generated certificate stops working when moved to resources folder

Question

I'm having problems with a generated certificate I'm using to connect to the apple push services. All works fine when the generated p12 file was in my src/main/java folder, but I moved it to src/main/resources and it decided to stop working with the following error:

DerInputStream.getLength(): lengthTag=111, too big.

To get into some more detail: I'm using the notnoop push notifications library and followed the tutorial from Ray Wenderlich to generate the certificates. after, I used to following commands to generate a p12 file for use in java:

openssl x509 -in aps_development.cer -inform DER -out aps_development.pem -outform PEM
openssl pkcs12 -nocerts -in single.p12 -out single.pem
openssl pkcs12 -export -inkey single.pem -in aps_development.pem -out dual.p12

after that I moved the dual.p12 into my java project. At first the file was in my /src/main/java folder, lets say at com.company.push.certificates (while the code requesting the file is at com.company.push). I request an inputstream by using

InputStream stream = this.getClass().getResourceAsStream("certificates/dual.p12");

This working fine in development, but not when building the project (using maven), thats why I moved the resource to the resources folder, using the exact same package. The resource still gets found, but now I get the above-mentioned java.io.IOException

Anyone knows what might be causing this?

Ps: when I move the file back into the package in src/main/java, all works fine again, so the certificate seems to be valid.

score 41 · Accepted Answer · edited Feb 12 '18 at 11:03

41

This is happening because maven's resource filtering is corrupting your p12 file.

We solved this by excluding p12 files from maven resource filtering with this in pom.xml:

<resources>
    <resource>
        <directory>src/main/resources</directory>
        <filtering>true</filtering>
        <excludes>
            <exclude>**/*.p12</exclude>
        </excludes>
    </resource>
    <resource>
        <directory>src/main/resources</directory>
        <filtering>false</filtering>
        <includes>
            <include>**/*.p12</include>
        </includes>
    </resource>
</resources>

edited Feb 12 '18 at 11:03

naXa stands with Ukraine

35,493
19
190
259

answered Dec 19 '14 at 15:11

chris

1,045
10
12

3

I was on the brink of going insane, thank you sir for this ! – ufdeveloper May 22 '18 at 01:39

score 27 · Answer 2 · answered Jun 25 '13 at 13:26

27

Check the content of the certificate file AFTER a build, when maven has copied to to target/classes/... Probably maven resource filtering, or something else in your build is modifying the file. Verify what ends up in the classes folder is EXACTLY the same as what is in the resources folder.

http://maven.apache.org/plugins/maven-resources-plugin/examples/filter.html

answered Jun 25 '13 at 13:26

Keith

4,144
1
19
14

I feel like an idiot I didn't check this myself... This seems to be the problem. At least in some sort. While developing I use a local jboss instance, I checked the file in the deployments directory, it seems something indeed messed with the file. It seems to even have a different encoding (UTF-8), so I assume it was treated as a text file instead of a binary file. How can I prevent this? – Kevin R Jun 25 '13 at 13:44
Ok, for some reason jboss thinks its funny to mess with .p12 files, regardless the contents. Renaming the file to *.p12.cert seems to be enough to 'fix' it, doesn't make me very happy though :( – Kevin R Jun 25 '13 at 14:13

score 16 · Answer 3 · answered Feb 05 '15 at 11:49

Personally I don't like duplicating the excludes/includes section in the maven build and having two resource sections that must be kept in sync - so I prefer to use the maven resources plugin to configure the nonFilteredFileExtensions instead.

The resources section in the build section then simply is (plus any specific includes you might need):

<resources>
   <resource>
      <directory>src/main/resources</directory>
      <filtering>true</filtering>
   </resource>
</resources>

Tell the maven-resources-plugin which files NOT to filter when including:

    <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-resources-plugin</artifactId>
        <version>2.7</version>
        <configuration>
            <delimiters>
                <delimiter>@</delimiter>
            </delimiters>
            <nonFilteredFileExtensions>
                <nonFilteredFileExtension>p12</nonFilteredFileExtension>
                <nonFilteredFileExtension>pfx</nonFilteredFileExtension>
                <nonFilteredFileExtension>pem</nonFilteredFileExtension>
            </nonFilteredFileExtensions>
        </configuration>
    </plugin>

See: http://maven.apache.org/plugins/maven-resources-plugin/examples/binaries-filtering.html

Much better approach in my opinion. I also disliked duplicating a block and having to add a comment to explain the duplication and avoid QA comebacks :) — Charles Morin, May 29 '18 at 14:14

generated certificate stops working when moved to resources folder

3 Answers3

Linked