYDVQQKDAVBcm1pczELMAkGA1UE
CwwCSVQxEzARBgNVBAMMCjE3Mi4xNy4wLjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSVTVKoNlgPk1q9MgbPF1ndDIhTFsXp62XPdNNWyP79GGunPlM
o+oqJJJh+SDP/0BUivyvYdH4gFdZ40RZ138CQz1L+i9sBK4alizRIqxWT379lnYd
nieMYP25uBQPw8TothegtHA30+PFg/qEVd/3bQQVFJ/z0Q6GsOkw/Qc4kS+hhP6B
dny2ul8yyS4oNeM4rMo/1/F8NKsdOlt/4St2aVo5kuuyosOdKaaXzzqeVI7QdqaJ
kuMwC5sGATDZ2qwr9TEgBVzZs5sFixOaA0vTb7FqVOfcBq1Crrf9qnNTzQXzjjjH
3eQ4tZXbVOTopxwR7zgqO/nR/3IAvVnirsjNAgMBAAGjezB5MAkGA1UdEwQCMAAw
LAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0G
A1UdDgQWBBSMTVONnqW+gof7SKD0V6uPZLoOdDAfBgNVHSMEGDAWgBTaK4jNVP3+
1V4wUSM+Gx7iYSjFKTANBgkqhkiG9w0BAQsFAAOCAQEAQqOJbvHcjG6pYbmtwexJ
C56a1qE0C9fjIlHY+EKuE1e/jTfIu1opggwTbov5BS9MHDK0As4JkwAn/36dbGKt
SS3K/JXvnM8Ag5tv09zVgSKwYNRpuVTi52shn4ELIktVCUc2H7XW1W9r1GsjkXCV
WhtJRP9lVJi77gxICTC5x39feA/p3BkRUIRwWPY2J8quJ37FTNBGMeX8lVAW4ipR
UbG3DQgj2r/HonjmZ5kWH8Bd46RZhpE7Nt4UGRutCnyi9jo3R7PDQW1D0rhRSByO
w/uTToHfaj7ZjGb9CXeV7LRuf6z5px881puqUsWYSeEh0Tm3AnTVNOzzvKE2Pp3*****
-----END CERTIFICATE-----
subject=/C=IL/ST=***/L=***/O=***/OU=IT/CN=172.17.0.2
issuer=/C=IL/ST=***/L=***/O=***/OU=IT/CN=*** Syslog CA/emailAddress=***#***.com
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2487 bytes and written 281 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID:
Session-ID-ctx:
Master-Key: 02FB22BADE731CF64439D69D1F1991F3FF3BD7C4E44AF531308DD021659B1220B8BEBE94C9934659734AB10D4AF25999
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1563704954
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
root#e41017b55dfa:/etc/syslog-ng#
syslog-ng client config
#version: 3.18
#include "scl.conf"
source s_local {
internal();
};
source s_network {
default-network-drivers( ); };
destination test2_d {
network("172.17.0.2" port(6514)
transport("tls")
tls( ca-dir("/etc/syslog-ng/ca.d")
key-file("/etc/syslog-ng/cert.d/clientkey.pem")
cert-file("/etc/syslog-ng/cert.d/clientcert.pem") )
); };
log { source(s_local); destination(test2_d); };
destination d_local {
file("/var/log/messages");
file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3));
};
log {
source(s_local);
source(s_network);
destination(d_local);
};
syslog-ng server config
#version: 3.18
#include "scl.conf"
source s_local {
internal();
};
source test1_s {
network(
transport("tcp")
port(601)
flags(syslog-protocol)
);
};
destination test1_d { file("/var/log/syslog-ng/tcp_601.log" dir_group(root) group(root) create_dirs(yes) dir_perm(0777) perm(0666) owner(root) dir_owner(root)); };
log { source("test1_s"); destination("test1_d"); };
source test2_s {
network(
ip(0.0.0.0) port(6514)
transport("tls")
tls( key-file("/etc/syslog-ng/cert.d/serverkey.pem")
cert-file("/etc/syslog-ng/cert.d/servercert.pem")
ca-dir("/etc/syslog-ng/ca.d"))
); };
destination test2_d { file("/var/log/syslog-ng/tls_6514.log" dir_group(root) group(root) create_dirs(yes) dir_perm(0777) perm(0666) owner(root) dir_owner(root)); };
log { source("test2_s"); destination("test2_d"); };
destination d_local {
file("/var/log/messages");
file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3));
};
log {
source(s_local);
destination(d_local);
};
You've tested your configuration using loggen --use-ssl and openssl s_client without specifying a client certificate (loggen does not support client certs, openssl s_client does).
