Thursday, June 16, 2016

Tutorial (2) : How to send Push Notifications to iPhone using Java ?

Generate aps_developer.p12 for JavaPNS

Download and Upzip
Goto windows dos command mode

// Convert aps_developer.cer to aps_developer.pem
openssl x509 -in aps_developer.cer -inform DER -out aps_developer.pem -outform PEM 

// Generate Push_Noenc.pem from PushChatCert.p12
openssl pkcs12 -nocerts -out Push_Noenc.pem -in PushChatCert.p12

// Output aps_developer.p12 for JavaPNS
openssl pkcs12 -export -in aps_developer.pem -inkey Push_Noenc.pem -certfile PushChat.certSigningRequest -name "aps_developer" -out aps_developer.p12

Obtain Device token from iOS

Add the following code in the method of AppDelegate.didFinishLaunchingWithOptions

IOS Code:
[[UIApplication sharedApplication] registerForRemoteNotificationTypes:(UIRemoteNotificationTypeAlert | UIRemoteNotificationTypeSound | UIRemoteNotificationTypeBadge)];  

To setup registerForRemoteNotificationTypes for app to receive notification message.

To extract device token by the following codes:

IOS Code: 

 - (void)application:(UIApplication *)app didRegisterForRemoteNotificationsWithDeviceToken:(NSData *)deviceToken {   
    NSString *token = [NSString stringWithFormat:@"%@", deviceToken];
    NSLog(@"My token is:%@", token);

- (void)application:(UIApplication *)app didFailToRegisterForRemoteNotificationsWithError:(NSError *)error {    
    NSString *error_str = [NSString stringWithFormat: @"%@", error];
    NSLog(@"Failed to get token, error:%@", error_str);

iOS device needs to implement two features: one is to register app as receiving notification type, the other is to send its token to backend JavaPNS via HTTP or TCP protocol.

Setup JavaPNS Sample code

Please add the following .jar library in your project:
1. bcprov-jdk15-146.jar
2. log4j-1.2.15.jar
3. JavaPNS_2.2.jar ( unzip )
4. Compile the source code :

(PS: Or simply import the testSample code by eclipse and run it)
JavaPNS needs certificate aps_developer.p12, and iOS token id to accomplish the function of sending Push Messages. The following codes below detail how to make it work.

public static void main(String[] args) {
                        // iOS Private key as a p12 file exported by MAC
                        String keynotePath = "aps_developer.p12";
                        // iOS developer certificate password exported by MAC
                        String password = "Your Pasword";
                        // iOS device Token id
                        String token = "Your Device Token";
                        // Test environment: Production or Sandbox(simulation)
                        String environment = "simulation";
                        // Push message mode: Simple or complex or thread
    // Simple: Simple msg, complex: complex message, thread: Add multiple threads support
                        String pushMode = "complex";
                        // Number of received devices
                        String deviceNum = "1";
                        // Number of sender threads
                        String threadNum = "1";
                        /* Initialize Log4j to print logs to console */

                        /* Push an alert */
                        try {
pushTest(keynotePath, password, token, environment, pushMode, deviceNum, threadNum);
                        } catch (CommunicationException e) {
                        } catch (KeystoreException e) {

How to generate iOS development certificate for Push Server ?

// For Development Environment
// Convert aps_developer.cer to aps_developer.pem
openssl x509 -in aps_development.cer -inform DER -out aps_developer.pem -outform PEM

// Generate Push_Noenc.pem from PushChatCert.p12
openssl pkcs12 -nocerts -out Push_Noenc.pem -in PushChatCert.p12   // Input your password

// Output aps_developer.p12 for JavaPNS
openssl pkcs12 -export -in aps_developer.pem -inkey Push_Noenc.pem -certfile Push.certSigningRequest -name "aps_developer" -out aps_developer.p12

How to generate iOS Production certificate for Push Server?

// For Production
// Convert aps_developer.cer to aps_developer.pem
openssl x509 -in aps_production.cer -inform DER -out aps_production.pem -outform PEM

// Generate Push_Noenc.pem from PushChatCert.p12
openssl pkcs12 -nocerts -out Push_Noenc.pem -in PushChatCert.p12 

// Output aps_developer.p12 for JavaPNS
openssl pkcs12 -export -in aps_production.pem -inkey Push_Noenc.pem -certfile Push.certSigningRequest -name "aps_production" -out aps_production.p12

Tuesday, June 14, 2016

Tutorial (1) : How to send Push Notifications to iPhone using Java ?

Get Started

In this tutorial, you will lean how Push Notifications work and how to send Push Notifications to iPhone using an open source library - JavaAPNS.

Apple Push Service Overview

1. An app registers to iOS to enable Push notification; iOS sends device`s UDID to APNS.
2. The app receives a “device token” from APNS. You can think of the device token as the address that push notifications will be sent to.
3. The app sends the device token to your server.
4. When something of interest to your app happens, the server sends a push notification to the Apple Push Notification Service with device token id.
5. APNS sends the push notification to the user’s device.

 Enable Provisioning Profiles and Certificates

To enable push notifications in your app, it needs to be signed with a provisioning profile that is configured for push. In addition, your server needs to sign its communications to APNS with an SSL certificate.

There are also two types of push server certificates:
- Development. If your app is running in Debug mode and is signed with the Development provisioning profile (Code Signing Identity is “iPhone Developer”), then your server must be using the Development certificate.

- Production. Apps that are distributed as Ad Hoc or on the App Store (when Code Signing Identify is “iPhone Distribution”) must talk to a server that uses the Production certificate. If there is a mismatch between these, push notifications cannot be delivered to your app.

