XMPP isssue with talk.google.com connection

Hi,
I tried to configure XMPP action and I've stuck with below issue. Therefore I would ask for your help to deal with it.

My configuration is:
xmpp:servername=talk.google.com
xmpp:port=5222
xmpp:securitymode=required
# You need this "tlspin" if openhab cannot verify the certificat from the google server
xmpp:tlspin=CERTSHA256:9e670d6624fc0c451d8d8e3efa81d4d8246ff9354800de09b549700e8d2a730a
xmpp:proxy=gmail.com
xmpp:username=xxx.xxx@gmail.com
xmpp:password=xxx
#xmpp:chatroom=
# you may need to add the cryptic talk.google.com address of your private google account to the allowed users
# check you openhab.log to found the address after you send something via hangout to your openhab account
xmpp:consoleusers=yyy@gmail.com,zzz@gmail.com

When openhab starts I get this:
2015-12-25 21:47:03.549 [INFO ] [c.internal.ModelRepositoryImpl] - Loading model 'xmpp.rules'
2015-12-25 21:47:06.351 [WARN ] [o.j.smack.tcp.PacketWriter    ] - Exception writing closing stream element
java.net.SocketException: Socket closed
        at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:116) ~[na:1.8.0]
        at java.net.SocketOutputStream.write(SocketOutputStream.java:153) ~[na:1.8.0]
        at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221) ~[na:1.8.0]
        at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291) ~[na:1.8.0]
        at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295) ~[na:1.8.0]
        at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141) ~[na:1.8.0]
        at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229) ~[na:1.8.0]
        at java.io.BufferedWriter.flush(BufferedWriter.java:254) ~[na:1.8.0]
        at org.jivesoftware.smack.tcp.PacketWriter.writePackets(PacketWriter.java:190) [smack-tcp-4.0.6.jar:4.0.6]
        at org.jivesoftware.smack.tcp.PacketWriter.access$000(PacketWriter.java:40) [smack-tcp-4.0.6.jar:4.0.6]
        at org.jivesoftware.smack.tcp.PacketWriter$1.run(PacketWriter.java:77) [smack-tcp-4.0.6.jar:4.0.6]
2015-12-25 21:47:06.351 [ERROR] [tion.xmpp.internal.XMPPConnect] - Could not establish connection to XMPP server 'talk.google.com:5222': java.security.cert.CertificateException: Certificate not pinned. Use 'CERTPLAIN:308204833082036ba00302010202084451ceb46eb417cd300d06092a864886f70d01010b05003049310b300906035504061302555331133011060355040a130a476f6f676c6520496e63312530230603550403131c476f6f676c6520496e7465726e657420417574686f72697479204732301e170d3135313231303137343433355a170d3136303330393030303030305a3063310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d4d6f756e7461696e205669657731133011060355040a0c0a476f6f676c6520496e633112301006035504030c09676d61696c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101008ac65b217d931e1191b8fdbc2f286dff82d05694b02784be0418bf48fee6c94755e19ccabadfa6693eeb5cbd208a0974398fe6a5017fa696da45dc7395b296938976c29c46255e91ec5ec35143620fe229af5e3ff766268257ce3e9acb36f585bebf5bb4039579c63f09b30947ecfe769eab4ba4c3da1644345475ae70e593efc034b15a72627b2925dd3aa43cf0488a191c0f484bb353e792013d14604d40c3eb6832dd60aacc6c1a99935a0c95aa736a5fad08f3762daf544563ddc125ca2c3f52cdd244106a55f35bb0e0c0f29e535ee57312fefd42e9a6f4edf3dbd23ed2fc876441c63bb99c6ef714ec1f55117a4904d7eb09b428a3d6d5a3b856f77fbb0203010001a38201533082014f301d0603551d250416301406082b0601050507030106082b0601050507030230210603551d11041a30188209676d61696c2e636f6d820b2a2e676d61696c2e636f6d306806082b06010505070101045c305a302b06082b06010505073002861f687474703a2f2f706b692e676f6f676c652e636f6d2f47494147322e637274302b06082b06010505073001861f687474703a2f2f636c69656e7473312e676f6f676c652e636f6d2f6f637370301d0603551d0e04160414032269556dc3dc67f2d13e49003df570c72da660300c0603551d130101ff04023000301f0603551d230418301680144add06161bbcf668b576f581b6bb621aba5a812f30210603551d20