The error message on the server side is about the missing client cert: peer did not return a certificate.
If you prefer not to use mutual authentication, you can make it optional by adding the peer-verify(optional-trusted) TLS option to the server config:
source test2_s {
network(
port(6514)
transport("tls")
tls( key-file("/etc/syslog-ng/cert.d/serverkey.pem")
cert-file("/etc/syslog-ng/cert.d/servercert.pem")
ca-dir("/etc/syslog-ng/ca.d")
peer-verify(optional-trusted)
)
);
};
syslog-ng Admin Guide - TLS options
Whenever I try and test using the node driver, I find at the point of notarisation, my flows will hang.
After examining the node logs, it shows that the notary's message broker was unreachable:
[INFO ] 09:33:26,653 [nioEventLoopGroup-3-3] (AMQPClient.kt:91)
netty.AMQPClient.run - Retry connect {}
[INFO ] 09:33:26,657 [nioEventLoopGroup-3-4] (AMQPClient.kt:76)
netty.AMQPClient.operationComplete - Connected to localhost:10001 {}
[INFO ] 09:33:26,658 [nioEventLoopGroup-3-4]
(AMQPChannelHandler.kt:49) O=Notary Service, L=Zurich,
C=CH.channelActive - New client connection db926eb8 from
localhost/127.0.0.1:10001 to /127.0.0.1:63781 {}
[INFO ] 09:33:26,658
[nioEventLoopGroup-3-4] (AMQPClient.kt:86)
netty.AMQPClient.operationComplete - Disconnected from localhost:10001
{}
[ERROR] 09:33:26,658 [nioEventLoopGroup-3-4]
(AMQPChannelHandler.kt:98) O=Notary Service, L=Zurich,
C=CH.userEventTriggered - Handshake failure
SslHandshakeCompletionEvent(java.nio.channels.ClosedChannelException)
{}
[INFO ] 09:33:26,659 [nioEventLoopGroup-3-4]
(AMQPChannelHandler.kt:74) O=Notary Service, L=Zurich,
C=CH.channelInactive - Closed client connection db926eb8 from
localhost/127.0.0.1:10001 to /127.0.0.1:63781 {}
[INFO ] 09:33:26,659
[nioEventLoopGroup-3-4] (AMQPBridgeManager.kt:115)
peers.DLF1ZmHt1DXc9HbxzDNm6VHduUABBbNsp7Mh4DhoBs6ifd ->
localhost:10001:O=Notary Service, L=Zurich, C=CH.onSocketConnected -
Bridge Disconnected {}
While the notary logs display the following:
[INFO ] 13:24:21,735 [main] (ActiveMQServerImpl.java:540)
core.server.internalStart - AMQ221001: Apache ActiveMQ Artemis Message
Broker version 2.2.0 [localhost,
nodeID=7b3df3b8-98aa-11e8-83bd-ead493c8221e] {}
[DEBUG] 13:24:21,735 [main] (ArtemisRpcBroker.kt:51)
rpc.ArtemisRpcBroker.start - Artemis RPC broker is started. {}
[INFO ] 13:24:21,737 [main] (ArtemisMessagingClient.kt:28)
internal.ArtemisMessagingClient.start - Connecting to message broker:
localhost:10001 {}
[ERROR] 13:24:22,298 [main] (NettyConnector.java:713)
core.client.createConnection - AMQ214016: Failed to create netty
connection {} java.nio.channels.ClosedChannelException: null
at io.netty.handler.ssl.SslHandler.channelInactive(...)(Unknown Source) ~[netty-all-4.1.9.Final.jar:4.1.9.Final]
[DEBUG] 13:24:22,362 [main] (PersistentIdentityService.kt:137)
identity.PersistentIdentityService.verifyAndRegisterIdentity -
Registering identity O=Notary Service, L=Zurich, C=CH {}
[WARN ] 13:24:22,363 [main] (AppendOnlyPersistentMap.kt:79)
utilities.AppendOnlyPersistentMapBase.set - Double insert in
net.corda.node.utilities.AppendOnlyPersistentMap for entity class
class
net.corda.node.services.identity.PersistentIdentityService$PersistentIdentity
key 69ACAA32A0C7934D9454CB53EEA6CA6CCD8E4090B30C560A5A36EA10F3DC13E8,
not inserting the second time {}
[ERROR] 13:24:22,368 [main] (NodeStartup.kt:125) internal.Node.run -
Exception during node startup {}
org.apache.activemq.artemis.api.core.ActiveMQNotConnectedException:
AMQ119007: Cannot connect to server(s). Tried with all available
servers.
