Comments (20)
@juminoz You beautiful person!!! I have been struggling with this for almost 3 weeks now! DON'T US THE 2030 ONE!!!!!
from jpasskit.
@juminoz Did you manage to find a workaround for that?
Yes, don't use Apple certificate for 2030. Use the 2023 one. That was the issue.
from jpasskit.
my openssl is:
1.openssl pkcs12 -in Certificates.p12 -clcerts -nokeys -out passcertificate.pem -passin pass:123456
2.openssl pkcs12 -in Certificates.p12 -nocerts -out passkey.pem -passin pass:123456 -passout pass:123456
3.openssl smime -binary -sign -certfile WWDR.pem -signer passcertificate.pem -inkey passkey.pem -in manifest.json -out signature -outform DER -passin pass:12345
from jpasskit.
Is is possible to get one of the passes, that were created by jPasskit? Also, a few details on how you've implemented it would help.
from jpasskit.
Hi,
I am trying to use the library and I have the same problem. In details I am using the API PKSigningUtil.loadSigningInformationFromPKCS12FileAndIntermediateCertificateFile(
keystorePath, KEYSTORE_PASSWORD, appleCertPath);
I assume appleCertPath to be the file AppleWWDRCA.cer.
I don't understand how I can generate the keystore given that I have:
- the certificate pass.cer
- the private and public key
generated from the Apple portal on the passbook section.
Can you provide some hints?
Thanks
from jpasskit.
hi fxuser my problem is Solve。what problem with you?
from jpasskit.
The keyStore file is simply the PKCS12 (.p12) file, you've hopefully exported from your keychain, containing your certificate and private key. It should also be password protected.
Hope that helps :)
from jpasskit.
Thanks. Solved.
The problem was the export of the PKCS12 file. If you do from the wrong place, it only exports the private key without the certificate.
from jpasskit.
:)
from jpasskit.
how to solve the problem of the certificates? which files was used and how its implementation.
from jpasskit.
Hi , Thanks for the code . I successfully created the .pkpass and its opens in simulator .
The issue now is , its not adding to the passbook .Getting the same error mentioned above :The passTypeIdentifier or teamIdentifier provided may not match your certificate, or the certificate trust chain could not be verified
Converted my .cer to p12 - steps follow in the below link:
http://help.adobe.com/en_US/air/build/WS5b3ccc516d4fbf351e63e3d118666ade46-7ff0.html#WSfffb011ac560372f284e44b012cd1e700c0-8000
Not sure where i am going wrong .
Thanks in Advance,
Dinesh
from jpasskit.
Hi , The problem solved . As mentioned the p12 should be exported from right place. It should be exported from the machine who had create the pass .
This code rocks . Thanks!
from jpasskit.
Glad you could solve it :)
Right now, I'm thinking about a small guide how to set everything up. Maybe even a short screencast.
from jpasskit.
Gentlemen,
I'd like to share my experience of setting up jpasskit and specifically cert/key portion of it.
Obviously its a great library that implements all necessary operations so you don't need to juggle with keys and certs or implement zipping routines.
Thank you for creating this software!
Howevery i still have an issue with importing my generated passports into iPhone with iOS 6.X installed even though the Android clones accepting the passports. Here is what i had to do in order to get it working to that point.
- I had to generate new type of ceritificat request for Apply developer site.
- Created pass ceriticate from provision center and this requires administrative permissions in the organzation.
- Specified Organization Unit, User ID, and passport group identifier with pass.* prefix
- Downloaded (as usual) the new type of certificate (file named pass.cer)
- Imported via Keychain Access to my login keychain
- IMPORTANT: Now i opened it in Keys section and exported containing element (private key) which also has nested element (certificate). IS THIS CORRECT STEP?
- This created password protected p12 keystore with private key and cert (hopefully!)
- I put this Certificates.p12 together with AppleWWDRCA.cer into recognizable paths
- JPasskit opens those storage/certs, properly loads them into X509 objects, etc.
- So finally .pkpass is created with signature file and SHA1 signatures are OK in manifest.json (using openssl tool). No exceptions, no errors.
- Now it DOSE NOT work on iPhone with iOS6 for some reason!
So i verified that appropriate MIME type is set for the attachement. As i said i verified that SHA1 is good. I verified that ZIP can be expanded and all files are there.
Finally i'm stuck at this point because most likely the generated signature file is invalid and i have no idea how to trace the issue.
