Worklight推送通知(APNS)因javax.net.ssl.SSLHandshakeException而失败

时间:2014-02-22 02:11:33

标签: apple-push-notifications ibm-mobilefirst websphere-liberty ibm-jdk

我在iOS上有一个带推送通知的Worklight 6.1应用程序。它工作正常,直到Worklight服务器出现问题。之后的所有推送通知都会失败,直到服务器重新启动。

Worklight服务器是Linux x86_64上的Liberty 8.5.5.0 使用JDK:java-1.7.0-ibm-1.7.0.5.0.x86_64 Worklight数据库是Derby(这是一个测试服务器)

启动服务器时一切正常。

服务器启动10分钟后,我看到:

[2/20/14 19:39:15:319 CST] 0000003e com.notnoop.apns.internal.ApnsFeedbackConnection             W Failed to retreive invalid devices
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: End user tried to act as a CA

但这似乎没有打破任何东西。推送通知仍然有效。服务器启动30分钟后,我看到:

[2/20/14 19:59:48:657 CST] 00000061 com.ibm.ws.webcontainer.util.ApplicationErrorUtils           E SRVE0777E: Exception thrown by application class 'org.jboss.resteasy.core.SynchronousDispatcher.handleApplicationException:365'
org.jboss.resteasy.spi.UnhandledException: org.springframework.dao.InvalidDataAccessApiUsageException: Multiple DISTINCT aggregates are not supported at this time. {SELECT COUNT(DISTINCT t0.DEVICE), COUNT(DISTINCT t1.ID) FROM NOTIFICATION_DEVICE t0 INNER JOIN NOTIFICATION_USER t1 ON t0.USERSUBSCRIPTIONID = t1.ID WHERE (t0.APPLICATIONID IN (?) AND t0.PLATFORM = ?)} [code=30000, state=42Z02]; nested exception is <openjpa-1.2.2-r422266:898935 nonfatal user error> org.apache.openjpa.persistence.ArgumentException: Multiple DISTINCT aggregates are not supported at this time. {SELECT COUNT(DISTINCT t0.DEVICE), COUNT(DISTINCT t1.ID) FROM NOTIFICATION_DEVICE t0 INNER JOIN NOTIFICATION_USER t1 ON t0.USERSUBSCRIPTIONID = t1.ID WHERE (t0.APPLICATIONID IN (?) AND t0.PLATFORM = ?)} [code=30000, state=42Z02]

之后对push适配器的任何调用都会导致:

[2/21/14 19:06:44:038 CST] 00000090 com.notnoop.apns.internal.ApnsConnectionImpl                 I Exception while waiting for error code
java.net.SocketException: Socket is closed
    at com.ibm.jsse2.qc.j(qc.java:301)
    at com.ibm.jsse2.e.read(e.java:32)
    at java.io.InputStream.read(InputStream.java:102)
    at com.notnoop.apns.internal.ApnsConnectionImpl$1MonitoringThread.run(ApnsConnectionImpl.java:114)

[2/21/14 19:06:44:650 CST] 00000085 com.notnoop.apns.internal.ApnsConnectionImpl                 I Failed to send message Message(Id=2; Token=499D9813FBC377CCDE787E2749CDA914F826EDF39B0830D4AFEEF7A5D71A1802; Payload={"aps":{"alert":{"body":"You have 4 available messages","action-loc-key":null},"sound":"","badge":4},"payload":"{\"alias\":\"myNotificationPush\"}"})... trying again after delay
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: End user tried to act as a CA

之后的所有重试都会导致同样的失败。

有一些谷歌点击“最终用户试图充当CA”和“APNS”表明这是一个JDK 1.5问题(在1.6中修复),并且它可以通过使用IbmPKIX信任管理器修复,但我确信我使用的是JDK 1.7,而java.security中的信任管理器是PKIX

2 个答案:

答案 0 :(得分:4)

升级到Worklight 6.0.0.2修订包后,我们在运行JDK 7的Websphere上看到了同样的问题。经过一些研究后,我发现IBM JDK 7报告了此问题.Entrust证书存在问题,即包含在JDK中。我尝试了从JDK 6替换cacerts文件的解决方法,这很有效。

 Replace jre\lib\security\cacerts file in JDK 7 with
 jre\lib\security\cacerts file in JDK 6

http://www-01.ibm.com/support/docview.wss?uid=swg1IV43936

注意:要与APN建立TLS会话,必须在提供商的服务器上安装Entrust Secure CA根证书。如果服务器正在运行OS X,则此根证书已存在于钥匙串中。在其他系统上,证书可能不可用。您可以从Entrust SSL证书网站下载此证书。

https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/Chapters/CommunicatingWIthAPS.html

答案 1 :(得分:1)

再次......这花了很长时间才弄明白。

根本问题是Worklight服务器托管在SoftLayer上,显然SoftLayer防火墙默认监视套接字连接,如果连接空闲约10分钟,则删除它。

因此,工作灯服务器连接到APN并推送工作。然后10分钟没有任何推送通知,防火墙在Worklight服务器和APNS服务器之间删除了套接字。所有后续推送请求都是静默失败的,因为Worklight有一个用于APNS服务的死套接字。

我们重新配置防火墙以允许与APNS的连接无限期地闲置,问题得到解决。

相关问题
最新问题