Can't get the pass to be signed

[hjavaher]

Hi, I can't get the pass to be signed by the certificates and I'm at a loss of what to do next and what I'm doing wrong. Can anyone help point me to a direction please? I have the following code (copied straight from the example provided)

I've confirmed that my certificate is valid and contains the private key and I've downloaded and tried every apple wwdr certificate.

            PassGenerator generator = new PassGenerator();

            PassGeneratorRequest request = new PassGeneratorRequest();
            request.PassTypeIdentifier = "pass.com.varyan.0exqz";
            request.TeamIdentifier = "RW121242";
            request.SerialNumber = "121212";
            request.Description = "My first pass";
            request.OrganizationName = "0EXQ";
            request.LogoText = "0EXQZ Pass";

            request.BackgroundColor = "#FFFFFF";
            request.LabelColor = "#000000";
            request.ForegroundColor = "#000000";

            var fileName = _env.WebRootPath + "AppleWWDRCA.cer";
            var applecertbytes = await System.IO.File.ReadAllBytesAsync(fileName);
            request.AppleWWDRCACertificate = new X509Certificate2(applecertbytes);

            fileName = _env.WebRootPath + "pass_nocommon.p12";
            var passCertbytes = await System.IO.File.ReadAllBytesAsync(fileName);
            request.PassbookCertificate = new X509Certificate2(passCertbytes, "Test123!@#");

            request.Images.Add(PassbookImage.Icon, System.IO.File.ReadAllBytes(_env.WebRootPath + ("icon.png")));
            request.Images.Add(PassbookImage.Icon2X, System.IO.File.ReadAllBytes(_env.WebRootPath + ("icon@2x.png")));
            request.Images.Add(PassbookImage.Icon3X, System.IO.File.ReadAllBytes(_env.WebRootPath + ("icon@3x.png")));

            request.Style = PassStyle.Generic;
            request.AddPrimaryField(new StandardField("origin", "San Francisco", "SFO"));
            request.AddPrimaryField(new StandardField("destination", "London", "LDN"));

            request.AddSecondaryField(new StandardField("boarding-gate", "Gate", "A55"));

            request.AddAuxiliaryField(new StandardField("seat", "Seat", "G5"));
            request.AddAuxiliaryField(new StandardField("passenger-name", "Passenger", "Thomas Anderson"));
            request.AddBarcode(BarcodeType.PKBarcodeFormatPDF417, "01927847623423234234", "ISO-8859-1", "01927847623423234234");

            byte[] generatedPass = generator.Generate(request);

            Debug.WriteLine(generatedPass);

            var contentType = "APPLICATION/octet-stream";
            var rfileName = "vnd.apple.pkpass";
            return File(generatedPass, contentType, rfileName);

It generates a pass but it doesn't sign it. I get the following validation result.

[tomasmcguinness]

Hi.

At present, you must use the G4 WWDR certificate with new Passkit certificates.

If you generated your passkit certificate before the 27th of January, you use the G1 WWDR certificate.

I recommend regenerating your Passkit certificate and using the G4 WWDR.

Give that a try and report back.

[alaafrarjah]

Same issue here, I can't get the pass to be signed!

[tomasmcguinness]

@alaafrarjah What version of WWDR certificate are you using?

[alaafrarjah]

I tried every apple WWDR Certificate from G1 to G6 with no success. I did regenerate the Passkit certificate and used the G4 WWDR with no success.

[alaafrarjah]

`

public byte[] GenerateApplePass()
{
    PassGenerator generator = new PassGenerator();
    var PassbookCertificate = HttpContext.Current.Server.MapPath(PassCertificatePath);
    var WWDRCertificate = HttpContext.Current.Server.MapPath(WWDRCertificatePath);

    X509KeyStorageFlags flags = X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable;

    var fileName = WWDRCertificate;
    var applecertbytes = System.IO.File.ReadAllBytes(fileName);
    X509Certificate2 certificateWWDR = new X509Certificate2(applecertbytes, "", flags);

    fileName = PassbookCertificate;
    var passCertbytes = System.IO.File.ReadAllBytes(fileName);
    X509Certificate2 certificatePass = new X509Certificate2(passCertbytes, "", flags);

    PassGeneratorRequest request = new PassGeneratorRequest
    {
        AppleWWDRCACertificate = certificateWWDR,
        PassbookCertificate = certificatePass,

        PassTypeIdentifier = " < PassTypeIdentifier >",
        TeamIdentifier = " < TeamIdentifier >",
        Description = " < Description > ",
        OrganizationName = " < OrganizationName > ",
        SerialNumber = "896666",

        LogoText = " < LogoText > ",
        BackgroundColor = "#FFFFFF",
        LabelColor = "#000000",
        ForegroundColor = "#000000",

        Style = PassStyle.Generic,

        SuppressStripShine = false,
    };

    request.Images.Add(PassbookImage.Icon, System.IO.File.ReadAllBytes(HttpContext.Current.Server.MapPath(ImagePath + "Icon1x.png")));
    request.Images.Add(PassbookImage.Icon2X, System.IO.File.ReadAllBytes(HttpContext.Current.Server.MapPath(ImagePath + "Icon2x.png")));
    request.Images.Add(PassbookImage.Icon3X, System.IO.File.ReadAllBytes(HttpContext.Current.Server.MapPath(ImagePath + "Icon3x.png")));

    byte[] generatedPass = generator.Generate(request);

    Response.Clear();
    Response.Buffer = true;
    Response.AddHeader("content-disposition", "attachment;filename=apple.pkpass");
    Response.Charset = "";
    Response.ContentType = "application/octet-stream";

    Response.BinaryWrite(generatedPass);
    Response.Flush();
    Response.End();
}

`

[tomasmcguinness]

The G4 is the only one that will work with iOS now.

I notice that you're not using a password for your pass certificate. Are you sure it includes the private key?

[alaafrarjah]

@tomasmcguinness I tried with a password and without a password, same results. But regarding the private key, if I export from Keychain Access, I receive an error in Signature in date () as the private key does not have an expiry date. And if I export the Pass Type ID root certificate, I receive the mentioned errors.

[tomasmcguinness]

When you export from the keychain, are you including the private key?

Did you also read https://github.com/tomasmcguinness/pkpassvalidator/wiki/PassKit-certificate-contains-an-incorrect-value?

Would you mind sending me the pkpass file?

[alaafrarjah]

@tomasmcguinness When you export from the keychain, are you including the private key? "I suppose that"

[alaafrarjah]

@tomasmcguinness any updates or suggestions?

[tomasmcguinness]

Found the issues with the validator. The Subject and IssuerName strings were wrong. I think my processing is too simple.

However, your pass does open in iOS and I could add it to my wallet.

Were you experiencing a particular issue or just relying on pkpassvalidator? If the latter, I'm really sorry if you've wasted any time.

[tomasmcguinness]

I've pushed a new version of pkpassvalidator and the pass will now show as valid and signed correctly.

[hjavaher]

ok, I feel dumb now, I read the wiki attached pass certificate has incorrect values and generated another CSR without any names. This in combination with using G4 certificate fixed my issue. Also the validator shows the pass as valid now too (and I can add the pass to my iOS device)

Thank you again!!

[alaafrarjah]

Actually, I was relying on your validator, and it is not a waste of time as at least we discovered and resolved the issue.

Thank you for your support and for this amazing package, everything is working now.

[tomasmcguinness]

Great. Sorry again for any lost time! I should put a disclaimer on it :)

[hjavaher]

are you kidding, this troubleshooting pales in comparison to how much time you saved us with this awesome nugget package!!! Deeply thankful :)