Invalid certificate file error

chiiya / laravel-passes

Laravel package for creating iOS and Android Wallet Passes.

MIT License

21 stars 8 forks source link

Invalid certificate file error #16

Closed Synchro closed 1 year ago

Synchro commented 1 year ago

I have created a certificate file by exporting it with its private key from Apple Keychain, as directed in the requirements file, but I'm getting an error when the PassFactory tries to sign the pass:

Invalid certificate file: "certificates/certificates.p12"

I found that if I try to read it with openssl, I get this error:

openssl pkcs12 -info -in certificates/certificates.p12
Enter Import Password:
MAC: sha1, Iteration 1
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Error outputting keys and certificates
806075EE01000000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:341:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

Searching on that reveals that this is apparently due to an old format for the p12 file, and to read it in the openssl binary I needed to add -legacy to the command line, after which it seems to show the contents of the file correctly. So now I'm suspecting that PHP may have a similar problem reading it, but I don't know how to do the equivalent of setting the legacy flag in PHP. Any ideas?

Synchro commented 1 year ago

Aha, I found that the php-pkpass project (similar to yours) had the same issue, and it seems that this is due to a problem in more recent versions of PHP. The solution they came up with is to invoke the local openssl binary directly instead of using the built-in PHP function, as shown in this PR.

Synchro commented 1 year ago

After your merge of https://github.com/chiiya/passes/pull/19 which fixes the issue I describe here, I'm having trouble installing it. If I add this to my composer.json:

"chiiya/laravel-passes": "^0.2",

composer installs chiikya/passes 0.4, even though 0.5 is available, and matches the version constraint. If I add an explicit dependency on 0.5 with:

"chiiya/passes": "^0.5.0",

the installation fails with:

  Problem 1
    - Root composer.json requires chiiya/laravel-passes ^0.2 -> satisfiable by chiiya/laravel-passes[0.2.0].
    - chiiya/laravel-passes 0.2.0 requires chiiya/passes ^0.4 -> found chiiya/passes[0.4.0] but it conflicts with your root composer.json require (^0.5.0).

I don't understand why this is happening, as I would expect 0.5 to be a match for ^0.4. Meanwhile, as a practical solution to this, could you please bump the dependency in this repo to ^0.5?

Synchro commented 1 year ago

Aha, composer docs to the rescue - versions below 1.0 are handled differently! So ^0.4 won't match 0.5, and bumping the dependency in here is the right approach.

chiiya commented 1 year ago

Fixed

Synchro commented 1 year ago

Thank you