The binding stores the retrieved certificate in {OPENHAB}/userdata/tmp/fmipmobile.crt
HereĀ“s the certificate my binding currently uses.
And it was changed just 5 minutes after the first refresh from installing the new snapshot build.
2020-01-30 12:44:35.203 [WARN ] [l.handler.ICloudAccountBridgeHandler] - SSL exception during handshake, attempting to refresh certificate automatically
2020-01-30 12:49:36.897 [WARN ] [l.handler.ICloudAccountBridgeHandler] - SSL exception during handshake, attempting to refresh certificate automatically
Certificate
-----BEGIN CERTIFICATE-----
MIILDzCCCrWgAwIBAgIQCbtT8cg8DnLTcl9QKkPMxDAKBggqhkjOPQQDAjB1MSkw
JwYDVQQDDCBBcHBsZSBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0EgMjEmMCQGA1UE
CwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxl
IEluYy4xCzAJBgNVBAYTAlVTMB4XDTIwMDEyMjA0NDgxM1oXDTIxMDIyMDA0NTgw
MFowVzEeMBwGA1UEAwwVZm1pcG1vYmlsZS5pY2xvdWQuY29tMRMwEQYDVQQKDApB
cHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABGfXqj1evZh0qIQI8B9hitAmtjlkxs/4MzW0
y2EQ5Hh2mRW0lWhBL8IAmAuJ/fKDGpTBh7XTf5kUAkdHxkPvAvOjgglDMIIJPzAM
BgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNEx0cpREQ/NyZu1M9q3zr5WhDU7MEsG
CCsGAQUFBwEBBD8wPTA7BggrBgEFBQcwAYYvaHR0cDovL29jc3AuYXBwbGUuY29t
L29jc3AwMy1hcHBsZXNlcnZlcmF1dGgyMDIwgggqBgNVHREEggghMIIIHYIZcDIx
LWZtaXBtb2JpbGUuaWNsb3VkLmNvbYIZcDAzLWZtaXBtb2JpbGUuaWNsb3VkLmNv
bYIZcDM1LWZtaXBtb2JpbGUuaWNsb3VkLmNvbYIZcDUzLWZtaXBtb2JpbGUuaWNs
b3VkLmNvbYIZcDk4LWZtaXBtb2JpbGUuaWNsb3VkLmNvbYIZcDQ5LWZtaXBtb2Jp
bGUuaWNsb3VkLmNvbYIZcDI0LWZtaXBtb2JpbGUuaWNsb3VkLmNvbYIZcDY3LWZt
aXBtb2JpbGUuaWNsb3VkLmNvbYIZcDIyLWZtaXBtb2JpbGUuaWNsb3VkLmNvbYIZ
cDA0LWZtaXBtb2JpbGUuaWNsb3VkLmNvbYIZcDM2LWZtaXBtb2JpbGUuaWNsb3Vk
LmNvbYIZcDU0LWZtaXBtb2JpbGUuaWNsb3VkLmNvbYIacDIwMS1mbWlwbW9iaWxl
LmljbG91ZC5jb22CGXAyNS1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA2OC1mbWlw
bW9iaWxlLmljbG91ZC5jb22CGXA3MC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAw
NS1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAzNy1mbWlwbW9iaWxlLmljbG91ZC5j
b22CGXAxNi1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA1NS1mbWlwbW9iaWxlLmlj
bG91ZC5jb22CGnAyMDItZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMjYtZm1pcG1v
YmlsZS5pY2xvdWQuY29tghlwNjktZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNzEt
Zm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMTEtZm1pcG1vYmlsZS5pY2xvdWQuY29t
ghlwMDYtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNTYtZm1pcG1vYmlsZS5pY2xv
dWQuY29tghlwMzgtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMTctZm1pcG1vYmls
ZS5pY2xvdWQuY29tghlwMjctZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNzItZm1p
cG1vYmlsZS5pY2xvdWQuY29tghlwMTItZm1pcG1vYmlsZS5pY2xvdWQuY29tghlw
MDctZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNDAtZm1pcG1vYmlsZS5pY2xvdWQu
Y29tghlwNTctZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMzktZm1pcG1vYmlsZS5p
Y2xvdWQuY29tghlwMTgtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMjgtZm1pcG1v
YmlsZS5pY2xvdWQuY29tghlwOTctZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMTMt
Zm1pcG1vYmlsZS5pY2xvdWQuY29tghVmbWlwbW9iaWxlLmljbG91ZC5jb22CGXA0