at org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl.createSessionFactory(ServerLocatorImpl.java:787)
~[artemis-core-client-2.2.0.jar:2.2.0]
at net.corda.nodeapi.internal.ArtemisMessagingClient.start(ArtemisMessagingClient.kt:39)
~[corda-node-api-3.2-corda.jar:?]
at net.corda.nodeapi.internal.bridging.AMQPBridgeManager.start(AMQPBridgeManager.kt:195)
~[corda-node-api-3.2-corda.jar:?]
at net.corda.nodeapi.internal.bridging.BridgeControlListener.start(BridgeControlListener.kt:35)
~[corda-node-api-3.2-corda.jar:?]
at net.corda.node.internal.Node.startMessagingService(Node.kt:301) ~[corda-node-3.2-corda.jar:?]
How do I fix this?
IntelliJ Ultimate ships with the Yourkit profiler, which by default starts when IntelliJ starts and listens on port 100001 - the default port for the Notary in Driver.
You can locate the config for this using here and alter it to use a different port as per this
Your new config line will look something like this:
-agentlib:yjpagent=delay=10000,probe_disable=*,port=30000
I am unable to setup my javamail session to send an email using my private mail service provider. I am using an auhenticated starttls session and am getting this error : 550 5.7.1 Client does not have permissions to send as this sender. Below is my mail session properties and debug trace :
mail.smtp.auth=true
mail.smtp.host=smtp.myprovider.com
mail.smtp.password=*****
mail.smtp.port=587
mail.smtp.starttls.enable=true
mail.smtp.user=****
javax.portlet.action[0] = sendMail
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "smtp.myprovider.com", port 587, isSSL false
220 smtp.myprovider.com Microsoft ESMTP MAIL Service ready at Tue, 2 Jun 2015 11:35:22 -0400
DEBUG SMTP: connected to host "smtp.myprovider.com", port: 587
EHLO sgmed001
250-smtp.myprovider.com Hello [xx.xx.xx.xx]
250-SIZE 52428800
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH NTLM
250-8BITMIME
250-BINARYMIME
250 CHUNKING
DEBUG SMTP: Found extension "SIZE", arg "52428800"
DEBUG SMTP: Found extension "PIPELINING", arg ""
DEBUG SMTP: Found extension "DSN", arg ""
DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
DEBUG SMTP: Found extension "STARTTLS", arg ""
DEBUG SMTP: Found extension "AUTH", arg "NTLM"
DEBUG SMTP: Found extension "8BITMIME", arg ""
DEBUG SMTP: Found extension "BINARYMIME", arg ""
DEBUG SMTP: Found extension "CHUNKING", arg ""
STARTTLS
220 2.0.0 SMTP server ready
EHLO sgmed001
250-smtp.myprovider.com Hello [xx.xx.xx.xx]
250-SIZE 52428800
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH NTLM LOGIN
250-8BITMIME
250-BINARYMIME
250 CHUNKING
DEBUG SMTP: Found extension "SIZE", arg "52428800"
DEBUG SMTP: Found extension "PIPELINING", arg ""
DEBUG SMTP: Found extension "DSN", arg ""
DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
DEBUG SMTP: Found extension "AUTH", arg "NTLM LOGIN"
DEBUG SMTP: Found extension "8BITMIME", arg ""
DEBUG SMTP: Found extension "BINARYMIME", arg ""
DEBUG SMTP: Found extension "CHUNKING", arg ""
DEBUG SMTP: Attempt to authenticate
AUTH LOGIN
334 VXNlcm5hbWU6
****
334 UGFzc3dvcmQ6
***
235 2.7.0 Authentication successful
DEBUG SMTP: use8bit false
MAIL FROM:<sender#xx.xx>
250 2.1.0 Sender OK
RCPT TO:<recipient#xx.xx>
250 2.1.5 Recipient OK
DEBUG SMTP: Verified Addresses
DEBUG SMTP: recipient#xx.xx
DATA
354 Start mail input; end with <CRLF>.<CRLF>
Date: Tue, 2 Jun 2015 11:35:23 -0400 (EDT)
From: sender#xx.xx
To: recipient#xx.xx
Message-ID: <53119439.11433259323689.JavaMail>
Subject: Request
MIME-Version: 1.0
Content-Type: text/html;charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Auto-Response-Suppress: AutoReply, DR, NDR, NRN, OOF, RN
qweqwe
.
