Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

The passTypeIdentifier or teamIdentifier provided may not match your certificate, or the certificate trust chain could not be verified

Tags:

ios

passbook

I get the error in the title anytime I try to install a manually packaged passbook app by pressing the 'Add' button. I can successfully install passbook apps that were packaged using the 'signpass' tool, but I now need to create dynamic packages on a unix server.

I have been trying to manually package my passbook app with various packages from the web, and each gives me the same error. Here are a couple packages I have tried: https://github.com/maater/TCSH-PKPass https://github.com/devartis/passbook https://github.com/pcperini/PyPKPass

This is the pass.json that is created and zipped (notice that teamIdentifier and passTypeIdentifier are both populated):

{
  "formatVersion" : 1,
  "passTypeIdentifier" : "pass.votizen.membership",
  "serialNumber" : "ASDF",
  "webServiceURL" : "https://www.votizen.com/passbook/",
  "authenticationToken" : "AUTH_TOKEN",
  "teamIdentifier" : "MY_TEAM_IDENTIFIER",
  "organizationName" : "Matthew Snider",
  "description" : "Your voter registration card",
  "logoText" : "VOTIZEN",
  "labelColor": "#B7B0A8",
  "foregroundColor" : "#5F6062",
  "backgroundColor" : "#FCFAF5",
  "generic" : {
    "headerFields": [
      {
        "key" : "reg_date",
        "label": "VOTER SINCE",
        "value" : "2002"
      }
    ],
    "primaryFields" : [
      {
        "key" : "party",
        "label": "REGISTERED PARTY",
        "value" : "Democrat"
      }
    ],
    "secondaryFields" : [
      {
        "key" : "election",
        "label" : "NEXT ELECTION",
        "value" : "November 6, 2012"
      },
    ],
    "auxiliaryFields" : [
      {
        "key" : "polling_place",
        "label" : "POLLING PLACE",
        "value" : "268 E Julian Street, San Jose, CA 95112",
        "textAlignment" : "PKTextAlignmentLeft"
      }
    ],
    "backFields" : [
      {
        "key" : "elections",
        "label" : "ELECTIONS YOU VOTED IN",
        "value" : "2010 General\n2008 General\n2008 Primary\n2004 General"
      },
      {
        "key" : "polling",
        "label" : "DIRECTIONS TO YOUR POLLING PLACES",
        "value" : "https://maps.apple.com/maps?q=268+E+Julian+Street,+San+Jose,+CA+95112"
      },
      {
        "key" : "website",
        "label" : "Powered by Votizen",
        "value" : "https://www.votizen.com/"
      }
    ]
  }
}

I followed the steps on apple to generate my Pass Type ID certificate, downloaded, and installed in my Keychain Access. I then exported it as "Certificates.p12" and run the following to generate certificate.pem and key.pem:

set P12 = Certificates.p12
sef PASSWORD = MY_PASSWORD
openssl pkcs12 -passin pass:$PASSWORD -in "$P12" -clcerts -nokeys -out certificate.pem 
openssl pkcs12 -passin pass:$PASSWORD -in "$P12" -nocerts -out key.pem -passout pass:$PASSWORD

After the manifest file is created I run:

openssl smime -passin pass:$PASSWORD -binary -sign -certfile wwdr.pem -signer certificate.pem -inkey key.pem -in manifest.json -out signature xs-outform DER

I created the wwdr.pem by exporting the Apple Worldwide Developer Relations Certification Authority as a Privacy Enhanced Mail file.

I read somewhere that you need to have Apple Root Certificate Authority installed (which I have), so here is a list of the certificates that I have installed:

  • Apple Application Integration Certification Authority Apple Root CA
  • Apple Root Certificate Authority Apply Worldwide Developer Relations
  • Certification Authority
  • com.apple.idms.appleid.prd.4f3756614a59746e554a36344e6b55426b64576441413d3d
  • com.apple.ubiquity.peer-uuid.207240B0-758A-4C1E-B173-D1B70FF03533
  • com.apple.ubiquity.peer-uuid.C5D1968F-8923-48E4-A09D-8C9AE485A88B
  • com.apple.ubiquity.ssl-cert.C5D1968F-8923-48E4-A09D-8C9AE485A88B
  • iPhone Developer: Matthew Snider Pass Type ID:
  • pass.votizen.membership

Obviously, there is something wrong with the certificate that I am using or how I'm packaging it. I have no idea what I'm doing wrong. I'm hoping somebody has an idea.

like image 375
matt snider Avatar asked Oct 11 '12 20:10

matt snider


1 Answers

I figured it out. I didn't realize when creating the p12 file that you need to select both the certificate and the private key. I assumed exporting the certificate would include the private key as well, but it does not. When you export the Pass Type ID in Keychain Access, make sure it says "Export 2 Items", not "Export Pass Type ID: ...".

like image 96
matt snider Avatar answered May 29 '23 18:05

matt snider