"Undefined index: cert"

[Jaspur]

Getting undefined index error.

This config:

'certificate_store_path'     => storage_path('passkit/app.p12'),
'wwdr_certificate_path'      => storage_path('passkit/wwdr.pem'),

And the correct password for certificate_store_password in the .env

/home/vagrant/code/app/vendor/thenextweb/passgenerator/src/PassGenerator.php
     *      -) https://en.wikipedia.org/wiki/X.509 for further info on PEM, DER and other certificate stuff
     *      -) http://php.net/manual/en/function.openssl-pkcs7-sign.php for the return of signing function
     *      -) and a google "smime.p7s" for further fun... on how broken cryptography on the internet is.
     *
     * @throws RuntimeException
     */
    private function signManifest()
    {
        $manifestPath = $this->passRealPath . '/' . $this->manifestFilename;

        $signaturePath = $this->passRealPath . '/' . $this->signatureFilename;

        $certs = [];

        if (!openssl_pkcs12_read($this->certStore, $certs, $this->certStorePassword)) {
            throw new RuntimeException('The certificate could not be read.');
        }

        // Get the certificate resource
        $certResource = openssl_x509_read($certs['cert']);

        // Get the private key out of the cert
        $privateKey = openssl_pkey_get_private($certs['pkey'], $this->certStorePassword);

        // Sign the manifest and store int in the signature file
        openssl_pkcs7_sign(
            $manifestPath,
            $signaturePath,
            $certResource,
            $privateKey,
            [],
            PKCS7_BINARY | PKCS7_DETACHED,
            $this->wwdrCertPath
        );

        // PKCS7 returns a signature on PEM format (.p7s), we only need the DER signature so Apple does not cry.
        // It turns out we are lucky since p7s format is just a Base64 encoded DER signature
        // enclosed between some email headers a MIME bs, so we just need to remove some lines
        $signature = Storage::disk('passgenerator')->get($this->passRelativePath . '/' . $this->signatureFilename);

Arguments
"Undefined index: cert"

Why is this? I'm using by default s3 for Storage.

[j3j5]

Are you sure your Certificate Store is correct? The error (it could be more descriptive and better handled, I agree) happens because, when reading the certificate store, it couldn't find the certificate on it.

Can you try, using tinker, to read the certificate store and see its contents? Something like

$certs = [];
openssl_pkcs12_read(file_get_contents(config('passgenerator.certificate_store_path')), $certs, 'YOURPASSWORD');

This should return true, and if so, you can output the contents of $certs, it should be an array containing, at least, a key cert (your certificate) and a key pkey (your private key).

If the $certs array doesn't contain those, there is something wrong with it, try generating it again following the (tedious) instructions on the README.

Good luck!

[Jaspur]

@j3j5 regenerated the certificate and "works" now, but still error: openssl_pkcs7_sign(): error opening input file home/forge/xx.com/storage/app/passgenerator/4Gu5Ko6jOUy1XIuR1zVnei2BKfzQEne0jasZnMd6YJ0gvIMVdGl9A3J5H55t/manifest.json! But there is no such for nor folder.

[Jaspur]

It's because I set my default storage to S3. And you don't mention in the docs that you have to add a filesystem disk yourself named passgenerator.

[j3j5]

I was thinking it would have to do with that, it is true the docs don't mention the passgenerator disk, but the package it's made in such a way that if you don't do that, it uses the default one. We didn't take into account that someone would use the default as S3.

I'll try to make some time to improve the readme.

[asadmughal92]

I am getting this error even though i generated the certificate file

can you help me sort this out