Generating the Certificate Signing Request (CSR)

The first thing you need is your Push certificates. These identify you when communicating with APNS over SSL.

Generating the Apple Push Notification SSL certificate on Mac:

Enter your email address here. I’ve heard people recommended you use the same email address that you used to sign up for the iOS Developer Program, but it seems to accept any email address just fine.

Enter “PushChat” for Common Name. You can type anything you want here, but choose something descriptive. This allows us to easily find the private key later.

Check Saved to disk and click Continue. Save the file as “PushChat.certSigningRequest”.

Generating the private key

If you go to the Keys section of Keychain Access, you will see that a new private key has appeared in your keychain. Right click it and choose Export.

Save the private key as “PushChatCert.p12” and enter a passphrase.

4.   Making the App ID and SSL certificate
Log in to the iOS Provisioning Portal.

First, we are going to make a new App ID. Each push app needs its own unique ID because push notifications are sent to a specific application. (You cannot use a wildcard ID.)

Filled in the fields as follows:
Description: PushChat
Bundle Seed ID: Generate New (this is the default option)
Bundle Identifier: com.hollance.PushChat

It is probably best if you choose your own Bundle Identifier here – com.companyName.PushChat – instead of using mine. You will need to set this same bundle ID in your Xcode project.
This certificate is linked with your App ID. Your server can only send push notifications to that particular app, not to any other apps.
After you have made the App ID, it shows up like this in the list:

Click on the Configure link to open the Configure App ID screen.

choose Certificate Signing Request file, “PushChat.certSigningRequest” for the Development Push SSL Certificate.

Download SSL certificate.
Click Done to close the assistant and return to the Configure App ID screen.

As you can see, we have a valid certificate and push is now available for development. The development certificate is only valid for 3 months. When you are ready to release your app, repeat this process for the production certificate. The steps are the same.

Note: The production certificate remains valid for a year, but you want to renew it before the year is over to ensure there is no downtime for your app.

Until now, we have generated three files:

1. Push.certSigningRequest
2. PushChatCert.p12
3. aps_developer.cer

Wednesday, June 8, 2016

Useful commands to debug Android APK

// Install Android Apk
adb install apk

// Check Android devices
adb devices
// Dump Log 
adb logcat > logfile

// Dump Android and API version
adb shell getprop

[]: [4.1.2]   --> Android v 4.1.2
[]: [16           --> API 16 


Sunday, June 5, 2016

How to dump APP ID of an Android APK ?

// Install android-sdk-macosx

 // Edit
vim ~/.profile
export ANDROID_CMD_HOME=/Users/WeiShihHsun/Desktop/cocos2dx/android/android-sdk-macosx/build-tools/23.0.2/

// Relogin

// Dump AppId
aapt dump badging <path-to-apk> | grep package:\ name


Friday, June 3, 2016

Is OAuth secure enough for REST API ?

OAuth protocol is widely used for authorization of logging in users. Some famous social gaming platform companies like Line, Mobage, Gree, and DMM have also adapted this technology to develop their REST API.

You might have a question - is it secure enough to only use OAuth for REST API ?

From my experience, the answer is no.

Even if you adapt OAuth 2.0 to your REST system, your system still could be vulnerable to Man-In-Middle Attack. Because OAuth is based on HTTP protocol, you must set up SSL encryption protocol to assure your message being sent over HTTPS. Otherwise, the hacker can wiretap your communication and retrieve your account and password from wire packets.

In terms of development, it is actually very easy to develop a secure REST API server with high performance using Spring framework. I already created a very simple template at github. You just need to configure some settings and modify API controller files of Java as needed.

The source codes of Secure REST API  Server can be seen here

Thursday, June 2, 2016

How to get Video Info by using Youtube Datat API ?

Get Started

Youtube Data API has provided an HTTP interface to retrieve plenty of counter numbers to record who has seen or voted for your video. You simply send a GET request shown below to youtube and will get all the information related to your video.

GET Request[VIDEO ID]&key=[ API KEY]&fields=items%28id,snippet%28channelTitle,title,thumbnails%29,statistics%29&part=snippet,contentDetails,statistics

VIDEO ID is a unique key to identify the Video.
API KEY   is the key which you must create a service to use Youtube Data API at Google Developer API Console.

How to implement this feature in PHP ?

Send a GET Request to Youtube

 The function below shows how to send a GET request to Youtube by using Youtube Data  API.
function getYoutubeInfo($videoId, $key)
        // Get cURL resource
        $curl = curl_init();
        // Set some options - we are passing in a useragent too here
        curl_setopt_array($curl, array(
            CURLOPT_URL => ''.$videoId.'&key='.$key.'&fields=items(id,snippet(channelTitle,title,thumbnails),statistics)&part=snippet,contentDetails,statistics',
            CURLOPT_USERAGENT => 'Your Agent Name'
        // Send the request & save response to $resp
        $resp = curl_exec($curl);
        $resp = json_decode($resp, true);
                foreach ($resp['items'] as $data)
                    $dataArray = array();
                    $dataArray = $data['snippet'];                                   
                    $tmpArray = $data['statistics'];
                    //  You can get ViewCount, likeCount, and CommentCount here
                    error_log("### get respond viewCount:" . $tmpArray['viewCount']. " likeCount" . $tmpArray['likeCount']. " commentCount:" .$tmpArray['commentCount']);               
                    //  You can get the image url of your video
                    return $dataArray['thumbnails'];

        // Close request to clear up some resources