MS1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAzMC1mbWlwbW9iaWxlLmljbG91ZC5j
b22CGXA1OC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAxOS1mbWlwbW9iaWxlLmlj
bG91ZC5jb22CGXAyOS1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAxNC1mbWlwbW9i
aWxlLmljbG91ZC5jb22CGXA0Mi1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAzMS1m
bWlwbW9iaWxlLmljbG91ZC5jb22CGXA1OS1mbWlwbW9iaWxlLmljbG91ZC5jb22C
GXA2MC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAxNS1mbWlwbW9iaWxlLmljbG91
ZC5jb22CGXA0My1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAzMi1mbWlwbW9iaWxl
LmljbG91ZC5jb22CGXA2MS1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAzMy1mbWlw
bW9iaWxlLmljbG91ZC5jb22CGXA0NC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAw
OC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA2Mi1mbWlwbW9iaWxlLmljbG91ZC5j
b22CGXAwMS1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA0NS1mbWlwbW9iaWxlLmlj
bG91ZC5jb22CGXAwOS1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA2My1mbWlwbW9i
aWxlLmljbG91ZC5jb22CGXAxMC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA1MC1m
bWlwbW9iaWxlLmljbG91ZC5jb22CGXA0Ni1mbWlwbW9iaWxlLmljbG91ZC5jb22C
GXA2NC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA1MS1mbWlwbW9iaWxlLmljbG91
ZC5jb22CGXA0Ny1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA2NS1mbWlwbW9iaWxl
LmljbG91ZC5jb22CGXAyMC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAwMi1mbWlw
bW9iaWxlLmljbG91ZC5jb22CGXAzNC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA1
Mi1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA0OC1mbWlwbW9iaWxlLmljbG91ZC5j
b22CGXAyMy1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA2Ni1mbWlwbW9iaWxlLmlj
bG91ZC5jb20wEwYDVR0lBAwwCgYIKwYBBQUHAwEwPAYDVR0fBDUwMzAxoC+gLYYr
aHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVzZXJ2ZXJhdXRoY2EyLmNybDAdBgNV
HQ4EFgQUQ5lFGXpSCGVQzNKPl9egBpLIMS4wDgYDVR0PAQH/BAQDAgOIMBEGCyqG
SIb3Y2QGGwYCBAIFADAKBggqhkjOPQQDAgNIADBFAiBFm1E+sYBFOPxDeyhPCIXf
0b3Ci0sY9A/vCR1xzp+w7QIhAMcrhwhNsVeMAVArp0IxOJ2sS5DUoN4N4hL2KX0M
68/Z
-----END CERTIFICATE-----
The certificate you posted seems to match the one that @rkrisi added last. If you increase the logging level, you should see it reporting errors when connecting. I did notice going back through the code though, that it updates the certificate on any IOException, not just an SSLHandshakeException. This means that it could be updating the certificate unintended when the server is unavailable. Iāll update this in code, thanks for giving me a hint!
Edit: hmm I remember now, the reason I put in the IOException is because the SSLHandshakeException is buried 3 layers deep in the IOException. Let me think about this for a whileā¦
1 Like
I updated the code so that it should only update the certificate on SSLHanshakeException occurring. Can you check with this snapshot? https://drive.google.com/file/d/1z_lb-4CSEOhnan3wi8nym1pZepjnXAGU/view?usp=sharing
Update: this has been removed for security reasons
Installed and log switched to TRACE letĀ“s see if and what happens.
Thanks!
