can't add to passbook???????? about jpasskit HOT 20 CLOSED

@juminoz You beautiful person!!! I have been struggling with this for almost 3 weeks now! DON'T US THE 2030 ONE!!!!!

from jpasskit.

@juminoz Did you manage to find a workaround for that?

Yes, don't use Apple certificate for 2030. Use the 2023 one. That was the issue.

from jpasskit.

my openssl is:
1.openssl pkcs12 -in Certificates.p12 -clcerts -nokeys -out passcertificate.pem -passin pass:123456
2.openssl pkcs12 -in Certificates.p12 -nocerts -out passkey.pem -passin pass:123456 -passout pass:123456
3.openssl smime -binary -sign -certfile WWDR.pem -signer passcertificate.pem -inkey passkey.pem -in manifest.json -out signature -outform DER -passin pass:12345

from jpasskit.

Is is possible to get one of the passes, that were created by jPasskit? Also, a few details on how you've implemented it would help.

from jpasskit.

Hi,
I am trying to use the library and I have the same problem. In details I am using the API PKSigningUtil.loadSigningInformationFromPKCS12FileAndIntermediateCertificateFile(
keystorePath, KEYSTORE_PASSWORD, appleCertPath);

I assume appleCertPath to be the file AppleWWDRCA.cer.
I don't understand how I can generate the keystore given that I have:

• the certificate pass.cer
• the private and public key
  generated from the Apple portal on the passbook section.

Can you provide some hints?

Thanks

from jpasskit.

hi fxuser my problem is Solve。what problem with you?

from jpasskit.

The keyStore file is simply the PKCS12 (.p12) file, you've hopefully exported from your keychain, containing your certificate and private key. It should also be password protected.

Hope that helps :)

from jpasskit.

Thanks. Solved.

The problem was the export of the PKCS12 file. If you do from the wrong place, it only exports the private key without the certificate.

from jpasskit.

:)

from jpasskit.

how to solve the problem of the certificates? which files was used and how its implementation.

from jpasskit.

Hi , Thanks for the code . I successfully created the .pkpass and its opens in simulator .
The issue now is , its not adding to the passbook .Getting the same error mentioned above :The passTypeIdentifier or teamIdentifier provided may not match your certificate, or the certificate trust chain could not be verified

Converted my .cer to p12 - steps follow in the below link:
http://help.adobe.com/en_US/air/build/WS5b3ccc516d4fbf351e63e3d118666ade46-7ff0.html#WSfffb011ac560372f284e44b012cd1e700c0-8000

Not sure where i am going wrong .

Thanks in Advance,
Dinesh

from jpasskit.

Hi , The problem solved . As mentioned the p12 should be exported from right place. It should be exported from the machine who had create the pass .

This code rocks . Thanks!

from jpasskit.

Glad you could solve it :)

Right now, I'm thinking about a small guide how to set everything up. Maybe even a short screencast.

from jpasskit.

Gentlemen,

I'd like to share my experience of setting up jpasskit and specifically cert/key portion of it.
Obviously its a great library that implements all necessary operations so you don't need to juggle with keys and certs or implement zipping routines.
Thank you for creating this software!

Howevery i still have an issue with importing my generated passports into iPhone with iOS 6.X installed even though the Android clones accepting the passports. Here is what i had to do in order to get it working to that point.

1. I had to generate new type of ceritificat request for Apply developer site.
2. Created pass ceriticate from provision center and this requires administrative permissions in the organzation.
3. Specified Organization Unit, User ID, and passport group identifier with pass.* prefix
4. Downloaded (as usual) the new type of certificate (file named pass.cer)
5. Imported via Keychain Access to my login keychain
6. IMPORTANT: Now i opened it in Keys section and exported containing element (private key) which also has nested element (certificate). IS THIS CORRECT STEP?
7. This created password protected p12 keystore with private key and cert (hopefully!)
8. I put this Certificates.p12 together with AppleWWDRCA.cer into recognizable paths
9. JPasskit opens those storage/certs, properly loads them into X509 objects, etc.
10. So finally .pkpass is created with signature file and SHA1 signatures are OK in manifest.json (using openssl tool). No exceptions, no errors.
11. Now it DOSE NOT work on iPhone with iOS6 for some reason!