041a3018300c060a2b06010401d6790205013008060667810c01020230300603551d1f042930273025a023a021861f687474703a2f2f706b692e676f6f676c652e636f6d2f47494147322e63726c300d06092a864886f70d01010b05000382010100495f121d3aa03b43ddc8e9a808a628ef2f300f2b3c3eb81a8e69da242bf1e404e15f08b4a784c85a5ea468d42fe63aae4b5e8a3cfdb6b430bafad06bfa68e33acb1139455af21646fec2bafaadcc1368542b9f06a6eacaed3846c9ed7f5da27a16838aa127cb11c7c259ad0866fab03ac66c4218b6579a4aa60da366f7ea9b0c8f668925cdf215ac1a8a1d9d0a6e017b37251fc1427cee2b91665993b8a26554fff1270c4dfdff5867c37eec4dedb17f2bf48744670a8648a9c9a0ba80896b42b1ace2473a20773e6f0190e7bccb2116d6559f37b631a0a0b147fa7e9c31a18dc76d702f6fedad39ec240e9bbb12a9dcb3b0b6899cc254885656bb712ee5a8fd' to pin this certificate. But only pin the certificate if you are sure this is the correct certificate!
2015-12-25 21:47:06.616 [WARN ] [nhab.action.xmpp.internal.XMPP] - Could not send XMPP message as connection is not correctly initialized!
2015-12-25 21:47:06.622 [WARN ] [esoftware.smack.XMPPConnection] - Connection closed with error
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not pinned. Use 'CERTPLAIN:308204833082036ba00302010202084451ceb46eb417cd300d06092a864886f70d01010b05003049310b300906035504061302555331133011060355040a130a476f6f676c6520496e63312530230603550403131c476f6f676c6520496e7465726e657420417574686f72697479204732301e170d3135313231303137343433355a170d3136303330393030303030305a3063310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d4d6f756e7461696e205669657731133011060355040a0c0a476f6f676c6520496e633112301006035504030c09676d61696c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101008ac65b217d931e1191b8fdbc2f286dff82d05694b02784be0418bf48fee6c94755e19ccabadfa6693eeb5cbd208a0974398fe6a5017fa696da45dc7395b296938976c29c46255e91ec5ec35143620fe229af5e3ff766268257ce3e9acb36f585bebf5bb4039579c63f09b30947ecfe769eab4ba4c3da1644345475ae70e593efc034b15a72627b2925dd3aa43cf0488a191c0f484bb353e792013d14604d40c3eb6832dd60aacc6c1a99935a0c95aa736a5fad08f3762daf544563ddc125ca2c3f52cdd244106a55f35bb0e0c0f29e535ee57312fefd42e9a6f4edf3dbd23ed2fc876441c63bb99c6ef714ec1f55117a4904d7eb09b428a3d6d5a3b856f77fbb0203010001a38201533082014f301d0603551d250416301406082b0601050507030106082b0601050507030230210603551d11041a30188209676d61696c2e636f6d820b2a2e676d61696c2e636f6d306806082b06010505070101045c305a302b06082b06010505073002861f687474703a2f2f706b692e676f6f676c652e636f6d2f47494147322e637274302b06082b06010505073001861f687474703a2f2f636c69656e7473312e676f6f676c652e636f6d2f6f637370301d0603551d0e04160414032269556dc3dc67f2d13e49003df570c72da660300c0603551d130101ff04023000301f0603551d230418301680144add06161bbcf668b576f581b6bb621aba5a812f30210603551d20041a3018300c060a2b06010401d6790205013008060667810c01020230300603551d1f042930273025a023a021861f687474703a2f2f706b692e676f6f676c652e636f6d2f47494147322e63726c300d06092a864886f70d01010b05000382010100495f121d3aa03b43ddc8e9a808a628ef2f300f2b3c3eb81a8e69da242bf1e404e15f08b4a784c85a5ea468d42fe63aae4b5e8a3cfdb6b430bafad06bfa68e33acb1139455af21646fec2bafaadcc1368542b9f06a6eacaed3846c9ed7f5da27a16838aa127cb11c7c259ad0866fab03ac66c4218b6579a4aa60da366f7ea9b0c8f668925cdf215ac1a8a1d9d0a6e017b37251fc1427cee2b91665993b8a26554fff1270c4dfdff5867c37eec4dedb17f2bf48744670a8648a9c9a0ba80896b42b1ace2473a20773e6f0190e7bccb2116d6559f37b631a0a0b147fa7e9c31a18dc76d702f6fedad39ec240e9bbb12a9dcb3b0b6899cc254885656bb712ee5a8fd' to pin this certificate. But only pin the certificate if you are sure this is the correct certificate!
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0]
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917) ~[na:1.8.0]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301) ~[na:1.8.0]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295) ~[na:1.8.0]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1369) ~[na:1.8.0]