Edit:
New errors 
2020-01-30 15:34:30.721 [WARN ] [l.handler.ICloudAccountBridgeHandler] - Unable to refresh device data
java.io.IOException: java.util.concurrent.ExecutionException: java.io.EOFException: HttpConnectionOverHTTP@1d25e1c::DecryptedEndPoint@d53cd1{fmipmobile.icloud.com/17.248.177.165:443<->/192.168.2.10:36696,CLOSED,fill=-,flush=C,to=3/0}
at org.openhab.binding.icloud.internal.ICloudConnection.callApi(ICloudConnection.java:89) ~[?:?]
at org.openhab.binding.icloud.internal.ICloudConnection.requestDeviceStatusJSON(ICloudConnection.java:70) ~[?:?]
at org.openhab.binding.icloud.internal.handler.ICloudAccountBridgeHandler.requestStatus(ICloudAccountBridgeHandler.java:109) ~[?:?]
at org.openhab.binding.icloud.internal.handler.ICloudAccountBridgeHandler.lambda$0(ICloudAccountBridgeHandler.java:100) ~[?:?]
at org.openhab.binding.icloud.internal.handler.ICloudAccountBridgeHandler.refreshData(ICloudAccountBridgeHandler.java:196) ~[?:?]
Caused by: java.util.concurrent.ExecutionException: java.io.EOFException: HttpConnectionOverHTTP@1d25e1c::DecryptedEndPoint@d53cd1{fmipmobile.icloud.com/17.248.177.165:443<->/192.168.2.10:36696,CLOSED,fill=-,flush=C,to=3/0}
Caused by: java.io.EOFException: HttpConnectionOverHTTP@1d25e1c::DecryptedEndPoint@d53cd1{fmipmobile.icloud.com/17.248.177.165:443<->/192.168.2.10:36696,CLOSED,fill=-,flush=C,to=3/0}
2020-01-30 15:34:30.743 [hingStatusInfoChangedEvent] - 'icloud:account:openHAB' changed from ONLINE to OFFLINE (COMMUNICATION_ERROR): java.util.concurrent.ExecutionException: java.io.EOFException: HttpConnectionOverHTTP@1d25e1c::DecryptedEndPoint@d53cd1{fmipmobile.icloud.com/17.248.177.165:443<->/192.168.2.10:36696,CLOSED,fill=-,flush=C,to=3/0}
1 Like
Ok itĀ“s still throwing errorsā¦
2020-01-30 16:34:45.738 [WARN ] [l.handler.ICloudAccountBridgeHandler] - Unable to refresh device data
java.io.IOException: java.util.concurrent.ExecutionException: java.io.EOFException: HttpConnectionOverHTTP@1515a76::DecryptedEndPoint@1acfe75{fmipmobile.icloud.com/17.248.146.205:443<->/192.168.2.10:34916,CLOSED,fill=-,flush=C,to=1/0}
at org.eclipse.smarthome.io.net.http.HttpUtil.executeUrlAndGetReponse(HttpUtil.java:259) ~[?:?]
at org.eclipse.smarthome.io.net.http.HttpUtil.executeUrl(HttpUtil.java:156) ~[?:?]
at org.eclipse.smarthome.io.net.http.HttpUtil.executeUrl(HttpUtil.java:131) ~[?:?]
at org.eclipse.smarthome.io.net.http.HttpRequestBuilder.getContentAsString(HttpRequestBuilder.java:135) ~[?:?]
at org.openhab.binding.icloud.internal.ICloudConnection.callApi(ICloudConnection.java:89) ~[?:?]
at org.openhab.binding.icloud.internal.ICloudConnection.requestDeviceStatusJSON(ICloudConnection.java:70) ~[?:?]
at org.openhab.binding.icloud.internal.handler.ICloudAccountBridgeHandler.requestStatus(ICloudAccountBridgeHandler.java:109) ~[?:?]
at org.openhab.binding.icloud.internal.handler.ICloudAccountBridgeHandler.lambda$0(ICloudAccountBridgeHandler.java:100) ~[?:?]
at org.eclipse.smarthome.core.cache.ExpiringCache.refreshValue(ExpiringCache.java:101) ~[?:?]
at org.eclipse.smarthome.core.cache.ExpiringCache.getValue(ExpiringCache.java:72) ~[?:?]
at org.openhab.binding.icloud.internal.handler.ICloudAccountBridgeHandler.refreshData(ICloudAccountBridgeHandler.java:196) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_222]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [?:1.8.0_222]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_222]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [?:1.8.0_222]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_222]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_222]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_222]
Caused by: java.util.concurrent.ExecutionException: java.io.EOFException: HttpConnectionOverHTTP@1515a76::DecryptedEndPoint@1acfe75{fmipmobile.icloud.com/17.248.146.205:443<->/192.168.2.10:34916,CLOSED,fill=-,flush=C,to=1/0}
at org.eclipse.jetty.client.util.FutureResponseListener.getResult(FutureResponseListener.java:118) ~[?:?]
at org.eclipse.jetty.client.util.FutureResponseListener.get(FutureResponseListener.java:101) ~[?:?]
at org.eclipse.jetty.client.HttpRequest.send(HttpRequest.java:685) ~[?:?]
at org.eclipse.smarthome.io.net.http.HttpUtil.executeUrlAndGetReponse(HttpUtil.java:250) ~[?:?]
