GOAWAY from APNs

[antony...@gmail.com]

Hello!
I want to add basic user certificate validation:

public Status validateCredentials(Credentials credentials) {
    try {
        LOG.info("Check validity of apple credentials");
        ApnsClient client = new ApnsClientBuilder()
                .setClientCredentials(new ByteArrayInputStream(credentials.getBytes()), credentials.getPassword())
                .build();
        LOG.info("Client builded");
        client.connect(ApnsClient.PRODUCTION_APNS_HOST).await();
        LOG.info("Apns connected");
        Preconditions.checkState(client.isConnected());
        LOG.info("State checked");
        client.disconnect().await();
        LOG.info("Disconnected. Apple credentials are ok");
        return VALID;
    } catch (Exception ex) {
        LOG.info("Invalid certificate", ex);
        return NOT_VALID;
    }
}

If user try to load strange certificate usually we failed at 'isConnected' call:

INFO ..test.push.ios.Checker - Check validity of apple credentials
INFO com.relayrides.pushy.apns.ApnsClientBuilder - Native SSL provider is available and supports ALPN; will use native provider.
INFO ..test.push.ios.Checker - Client builded
INFO com.relayrides.pushy.apns.ApnsClient - Failed to connect.
java.lang.IllegalStateException: Channel closed before HTTP/2 preface completed.
  at com.relayrides.pushy.apns.ApnsClient$2.operationComplete(ApnsClient.java:412)
  at com.relayrides.pushy.apns.ApnsClient$2.operationComplete(ApnsClient.java:404)
  at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:514)
INFO ..test.push.ios.Checker - Apns connected
INFO ..test.push.ios.Checker - Invalid certificate
java.lang.IllegalStateException
  at com.google.common.base.Preconditions.checkState(Preconditions.java:158)

But sometimes 'isConnected' return true:

INFO ..test.push.ios.Checker - Check validity of apple credentials
INFO com.relayrides.pushy.apns.ApnsClientBuilder - Native SSL provider is available and supports ALPN; will use native provider.
INFO ..test.push.ios.Checker - Client builded
INFO com.relayrides.pushy.apns.ApnsClientHandler - Received GOAWAY from APNs server: {"reason":"BadCertificateEnvironment"}
INFO ..test.push.ios.Checker - Apns connected
INFO com.relayrides.pushy.apns.ApnsClient - Connected to api.push.apple.com/17.188.163.143:443.
INFO ..test.push.ios.Checker - State checked
INFO com.relayrides.pushy.apns.ApnsClient - Disconnecting.
INFO ..test.push.ios.Checker - Disconnected. Apple credentials are ok

In 'Terminating an APNs Connection' section of documentation (https://developer.apple.com/library/content/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/CommunicatingwithAPNs.html) we can see what after GOAWAY any future activity with current connection useless.

Is throwing Http2GoAwayException at https://github.com/relayrides/pushy/blob/v0.9.3/pushy/src/main/java/com/relayrides/pushy/apns/ApnsClientHandler.java#L239 make sense?

[j...@turo.com]

I think this is a race condition; you're probably checking that the connection is open in the brief window between when the connection is established and the APNs server performs application-level certificate checks. It's possible to connect with a certificate that's valid from a TLS perspective, but invalid from an APNs perspective, and I suspect that's what's happening here.

Throwing additional exceptions would not help in this case.

-Jon