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:156) ~[na:1.8.0]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925) ~[na:1.8.0]
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:860) ~[na:1.8.0]
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043) ~[na:1.8.0]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343) ~[na:1.8.0]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371) ~[na:1.8.0]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355) ~[na:1.8.0]
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:658) ~[smack-tcp-4.0.6.jar:4.0.6]
        at org.jivesoftware.smack.tcp.PacketReader.parsePackets(PacketReader.java:233) [smack-tcp-4.0.6.jar:4.0.6]
        at org.jivesoftware.smack.tcp.PacketReader.access$000(PacketReader.java:47) [smack-tcp-4.0.6.jar:4.0.6]
        at org.jivesoftware.smack.tcp.PacketReader$1.run(PacketReader.java:81) [smack-tcp-4.0.6.jar:4.0.6]
Caused by: java.security.cert.CertificateException: Certificate not pinned. Use 'CERTPLAIN:308204833082036ba00302010202084451ceb46eb417cd300d06092a864886f70d01010b05003049310b300906035504061302555331133011060355040a130a476f6f676c6520496e63312530230603550403131c476f6f676c6520496e7465726e657420417574686f72697479204732301e170d3135313231303137343433355a170d3136303330393030303030305a3063310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d4d6f756e7461696e205669657731133011060355040a0c0a476f6f676c6520496e633112301006035504030c09676d61696c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101008ac65b217d931e1191b8fdbc2f286dff82d05694b02784be0418bf48fee6c94755e19ccabadfa6693eeb5cbd208a0974398fe6a5017fa696da45dc7395b296938976c29c46255e91ec5ec35143620fe229af5e3ff766268257ce3e9acb36f585bebf5bb4039579c63f09b30947ecfe769eab4ba4c3da1644345475ae70e593efc034b15a72627b2925dd3aa43cf0488a191c0f484bb353e792013d14604d40c3eb6832dd60aacc6c1a99935a0c95aa736a5fad08f3762daf544563ddc125ca2c3f52cdd244106a55f35bb0e0c0f29e535ee57312fefd42e9a6f4edf3dbd23ed2fc876441c63bb99c6ef714ec1f55117a4904d7eb09b428a3d6d5a3b856f77fbb0203010001a38201533082014f301d0603551d250416301406082b0601050507030106082b0601050507030230210603551d11041a30188209676d61696c2e636f6d820b2a2e676d61696c2e636f6d306806082b06010505070101045c305a302b06082b06010505073002861f687474703a2f2f706b692e676f6f676c652e636f6d2f47494147322e637274302b06082b06010505073001861f687474703a2f2f636c69656e7473312e676f6f676c652e636f6d2f6f637370301d0603551d0e04160414032269556dc3dc67f2d13e49003df570c72da660300c0603551d130101ff04023000301f0603551d230418301680144add06161bbcf668b576f581b6bb621aba5a812f30210603551d20041a3018300c060a2b06010401d6790205013008060667810c01020230300603551d1f042930273025a023a021861f687474703a2f2f706b692e676f6f676c652e636f6d2f47494147322e63726c300d06092a864886f70d01010b05000382010100495f121d3aa03b43ddc8e9a808a628ef2f300f2b3c3eb81a8e69da242bf1e404e15f08b4a784c85a5ea468d42fe63aae4b5e8a3cfdb6b430bafad06bfa68e33acb1139455af21646fec2bafaadcc1368542b9f06a6eacaed3846c9ed7f5da27a16838aa127cb11c7c259ad0866fab03ac66c4218b6579a4aa60da366f7ea9b0c8f668925cdf215ac1a8a1d9d0a6e017b37251fc1427cee2b91665993b8a26554fff1270c4dfdff5867c37eec4dedb17f2bf48744670a8648a9c9a0ba80896b42b1ace2473a20773e6f0190e7bccb2116d6559f37b631a0a0b147fa7e9c31a18dc76d702f6fedad39ec240e9bbb12a9dcb3b0b6899cc254885656bb712ee5a8fd' to pin this certificate. But only pin the certificate if you are sure this is the correct certificate!
        at eu.geekplace.javapinning.PinningTrustManager.checkServerTrusted(PinningTrustManager.java:55) ~[java-pinning-jar-1.0.1.jar:1.0.1]
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:865) ~[na:1.8.0]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1351) ~[na:1.8.0]
        ... 11 common frames omitted
2015-12-25 21:47:08.255 [INFO ] [.o.io.habmin.HABminApplication] - Started HABmin REST API at /services/habmin