So i verified that appropriate MIME type is set for the attachement. As i said i verified that SHA1 is good. I verified that ZIP can be expanded and all files are there.
Finally i'm stuck at this point because most likely the generated signature file is invalid and i have no idea how to trace the issue.
Do you have any ideas where do i get PUBLIC key for the pass.cer??? Can i validate like: openssl dgst -signature signature -verify PublicKey.cer

Thanks for ANY help in advance!

UPDATED:
Finally extracted public key in DER format like:
openssl x509 -pubkey -noout -in key.der > public-key.der

Is it correct way to verify pkpass like this:
openssl dgst -signature signature -verify public-key.der Passport.pkpass
This returns: "Verification Failure"

UPDATE:
Ok so i figured that out. Very stupid thing: signature was always OK, but i missed to put icon.png and [email protected]. Now it work.

thanks again for creating this cool stuff!

from jpasskit.

@topgun Thanks for sharing your experience, I've had the same problem. I did lots of research why my pass not working on IOS, when I found your comment.

@drallgood Maybe you can add this little detail to your tutorial, because I haven't find any information about this, that without icon the pass won't work.

from jpasskit.

I'm running into an issue where if I use the same pass.cer to sign the pass using the signpass app from Apple, it works fine and I'm able to open it up on my iPhone X and also the simulator. However, when I do it through jpasskit, I'm getting the same error mentioned above. The original private key was generated on a different laptop, but since I could sign using the signpass app, I didn't think it matters. Any idea on why this would happen?

Error evaluating trust. Status: 0 ResultType: 0 Description: [leaf AnchorApple ChainLength IntermediateMarkerOid MissingIntermediate] - "Pass Type ID: pass.com.xyretail.pop" certificates do not meet pinning requirements.
cert[0]: IntermediateMarkerOid =(path)[force]> 0
Signature validation: *** FAILED ***
Invalid data error reading pass pass.com.xyretail.pop/3eb3a26d-ace6-41fd-b836-80c9228d2428. The passTypeIdentifier or teamIdentifier provided may not match your certificate, or the certificate trust chain could not be verified.
error 10:52:08.173882-0400 Passbook Failed to add pass: 'file:///Users/aaa/Downloads/415d8add-cb17-495f-a5e4-c2e03c64d24d.pkpass' Error Domain=PKPassKitErrorDomain Code=1 "The pass cannot be read because it isn’t valid." UserInfo={NSLocalizedDescription=The pass cannot be read because it isn’t valid., NSUnderlyingError=0x600000e53600 {Error Domain=PKPassKitErrorDomain Code=1 "The passTypeIdentifier or teamIdentifier provided may not match your certificate, or the certificate trust chain could not be verified." UserInfo={NSLocalizedDescription=The passTypeIdentifier or teamIdentifier provided may not match your certificate, or the certificate trust chain could not be verified.}}}.

Update: Another thing I noticed is that the pass generated by jpasskit can be opened on my Mac, not no one else can. Is it because I have the pass.cer installed?

from jpasskit.

Sounds like you have an issue with your certificate or chain. Make sure you're using the correct files there

The mac unfortunately doesn't do a proper validation and it also uses the local trust store. So yes that might be why

from jpasskit.

@juminoz Did you manage to find a workaround for that?

from jpasskit.

@juminoz Did you manage to find a workaround for that?

Yes, don't use Apple certificate for 2030. Use the 2023 one. That was the issue.

@juminoz Oh thanks for that. It worked!

from jpasskit.

And here's finally the explanation from Apple:

https://developer.apple.com/support/wwdr-intermediate-certificate/

Summary: keep the old certificate around until further notice

from jpasskit.