Getting "Unable to parse the p12 file..." Error With google-api-php-client

Question

I've been searching for days and trying new and older version of google-api-php-client along with various other examples out there, but I can't seem to get around this error. The code below is the service-account example retrieved from GitHub and I dropped in my credentials and file from the API Console. I've got a different file I'm actually building, but for use in this question, I figure this simpler file would be easier to discuss. I'm getting the same error with both files.

Fatal error: Uncaught exception 'Google_Auth_Exception' with message 'Unable to parse the p12 file. Is this a .p12 file? Is the password correct? OpenSSL error: ' in /google-api-php-client/src/Google/Signer/P12.php on line 52

I'm completely stumped about why it is throwing this error.

I've verified "file_get_contents" is actually getting the contents of the file and my "notasecret" password is getting pulled properly. I was hoping this recent commit might help, but unfortunately, it didn't solve this error for me.

Any idea what is going wrong here? Thank you for any suggestions!

<?php

session_start();
include_once "templates/base.php";

set_include_path("../src/" . PATH_SEPARATOR . get_include_path());
require_once 'Google/Client.php';
require_once 'Google/Service/Books.php';


$client_id = 'xxxx.apps.googleusercontent.com';
$service_account_name = '[email protected]';
$key_file_location = 'xxxx-privatekey.p12';

echo pageHeader("Service Account Access");
if ($client_id == 'xxxx.apps.googleusercontent.com'
    || !strlen($service_account_name)
    || !strlen($key_file_location)) {
  echo missingServiceAccountDetailsWarning();
}

$client = new Google_Client();
$client->setApplicationName("Client_Library_Examples");
$service = new Google_Service_Books($client);

if (isset($_SESSION['service_token'])) {
  $client->setAccessToken($_SESSION['service_token']);
}
$key = file_get_contents($key_file_location);
$cred = new Google_Auth_AssertionCredentials(
    $service_account_name,
    array('https://www.googleapis.com/auth/books'),
    $key
);
$client->setAssertionCredentials($cred);
if($client->getAuth()->isAccessTokenExpired()) {
  $client->getAuth()->refreshTokenWithAssertion($cred);
}
$_SESSION['service_token'] = $client->getAccessToken();


$optParams = array('filter' => 'free-ebooks');
$results = $service->volumes->listVolumes('Henry David Thoreau', $optParams);
echo "<h3>Results Of Call:</h3>";
foreach ($results as $item) {
  echo $item['volumeInfo']['title'], "<br /> \n";
}

echo pageFooter(__FILE__);

Answer 1

I suffered this error too, in my case the problem was the .p12 file had read permission only for the owner and no access for group and others. I spent 2 days of my life for this...

Now I get the error "User does not have sufficient permissions for this profile" but at least is something new!!

Answer 2

Got it! This commit got me thinking that maybe openssl didn't like our file either. I converted my file from a p12 to a pem using these instructions. Then I edited the file to remove some text before the "-----BEGIN RSA PRIVATE KEY-----" so the code from the new commit would recognize it properly. Dropped that file in and got results like magic.

That was it! I'm still not sure what would cause the auto-generated p12 file to not cooperate, so let me know if anyone has any ideas.

Answer 3

I just stumbled into the same problem. Converting the p12 file to .pem (as theonlynewts suggested) didn't work for me. There was no "---BEGIN RSA PRIVATE KEY---" section within the .pem file

But strange enough, while this doesn't work (original code from Google's P12.php):

if (!openssl_pkcs12_read( $p12, $certs, $password)) { ...

This DOES work:

$pkcs12 = file_get_contents( $p12 );
if (!openssl_pkcs12_read( $pkcs12, $certs, $password)) { ...

(Tested on PHP 5.5.9 on Kubuntu 14.04)