550 5.7.1 Client does not have permissions to send as this sender
com.sun.mail.smtp.SMTPSendFailedException: 550 5.7.1 Client does not have permissions to send as this sender
at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:1388)
at com.sun.mail.smtp.SMTPTransport.finishData(SMTPTransport.java:1215)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:586)
at com.liferay.util.mail.MailEngine._send(MailEngine.java:563)
at com.liferay.util.mail.MailEngine.send(MailEngine.java:350)
at com.liferay.util.mail.MailEngine.send(MailEngine.java:425)
at com.liferay.mail.messaging.MailMessageListener.doMailMessage(MailMessageListener.java:93)
at com.liferay.mail.messaging.MailMessageListener.doReceive(MailMessageListener.java:108)
at com.liferay.portal.kernel.messaging.BaseMessageListener.receive(BaseMessageListener.java:26)
at com.liferay.portal.kernel.messaging.InvokerMessageListener.receive(InvokerMessageListener.java:72)
at com.liferay.portal.kernel.messaging.ParallelDestination$1.run(ParallelDestination.java:69)
at com.liferay.portal.kernel.concurrent.ThreadPoolExecutor$WorkerTask._runTask(ThreadPoolExecutor.java:682)
at com.liferay.portal.kernel.concurrent.ThreadPoolExecutor$WorkerTask.run(ThreadPoolExecutor.java:593)
at java.lang.Thread.run(Thread.java:745)
11:35:23,696 ERROR [liferay/mail-1][MailEngine:77] null
com.sun.mail.smtp.SMTPSendFailedException: 550 5.7.1 Client does not have permissions to send as this sender_ [Sanitized]
at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:1388)
at com.sun.mail.smtp.SMTPTransport.finishData(SMTPTransport.java:1215)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:586)
at com.liferay.util.mail.MailEngine._send(MailEngine.java:563)
at com.liferay.util.mail.MailEngine.send(MailEngine.java:350)
at com.liferay.util.mail.MailEngine.send(MailEngine.java:425)
at com.liferay.mail.messaging.MailMessageListener.doMailMessage(MailMessageListener.java:93)
at com.liferay.mail.messaging.MailMessageListener.doReceive(MailMessageListener.java:108)
at com.liferay.portal.kernel.messaging.BaseMessageListener.receive(BaseMessageListener.java:26)
at com.liferay.portal.kernel.messaging.InvokerMessageListener.receive(InvokerMessageListener.java:72)
at com.liferay.portal.kernel.messaging.ParallelDestination$1.run(ParallelDestination.java:69)
at com.liferay.portal.kernel.concurrent.ThreadPoolExecutor$WorkerTask._runTask(ThreadPoolExecutor.java:682)
at com.liferay.portal.kernel.concurrent.ThreadPoolExecutor$WorkerTask.run(ThreadPoolExecutor.java:593)
at java.lang.Thread.run(Thread.java:745)
Ok thanks to Steffen I was able to work it out, see comment above. In short the real problem was that I tried to send a mail using a sender outside my mail provider space. Using a mail address inside my provider's space made the email go and be sent away.