Do you have any ideas where do i get PUBLIC key for the pass.cer??? Can i validate like: openssl dgst -signature signature -verify PublicKey.cer
Thanks for ANY help in advance!
UPDATED:
Finally extracted public key in DER format like:
openssl x509 -pubkey -noout -in key.der > public-key.der
Is it correct way to verify pkpass like this:
openssl dgst -signature signature -verify public-key.der Passport.pkpass
This returns: "Verification Failure"
UPDATE:
Ok so i figured that out. Very stupid thing: signature was always OK, but i missed to put icon.png and [email protected]. Now it work.
thanks again for creating this cool stuff!
from jpasskit.
@topgun Thanks for sharing your experience, I've had the same problem. I did lots of research why my pass not working on IOS, when I found your comment.
@drallgood Maybe you can add this little detail to your tutorial, because I haven't find any information about this, that without icon the pass won't work.
from jpasskit.
I'm running into an issue where if I use the same pass.cer to sign the pass using the signpass app from Apple, it works fine and I'm able to open it up on my iPhone X and also the simulator. However, when I do it through jpasskit, I'm getting the same error mentioned above. The original private key was generated on a different laptop, but since I could sign using the signpass app, I didn't think it matters. Any idea on why this would happen?
Error evaluating trust. Status: 0 ResultType: 0 Description: [leaf AnchorApple ChainLength IntermediateMarkerOid MissingIntermediate] - "Pass Type ID: pass.com.xyretail.pop" certificates do not meet pinning requirements.
cert[0]: IntermediateMarkerOid =(path)[force]> 0
Signature validation: *** FAILED ***
Invalid data error reading pass pass.com.xyretail.pop/3eb3a26d-ace6-41fd-b836-80c9228d2428. The passTypeIdentifier or teamIdentifier provided may not match your certificate, or the certificate trust chain could not be verified.
error 10:52:08.173882-0400 Passbook Failed to add pass: 'file:///Users/aaa/Downloads/415d8add-cb17-495f-a5e4-c2e03c64d24d.pkpass' Error Domain=PKPassKitErrorDomain Code=1 "The pass cannot be read because it isn’t valid." UserInfo={NSLocalizedDescription=The pass cannot be read because it isn’t valid., NSUnderlyingError=0x600000e53600 {Error Domain=PKPassKitErrorDomain Code=1 "The passTypeIdentifier or teamIdentifier provided may not match your certificate, or the certificate trust chain could not be verified." UserInfo={NSLocalizedDescription=The passTypeIdentifier or teamIdentifier provided may not match your certificate, or the certificate trust chain could not be verified.}}}.
Update: Another thing I noticed is that the pass generated by jpasskit can be opened on my Mac, not no one else can. Is it because I have the pass.cer installed?
from jpasskit.
Sounds like you have an issue with your certificate or chain. Make sure you're using the correct files there
The mac unfortunately doesn't do a proper validation and it also uses the local trust store. So yes that might be why
from jpasskit.
@juminoz Did you manage to find a workaround for that?
from jpasskit.
@juminoz Did you manage to find a workaround for that?
Yes, don't use Apple certificate for 2030. Use the 2023 one. That was the issue.
@juminoz Oh thanks for that. It worked!
from jpasskit.
And here's finally the explanation from Apple:
https://developer.apple.com/support/wwdr-intermediate-certificate/
Summary: keep the old certificate around until further notice
from jpasskit.
Related Issues (20)
- cannot open created .pkpass with valid certs HOT 3
- DepShield Deprecation Notice
- AppleWWDRCA.cer is expired, what certificate now? HOT 4
- Jackson needs to be updated to 2.15
- Missing release of jpasskit-parent on Maven Central HOT 3
- Using .p8 certificate HOT 4
- Dropping Java 8 support HOT 3
- Switch to gradle HOT 1
- FileNotFoundException in rest.ssl.keystore.path HOT 1
- I have a pkpass that doesn't open HOT 5
- `de.brendamour.jpasskit.signing.PKSigningUtil` is deprecated HOT 5
- Foreground color does not work if background image is set HOT 5
- How to add a QR code? HOT 1
- Create multiple passes at once HOT 2
- PKPassTemplateFolder - unable to load template path from .jar file HOT 1
- About PKPass and pass.json HOT 8
- Check if passes created already or not HOT 1
- Is it possible to set a message when using PKSendPushNotificationUtil.java HOT 2
- (Question) about sending push notification HOT 1
- known vulnerabilities in org.bouncycastle/[email protected] HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jpasskit.