tomasmcguinness / pkpassvalidator

Checks the validity of a PKPASS file by checking it's signature and contents match the Apple specification
MIT License
78 stars 21 forks source link

Get useless information when it fails #10

Closed MrYangcg closed 2 months ago

MrYangcg commented 3 years ago

Hi, I used jpasskit to generate a pkpass file. I can open it directly with my mac, but it cannot be verified by your program.

I want to know where there is an error, but I only get this information which is "Failed to process the pkpass file".

Can you tell me the reason?

Thank you

tomasmcguinness commented 3 years ago

Hello,

Pkpassvalidator is a work in progress and is by no means complete.

Can you attach your pass file and I'll take a look.

Tom

MrYangcg commented 3 years ago

Hello,

Pkpassvalidator is a work in progress and is by no means complete.

Can you attach your pass file and I'll take a look.

Tom

MrYangcg commented 3 years ago

pass.zip Since pkpass is not supported here, I forced to convert the file name to .zip

tomasmcguinness commented 3 years ago

That's okay.

It seems your certificate chain is incorrect and missing the Apple Root CA in the chain.

I have uploaded a small fix to the application.

Mac validation for pkpass files is not as strict as iOS.

Are you having trouble open on iOS?

MrYangcg commented 3 years ago

Tomas, Thank you very much.

Yes , I can't open it in ios simulator. And when i add it to wallet in React Native App, I got a error info: The passTypeIdentifier or teamIdentifier provided may not match your certificate, or the certificate trust chain could not be verified.

So I want to know what went wrong through your program. And now i can see where it failed from your website. Thanks again. The jpasskit did not mention the need for a root certificate, I only used PassTypeId.cer and p12, I will check if the steps I use jpasskit are correct. If there are still some problems that I cannot solve or do not understand, can I send an email to your mailbox for help?

tomasmcguinness commented 3 years ago

The Apple Root cert is part of the WWDR cert, which is required.

Confirm you are using the right one. You will have your passType certicicate (which you generate from the Apple Developer portal) and you'll need the WWDR certificate too, which is downloaded from https://www.apple.com/certificateauthority/

MrYangcg commented 3 years ago

Failed to process the pkpass file.

It appeared again. Yes, I think my certificate is wrong. Now I use WWDR cert and p12 exported from PassType certificate.But again such a prompt appeared.

mypass.zip

tomasmcguinness commented 3 years ago

So the certificate chain seems okay now. Does it still fail to load in iOS?

MrYangcg commented 3 years ago

Now I can open it in the ios simulator,but failed on your website

tomasmcguinness commented 3 years ago

That's progress. Where does it fail on my website now?

MrYangcg commented 3 years ago

It only prompts Failed to process the pkpass file. Can't know where is wrong.

MrYangcg commented 3 years ago

Here is pkpass. You can take a look.

image

tomasmcguinness commented 3 years ago

That is the one I tried. I only got a message about the @3x icon being missing. Everything else seemed okay.

MrYangcg commented 3 years ago

It's so cool. Did you fix it? I added icon@3x.png and the verification passed. I saw that icon@3x.png not mandatory.

Do you know why the pkpass generated by AppleWWDRCAG3.cer cannot be opened on iOS?

SFaraji commented 2 years ago

Hi,

I have recently come across an issue that we cannot open our pkpass which is created using dotnet-passbook version 3.2.0.

I have even tried to upload it to the validator but the validator just returns “Failed to process the pkpass file.”

Any help greatly appreciated!

Best Regards, Shahryar

tomasmcguinness commented 2 years ago

Could you provide a copy of your pass?

SFaraji commented 2 years ago

Sure Tom. Here: https://we.tl/t-ZtsxlHJFOk

SFaraji commented 2 years ago

Thanks.

SFaraji commented 2 years ago

@tomasmcguinness have you had a chance to check the Pkpass?

SFaraji commented 2 years ago

It worked fine on local development but when running it on our server it return this pkpass. I have shared the link above.

SFaraji commented 2 years ago

I see that you have reopened the issue. Any update?

tomasmcguinness commented 2 years ago

The zip file you provided is invalid, so I cannot open it. This is why pkpassvalidator raised an error.

System.IO.InvalidDataException HResult=0x80131501 Message=Offset to Central Directory cannot be held in an Int64. Source=System.IO.Compression StackTrace: at System.IO.Compression.ZipArchive.ReadEndOfCentralDirectory() at System.IO.Compression.ZipArchive..ctor(Stream stream, ZipArchiveMode mode, Boolean leaveOpen, Encoding entryNameEncoding) at System.IO.Compression.ZipArchive..ctor(Stream stream, ZipArchiveMode mode, Boolean leaveOpen) at PassValidator.Web.Validation.Validator.Validate(Byte[] passContent)

SFaraji commented 2 years ago

This Pkpass is the result of the output from our server. But running that locally the Pkpass will be validated fine. Here is that Pkpass: https://we.tl/t-fPUM87W4ji

Our server environment is running as a Lambda Serverless Application.

tomasmcguinness commented 2 years ago

I'm afraid that whatever is happening on the lambda environment, it's not generating a valid ZIP file. Are you doing any further processing on the output of my dotnet-passbook library?

SFaraji commented 2 years ago

No further processing. Same thing works fine on local and output the correct Pkpass but went it deploy to the Lambda output the wrong pass 😞

tomasmcguinness commented 2 years ago

There might be something up with AWS - https://stackoverflow.com/questions/52555736/offset-to-central-directory-cannot-be-held-in-an-int64-net-core

SFaraji commented 2 years ago

Ok, I see. Thanks!

SFaraji commented 2 years ago

This issue is clearly we are using .net core. Any work around you have @tomasmcguinness?

tomasmcguinness commented 2 years ago

I've had no issues reported by any other users of the library, so I'm not sure .Net Core is at fault. If you run locally and it's fine, I'd assume it's the hosting environment. I don't know anything about AWS Lambda. Is it running Linux?

SFaraji commented 2 years ago

Lambda environment only support dotnet core 3.1 or dotnet 6. The only concern I see is that your library only support target framework of dotnetstandard 2.0.

tomasmcguinness commented 2 years ago

.Net 6 supports .net standard 2.0, so there should be no problem. My question about AWS relates to the underlying OS.

SFaraji commented 2 years ago

Yes as for the underlying OS it is running AWS Linux 2.

SFaraji commented 2 years ago

Going to experiment with few other things, will revert back once this resolved.

tomasmcguinness commented 2 years ago

I will try and build a sample that runs on Linux and see if there is any difference.