If I recall correctly, Google closed the plain XMPP ‘talk’ service. It’s replacement ‘hangouts’ is no longer XMPP.
So you need to find an open Jabber/XMPP service or run your own server (I’ve just setup prosody on my Pi).

This may not be an issue, I still use talk.google.com and only get occasional connection drops.

What seens to be missing in your cfg:

  • the cryptic console users: xxx.@public.talk.google.com (not your gmail adress, but a wired string that you may only find out in the logs when you try to send sth. to the hangouts contact of you OH server)

  • I don’t use the tlspin option at all. when I try - the connection fails. Mybe try and leave it out.

Hi guys, thank you both for reply. This is nice idea mstormi, I would need to check it in the future. However for now I followed bernd_boehm’s advice, removed tlspin line (xmpp:securitymode=required still remains) and it worked, at least connection to talk.google is being established.
But what about this cryptic string? I can find something like xxx@gmail.com/31F293D3 in logs. Do you mean the cryptic string is 31F293D3? If I take this string, then make 31F293D3@public.talk.google.com and add to the openhab.cfg line xmpp:consoleusers=31F293D3@public.talk.google.com , is it what you meant? I’m not sure, since this key changes when I restart openhab…

Another thing.
I have a simple rule which sends information to me when openhab starts, but it doesn’t work when system starts, however it works when I reload the rule. For the first run, when system starts, I get this:

2015-12-28 10:12:49.782 [INFO ] [c.internal.ModelRepositoryImpl] - Loading model ‘xmpp.rules’
2015-12-28 10:12:49.783 [INFO ] [t.protocol.internal.TCPBinding] - The characterset will be set to the default vaulue of ASCII
2015-12-28 10:12:51.379 [ERROR] [m.r.internal.engine.RuleEngine] - Error during the execution of startup rule ‘xmpp’: Could not invoke method: org.openhab.action.xmpp.internal.XMPP.sendXMPP(java.lang.String,java.lang.String) on instance: yyy@gmail.com
2015-12-28 10:12:55.362 [INFO ] [tion.xmpp.internal.XMPPConnect] - Connection to XMPP as ‘xxx@gmail.com/31F293D3’ has been established. Is secure/encrypted: true
2015-12-28 10:12:55.484 [WARN ] [j.smack.util.PacketParserUtils] - Failed to parse extension packet in Presence packet.

and the rule is like below:

rule “xmpp”
when
System started
then
sendXMPP("yyy@gmail.com", “OpenHAB has just started!”)
end

OK. I found the cryptic string, after I send message to openhab. In openhab.log it looks like below:
2015-12-28 19:51:52.373 [WARN ] [tion.xmpp.internal.XMPPConsole] - Received chat request from the unknown user ‘abcdefghijklmnopqrstuvwxyz@public.talk.google.com’. So the cryptic string in my case was 26 characters/digits before @.

However the rule still doesn’t execute when openhab starts.

Cheers

Indeed this is what I meant.
Wired thing is: since a couple of days my communication keeps failing…
I try and send sth. to my OH account and I get as a response the available options instead of e.g. the status of an item.
Also sending messages via the binding doesn’t work anymore.

Though I have enriched the logback.xml with additional log info for the xmpp action, I still don’t see any errors in the log.

Btw. did you change your rule to :

sendXMPP("abcdefghijklmnopqrstuvwxyz@public.talk.google.com", “OpenHAB has just started!”)?

Is the log entry the same? can you send messages from your OH hangouts account to your private account?

When openhab starts I get:
2016-01-01 21:32:20.285 [INFO ] [tion.xmpp.internal.XMPPConnect] - Connection to XMPP as ‘xxxx@gmail.com/4CB4D4D3’ has been established. Is secure/encrypted: true

Yes, I can send messages from my OH to any private account. Also openhab account respond to commands e.g. “say”. However if I use server start event with rule it doesn’t work for the first time for some reason. If I refresh rule it work with no issues. Any idea how to trace what cause it?