... 17 more
Caused by: java.io.EOFException: HttpConnectionOverHTTP@1515a76::DecryptedEndPoint@1acfe75{fmipmobile.icloud.com/17.248.146.205:443<->/192.168.2.10:34916,CLOSED,fill=-,flush=C,to=1/0}
at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.earlyEOF(HttpReceiverOverHTTP.java:335) ~[?:?]
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:1526) ~[?:?]
at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.shutdown(HttpReceiverOverHTTP.java:209) ~[?:?]
at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:147) ~[?:?]
at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:73) ~[?:?]
at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:133) ~[?:?]
at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:154) ~[?:?]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[?:?]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) ~[?:?]
at org.eclipse.jetty.io.ssl.SslConnection$1.run(SslConnection.java:143) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918) ~[?:?]
... 1 more
==> /var/log/openhab2/events.log <==
2020-01-30 16:34:45.790 [hingStatusInfoChangedEvent] - 'icloud:account:openHAB' changed from ONLINE to OFFLINE (COMMUNICATION_ERROR): java.util.concurrent.ExecutionException: java.io.EOFException: HttpConnectionOverHTTP@1515a76::DecryptedEndPoint@1acfe75{fmipmobile.icloud.com/17.248.146.205:443<->/192.168.2.10:34916,CLOSED,fill=-,flush=C,to=1/0}
Yeah thatās not a certificate problem I believe. Can you let me know if itās able to recover over time?
Yes itĀ“s recovering after some minutes.
The downtime is mostly no longer than 5 minutes.
I didnĀ“t had this issues before.
If itās occurring regularly, can you check to see if you have the same error with @rkrisi his snapshot? I donāt believe this is related to my change to be honest
The behavior started with the snapshot builds to address the current certificate problems.
With the latest binding before 20.January i had no problems with repeating downtimes.
My iCloud account is configured with refreshTimeInMinutes=5
Hmm thanks for the update, Iāll investigate. If anybody has more insights on this (@rkrisi?) please shout
Saw crazy thing in PaperUi today: I have got iCloud Binding two times.
Under Configuration: iCloud Binding icloud Partrik Gfeller ==> So this one is installed
Under Bindings: icloud (all lower case) to Install
Are there two? Or is there a small mistake in Snapshot?
How to deinstall iCloud Binding now to test your actual Snapshot?
[18:58:46] openhabian@openHAB4:~$ java -version
openjdk version "1.8.0_222"
OpenJDK Runtime Environment (Zulu8.40.0.178-CA-linux_aarch32hf) (build 1.8.0_222-b178)
OpenJDK Client VM (Zulu8.40.0.178-CA-linux_aarch32hf) (build 25.222-b178, mixed mode, Evaluation)
Remove the old one.
I donāt know it seems working for me. However during the night it also stopped for me once and it didnāt recovered. I will see the logs what happened there and why these errors pop up to usersā¦
I think this is not related to the binding and the new changes. I got this error every time. Sometimes more sometimes less. Basically this API sometimes donāt respond thatās why this happens.
@Hawkeye I think a solution for this might be that the binding should retry in case of errors like this, right after when this error happens. Right now you have to wait refreshTime to try againā¦
Actually, Iām suspicious if it has something to do with concurrent access corrupting the non-thread safe HttpConnection. Iām willing to investigate a bit more when I have the time (bit busy atm), but it may be better to do this under a separate pull request.
Works for me.
Thanks!
It might be. I canāt remember that clearly but when I did the previous fix (when a html object was returned instead of the json - which indicated that the server canāt respond) I also saw that sometimes the connection times outā¦ I increased the timeout a little bit, but that didnāt helped so I also might think that just Apple limits the resources to this API - I think this might be used by other 3rd parties - which not in āpartnershipā with Apple.