If the log entry did not change in the order of events - than the connection to the google server is not established (yet) when the rule is triggered. So the sendxmpp fails.
You can do one thing here: first: also add a log entry in the rule:
logInfo(“xmpp”,“Server started”)
this way you know exactly when the rule is triggered.

Second delay the sendxmpp command. (so that the binding is up and running when you send the message)
Thread::sleep(100) //in ms adapt the time to your needs

Funny thing:

As I mentioned I recently had problems to get messages via hangouts from my OH account. I’ve just spent some time debugging and discovered that I now need to use my regular gmail address instead of this cryptic 26 character string@public.talk.google.com

This happened on the 23.12.15 - dunno if there was sth. changed in hangouts internally…

‘hangouts’ still is XMPP based, but now with some proprietary extensions. So ‘something’ may still work, and you may figure out how to get it working, but that already can become a pain ( I believe you start noticing for yourself …).
Also, Google won’t document what they change and won’t notify you, so even if you get it to work, you’ll never know how long that state will last. That’s why I strongly suggest to bite the bullet now and move off Google asap.
I myself should have done that much earlier, too. In the end, to set up my own server was just 1 hour of work. Well, make it 3 or 4 if count the search for alternatives including a plain XMPP Android client.
No issues, and no more dependencies on others since.

Hi all,
It was a long time since the last update for this thread, but i set up XMPP now for OH2.4 to use with google hangout.
I think hangout is very powerfull et very underestimated.
Anyway, i am able to send messages, but at the instantiation i have WARN logs that are annoying me :

  • [WARN ] [oftware.smack.util.PacketParserUtils] - Failed to parse extension packet in Presence packet
  • [WARN ] [oftware.smack.util.PacketParserUtils] - Failed to parse extension packet in Presence packet
  • [WARN ] [oftware.smack.util.PacketParserUtils] - Failed to parse extension packet in Presence packet
  • [WARN ] [oftware.smack.util.PacketParserUtils] - Failed to parse extension packet in Presence packet

(yes, 4 times)
Does anyone has successfully installed and used this action without these warnings ?

Hi,
No, I’m still getting “packet in Presence” warnings.
I’ve noticed another issue what cause a mess in my logs:

2020-01-23 22:03:18.798 [WARN ] [rg.jivesoftware.smack.XMPPConnection] - Connection closed with error

java.io.EOFException: no more data available - expected end tag </stream:stream> to close start tag stream:stream from line 1, parser stopped on END_TAG seen …</stream:features>… @1:335

at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:3035) ~[242:org.openhab.action.xmpp:1.14.0.201910150438]

at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046) ~[242:org.openhab.action.xmpp:1.14.0.201910150438]

at org.xmlpull.mxp1.MXParser.nextImpl(MXParser.java:1144) ~[242:org.openhab.action.xmpp:1.14.0.201910150438]

at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093) ~[242:org.openhab.action.xmpp:1.14.0.201910150438]

at org.jivesoftware.smack.tcp.PacketReader.parsePackets(PacketReader.java:291) [242:org.openhab.action.xmpp:1.14.0.201910150438]

at org.jivesoftware.smack.tcp.PacketReader.access$000(PacketReader.java:47) [242:org.openhab.action.xmpp:1.14.0.201910150438]

at org.jivesoftware.smack.tcp.PacketReader$1.run(PacketReader.java:81) [242:org.openhab.action.xmpp:1.14.0.201910150438]

2020-01-23 22:03:20.974 [WARN ] [.jivesoftware.smack.tcp.PacketWriter] - Exception writing closing stream element

java.net.SocketException: Connection closed by remote host

at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1547) ~[?:?]

at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:71) ~[?:?]

at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221) ~[?:?]

at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291) ~[?:?]

at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295) ~[?:?]

at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141) ~[?:?]

at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229) ~[?:?]

at java.io.BufferedWriter.flush(BufferedWriter.java:254) ~[?:?]

at org.jivesoftware.smack.tcp.PacketWriter.writePackets(PacketWriter.java:190) [242:org.openhab.action.xmpp:1.14.0.201910150438]

at org.jivesoftware.smack.tcp.PacketWriter.access$000(PacketWriter.java:40) [242:org.openhab.action.xmpp:1.14.0.201910150438]

at org.jivesoftware.smack.tcp.PacketWriter$1.run(PacketWriter.java:77) [242:org.openhab.action.xmpp:1.14.0.201910150438]

These warnings can appear even for hours every few seconds. Sometimes I have to restart Openhab to stop it. Anyone has noticed such behavior?